postconf.proto revision 1.8.4.1
1# This is the input file for automatically generating the postconf(5) 2# manual page, the summaries of parameters in on-line manual pages, 3# and for the postconf.5.html hyperlinked document. 4# 5# The following tools operate on information from this file: 6# 7# xpostconf 8# Extracts specific parameter definitions from this file, or 9# produces a sorted version of all the information in this 10# document. 11# 12# postconf2html 13# Adds parameter name +default headers. The result can be embedded 14# into the postconf.5.html hyperlinked document. 15# 16# postconf2man 17# Converts this file into something that can be embedded into 18# the postconf(5) UNIX-style manual page. This tool knows only 19# a limited subset of HTML as described below. 20# 21# postconf2src 22# Converts this file result into something that can be embedded 23# into Postfix source code files. 24# 25# The subset of HTML that you can use is limited by the postconf2man 26# tool: 27# 28# * Supported HTML elements are: blockquote, ul, li, dl, dt, dd, 29# p, pre, b, i, h, and the escapes for < <= >= >. Sorry, no 30# tables. 31# 32# * HTML elements must be specified in lower case. 33# 34# * Lists cannot be nested. 35# 36# * The postconf2man tool leaves unrecognized HTML in place as a 37# reminder that it is not supported. 38# 39# * Text between <!-- and --> is stripped out. The <!-- and --> 40# must appear on separate lines. 41# 42# * Blank lines are special for postconf2man: it replaces them by 43# a "new paragraph" command. Don't put any blank lines inside 44# <blockquote> text. Instead, put those blank lines between 45# </blockquote> and <blockquote>. 46# 47# * Text after a blank line must start with an HTML element. 48# 49# Also: 50# 51# * All <dt> and <dd>text must be closed with </dt> and </dd>. 52# 53# * Use <blockquote><pre>..</pre></blockquote> for examples 54# between narrative text, instead of indenting examples by hand. 55# 56# * Use <pre>..</pre> for the "Examples:" section at the end 57# of a parameter description. 58# 59# The postlink tool automatically inserts hyperlinks for the following, 60# so you must not hyperlink that information yourself: 61# 62# * Postfix manual pages 63# * URLs 64# * RFCs 65# * Postfix configuration parameters 66# * Postfix README files 67# * Address classes and other terminology. 68# 69# The xpostconf and postconf2html tools expect the file format described 70# in the comments below. The description includes the transformation 71# that is done by the postconf2html tool. 72# 73# * The format of this file is blocks of text separated by one or 74# more empty (or all whitespace) lines. 75# 76# * A text block that begins with %PARAM specifies a parameter name 77# and its default value, separated by whitespace. The text in 78# the blocks that follow is the parameter description. 79# 80# * The first line (text up to the first ". ") is used in Postfix 81# on-line manual pages, in the one-line configuration parameter 82# summaries. 83# 84# * A text block that begins with the "<" character is treated as 85# literal HTML. For example, to specify a "dl" list element one 86# would write: 87# 88# |<dt><b>name</b></dt> <dd> 89# | 90# |text that describes "name". 91# | 92# |</dd> ... 93# 94# As described below, the text that describes "name" will be 95# enclosed with <p> and </p>. 96# 97# An "ul" list element would be written like this: 98# 99# |<li> text for this list element. 100# 101# * Any text block that does not begin with < is an error. 102 103%CLASS address-verification Address verification (Postfix 2.1 and later) 104 105<p> 106Sender/recipient address verification is implemented by sending 107probe email messages that are not actually delivered. This feature 108is requested via the reject_unverified_sender and 109reject_unverified_recipient access restrictions. The status of 110verification probes is maintained by the address verification 111service. See the file ADDRESS_VERIFICATION_README for information 112about how to configure and operate the Postfix sender/recipient 113address verification service. 114</p> 115 116%CLASS smtpd-compatibility Compatibility controls 117 118%CLASS resource-control Resource controls 119 120%CLASS after-queue-filter After-queue content filter 121 122<p> 123As of version 1.0, Postfix can be configured to send new mail to 124an external content filter AFTER the mail is queued. This content 125filter is expected to inject mail back into a (Postfix or other) 126MTA for further delivery. See the FILTER_README document for 127details. 128</p> 129 130%CLASS before-queue-filter Before-queue content filter 131 132<p> 133The Postfix SMTP server can be configured to send incoming mail to 134a real-time SMTP-based content filter BEFORE mail is queued. This 135content filter is expected to inject mail back into Postfix. See 136the SMTPD_PROXY_README document for details on how to configure 137and operate this feature. 138</p> 139 140%CLASS basic-config Basic configuration parameters 141 142%CLASS smtpd-access-relay SMTP server access and relay control 143 144%CLASS smtpd-sasl SMTP server SASL authentication 145 146%CLASS unknown-recipients Rejecting mail for unknown recipients 147 148%CLASS smtpd-reply-code SMTP server response codes 149 150%CLASS other Other configuration parameters 151 152%PARAM access_map_reject_code 554 153 154<p> 155The numerical Postfix SMTP server response code for 156an access(5) map "reject" action. 157</p> 158 159<p> 160Do not change this unless you have a complete understanding of RFC 2821. 161</p> 162 163%PARAM access_map_defer_code 450 164 165<p> 166The numerical Postfix SMTP server response code for 167an access(5) map "defer" action, including "defer_if_permit" 168or "defer_if_reject". Prior to Postfix 2.6, the response 169is hard-coded as "450". 170</p> 171 172<p> 173Do not change this unless you have a complete understanding of RFC 2821. 174</p> 175 176<p> 177This feature is available in Postfix 2.6 and later. 178</p> 179 180%PARAM address_verify_default_transport $default_transport 181 182<p> 183Overrides the default_transport parameter setting for address 184verification probes. 185</p> 186 187<p> 188This feature is available in Postfix 2.1 and later. 189</p> 190 191%PARAM address_verify_local_transport $local_transport 192 193<p> 194Overrides the local_transport parameter setting for address 195verification probes. 196</p> 197 198<p> 199This feature is available in Postfix 2.1 and later. 200</p> 201 202%PARAM address_verify_map see "postconf -d" output 203 204<p> 205Lookup table for persistent address verification status 206storage. The table is maintained by the verify(8) service, and 207is opened before the process releases privileges. 208</p> 209 210<p> 211The lookup table is persistent by default (Postfix 2.7 and later). 212Specify an empty table name to keep the information in volatile 213memory which is lost after "<b>postfix reload</b>" or "<b>postfix 214stop</b>". This is the default with Postfix version 2.6 and earlier. 215</p> 216 217<p> 218Specify a location in a file system that will not fill up. If the 219database becomes corrupted, the world comes to an end. To recover 220delete (NOT: truncate) the file and do "<b>postfix reload</b>". 221</p> 222 223<p> Postfix daemon processes do not use root privileges when opening 224this file (Postfix 2.5 and later). The file must therefore be 225stored under a Postfix-owned directory such as the data_directory. 226As a migration aid, an attempt to open the file under a non-Postfix 227directory is redirected to the Postfix-owned data_directory, and a 228warning is logged. </p> 229 230<p> 231Examples: 232</p> 233 234<pre> 235address_verify_map = hash:/var/db/postfix/verify 236address_verify_map = btree:/var/db/postfix/verify 237</pre> 238 239<p> 240This feature is available in Postfix 2.1 and later. 241</p> 242 243%PARAM address_verify_negative_cache yes 244 245<p> 246Enable caching of failed address verification probe results. When 247this feature is enabled, the cache may pollute quickly with garbage. 248When this feature is disabled, Postfix will generate an address 249probe for every lookup. 250</p> 251 252<p> 253This feature is available in Postfix 2.1 and later. 254</p> 255 256%PARAM address_verify_negative_expire_time 3d 257 258<p> 259The time after which a failed probe expires from the address 260verification cache. 261</p> 262 263<p> 264Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 265</p> 266 267<p> 268This feature is available in Postfix 2.1 and later. 269</p> 270 271%PARAM address_verify_negative_refresh_time 3h 272 273<p> 274The time after which a failed address verification probe needs to 275be refreshed. 276</p> 277 278<p> 279Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 280</p> 281 282<p> 283This feature is available in Postfix 2.1 and later. 284</p> 285 286%PARAM address_verify_cache_cleanup_interval 12h 287 288<p> The amount of time between verify(8) address verification 289database cleanup runs. This feature requires that the database 290supports the "delete" and "sequence" operators. Specify a zero 291interval to disable database cleanup. </p> 292 293<p> After each database cleanup run, the verify(8) daemon logs the 294number of entries that were retained and dropped. A cleanup run is 295logged as "partial" when the daemon terminates early after "<b>postfix 296reload</b>", "<b>postfix stop</b>", or no requests for $max_idle 297seconds. </p> 298 299<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 300(weeks). </p> 301 302<p> This feature is available in Postfix 2.7. </p> 303 304%PARAM address_verify_poll_count normal: 3, overload: 1 305 306<p> 307How many times to query the verify(8) service for the completion 308of an address verification request in progress. 309</p> 310 311<p> By default, the Postfix SMTP server polls the verify(8) service 312up to three times under non-overload conditions, and only once when 313under overload. With Postfix version 2.5 and earlier, the SMTP 314server always polls the verify(8) service up to three times by 315default. </p> 316 317<p> 318Specify 1 to implement a crude form of greylisting, that is, always 319defer the first delivery request for a new address. 320</p> 321 322<p> 323Examples: 324</p> 325 326<pre> 327# Postfix ≤ 2.6 default 328address_verify_poll_count = 3 329# Poor man's greylisting 330address_verify_poll_count = 1 331</pre> 332 333<p> 334This feature is available in Postfix 2.1 and later. 335</p> 336 337%PARAM address_verify_poll_delay 3s 338 339<p> 340The delay between queries for the completion of an address 341verification request in progress. 342</p> 343 344<p> 345The default polling delay is 3 seconds. 346</p> 347 348<p> 349Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 350</p> 351 352<p> 353This feature is available in Postfix 2.1 and later. 354</p> 355 356%PARAM address_verify_positive_expire_time 31d 357 358<p> 359The time after which a successful probe expires from the address 360verification cache. 361</p> 362 363<p> 364Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 365</p> 366 367<p> 368This feature is available in Postfix 2.1 and later. 369</p> 370 371%PARAM address_verify_positive_refresh_time 7d 372 373<p> 374The time after which a successful address verification probe needs 375to be refreshed. The address verification status is not updated 376when the probe fails (optimistic caching). 377</p> 378 379<p> 380Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 381</p> 382 383<p> 384This feature is available in Postfix 2.1 and later. 385</p> 386 387%PARAM address_verify_relay_transport $relay_transport 388 389<p> 390Overrides the relay_transport parameter setting for address 391verification probes. 392</p> 393 394<p> 395This feature is available in Postfix 2.1 and later. 396</p> 397 398%PARAM address_verify_relayhost $relayhost 399 400<p> 401Overrides the relayhost parameter setting for address verification 402probes. This information can be overruled with the transport(5) table. 403</p> 404 405<p> 406This feature is available in Postfix 2.1 and later. 407</p> 408 409%PARAM address_verify_sender $double_bounce_sender 410 411<p> The sender address to use in address verification probes; prior 412to Postfix 2.5 the default was "postmaster". To 413avoid problems with address probes that are sent in response to 414address probes, the Postfix SMTP server excludes the probe sender 415address from all SMTPD access blocks. </p> 416 417<p> 418Specify an empty value (address_verify_sender =) or <> if you want 419to use the null sender address. Beware, some sites reject mail from 420<>, even though RFCs require that such addresses be accepted. 421</p> 422 423<p> 424Examples: 425</p> 426 427<pre> 428address_verify_sender = <> 429address_verify_sender = postmaster@my.domain 430</pre> 431 432<p> 433This feature is available in Postfix 2.1 and later. 434</p> 435 436%PARAM address_verify_transport_maps $transport_maps 437 438<p> 439Overrides the transport_maps parameter setting for address verification 440probes. 441</p> 442 443<p> 444This feature is available in Postfix 2.1 and later. 445</p> 446 447%PARAM address_verify_virtual_transport $virtual_transport 448 449<p> 450Overrides the virtual_transport parameter setting for address 451verification probes. 452</p> 453 454<p> 455This feature is available in Postfix 2.1 and later. 456</p> 457 458%PARAM alias_database see "postconf -d" output 459 460<p> 461The alias databases for local(8) delivery that are updated with 462"<b>newaliases</b>" or with "<b>sendmail -bi</b>". 463</p> 464 465<p> 466This is a separate configuration parameter because not all the 467tables specified with $alias_maps have to be local files. 468</p> 469 470<p> 471Examples: 472</p> 473 474<pre> 475alias_database = hash:/etc/aliases 476alias_database = hash:/etc/mail/aliases 477</pre> 478 479%PARAM alias_maps see "postconf -d" output 480 481<p> 482The alias databases that are used for local(8) delivery. See 483aliases(5) for syntax details. 484</p> 485 486<p> 487The default list is system dependent. On systems with NIS, the 488default is to search the local alias database, then the NIS alias 489database. 490</p> 491 492<p> 493If you change the alias database, run "<b>postalias /etc/aliases</b>" 494(or wherever your system stores the mail alias file), or simply 495run "<b>newaliases</b>" to build the necessary DBM or DB file. 496</p> 497 498<p> 499The local(8) delivery agent disallows regular expression substitution 500of $1 etc. in alias_maps, because that would open a security hole. 501</p> 502 503<p> 504The local(8) delivery agent will silently ignore requests to use 505the proxymap(8) server within alias_maps. Instead it will open the 506table directly. Before Postfix version 2.2, the local(8) delivery 507agent will terminate with a fatal error. 508</p> 509 510<p> 511Examples: 512</p> 513 514<pre> 515alias_maps = hash:/etc/aliases, nis:mail.aliases 516alias_maps = hash:/etc/aliases 517</pre> 518 519%PARAM allow_mail_to_commands alias, forward 520 521<p> 522Restrict local(8) mail delivery to external commands. The default 523is to disallow delivery to "|command" in :include: files (see 524aliases(5) for the text that defines this terminology). 525</p> 526 527<p> 528Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 529in order to allow commands in aliases(5), .forward files or in 530:include: files, respectively. 531</p> 532 533<p> 534Example: 535</p> 536 537<pre> 538allow_mail_to_commands = alias,forward,include 539</pre> 540 541%PARAM allow_mail_to_files alias, forward 542 543<p> 544Restrict local(8) mail delivery to external files. The default is 545to disallow "/file/name" destinations in :include: files (see 546aliases(5) for the text that defines this terminology). 547</p> 548 549<p> 550Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 551in order to allow "/file/name" destinations in aliases(5), .forward 552files and in :include: files, respectively. 553</p> 554 555<p> 556Example: 557</p> 558 559<pre> 560allow_mail_to_files = alias,forward,include 561</pre> 562 563%PARAM allow_min_user no 564 565<p> 566Allow a sender or recipient address to have `-' as the first 567character. By 568default, this is not allowed, to avoid accidents with software that 569passes email addresses via the command line. Such software 570would not be able to distinguish a malicious address from a 571bona fide command-line option. Although this can be prevented by 572inserting a "--" option terminator into the command line, this is 573difficult to enforce consistently and globally. </p> 574 575<p> As of Postfix version 2.5, this feature is implemented by 576trivial-rewrite(8). With earlier versions this feature was implemented 577by qmgr(8) and was limited to recipient addresses only. </p> 578 579%PARAM allow_percent_hack yes 580 581<p> 582Enable the rewriting of the form "user%domain" to "user@domain". 583This is enabled by default. 584</p> 585 586<p> Note: with Postfix version 2.2, message header address rewriting 587happens only when one of the following conditions is true: </p> 588 589<ul> 590 591<li> The message is received with the Postfix sendmail(1) command, 592 593<li> The message is received from a network client that matches 594$local_header_rewrite_clients, 595 596<li> The message is received from the network, and the 597remote_header_rewrite_domain parameter specifies a non-empty value. 598 599</ul> 600 601<p> To get the behavior before Postfix version 2.2, specify 602"local_header_rewrite_clients = static:all". </p> 603 604<p> 605Example: 606</p> 607 608<pre> 609allow_percent_hack = no 610</pre> 611 612%PARAM allow_untrusted_routing no 613 614<p> 615Forward mail with sender-specified routing (user[@%!]remote[@%!]site) 616from untrusted clients to destinations matching $relay_domains. 617</p> 618 619<p> 620By default, this feature is turned off. This closes a nasty open 621relay loophole where a backup MX host can be tricked into forwarding 622junk mail to a primary MX host which then spams it out to the world. 623</p> 624 625<p> 626This parameter also controls if non-local addresses with sender-specified 627routing can match Postfix access tables. By default, such addresses 628cannot match Postfix access tables, because the address is ambiguous. 629</p> 630 631%PARAM always_bcc 632 633<p> 634Optional address that receives a "blind carbon copy" of each message 635that is received by the Postfix mail system. 636</p> 637 638<p> 639Note: if mail to the BCC address bounces it will be returned to 640the sender. 641</p> 642 643<p> Note: automatic BCC recipients are produced only for new mail. 644To avoid mailer loops, automatic BCC recipients are not generated 645after Postfix forwards mail internally, or after Postfix generates 646mail itself. </p> 647 648%PARAM berkeley_db_create_buffer_size 16777216 649 650<p> 651The per-table I/O buffer size for programs that create Berkeley DB 652hash or btree tables. Specify a byte count. 653</p> 654 655<p> 656This feature is available in Postfix 2.0 and later. 657</p> 658 659%PARAM berkeley_db_read_buffer_size 131072 660 661<p> 662The per-table I/O buffer size for programs that read Berkeley DB 663hash or btree tables. Specify a byte count. 664</p> 665 666<p> 667This feature is available in Postfix 2.0 and later. 668</p> 669 670%PARAM best_mx_transport 671 672<p> 673Where the Postfix SMTP client should deliver mail when it detects 674a "mail loops back to myself" error condition. This happens when 675the local MTA is the best SMTP mail exchanger for a destination 676not listed in $mydestination, $inet_interfaces, $proxy_interfaces, 677$virtual_alias_domains, or $virtual_mailbox_domains. By default, 678the Postfix SMTP client returns such mail as undeliverable. 679</p> 680 681<p> 682Specify, for example, "best_mx_transport = local" to pass the mail 683from the Postfix SMTP client to the local(8) delivery agent. You 684can specify 685any message delivery "transport" or "transport:nexthop" that is 686defined in the master.cf file. See the transport(5) manual page 687for the syntax and meaning of "transport" or "transport:nexthop". 688</p> 689 690<p> 691However, this feature is expensive because it ties up a Postfix 692SMTP client process while the local(8) delivery agent is doing its 693work. It is more efficient (for Postfix) to list all hosted domains 694in a table or database. 695</p> 696 697%PARAM biff yes 698 699<p> 700Whether or not to use the local biff service. This service sends 701"new mail" notifications to users who have requested new mail 702notification with the UNIX command "biff y". 703</p> 704 705<p> 706For compatibility reasons this feature is on by default. On systems 707with lots of interactive users, the biff service can be a performance 708drain. Specify "biff = no" in main.cf to disable. 709</p> 710 711%PARAM body_checks 712 713<p> Optional lookup tables for content inspection as specified in 714the body_checks(5) manual page. </p> 715 716<p> Note: with Postfix versions before 2.0, these rules inspect 717all content after the primary message headers. </p> 718 719%PARAM body_checks_size_limit 51200 720 721<p> 722How much text in a message body segment (or attachment, if you 723prefer to use that term) is subjected to body_checks inspection. 724The amount of text is limited to avoid scanning huge attachments. 725</p> 726 727<p> 728This feature is available in Postfix 2.0 and later. 729</p> 730 731%PARAM bounce_queue_lifetime 5d 732 733<p> 734The maximal time a bounce message is queued before it is considered 735undeliverable. By default, this is the same as the queue life time 736for regular mail. 737</p> 738 739<p> 740Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 741The default time unit is d (days). 742</p> 743 744<p> 745Specify 0 when mail delivery should be tried only once. 746</p> 747 748<p> 749This feature is available in Postfix 2.1 and later. 750</p> 751 752%PARAM bounce_size_limit 50000 753 754<p> The maximal amount of original message text that is sent in a 755non-delivery notification. Specify a byte count. A message is 756returned as either message/rfc822 (the complete original) or as 757text/rfc822-headers (the headers only). With Postfix version 2.4 758and earlier, a message is always returned as message/rfc822 and is 759truncated when it exceeds the size limit. 760</p> 761 762<p> Notes: </p> 763 764<ul> 765 766<li> <p> If you increase this limit, then you should increase the 767mime_nesting_limit value proportionally. </p> 768 769<li> <p> Be careful when making changes. Excessively large values 770will result in the loss of non-delivery notifications, when a bounce 771message size exceeds a local or remote MTA's message size limit. 772</p> 773 774</ul> 775 776%PARAM canonical_maps 777 778<p> 779Optional address mapping lookup tables for message headers and 780envelopes. The mapping is applied to both sender and recipient 781addresses, in both envelopes and in headers, as controlled 782with the canonical_classes parameter. This is typically used 783to clean up dirty addresses from legacy mail systems, or to replace 784login names by Firstname.Lastname. The table format and lookups 785are documented in canonical(5). For an overview of Postfix address 786manipulations see the ADDRESS_REWRITING_README document. 787</p> 788 789<p> 790If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to 791build the necessary DBM or DB file after every change. The changes 792will become visible after a minute or so. Use "<b>postfix reload</b>" 793to eliminate the delay. 794</p> 795 796<p> Note: with Postfix version 2.2, message header address mapping 797happens only when message header address rewriting is enabled: </p> 798 799<ul> 800 801<li> The message is received with the Postfix sendmail(1) command, 802 803<li> The message is received from a network client that matches 804$local_header_rewrite_clients, 805 806<li> The message is received from the network, and the 807remote_header_rewrite_domain parameter specifies a non-empty value. 808 809</ul> 810 811<p> To get the behavior before Postfix version 2.2, specify 812"local_header_rewrite_clients = static:all". </p> 813 814<p> 815Examples: 816</p> 817 818<pre> 819canonical_maps = dbm:/etc/postfix/canonical 820canonical_maps = hash:/etc/postfix/canonical 821</pre> 822 823%PARAM canonical_classes envelope_sender, envelope_recipient, header_sender, header_recipient 824 825<p> What addresses are subject to canonical_maps address mapping. 826By default, canonical_maps address mapping is applied to envelope 827sender and recipient addresses, and to header sender and header 828recipient addresses. </p> 829 830<p> Specify one or more of: envelope_sender, envelope_recipient, 831header_sender, header_recipient </p> 832 833<p> This feature is available in Postfix 2.2 and later. </p> 834 835%PARAM sender_canonical_classes envelope_sender, header_sender 836 837<p> What addresses are subject to sender_canonical_maps address 838mapping. By default, sender_canonical_maps address mapping is 839applied to envelope sender addresses, and to header sender addresses. 840</p> 841 842<p> Specify one or more of: envelope_sender, header_sender </p> 843 844<p> This feature is available in Postfix 2.2 and later. </p> 845 846%PARAM recipient_canonical_classes envelope_recipient, header_recipient 847 848<p> What addresses are subject to recipient_canonical_maps address 849mapping. By default, recipient_canonical_maps address mapping is 850applied to envelope recipient addresses, and to header recipient 851addresses. </p> 852 853<p> Specify one or more of: envelope_recipient, header_recipient 854</p> 855 856<p> This feature is available in Postfix 2.2 and later. </p> 857 858%PARAM command_directory see "postconf -d" output 859 860<p> 861The location of all postfix administrative commands. 862</p> 863 864%PARAM command_time_limit 1000s 865 866<p> 867Time limit for delivery to external commands. This limit is used 868by the local(8) delivery agent, and is the default time limit for 869delivery by the pipe(8) delivery agent. 870</p> 871 872<p> 873Note: if you set this time limit to a large value you must update the 874global ipc_timeout parameter as well. 875</p> 876 877%PARAM daemon_directory see "postconf -d" output 878 879<p> 880The directory with Postfix support programs and daemon programs. 881These should not be invoked directly by humans. The directory must 882be owned by root. 883</p> 884 885%PARAM daemon_timeout 18000s 886 887<p> How much time a Postfix daemon process may take to handle a 888request before it is terminated by a built-in watchdog timer. </p> 889 890<p> 891Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 892The default time unit is s (seconds). 893</p> 894 895%PARAM debug_peer_level 2 896 897<p> The increment in verbose logging level when a remote client or 898server matches a pattern in the debug_peer_list parameter. </p> 899 900%PARAM debug_peer_list 901 902<p> Optional list of remote client or server hostname or network 903address patterns that cause the verbose logging level to increase 904by the amount specified in $debug_peer_level. </p> 905 906<p> Specify domain names, network/netmask patterns, "/file/name" 907patterns or "type:table" lookup tables. The right-hand side result 908from "type:table" lookups is ignored. </p> 909 910<p> Pattern matching of domain names is controlled by the 911parent_domain_matches_subdomains parameter. </p> 912 913<p> 914Examples: 915</p> 916 917<pre> 918debug_peer_list = 127.0.0.1 919debug_peer_list = example.com 920</pre> 921 922%PARAM default_database_type see "postconf -d" output 923 924<p> 925The default database type for use in newaliases(1), postalias(1) 926and postmap(1) commands. On many UNIX systems the default type is 927either <b>dbm</b> or <b>hash</b>. The default setting is frozen 928when the Postfix system is built. 929</p> 930 931<p> 932Examples: 933</p> 934 935<pre> 936default_database_type = hash 937default_database_type = dbm 938</pre> 939 940%PARAM default_delivery_slot_cost 5 941 942<p> 943How often the Postfix queue manager's scheduler is allowed to 944preempt delivery of one message with another. 945</p> 946 947<p> 948Each transport maintains a so-called "available delivery slot counter" 949for each message. One message can be preempted by another one when 950the other message can be delivered using no more delivery slots 951(i.e., invocations of delivery agents) than the current message 952counter has accumulated (or will eventually accumulate - see about 953slot loans below). This parameter controls how often is the counter 954incremented - it happens after each default_delivery_slot_cost 955recipients have been delivered. 956</p> 957 958<p> 959The cost of 0 is used to disable the preempting scheduling completely. 960The minimum value the scheduling algorithm can use is 2 - use it 961if you want to maximize the message throughput rate. Although there 962is no maximum, it doesn't make much sense to use values above say 96350. 964</p> 965 966<p> 967The only reason why the value of 2 is not the default is the way 968this parameter affects the delivery of mailing-list mail. In the 969worst case, their delivery can take somewhere between (cost+1/cost) 970and (cost/cost-1) times more than if the preemptive scheduler was 971disabled. The default value of 5 turns out to provide reasonable 972message response times while making sure the mailing-list deliveries 973are not extended by more than 20-25 percent even in the worst case. 974</p> 975 976<p> Use <i>transport</i>_delivery_slot_cost to specify a 977transport-specific override, where <i>transport</i> is the master.cf 978name of the message delivery transport. 979</p> 980 981<p> 982Examples: 983</p> 984 985<pre> 986default_delivery_slot_cost = 0 987default_delivery_slot_cost = 2 988</pre> 989 990%PARAM default_destination_concurrency_limit 20 991 992<p> 993The default maximal number of parallel deliveries to the same 994destination. This is the default limit for delivery via the lmtp(8), 995pipe(8), smtp(8) and virtual(8) delivery agents. 996With per-destination recipient limit > 1, a destination is a domain, 997otherwise it is a recipient. 998</p> 999 1000<p> Use <i>transport</i>_destination_concurrency_limit to specify a 1001transport-specific override, where <i>transport</i> is the master.cf 1002name of the message delivery transport. 1003</p> 1004 1005%PARAM default_destination_recipient_limit 50 1006 1007<p> 1008The default maximal number of recipients per message delivery. 1009This is the default limit for delivery via the lmtp(8), pipe(8), 1010smtp(8) and virtual(8) delivery agents. 1011</p> 1012 1013<p> Setting this parameter to a value of 1 changes the meaning of 1014the corresponding per-destination concurrency limit from concurrency 1015per domain into concurrency per recipient. </p> 1016 1017<p> Use <i>transport</i>_destination_recipient_limit to specify a 1018transport-specific override, where <i>transport</i> is the master.cf 1019name of the message delivery transport. 1020</p> 1021 1022%PARAM default_extra_recipient_limit 1000 1023 1024<p> 1025The default value for the extra per-transport limit imposed on the 1026number of in-memory recipients. This extra recipient space is 1027reserved for the cases when the Postfix queue manager's scheduler 1028preempts one message with another and suddenly needs some extra 1029recipients slots for the chosen message in order to avoid performance 1030degradation. 1031</p> 1032 1033<p> Use <i>transport</i>_extra_recipient_limit to specify a 1034transport-specific override, where <i>transport</i> is the master.cf 1035name of the message delivery transport. 1036</p> 1037 1038%PARAM default_minimum_delivery_slots 3 1039 1040<p> 1041How many recipients a message must have in order to invoke the 1042Postfix queue manager's scheduling algorithm at all. Messages 1043which would never accumulate at least this many delivery slots 1044(subject to slot cost parameter as well) are never preempted. 1045</p> 1046 1047<p> Use <i>transport</i>_minimum_delivery_slots to specify a 1048transport-specific override, where <i>transport</i> is the master.cf 1049name of the message delivery transport. 1050</p> 1051 1052%PARAM default_privs nobody 1053 1054<p> 1055The default rights used by the local(8) delivery agent for delivery 1056to external file or command. These rights are used when delivery 1057is requested from an aliases(5) file that is owned by <b>root</b>, or 1058when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A 1059PRIVILEGED USER OR THE POSTFIX OWNER</b>. 1060</p> 1061 1062%PARAM default_process_limit 100 1063 1064<p> 1065The default maximal number of Postfix child processes that provide 1066a given service. This limit can be overruled for specific services 1067in the master.cf file. 1068</p> 1069 1070%PARAM default_rbl_reply see "postconf -d" output 1071 1072<p> 1073The default SMTP server response template for a request that is 1074rejected by an RBL-based restriction. This template can be overruled 1075by specific entries in the optional rbl_reply_maps lookup table. 1076</p> 1077 1078<p> 1079This feature is available in Postfix 2.0 and later. 1080</p> 1081 1082<p> 1083The template is subject to exactly one level of $name substitution: 1084</p> 1085 1086<dl> 1087 1088<dt><b>$client</b></dt> 1089 1090<dd>The client hostname and IP address, formatted as name[address]. </dd> 1091 1092<dt><b>$client_address</b></dt> 1093 1094<dd>The client IP address. </dd> 1095 1096<dt><b>$client_name</b></dt> 1097 1098<dd>The client hostname or "unknown". See reject_unknown_client_hostname 1099for more details. </dd> 1100 1101<dt><b>$reverse_client_name</b></dt> 1102 1103<dd>The client hostname from address->name lookup, or "unknown". 1104See reject_unknown_reverse_client_hostname for more details. </dd> 1105 1106#<dt><b>$forward_client_name</b></dt> 1107# 1108#<dd>The client hostname from address->name lookup followed by 1109#name->address lookup, or "unknown". See 1110#reject_unknown_forward_client_hostname for more details. </dd> 1111 1112<dt><b>$helo_name</b></dt> 1113 1114<dd>The hostname given in HELO or EHLO command or empty string. </dd> 1115 1116<dt><b>$rbl_class</b></dt> 1117 1118<dd>The blacklisted entity type: Client host, Helo command, Sender 1119address, or Recipient address. </dd> 1120 1121<dt><b>$rbl_code</b></dt> 1122 1123<dd>The numerical SMTP response code, as specified with the 1124maps_rbl_reject_code configuration parameter. Note: The numerical 1125SMTP response code is required, and must appear at the start of the 1126reply. With Postfix version 2.3 and later this information may be followed 1127by an RFC 3463 enhanced status code. </dd> 1128 1129<dt><b>$rbl_domain</b></dt> 1130 1131<dd>The RBL domain where $rbl_what is blacklisted. </dd> 1132 1133<dt><b>$rbl_reason</b></dt> 1134 1135<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd> 1136 1137<dt><b>$rbl_what</b></dt> 1138 1139<dd>The entity that is blacklisted (an IP address, a hostname, a domain 1140name, or an email address whose domain was blacklisted). </dd> 1141 1142<dt><b>$recipient</b></dt> 1143 1144<dd>The recipient address or <> in case of the null address. </dd> 1145 1146<dt><b>$recipient_domain</b></dt> 1147 1148<dd>The recipient domain or empty string. </dd> 1149 1150<dt><b>$recipient_name</b></dt> 1151 1152<dd>The recipient address localpart or <> in case of null address. </dd> 1153 1154<dt><b>$sender</b></dt> 1155 1156<dd>The sender address or <> in case of the null address. </dd> 1157 1158<dt><b>$sender_domain</b></dt> 1159 1160<dd>The sender domain or empty string. </dd> 1161 1162<dt><b>$sender_name</b></dt> 1163 1164<dd>The sender address localpart or <> in case of the null address. </dd> 1165 1166<dt><b>${name?text}</b></dt> 1167 1168<dd>Expands to `text' if $name is not empty. </dd> 1169 1170<dt><b>${name:text}</b></dt> 1171 1172<dd>Expands to `text' if $name is empty. </dd> 1173 1174</dl> 1175 1176<p> 1177Instead of $name you can also specify ${name} or $(name). 1178</p> 1179 1180<p> Note: when an enhanced status code is specified in an RBL reply 1181template, it is subject to modification. The following transformations 1182are needed when the same RBL reply template is used for client, 1183helo, sender, or recipient access restrictions. </p> 1184 1185<ul> 1186 1187<li> <p> When rejecting a sender address, the Postfix SMTP server 1188will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the 1189corresponding sender DSN status, and vice versa. </p> 1190 1191<li> <p> When rejecting non-address information (such as the HELO 1192command argument or the client hostname/address), the Postfix SMTP 1193server will transform a sender or recipient DSN status into a generic 1194non-address DSN status (e.g., 4.0.0). </p> 1195 1196</ul> 1197 1198%PARAM smtpd_expansion_filter see "postconf -d" output 1199 1200<p> 1201The smtpd_expansion_filter configuration parameter controls what 1202characters may appear in $name expansions. 1203</p> 1204 1205%PARAM default_recipient_limit 20000 1206 1207<p> 1208The default per-transport upper limit on the number of in-memory 1209recipients. These limits take priority over the global 1210qmgr_message_recipient_limit after the message has been assigned 1211to the respective transports. See also default_extra_recipient_limit 1212and qmgr_message_recipient_minimum. 1213</p> 1214 1215<p> Use <i>transport</i>_recipient_limit to specify a 1216transport-specific override, where <i>transport</i> is the master.cf 1217name of the message delivery transport. 1218</p> 1219 1220%PARAM default_recipient_refill_limit 100 1221 1222<p> 1223The default per-transport limit on the number of recipients refilled at 1224once. When not all message recipients fit into the memory at once, keep 1225loading more of them in batches of at least this many at a time. See also 1226$default_recipient_refill_delay, which may result in recipient batches 1227lower than this when this limit is too high for too slow deliveries. 1228</p> 1229 1230<p> Use <i>transport</i>_recipient_refill_limit to specify a 1231transport-specific override, where <i>transport</i> is the master.cf 1232name of the message delivery transport. 1233</p> 1234 1235<p> This feature is available in Postfix 2.4 and later. </p> 1236 1237%PARAM default_recipient_refill_delay 5s 1238 1239<p> 1240The default per-transport maximum delay between recipients refills. 1241When not all message recipients fit into the memory at once, keep loading 1242more of them at least once every this many seconds. This is used to 1243make sure the recipients are refilled in timely manner even when 1244$default_recipient_refill_limit is too high for too slow deliveries. 1245</p> 1246 1247<p> Use <i>transport</i>_recipient_refill_delay to specify a 1248transport-specific override, where <i>transport</i> is the master.cf 1249name of the message delivery transport. 1250</p> 1251 1252<p> This feature is available in Postfix 2.4 and later. </p> 1253 1254%PARAM default_transport smtp 1255 1256<p> 1257The default mail delivery transport and next-hop destination for 1258destinations that do not match $mydestination, $inet_interfaces, 1259$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, 1260or $relay_domains. This information can be overruled with the 1261sender_dependent_default_transport_maps parameter and with the 1262transport(5) table. </p> 1263 1264<p> 1265In order of decreasing precedence, the nexthop destination is taken 1266from $sender_dependent_default_transport_maps, $default_transport, 1267$sender_dependent_relayhost_maps, $relayhost, or from the recipient 1268domain. 1269</p> 1270 1271<p> 1272Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 1273is the name of a mail delivery transport defined in master.cf. 1274The <i>:nexthop</i> destination is optional; its syntax is documented 1275in the manual page of the corresponding delivery agent. 1276</p> 1277 1278<p> 1279Example: 1280</p> 1281 1282<pre> 1283default_transport = uucp:relayhostname 1284</pre> 1285 1286%PARAM defer_code 450 1287 1288<p> 1289The numerical Postfix SMTP server response code when a remote SMTP 1290client request is rejected by the "defer" restriction. 1291</p> 1292 1293<p> 1294Do not change this unless you have a complete understanding of RFC 2821. 1295</p> 1296 1297%PARAM defer_transports 1298 1299<p> 1300The names of message delivery transports that should not deliver mail 1301unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero 1302or more names of mail delivery transports names that appear in the 1303first field of master.cf. 1304</p> 1305 1306<p> 1307Example: 1308</p> 1309 1310<pre> 1311defer_transports = smtp 1312</pre> 1313 1314%PARAM deliver_lock_attempts 20 1315 1316<p> 1317The maximal number of attempts to acquire an exclusive lock on a 1318mailbox file or bounce(8) logfile. 1319</p> 1320 1321%PARAM deliver_lock_delay 1s 1322 1323<p> 1324The time between attempts to acquire an exclusive lock on a mailbox 1325file or bounce(8) logfile. 1326</p> 1327 1328<p> 1329Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1330The default time unit is s (seconds). 1331</p> 1332 1333%PARAM disable_vrfy_command no 1334 1335<p> 1336Disable the SMTP VRFY command. This stops some techniques used to 1337harvest email addresses. 1338</p> 1339 1340<p> 1341Example: 1342</p> 1343 1344<pre> 1345disable_vrfy_command = no 1346</pre> 1347 1348%PARAM double_bounce_sender double-bounce 1349 1350<p> The sender address of postmaster notifications that are generated 1351by the mail system. All mail to this address is silently discarded, 1352in order to terminate mail bounce loops. </p> 1353 1354%PARAM duplicate_filter_limit 1000 1355 1356<p> The maximal number of addresses remembered by the address 1357duplicate filter for aliases(5) or virtual(5) alias expansion, or 1358for showq(8) queue displays. </p> 1359 1360%PARAM enable_original_recipient yes 1361 1362<p> Enable support for the X-Original-To message header. This header 1363is needed for multi-recipient mailboxes. </p> 1364 1365<p> When this parameter is set to yes, the cleanup(8) daemon performs 1366duplicate elimination on distinct pairs of (original recipient, 1367rewritten recipient), and generates non-empty original recipient 1368queue file records. </p> 1369 1370<p> When this parameter is set to no, the cleanup(8) daemon performs 1371duplicate elimination on the rewritten recipient address only, and 1372generates empty original recipient queue file records. </p> 1373 1374<p> This feature is available in Postfix 2.1 and later. With Postfix 1375version 2.0, support for the X-Original-To message header is always turned 1376on. Postfix versions before 2.0 have no support for the X-Original-To 1377message header. </p> 1378 1379%PARAM export_environment see "postconf -d" output 1380 1381<p> 1382The list of environment variables that a Postfix process will export 1383to non-Postfix processes. The TZ variable is needed for sane 1384time keeping on System-V-ish systems. 1385</p> 1386 1387<p> 1388Specify a list of names and/or name=value pairs, separated by 1389whitespace or comma. The name=value form is supported with 1390Postfix version 2.1 and later. 1391</p> 1392 1393<p> 1394Example: 1395</p> 1396 1397<pre> 1398export_environment = TZ PATH=/bin:/usr/bin 1399</pre> 1400 1401%PARAM smtp_fallback_relay $fallback_relay 1402 1403<p> 1404Optional list of relay hosts for SMTP destinations that can't be 1405found or that are unreachable. With Postfix 2.2 and earlier this 1406parameter is called fallback_relay. </p> 1407 1408<p> 1409By default, mail is returned to the sender when a destination is 1410not found, and delivery is deferred when a destination is unreachable. 1411</p> 1412 1413<p> The fallback relays must be SMTP destinations. Specify a domain, 1414host, host:port, [host]:port, [address] or [address]:port; the form 1415[host] turns off MX lookups. If you specify multiple SMTP 1416destinations, Postfix will try them in the specified order. </p> 1417 1418<p> To prevent mailer loops between MX hosts and fall-back hosts, 1419Postfix version 2.2 and later will not use the fallback relays for 1420destinations that it is MX host for (assuming DNS lookup is turned on). 1421</p> 1422 1423%PARAM fallback_relay 1424 1425<p> 1426Optional list of relay hosts for SMTP destinations that can't be 1427found or that are unreachable. With Postfix 2.3 this parameter 1428is renamed to smtp_fallback_relay. </p> 1429 1430<p> 1431By default, mail is returned to the sender when a destination is 1432not found, and delivery is deferred when a destination is unreachable. 1433</p> 1434 1435<p> The fallback relays must be SMTP destinations. Specify a domain, 1436host, host:port, [host]:port, [address] or [address]:port; the form 1437[host] turns off MX lookups. If you specify multiple SMTP 1438destinations, Postfix will try them in the specified order. </p> 1439 1440<p> Note: before Postfix 2.2, do not use the fallback_relay feature 1441when relaying mail 1442for a backup or primary MX domain. Mail would loop between the 1443Postfix MX host and the fallback_relay host when the final destination 1444is unavailable. </p> 1445 1446<ul> 1447 1448<li> In main.cf specify "relay_transport = relay", 1449 1450<li> In master.cf specify "-o fallback_relay =" (i.e., empty) at 1451the end of the <tt>relay</tt> entry. 1452 1453<li> In transport maps, specify "relay:<i>nexthop...</i>" 1454as the right-hand side for backup or primary MX domain entries. 1455 1456</ul> 1457 1458<p> Postfix version 2.2 and later will not use the fallback_relay feature 1459for destinations that it is MX host for. 1460</p> 1461 1462%PARAM fast_flush_domains $relay_domains 1463 1464<p> 1465Optional list of destinations that are eligible for per-destination 1466logfiles with mail that is queued to those destinations. 1467</p> 1468 1469<p> 1470By default, Postfix maintains "fast flush" logfiles only for 1471destinations that the Postfix SMTP server is willing to relay to 1472(i.e. the default is: "fast_flush_domains = $relay_domains"; see 1473the relay_domains parameter in the postconf(5) manual). 1474</p> 1475 1476<p> Specify a list of hosts or domains, "/file/name" patterns or 1477"type:table" lookup tables, separated by commas and/or whitespace. 1478Continue long lines by starting the next line with whitespace. A 1479"/file/name" pattern is replaced by its contents; a "type:table" 1480lookup table is matched when the domain or its parent domain appears 1481as lookup key. </p> 1482 1483<p> 1484Specify "fast_flush_domains =" (i.e., empty) to disable the feature 1485altogether. 1486</p> 1487 1488%PARAM fast_flush_purge_time 7d 1489 1490<p> 1491The time after which an empty per-destination "fast flush" logfile 1492is deleted. 1493</p> 1494 1495<p> 1496You can specify the time as a number, or as a number followed by 1497a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 1498d=days, w=weeks. The default time unit is days. 1499</p> 1500 1501%PARAM fast_flush_refresh_time 12h 1502 1503<p> 1504The time after which a non-empty but unread per-destination "fast 1505flush" logfile needs to be refreshed. The contents of a logfile 1506are refreshed by requesting delivery of all messages listed in the 1507logfile. 1508</p> 1509 1510<p> 1511You can specify the time as a number, or as a number followed by 1512a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 1513d=days, w=weeks. The default time unit is hours. 1514</p> 1515 1516%PARAM fork_attempts 5 1517 1518<p> The maximal number of attempts to fork() a child process. </p> 1519 1520%PARAM fork_delay 1s 1521 1522<p> The delay between attempts to fork() a child process. </p> 1523 1524<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 1525(weeks). The default time unit is s (seconds). </p> 1526 1527%PARAM execution_directory_expansion_filter see "postconf -d" output 1528 1529<p> Restrict the characters that the local(8) delivery agent allows 1530in $name expansions of $command_execution_directory. Characters 1531outside the allowed set are replaced by underscores. </p> 1532 1533<p> This feature is available in Postfix 2.2 and later. </p> 1534 1535%PARAM command_execution_directory 1536 1537<p> The local(8) delivery agent working directory for delivery to 1538external command. Failure to change directory causes the delivery 1539to be deferred. </p> 1540 1541<p> The following $name expansions are done on command_execution_directory 1542before the directory is changed. Expansion happens in the context 1543of the delivery request. The result of $name expansion is filtered 1544with the character set that is specified with the 1545execution_directory_expansion_filter parameter. </p> 1546 1547<dl> 1548 1549<dt><b>$user</b></dt> 1550 1551<dd>The recipient's username. </dd> 1552 1553<dt><b>$shell</b></dt> 1554 1555<dd>The recipient's login shell pathname. </dd> 1556 1557<dt><b>$home</b></dt> 1558 1559<dd>The recipient's home directory. </dd> 1560 1561<dt><b>$recipient</b></dt> 1562 1563<dd>The full recipient address. </dd> 1564 1565<dt><b>$extension</b></dt> 1566 1567<dd>The optional recipient address extension. </dd> 1568 1569<dt><b>$domain</b></dt> 1570 1571<dd>The recipient domain. </dd> 1572 1573<dt><b>$local</b></dt> 1574 1575<dd>The entire recipient localpart. </dd> 1576 1577<dt><b>$recipient_delimiter</b></dt> 1578 1579<dd>The system-wide recipient address extension delimiter. </dd> 1580 1581<dt><b>${name?value}</b></dt> 1582 1583<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1584 1585<dt><b>${name:value}</b></dt> 1586 1587<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1588 1589</dl> 1590 1591<p> 1592Instead of $name you can also specify ${name} or $(name). 1593</p> 1594 1595<p> This feature is available in Postfix 2.2 and later. </p> 1596 1597%PARAM forward_path see "postconf -d" output 1598 1599<p> The local(8) delivery agent search list for finding a .forward 1600file with user-specified delivery methods. The first file that is 1601found is used. </p> 1602 1603<p> The following $name expansions are done on forward_path before 1604the search actually happens. The result of $name expansion is 1605filtered with the character set that is specified with the 1606forward_expansion_filter parameter. </p> 1607 1608<dl> 1609 1610<dt><b>$user</b></dt> 1611 1612<dd>The recipient's username. </dd> 1613 1614<dt><b>$shell</b></dt> 1615 1616<dd>The recipient's login shell pathname. </dd> 1617 1618<dt><b>$home</b></dt> 1619 1620<dd>The recipient's home directory. </dd> 1621 1622<dt><b>$recipient</b></dt> 1623 1624<dd>The full recipient address. </dd> 1625 1626<dt><b>$extension</b></dt> 1627 1628<dd>The optional recipient address extension. </dd> 1629 1630<dt><b>$domain</b></dt> 1631 1632<dd>The recipient domain. </dd> 1633 1634<dt><b>$local</b></dt> 1635 1636<dd>The entire recipient localpart. </dd> 1637 1638<dt><b>$recipient_delimiter</b></dt> 1639 1640<dd>The system-wide recipient address extension delimiter. </dd> 1641 1642<dt><b>${name?value}</b></dt> 1643 1644<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1645 1646<dt><b>${name:value}</b></dt> 1647 1648<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1649 1650</dl> 1651 1652<p> 1653Instead of $name you can also specify ${name} or $(name). 1654</p> 1655 1656<p> 1657Examples: 1658</p> 1659 1660<pre> 1661forward_path = /var/forward/$user 1662forward_path = 1663 /var/forward/$user/.forward$recipient_delimiter$extension, 1664 /var/forward/$user/.forward 1665</pre> 1666 1667%CLASS queue-hashing Queue directory hashing 1668 1669<p> 1670Queue directory hashing is a performance feature. Splitting one 1671queue directory across multiple subdirectory levels can speed up 1672file access by reducing the number of files per directory. 1673</p> 1674 1675<p> 1676Unfortunately, deeply hashing the incoming or deferred queue can 1677actually slow down the mail system (with a depth of 2, mailq with 1678an empty queue can take several seconds). 1679</p> 1680 1681<p> 1682Hashing must NOT be used with a world-writable maildrop directory. 1683Hashing MUST be used for the defer logfile directory, to avoid poor 1684performance when handling lots of deferred mail. 1685</p> 1686 1687%PARAM hash_queue_depth 1 1688 1689<p> 1690The number of subdirectory levels for queue directories listed with 1691the hash_queue_names parameter. 1692</p> 1693 1694<p> 1695After changing the hash_queue_names or hash_queue_depth parameter, 1696execute the command "<b>postfix reload</b>". 1697</p> 1698 1699%PARAM hash_queue_names deferred, defer 1700 1701<p> 1702The names of queue directories that are split across multiple 1703subdirectory levels. 1704</p> 1705 1706<p> Before Postfix version 2.2, the default list of hashed queues 1707was significantly larger. Claims about improvements in file system 1708technology suggest that hashing of the incoming and active queues 1709is no longer needed. Fewer hashed directories speed up the time 1710needed to restart Postfix. </p> 1711 1712<p> 1713After changing the hash_queue_names or hash_queue_depth parameter, 1714execute the command "<b>postfix reload</b>". 1715</p> 1716 1717%CLASS headerbody-checks Content inspection built-in features 1718 1719<p> 1720The Postfix cleanup(8) server has a limited ability to inspect 1721message headers and body content for signs of trouble. This is not 1722meant to be a substitute for content filters that do complex 1723processing such attachment decoding and unzipping. 1724</p> 1725 1726%PARAM header_checks 1727 1728<p> 1729Optional lookup tables for content inspection of primary non-MIME 1730message headers, as specified in the header_checks(5) manual page. 1731</p> 1732 1733%PARAM header_size_limit 102400 1734 1735<p> 1736The maximal amount of memory in bytes for storing a message header. 1737If a header is larger, the excess is discarded. The limit is 1738enforced by the cleanup(8) server. 1739</p> 1740 1741%PARAM home_mailbox 1742 1743<p> 1744Optional pathname of a mailbox file relative to a local(8) user's 1745home directory. 1746</p> 1747 1748<p> 1749Specify a pathname ending in "/" for qmail-style delivery. 1750</p> 1751 1752<p> The precedence of local(8) delivery features from high to low 1753is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 1754mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 1755fallback_transport_maps, fallback_transport and luser_relay. </p> 1756 1757<p> 1758Examples: 1759</p> 1760 1761<pre> 1762home_mailbox = Mailbox 1763home_mailbox = Maildir/ 1764</pre> 1765 1766%PARAM hopcount_limit 50 1767 1768<p> 1769The maximal number of Received: message headers that is allowed 1770in the primary message headers. A message that exceeds the limit 1771is bounced, in order to stop a mailer loop. 1772</p> 1773 1774%PARAM ignore_mx_lookup_error no 1775 1776<p> Ignore DNS MX lookups that produce no response. By default, 1777the Postfix SMTP client defers delivery and tries again after some 1778delay. This behavior is required by the SMTP standard. </p> 1779 1780<p> 1781Specify "ignore_mx_lookup_error = yes" to force a DNS A record 1782lookup instead. This violates the SMTP standard and can result in 1783mis-delivery of mail. 1784</p> 1785 1786%PARAM import_environment see "postconf -d" output 1787 1788<p> 1789The list of environment parameters that a Postfix process will 1790import from a non-Postfix parent process. Examples of relevant 1791parameters: 1792</p> 1793 1794<dl> 1795 1796<dt><b>TZ</b></dt> 1797 1798<dd>Needed for sane time keeping on most System-V-ish systems. </dd> 1799 1800<dt><b>DISPLAY</b></dt> 1801 1802<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 1803 1804<dt><b>XAUTHORITY</b></dt> 1805 1806<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 1807 1808<dt><b>MAIL_CONFIG</b></dt> 1809 1810<dd>Needed to make "<b>postfix -c</b>" work. </dd> 1811 1812</dl> 1813 1814<p> Specify a list of names and/or name=value pairs, separated by 1815whitespace or comma. The name=value form is supported with 1816Postfix version 2.1 and later. </p> 1817 1818%PARAM in_flow_delay 1s 1819 1820<p> Time to pause before accepting a new message, when the message 1821arrival rate exceeds the message delivery rate. This feature is 1822turned on by default (it's disabled on SCO UNIX due to an SCO bug). 1823</p> 1824 1825<p> 1826With the default 100 SMTP server process limit, "in_flow_delay 1827= 1s" limits the mail inflow to 100 messages per second above the 1828number of messages delivered per second. 1829</p> 1830 1831<p> 1832Specify 0 to disable the feature. Valid delays are 0..10. 1833</p> 1834 1835%PARAM inet_interfaces all 1836 1837<p> The network interface addresses that this mail system receives 1838mail on. Specify "all" to receive mail on all network 1839interfaces (default), and "loopback-only" to receive mail 1840on loopback network interfaces only (Postfix version 2.2 and later). The 1841parameter also controls delivery of mail to <tt>user@[ip.address]</tt>. 1842</p> 1843 1844<p> 1845Note 1: you need to stop and start Postfix when this parameter changes. 1846</p> 1847 1848<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 1849but this form is not required here. </p> 1850 1851<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address 1852that is not a loopback address, the Postfix SMTP client will use 1853this address as the IP source address for outbound mail. Support 1854for IPv6 is available in Postfix version 2.2 and later. </p> 1855 1856<p> 1857On a multi-homed firewall with separate Postfix instances listening on the 1858"inside" and "outside" interfaces, this can prevent each instance from 1859being able to reach servers on the "other side" of the firewall. Setting 1860smtp_bind_address to 0.0.0.0 avoids the potential problem for 1861IPv4, and setting smtp_bind_address6 to :: solves the problem 1862for IPv6. </p> 1863 1864<p> 1865A better solution for multi-homed firewalls is to leave inet_interfaces 1866at the default value and instead use explicit IP addresses in 1867the master.cf SMTP server definitions. This preserves the Postfix 1868SMTP client's 1869loop detection, by ensuring that each side of the firewall knows that the 1870other IP address is still the same host. Setting $inet_interfaces to a 1871single IPv4 and/or IPV6 address is primarily useful with virtual 1872hosting of domains on 1873secondary IP addresses, when each IP address serves a different domain 1874(and has a different $myhostname setting). </p> 1875 1876<p> 1877See also the proxy_interfaces parameter, for network addresses that 1878are forwarded to Postfix by way of a proxy or address translator. 1879</p> 1880 1881<p> 1882Examples: 1883</p> 1884 1885<pre> 1886inet_interfaces = all (DEFAULT) 1887inet_interfaces = loopback-only (Postfix version 2.2 and later) 1888inet_interfaces = 127.0.0.1 1889inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) 1890inet_interfaces = 192.168.1.2, 127.0.0.1 1891</pre> 1892 1893%PARAM inet_protocols ipv4 1894 1895<p> The Internet protocols Postfix will attempt to use when making 1896or accepting connections. Specify one or more of "ipv4" 1897or "ipv6", separated by whitespace or commas. The form 1898"all" is equivalent to "ipv4, ipv6" or "ipv4", depending 1899on whether the operating system implements IPv6. </p> 1900 1901<p> This feature is available in Postfix 2.2 and later. </p> 1902 1903<p> Note: you MUST stop and start Postfix after changing this 1904parameter. </p> 1905 1906<p> On systems that pre-date IPV6_V6ONLY support (RFC 3493), an 1907IPv6 server will also accept IPv4 connections, even when IPv4 is 1908turned off with the inet_protocols parameter. On systems with 1909IPV6_V6ONLY support, Postfix will use separate server sockets for 1910IPv6 and IPv4, and each will accept only connections for the 1911corresponding protocol. </p> 1912 1913<p> When IPv4 support is enabled via the inet_protocols parameter, 1914Postfix will to DNS type A record lookups, and will convert 1915IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original 1916IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date 1917IPV6_V6ONLY support (RFC 3493). </p> 1918 1919<p> When IPv6 support is enabled via the inet_protocols parameter, 1920Postfix will do DNS type AAAA record lookups. </p> 1921 1922<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP 1923client will attempt to connect via IPv6 before attempting to use 1924IPv4. </p> 1925 1926<p> 1927Examples: 1928</p> 1929 1930<pre> 1931inet_protocols = ipv4 (DEFAULT) 1932inet_protocols = all 1933inet_protocols = ipv6 1934inet_protocols = ipv4, ipv6 1935</pre> 1936 1937%PARAM initial_destination_concurrency 5 1938 1939<p> 1940The initial per-destination concurrency level for parallel delivery 1941to the same destination. 1942With per-destination recipient limit > 1, a destination is a domain, 1943otherwise it is a recipient. 1944</p> 1945 1946<p> Use <i>transport</i>_initial_destination_concurrency to specify 1947a transport-specific override, where <i>transport</i> is the master.cf 1948name of the message delivery transport (Postfix 2.5 and later). </p> 1949 1950<p> 1951Warning: with concurrency of 1, one bad message can be enough to 1952block all mail to a site. 1953</p> 1954 1955%PARAM invalid_hostname_reject_code 501 1956 1957<p> 1958The numerical Postfix SMTP server response code when the client 1959HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname 1960restriction. 1961</p> 1962 1963<p> 1964Do not change this unless you have a complete understanding of RFC 2821. 1965</p> 1966 1967%PARAM ipc_idle version dependent 1968 1969<p> 1970The time after which a client closes an idle internal communication 1971channel. The purpose is to allow servers to terminate voluntarily 1972after they become idle. This is used, for example, by the address 1973resolving and rewriting clients. 1974</p> 1975 1976<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p> 1977 1978<p> 1979Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1980The default time unit is s (seconds). 1981</p> 1982 1983%PARAM ipc_timeout 3600s 1984 1985<p> 1986The time limit for sending or receiving information over an internal 1987communication channel. The purpose is to break out of deadlock 1988situations. If the time limit is exceeded the software aborts with a 1989fatal error. 1990</p> 1991 1992<p> 1993Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1994The default time unit is s (seconds). 1995</p> 1996 1997%PARAM ipc_ttl 1000s 1998 1999<p> 2000The time after which a client closes an active internal communication 2001channel. The purpose is to allow servers to terminate voluntarily 2002after reaching their client limit. This is used, for example, by 2003the address resolving and rewriting clients. 2004</p> 2005 2006<p> 2007Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2008The default time unit is s (seconds). 2009</p> 2010 2011<p> 2012This feature is available in Postfix 2.1 and later. 2013</p> 2014 2015%PARAM line_length_limit 2048 2016 2017<p> Upon input, long lines are chopped up into pieces of at most 2018this length; upon delivery, long lines are reconstructed. </p> 2019 2020%PARAM lmtp_connect_timeout 0s 2021 2022<p> The LMTP client time limit for completing a TCP connection, or 2023zero (use the operating system built-in time limit). When no 2024connection can be made within the deadline, the LMTP client tries 2025the next address on the mail exchanger list. </p> 2026 2027<p> 2028Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2029The default time unit is s (seconds). 2030</p> 2031 2032<p> 2033Example: 2034</p> 2035 2036<pre> 2037lmtp_connect_timeout = 30s 2038</pre> 2039 2040%PARAM lmtp_data_done_timeout 600s 2041 2042<p> The LMTP client time limit for sending the LMTP ".", and for 2043receiving the server response. When no response is received within 2044the deadline, a warning is logged that the mail may be delivered 2045multiple times. </p> 2046 2047<p> 2048Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2049The default time unit is s (seconds). 2050</p> 2051 2052%PARAM lmtp_data_init_timeout 120s 2053 2054<p> 2055The LMTP client time limit for sending the LMTP DATA command, and 2056for receiving the server response. 2057</p> 2058 2059<p> 2060Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2061The default time unit is s (seconds). 2062</p> 2063 2064%PARAM lmtp_data_xfer_timeout 180s 2065 2066<p> 2067The LMTP client time limit for sending the LMTP message content. 2068When the connection stalls for more than $lmtp_data_xfer_timeout 2069the LMTP client terminates the transfer. 2070</p> 2071 2072<p> 2073Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2074The default time unit is s (seconds). 2075</p> 2076 2077%PARAM lmtp_lhlo_timeout 300s 2078 2079<p> The LMTP client time limit for receiving the LMTP greeting 2080banner. When the server drops the connection without sending a 2081greeting banner, or when it sends no greeting banner within the 2082deadline, the LMTP client tries the next address on the mail 2083exchanger list. </p> 2084 2085<p> 2086Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2087The default time unit is s (seconds). 2088</p> 2089 2090%PARAM lmtp_mail_timeout 300s 2091 2092<p> 2093The LMTP client time limit for sending the MAIL FROM command, and 2094for receiving the server response. 2095</p> 2096 2097<p> 2098Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2099The default time unit is s (seconds). 2100</p> 2101 2102%PARAM lmtp_quit_timeout 300s 2103 2104<p> 2105The LMTP client time limit for sending the QUIT command, and for 2106receiving the server response. 2107</p> 2108 2109<p> 2110Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2111The default time unit is s (seconds). 2112</p> 2113 2114%PARAM lmtp_rcpt_timeout 300s 2115 2116<p> 2117The LMTP client time limit for sending the RCPT TO command, and 2118for receiving the server response. 2119</p> 2120 2121<p> 2122Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2123The default time unit is s (seconds). 2124</p> 2125 2126%PARAM lmtp_rset_timeout 20s 2127 2128<p> The LMTP client time limit for sending the RSET command, and 2129for receiving the server response. The LMTP client sends RSET in 2130order to finish a recipient address probe, or to verify that a 2131cached connection is still alive. </p> 2132 2133<p> 2134Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2135The default time unit is s (seconds). 2136</p> 2137 2138%PARAM lmtp_send_xforward_command no 2139 2140<p> 2141Send an XFORWARD command to the LMTP server when the LMTP LHLO 2142server response announces XFORWARD support. This allows an lmtp(8) 2143delivery agent, used for content filter message injection, to 2144forward the name, address, protocol and HELO name of the original 2145client to the content filter and downstream queuing LMTP server. 2146Before you change the value to yes, it is best to make sure that 2147your content filter supports this command. 2148</p> 2149 2150<p> 2151This feature is available in Postfix 2.1 and later. 2152</p> 2153 2154%PARAM lmtp_skip_quit_response no 2155 2156<p> 2157Wait for the response to the LMTP QUIT command. 2158</p> 2159 2160%PARAM lmtp_xforward_timeout 300s 2161 2162<p> 2163The LMTP client time limit for sending the XFORWARD command, and 2164for receiving the server response. 2165</p> 2166 2167<p> 2168In case of problems the client does NOT try the next address on 2169the mail exchanger list. 2170</p> 2171 2172<p> 2173Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2174The default time unit is s (seconds). 2175</p> 2176 2177<p> 2178This feature is available in Postfix 2.1 and later. 2179</p> 2180 2181%PARAM local_command_shell 2182 2183<p> 2184Optional shell program for local(8) delivery to non-Postfix command. 2185By default, non-Postfix commands are executed directly; commands 2186are given to given to the default shell (typically, /bin/sh) only 2187when they contain shell meta characters or shell built-in commands. 2188</p> 2189 2190<p> "sendmail's restricted shell" (smrsh) is what most people will 2191use in order to restrict what programs can be run from e.g. .forward 2192files (smrsh is part of the Sendmail distribution). </p> 2193 2194<p> Note: when a shell program is specified, it is invoked even 2195when the command contains no shell built-in commands or meta 2196characters. </p> 2197 2198<p> 2199Example: 2200</p> 2201 2202<pre> 2203local_command_shell = /some/where/smrsh -c 2204local_command_shell = /bin/bash -c 2205</pre> 2206 2207%PARAM local_destination_concurrency_limit 2 2208 2209<p> The maximal number of parallel deliveries via the local mail 2210delivery transport to the same recipient (when 2211"local_destination_recipient_limit = 1") or the maximal number of 2212parallel deliveries to the same local domain (when 2213"local_destination_recipient_limit > 1"). This limit is enforced by 2214the queue manager. The message delivery transport name is the first 2215field in the entry in the master.cf file. </p> 2216 2217<p> A low limit of 2 is recommended, just in case someone has an 2218expensive shell command in a .forward file or in an alias (e.g., 2219a mailing list manager). You don't want to run lots of those at 2220the same time. </p> 2221 2222%PARAM local_destination_recipient_limit 1 2223 2224<p> The maximal number of recipients per message delivery via the 2225local mail delivery transport. This limit is enforced by the queue 2226manager. The message delivery transport name is the first field in 2227the entry in the master.cf file. </p> 2228 2229<p> Setting this parameter to a value > 1 changes the meaning of 2230local_destination_concurrency_limit from concurrency per recipient 2231into concurrency per domain. </p> 2232 2233%PARAM local_recipient_maps proxy:unix:passwd.byname $alias_maps 2234 2235<p> Lookup tables with all names or addresses of local recipients: 2236a recipient address is local when its domain matches $mydestination, 2237$inet_interfaces or $proxy_interfaces. Specify @domain as a 2238wild-card for domains that do not have a valid recipient list. 2239Technically, tables listed with $local_recipient_maps are used as 2240lists: Postfix needs to know only if a lookup string is found or 2241not, but it does not use the result from table lookup. </p> 2242 2243<p> 2244If this parameter is non-empty (the default), then the Postfix SMTP 2245server will reject mail for unknown local users. 2246</p> 2247 2248<p> 2249To turn off local recipient checking in the Postfix SMTP server, 2250specify "local_recipient_maps =" (i.e. empty). 2251</p> 2252 2253<p> 2254The default setting assumes that you use the default Postfix local 2255delivery agent for local delivery. You need to update the 2256local_recipient_maps setting if: 2257</p> 2258 2259<ul> 2260 2261<li>You redefine the local delivery agent in master.cf. 2262 2263<li>You redefine the "local_transport" setting in main.cf. 2264 2265<li>You use the "luser_relay", "mailbox_transport", or "fallback_transport" 2266feature of the Postfix local(8) delivery agent. 2267 2268</ul> 2269 2270<p> 2271Details are described in the LOCAL_RECIPIENT_README file. 2272</p> 2273 2274<p> 2275Beware: if the Postfix SMTP server runs chrooted, you need to access 2276the passwd file via the proxymap(8) service, in order to overcome 2277chroot access restrictions. The alternative, maintaining a copy of 2278the system password file in the chroot jail is not practical. 2279</p> 2280 2281<p> 2282Examples: 2283</p> 2284 2285<pre> 2286local_recipient_maps = 2287</pre> 2288 2289%PARAM local_transport local:$myhostname 2290 2291<p> The default mail delivery transport and next-hop destination 2292for final delivery to domains listed with mydestination, and for 2293[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. 2294This information can be overruled with the transport(5) table. </p> 2295 2296<p> 2297By default, local mail is delivered to the transport called "local", 2298which is just the name of a service that is defined the master.cf file. 2299</p> 2300 2301<p> 2302Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 2303is the name of a mail delivery transport defined in master.cf. 2304The <i>:nexthop</i> destination is optional; its syntax is documented 2305in the manual page of the corresponding delivery agent. 2306</p> 2307 2308<p> 2309Beware: if you override the default local delivery agent then you 2310need to review the LOCAL_RECIPIENT_README document, otherwise the 2311SMTP server may reject mail for local recipients. 2312</p> 2313 2314%PARAM luser_relay 2315 2316<p> 2317Optional catch-all destination for unknown local(8) recipients. 2318By default, mail for unknown recipients in domains that match 2319$mydestination, $inet_interfaces or $proxy_interfaces is returned 2320as undeliverable. 2321</p> 2322 2323<p> 2324The following $name expansions are done on luser_relay: 2325</p> 2326 2327<dl> 2328 2329<dt><b>$domain</b></dt> 2330 2331<dd>The recipient domain. </dd> 2332 2333<dt><b>$extension</b></dt> 2334 2335<dd>The recipient address extension. </dd> 2336 2337<dt><b>$home</b></dt> 2338 2339<dd>The recipient's home directory. </dd> 2340 2341<dt><b>$local</b></dt> 2342 2343<dd>The entire recipient address localpart. </dd> 2344 2345<dt><b>$recipient</b></dt> 2346 2347<dd>The full recipient address. </dd> 2348 2349<dt><b>$recipient_delimiter</b></dt> 2350 2351<dd>The system-wide recipient address extension delimiter. </dd> 2352 2353<dt><b>$shell</b></dt> 2354 2355<dd>The recipient's login shell. </dd> 2356 2357<dt><b>$user</b></dt> 2358 2359<dd>The recipient username. </dd> 2360 2361<dt><b>${name?value}</b></dt> 2362 2363<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd> 2364 2365<dt><b>${name:value}</b></dt> 2366 2367<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd> 2368 2369</dl> 2370 2371<p> 2372Instead of $name you can also specify ${name} or $(name). 2373</p> 2374 2375<p> 2376Note: luser_relay works only for the Postfix local(8) delivery agent. 2377</p> 2378 2379<p> 2380Note: if you use this feature for accounts not in the UNIX password 2381file, then you must specify "local_recipient_maps =" (i.e. empty) 2382in the main.cf file, otherwise the Postfix SMTP server will reject mail 2383for non-UNIX accounts with "User unknown in local recipient table". 2384</p> 2385 2386<p> 2387Examples: 2388</p> 2389 2390<pre> 2391luser_relay = $user@other.host 2392luser_relay = $local@other.host 2393luser_relay = admin+$local 2394</pre> 2395 2396%PARAM mail_name Postfix 2397 2398<p> 2399The mail system name that is displayed in Received: headers, in 2400the SMTP greeting banner, and in bounced mail. 2401</p> 2402 2403%PARAM mail_owner postfix 2404 2405<p> 2406The UNIX system account that owns the Postfix queue and most Postfix 2407daemon processes. Specify the name of a user account that does 2408not share a group with other accounts and that owns no other files 2409or processes on the system. In particular, don't specify nobody 2410or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. 2411</p> 2412 2413<p> 2414When this parameter value is changed you need to re-run "<b>postfix 2415set-permissions</b>" (with Postfix version 2.0 and earlier: 2416"<b>/etc/postfix/post-install set-permissions</b>". 2417</p> 2418 2419%PARAM mail_spool_directory see "postconf -d" output 2420 2421<p> 2422The directory where local(8) UNIX-style mailboxes are kept. The 2423default setting depends on the system type. Specify a name ending 2424in / for maildir-style delivery. 2425</p> 2426 2427<p> 2428Note: maildir delivery is done with the privileges of the recipient. 2429If you use the mail_spool_directory setting for maildir style 2430delivery, then you must create the top-level maildir directory in 2431advance. Postfix will not create it. 2432</p> 2433 2434<p> 2435Examples: 2436</p> 2437 2438<pre> 2439mail_spool_directory = /var/mail 2440mail_spool_directory = /var/spool/mail 2441</pre> 2442 2443%PARAM mail_version see "postconf -d" output 2444 2445<p> 2446The version of the mail system. Stable releases are named 2447<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases 2448also include the release date. The version string can be used in, 2449for example, the SMTP greeting banner. 2450</p> 2451 2452%PARAM mailbox_command 2453 2454<p> 2455Optional external command that the local(8) delivery agent should 2456use for mailbox delivery. The command is run with the user ID and 2457the primary group ID privileges of the recipient. Exception: 2458command delivery for root executes with $default_privs privileges. 2459This is not a problem, because 1) mail for root should always be 2460aliased to a real user and 2) don't log in as root, use "su" instead. 2461</p> 2462 2463<p> 2464The following environment variables are exported to the command: 2465</p> 2466 2467<dl> 2468 2469<dt><b>CLIENT_ADDRESS</b></dt> 2470 2471<dd>Remote client network address. Available in Postfix version 2.2 and 2472later. </dd> 2473 2474<dt><b>CLIENT_HELO</b></dt> 2475 2476<dd>Remote client EHLO command parameter. Available in Postfix version 2.2 2477and later.</dd> 2478 2479<dt><b>CLIENT_HOSTNAME</b></dt> 2480 2481<dd>Remote client hostname. Available in Postfix version 2.2 and later. 2482</dd> 2483 2484<dt><b>CLIENT_PROTOCOL</b></dt> 2485 2486<dd>Remote client protocol. Available in Postfix version 2.2 and later. 2487</dd> 2488 2489<dt><b>DOMAIN</b></dt> 2490 2491<dd>The domain part of the recipient address. </dd> 2492 2493<dt><b>EXTENSION</b></dt> 2494 2495<dd>The optional address extension. </dd> 2496 2497<dt><b>HOME</b></dt> 2498 2499<dd>The recipient home directory. </dd> 2500 2501<dt><b>LOCAL</b></dt> 2502 2503<dd>The recipient address localpart. </dd> 2504 2505<dt><b>LOGNAME</b></dt> 2506 2507<dd>The recipient's username. </dd> 2508 2509<dt><b>ORIGINAL_RECIPIENT</b></dt> 2510 2511<dd>The entire recipient address, before any address rewriting or 2512aliasing. </dd> 2513 2514<dt><b>RECIPIENT</b></dt> 2515 2516<dd>The full recipient address. </dd> 2517 2518<dt><b>SASL_METHOD</b></dt> 2519 2520<dd>SASL authentication method specified in the remote client AUTH 2521command. Available in Postfix version 2.2 and later. </dd> 2522 2523<dt><b>SASL_SENDER</b></dt> 2524 2525<dd>SASL sender address specified in the remote client MAIL FROM 2526command. Available in Postfix version 2.2 and later. </dd> 2527 2528<dt><b>SASL_USER</b></dt> 2529 2530<dd>SASL username specified in the remote client AUTH command. 2531Available in Postfix version 2.2 and later. </dd> 2532 2533<dt><b>SENDER</b></dt> 2534 2535<dd>The full sender address. </dd> 2536 2537<dt><b>SHELL</b></dt> 2538 2539<dd>The recipient's login shell. </dd> 2540 2541<dt><b>USER</b></dt> 2542 2543<dd>The recipient username. </dd> 2544 2545</dl> 2546 2547<p> 2548Unlike other Postfix configuration parameters, the mailbox_command 2549parameter is not subjected to $name substitutions. This is to make 2550it easier to specify shell syntax (see example below). 2551</p> 2552 2553<p> 2554If you can, avoid shell meta characters because they will force 2555Postfix to run an expensive shell process. If you're delivering 2556via Procmail then running a shell won't make a noticeable difference 2557in the total cost. 2558</p> 2559 2560<p> 2561Note: if you use the mailbox_command feature to deliver mail 2562system-wide, you must set up an alias that forwards mail for root 2563to a real user. 2564</p> 2565 2566<p> The precedence of local(8) delivery features from high to low 2567is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 2568mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 2569fallback_transport_maps, fallback_transport and luser_relay. </p> 2570 2571<p> 2572Examples: 2573</p> 2574 2575<pre> 2576mailbox_command = /some/where/procmail 2577mailbox_command = /some/where/procmail -a "$EXTENSION" 2578mailbox_command = /some/where/maildrop -d "$USER" 2579 -f "$SENDER" "$EXTENSION" 2580</pre> 2581 2582%PARAM mailbox_size_limit 51200000 2583 2584<p> The maximal size of any local(8) individual mailbox or maildir 2585file, or zero (no limit). In fact, this limits the size of any 2586file that is written to upon local delivery, including files written 2587by external commands that are executed by the local(8) delivery 2588agent. </p> 2589 2590<p> 2591This limit must not be smaller than the message size limit. 2592</p> 2593 2594%PARAM maps_rbl_reject_code 554 2595 2596<p> 2597The numerical Postfix SMTP server response code when a remote SMTP 2598client request is blocked by the reject_rbl_client, reject_rhsbl_client, 2599reject_rhsbl_reverse_client, reject_rhsbl_sender or 2600reject_rhsbl_recipient restriction. 2601</p> 2602 2603<p> 2604Do not change this unless you have a complete understanding of RFC 2821. 2605</p> 2606 2607%PARAM masquerade_classes envelope_sender, header_sender, header_recipient 2608 2609<p> 2610What addresses are subject to address masquerading. 2611</p> 2612 2613<p> 2614By default, address masquerading is limited to envelope sender 2615addresses, and to header sender and header recipient addresses. 2616This allows you to use address masquerading on a mail gateway while 2617still being able to forward mail to users on individual machines. 2618</p> 2619 2620<p> 2621Specify zero or more of: envelope_sender, envelope_recipient, 2622header_sender, header_recipient 2623</p> 2624 2625%PARAM masquerade_domains 2626 2627<p> 2628Optional list of domains whose subdomain structure will be stripped 2629off in email addresses. 2630</p> 2631 2632<p> 2633The list is processed left to right, and processing stops at the 2634first match. Thus, 2635</p> 2636 2637<blockquote> 2638<pre> 2639masquerade_domains = foo.example.com example.com 2640</pre> 2641</blockquote> 2642 2643<p> 2644strips "user@any.thing.foo.example.com" to "user@foo.example.com", 2645but strips "user@any.thing.else.example.com" to "user@example.com". 2646</p> 2647 2648<p> 2649A domain name prefixed with ! means do not masquerade this domain 2650or its subdomains. Thus, 2651</p> 2652 2653<blockquote> 2654<pre> 2655masquerade_domains = !foo.example.com example.com 2656</pre> 2657</blockquote> 2658 2659<p> 2660does not change "user@any.thing.foo.example.com" or "user@foo.example.com", 2661but strips "user@any.thing.else.example.com" to "user@example.com". 2662</p> 2663 2664<p> Note: with Postfix version 2.2, message header address masquerading 2665happens only when message header address rewriting is enabled: </p> 2666 2667<ul> 2668 2669<li> The message is received with the Postfix sendmail(1) command, 2670 2671<li> The message is received from a network client that matches 2672$local_header_rewrite_clients, 2673 2674<li> The message is received from the network, and the 2675remote_header_rewrite_domain parameter specifies a non-empty value. 2676 2677</ul> 2678 2679<p> To get the behavior before Postfix version 2.2, specify 2680"local_header_rewrite_clients = static:all". </p> 2681 2682 2683<p> 2684Example: 2685</p> 2686 2687<pre> 2688masquerade_domains = $mydomain 2689</pre> 2690 2691%PARAM masquerade_exceptions 2692 2693<p> 2694Optional list of user names that are not subjected to address 2695masquerading, even when their address matches $masquerade_domains. 2696</p> 2697 2698<p> 2699By default, address masquerading makes no exceptions. 2700</p> 2701 2702<p> 2703Specify a list of user names, "/file/name" or "type:table" patterns, 2704separated by commas and/or whitespace. The list is matched left to 2705right, and the search stops on the first match. A "/file/name" 2706pattern is replaced 2707by its contents; a "type:table" lookup table is matched when a name 2708matches a lookup key (the lookup result is ignored). Continue long 2709lines by starting the next line with whitespace. Specify "!pattern" 2710to exclude a name from the list. The form "!/file/name" is supported 2711only in Postfix version 2.4 and later. </p> 2712 2713<p> 2714Examples: 2715</p> 2716 2717<pre> 2718masquerade_exceptions = root, mailer-daemon 2719masquerade_exceptions = root 2720</pre> 2721 2722%PARAM max_idle 100s 2723 2724<p> 2725The maximum amount of time that an idle Postfix daemon process waits 2726for an incoming connection before terminating voluntarily. This 2727parameter 2728is ignored by the Postfix queue manager and by other long-lived 2729Postfix daemon processes. 2730</p> 2731 2732<p> 2733Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2734The default time unit is s (seconds). 2735</p> 2736 2737%PARAM max_use 100 2738 2739<p> 2740The maximal number of incoming connections that a Postfix daemon 2741process will service before terminating voluntarily. This parameter 2742is ignored by the Postfix queue 2743manager and by other long-lived Postfix daemon processes. 2744</p> 2745 2746%PARAM maximal_backoff_time 4000s 2747 2748<p> 2749The maximal time between attempts to deliver a deferred message. 2750</p> 2751 2752<p> This parameter should be set to a value greater than or equal 2753to $minimal_backoff_time. See also $queue_run_delay. </p> 2754 2755<p> 2756Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2757The default time unit is s (seconds). 2758</p> 2759 2760%PARAM maximal_queue_lifetime 5d 2761 2762<p> 2763The maximal time a message is queued before it is sent back as 2764undeliverable. 2765</p> 2766 2767<p> 2768Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2769The default time unit is d (days). 2770</p> 2771 2772<p> 2773Specify 0 when mail delivery should be tried only once. 2774</p> 2775 2776%PARAM message_size_limit 10240000 2777 2778<p> 2779The maximal size in bytes of a message, including envelope information. 2780</p> 2781 2782<p> Note: be careful when making changes. Excessively small values 2783will result in the loss of non-delivery notifications, when a bounce 2784message size exceeds the local or remote MTA's message size limit. 2785</p> 2786 2787%PARAM minimal_backoff_time 300s 2788 2789<p> 2790The minimal time between attempts to deliver a deferred message; 2791prior to Postfix 2.4 the default value was 1000s. 2792</p> 2793 2794<p> 2795This parameter also limits the time an unreachable destination is 2796kept in the short-term, in-memory, destination status cache. 2797</p> 2798 2799<p> This parameter should be set greater than or equal to 2800$queue_run_delay. See also $maximal_backoff_time. </p> 2801 2802<p> 2803Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2804The default time unit is s (seconds). 2805</p> 2806 2807%PARAM multi_recipient_bounce_reject_code 550 2808 2809<p> 2810The numerical Postfix SMTP server response code when a remote SMTP 2811client request is blocked by the reject_multi_recipient_bounce 2812restriction. 2813</p> 2814 2815<p> 2816Do not change this unless you have a complete understanding of RFC 2821. 2817</p> 2818 2819<p> 2820This feature is available in Postfix 2.1 and later. 2821</p> 2822 2823%PARAM mydestination $myhostname, localhost.$mydomain, localhost 2824 2825<p> The list of domains that are delivered via the $local_transport 2826mail delivery transport. By default this is the Postfix local(8) 2827delivery agent which looks up all recipients in /etc/passwd and 2828/etc/aliases. The SMTP server validates recipient addresses with 2829$local_recipient_maps and rejects non-existent recipients. See also 2830the local domain class in the ADDRESS_CLASS_README file. 2831</p> 2832 2833<p> 2834The default mydestination value specifies names for the local 2835machine only. On a mail domain gateway, you should also include 2836$mydomain. 2837</p> 2838 2839<p> 2840The $local_transport delivery method is also selected for mail 2841addressed to user@[the.net.work.address] of the mail system (the 2842IP addresses specified with the inet_interfaces and proxy_interfaces 2843parameters). 2844</p> 2845 2846<p> 2847Warnings: 2848</p> 2849 2850<ul> 2851 2852<li><p>Do not specify the names of virtual domains - those domains 2853are specified elsewhere. See VIRTUAL_README for more information. </p> 2854 2855<li><p>Do not specify the names of domains that this machine is 2856backup MX host for. See STANDARD_CONFIGURATION_README for how to 2857set up backup MX hosts. </p> 2858 2859<li><p>By default, the Postfix SMTP server rejects mail for recipients 2860not listed with the local_recipient_maps parameter. See the 2861postconf(5) manual for a description of the local_recipient_maps 2862and unknown_local_recipient_reject_code parameters. </p> 2863 2864</ul> 2865 2866<p> 2867Specify a list of host or domain names, "/file/name" or "type:table" 2868patterns, separated by commas and/or whitespace. A "/file/name" 2869pattern is replaced by its contents; a "type:table" lookup table 2870is matched when a name matches a lookup key (the lookup result is 2871ignored). Continue long lines by starting the next line with 2872whitespace. </p> 2873 2874<p> 2875Examples: 2876</p> 2877 2878<pre> 2879mydestination = $myhostname, localhost.$mydomain $mydomain 2880mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain 2881</pre> 2882 2883%PARAM mydomain see "postconf -d" output 2884 2885<p> 2886The internet domain name of this mail system. The default is to 2887use $myhostname minus the first component, or "localdomain" (Postfix 28882.3 and later). $mydomain is used as 2889a default value for many other configuration parameters. 2890</p> 2891 2892<p> 2893Example: 2894</p> 2895 2896<pre> 2897mydomain = domain.tld 2898</pre> 2899 2900%PARAM myhostname see "postconf -d" output 2901 2902<p> 2903The internet hostname of this mail system. The default is to use 2904the fully-qualified domain name (FQDN) from gethostname(), or to 2905use the non-FQDN result from gethostname() and append ".$mydomain". 2906$myhostname is used as a default value for many other configuration 2907parameters. </p> 2908 2909<p> 2910Example: 2911</p> 2912 2913<pre> 2914myhostname = host.example.com 2915</pre> 2916 2917%PARAM mynetworks see "postconf -d" output 2918 2919<p> 2920The list of "trusted" SMTP clients that have more privileges than 2921"strangers". 2922</p> 2923 2924<p> 2925In particular, "trusted" SMTP clients are allowed to relay mail 2926through Postfix. See the smtpd_recipient_restrictions parameter 2927description in the postconf(5) manual. 2928</p> 2929 2930<p> 2931You can specify the list of "trusted" network addresses by hand 2932or you can let Postfix do it for you (which is the default). 2933See the description of the mynetworks_style parameter for more 2934information. 2935</p> 2936 2937<p> 2938If you specify the mynetworks list by hand, 2939Postfix ignores the mynetworks_style setting. 2940</p> 2941 2942<p> Specify a list of network addresses or network/netmask patterns, 2943separated by commas and/or whitespace. Continue long lines by 2944starting the next line with whitespace. </p> 2945 2946<p> The netmask specifies the number of bits in the network part 2947of a host address. You can also specify "/file/name" or "type:table" 2948patterns. A "/file/name" pattern is replaced by its contents; a 2949"type:table" lookup table is matched when a table entry matches a 2950lookup string (the lookup result is ignored). </p> 2951 2952<p> The list is matched left to right, and the search stops on the 2953first match. Specify "!pattern" to exclude an address or network 2954block from the list. The form "!/file/name" is supported only 2955in Postfix version 2.4 and later. </p> 2956 2957<p> Note: IP version 6 address information must be specified inside 2958<tt>[]</tt> in the mynetworks value, and in files specified with 2959"/file/name". IP version 6 addresses contain the ":" character, 2960and would otherwise be confused with a "type:table" pattern. </p> 2961 2962<p> Examples: </p> 2963 2964<pre> 2965mynetworks = 127.0.0.0/8 168.100.189.0/28 2966mynetworks = !192.168.0.1, 192.168.0.0/28 2967mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 2968mynetworks = $config_directory/mynetworks 2969mynetworks = hash:/etc/postfix/network_table 2970</pre> 2971 2972%PARAM myorigin $myhostname 2973 2974<p> 2975The domain name that locally-posted mail appears to come 2976from, and that locally posted mail is delivered to. The default, 2977$myhostname, is adequate for small sites. If you run a domain with 2978multiple machines, you should (1) change this to $mydomain and (2) 2979set up a domain-wide alias database that aliases each user to 2980user@that.users.mailhost. 2981</p> 2982 2983<p> 2984Example: 2985</p> 2986 2987<pre> 2988myorigin = $mydomain 2989</pre> 2990 2991%PARAM notify_classes resource, software 2992 2993<p> 2994The list of error classes that are reported to the postmaster. The 2995default is to report only the most serious problems. The paranoid 2996may wish to turn on the policy (UCE and mail relaying) and protocol 2997error (broken mail software) reports. 2998</p> 2999 3000<p> NOTE: postmaster notifications may contain confidential information 3001such as SASL passwords or message content. It is the system 3002administrator's responsibility to treat such information with care. 3003</p> 3004 3005<p> 3006The error classes are: 3007</p> 3008 3009<dl> 3010 3011<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt> 3012 3013<dd>Send the postmaster copies of the headers of bounced mail, and 3014send transcripts of SMTP sessions when Postfix rejects mail. The 3015notification is sent to the address specified with the 3016bounce_notice_recipient configuration parameter (default: postmaster). 3017</dd> 3018 3019<dt><b>2bounce</b></dt> 3020 3021<dd>Send undeliverable bounced mail to the postmaster. The notification 3022is sent to the address specified with the 2bounce_notice_recipient 3023configuration parameter (default: postmaster). </dd> 3024 3025<dt><b>delay</b></dt> 3026 3027<dd>Send the postmaster copies of the headers of delayed mail. The 3028notification is sent to the address specified with the 3029delay_notice_recipient configuration parameter (default: postmaster). 3030</dd> 3031 3032<dt><b>policy</b></dt> 3033 3034<dd>Send the postmaster a transcript of the SMTP session when a 3035client request was rejected because of (UCE) policy. The notification 3036is sent to the address specified with the error_notice_recipient 3037configuration parameter (default: postmaster). </dd> 3038 3039<dt><b>protocol</b></dt> 3040 3041<dd>Send the postmaster a transcript of the SMTP session in case 3042of client or server protocol errors. The notification is sent to 3043the address specified with the error_notice_recipient configuration 3044parameter (default: postmaster). </dd> 3045 3046<dt><b>resource</b></dt> 3047 3048<dd>Inform the postmaster of mail not delivered due to resource 3049problems. The notification is sent to the address specified with 3050the error_notice_recipient configuration parameter (default: 3051postmaster). </dd> 3052 3053<dt><b>software</b></dt> 3054 3055<dd>Inform the postmaster of mail not delivered due to software 3056problems. The notification is sent to the address specified with 3057the error_notice_recipient configuration parameter (default: 3058postmaster). </dd> 3059 3060</dl> 3061 3062<p> 3063Examples: 3064</p> 3065 3066<pre> 3067notify_classes = bounce, delay, policy, protocol, resource, software 3068notify_classes = 2bounce, resource, software 3069</pre> 3070 3071%PARAM parent_domain_matches_subdomains see "postconf -d" output 3072 3073<p> 3074What Postfix features match subdomains of "domain.tld" automatically, 3075instead of requiring an explicit ".domain.tld" pattern. This is 3076planned backwards compatibility: eventually, all Postfix features 3077are expected to require explicit ".domain.tld" style patterns when 3078you really want to match subdomains. 3079</p> 3080 3081%PARAM propagate_unmatched_extensions canonical, virtual 3082 3083<p> 3084What address lookup tables copy an address extension from the lookup 3085key to the lookup result. 3086</p> 3087 3088<p> 3089For example, with a virtual(5) mapping of "<i>joe@example.com => 3090joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>" 3091would rewrite to "<i>joe.user+foo@example.net</i>". 3092</p> 3093 3094<p> 3095Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, 3096<b>forward</b>, <b>include</b> or <b>generic</b>. These cause 3097address extension 3098propagation with canonical(5), virtual(5), and aliases(5) maps, 3099with local(8) .forward and :include: file lookups, and with smtp(8) 3100generic maps, respectively. </p> 3101 3102<p> 3103Note: enabling this feature for types other than <b>canonical</b> 3104and <b>virtual</b> is likely to cause problems when mail is forwarded 3105to other sites, especially with mail that is sent to a mailing list 3106exploder address. 3107</p> 3108 3109<p> 3110Examples: 3111</p> 3112 3113<pre> 3114propagate_unmatched_extensions = canonical, virtual, alias, 3115 forward, include 3116propagate_unmatched_extensions = canonical, virtual 3117</pre> 3118 3119%PARAM proxy_interfaces 3120 3121<p> 3122The network interface addresses that this mail system receives mail 3123on by way of a proxy or network address translation unit. 3124</p> 3125 3126<p> 3127This feature is available in Postfix 2.0 and later. 3128</p> 3129 3130<p> You must specify your "outside" proxy/NAT addresses when your 3131system is a backup MX host for other domains, otherwise mail delivery 3132loops will happen when the primary MX host is down. </p> 3133 3134<p> 3135Example: 3136</p> 3137 3138<pre> 3139proxy_interfaces = 1.2.3.4 3140</pre> 3141 3142%PARAM qmgr_message_active_limit 20000 3143 3144<p> 3145The maximal number of messages in the active queue. 3146</p> 3147 3148%PARAM qmgr_message_recipient_limit 20000 3149 3150<p> The maximal number of recipients held in memory by the Postfix 3151queue manager, and the maximal size of the size of the short-term, 3152in-memory "dead" destination status cache. </p> 3153 3154%PARAM qmgr_message_recipient_minimum 10 3155 3156<p> 3157The minimal number of in-memory recipients for any message. This 3158takes priority over any other in-memory recipient limits (i.e., 3159the global qmgr_message_recipient_limit and the per transport 3160_recipient_limit) if necessary. The minimum value allowed for this 3161parameter is 1. 3162</p> 3163 3164%PARAM qmqpd_authorized_clients 3165 3166<p> 3167What clients are allowed to connect to the QMQP server port. 3168</p> 3169 3170<p> 3171By default, no client is allowed to use the service. This is 3172because the QMQP server will relay mail to any destination. 3173</p> 3174 3175<p> 3176Specify a list of client patterns. A list pattern specifies a host 3177name, a domain name, an internet address, or a network/mask pattern, 3178where the mask specifies the number of bits in the network part. 3179When a pattern specifies a file name, its contents are substituted 3180for the file name; when a pattern is a "type:table" table specification, 3181table lookup is used instead. </p> 3182 3183<p> 3184Patterns are separated by whitespace and/or commas. In order to 3185reverse the result, precede a pattern with an 3186exclamation point (!). The form "!/file/name" is supported only 3187in Postfix version 2.4 and later. 3188</p> 3189 3190<p> 3191Example: 3192</p> 3193 3194<pre> 3195qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24 3196</pre> 3197 3198%PARAM qmqpd_error_delay 1s 3199 3200<p> 3201How long the QMQP server will pause before sending a negative reply 3202to the client. The purpose is to slow down confused or malicious 3203clients. 3204</p> 3205 3206<p> 3207Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3208The default time unit is s (seconds). 3209</p> 3210 3211%PARAM qmqpd_timeout 300s 3212 3213<p> 3214The time limit for sending or receiving information over the network. 3215If a read or write operation blocks for more than $qmqpd_timeout 3216seconds the QMQP server gives up and disconnects. 3217</p> 3218 3219<p> 3220Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3221The default time unit is s (seconds). 3222</p> 3223 3224%PARAM queue_minfree 0 3225 3226<p> 3227The minimal amount of free space in bytes in the queue file system 3228that is needed to receive mail. This is currently used by the SMTP 3229server to decide if it will accept any mail at all. 3230</p> 3231 3232<p> 3233By default, the Postfix SMTP server rejects MAIL FROM commands when 3234the amount of free space is less than 1.5*$message_size_limit 3235(Postfix version 2.1 and later). 3236To specify a higher minimum free space limit, specify a queue_minfree 3237value that is at least 1.5*$message_size_limit. 3238</p> 3239 3240<p> 3241With Postfix versions 2.0 and earlier, a queue_minfree value of 3242zero means there is no minimum required amount of free space. 3243</p> 3244 3245%PARAM queue_run_delay 300s 3246 3247<p> 3248The time between deferred queue scans by the queue manager; 3249prior to Postfix 2.4 the default value was 1000s. 3250</p> 3251 3252<p> This parameter should be set less than or equal to 3253$minimal_backoff_time. See also $maximal_backoff_time. </p> 3254 3255<p> 3256Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3257The default time unit is s (seconds). 3258</p> 3259 3260%PARAM rbl_reply_maps 3261 3262<p> 3263Optional lookup tables with RBL response templates. The tables are 3264indexed by the RBL domain name. By default, Postfix uses the default 3265template as specified with the default_rbl_reply configuration 3266parameter. See there for a discussion of the syntax of RBL reply 3267templates. 3268</p> 3269 3270<p> 3271This feature is available in Postfix 2.0 and later. 3272</p> 3273 3274%PARAM receive_override_options 3275 3276<p> Enable or disable recipient validation, built-in content 3277filtering, or address mapping. Typically, these are specified in 3278master.cf as command-line arguments for the smtpd(8), qmqpd(8) or 3279pickup(8) daemons. </p> 3280 3281<p> Specify zero or more of the following options. The options 3282override main.cf settings and are either implemented by smtpd(8), 3283qmqpd(8), or pickup(8) themselves, or they are forwarded to the 3284cleanup server. </p> 3285 3286<dl> 3287 3288<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt> 3289 3290<dd>Do not try to reject unknown recipients (SMTP server only). 3291This is typically specified AFTER an external content filter. 3292</dd> 3293 3294<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt> 3295 3296<dd>Disable canonical address mapping, virtual alias map expansion, 3297address masquerading, and automatic BCC (blind carbon-copy) 3298recipients. This is typically specified BEFORE an external content 3299filter. </dd> 3300 3301<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt> 3302 3303<dd>Disable header/body_checks. This is typically specified AFTER 3304an external content filter. </dd> 3305 3306<dt><b><a name="no_milters">no_milters</a></b></dt> 3307 3308<dd>Disable Milter (mail filter) applications. This is typically 3309specified AFTER an external content filter. </dd> 3310 3311</dl> 3312 3313<p> 3314Note: when the "BEFORE content filter" receive_override_options 3315setting is specified in the main.cf file, specify the "AFTER content 3316filter" receive_override_options setting in master.cf (and vice 3317versa). 3318</p> 3319 3320<p> 3321Examples: 3322</p> 3323 3324<pre> 3325receive_override_options = 3326 no_unknown_recipient_checks, no_header_body_checks 3327receive_override_options = no_address_mappings 3328</pre> 3329 3330<p> 3331This feature is available in Postfix 2.1 and later. 3332</p> 3333 3334%PARAM recipient_bcc_maps 3335 3336<p> 3337Optional BCC (blind carbon-copy) address lookup tables, indexed by 3338recipient address. The BCC address (multiple results are not 3339supported) is added when mail enters from outside of Postfix. 3340</p> 3341 3342<p> 3343This feature is available in Postfix 2.1 and later. 3344</p> 3345 3346<p> 3347The table search order is as follows: 3348</p> 3349 3350<ul> 3351 3352<li> Look up the "user+extension@domain.tld" address including the 3353optional address extension. 3354 3355<li> Look up the "user@domain.tld" address without the optional 3356address extension. 3357 3358<li> Look up the "user+extension" address local part when the 3359recipient domain equals $myorigin, $mydestination, $inet_interfaces 3360or $proxy_interfaces. 3361 3362<li> Look up the "user" address local part when the recipient domain 3363equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. 3364 3365<li> Look up the "@domain.tld" part. 3366 3367</ul> 3368 3369<p> 3370Specify the types and names of databases to use. After change, 3371run "<b>postmap /etc/postfix/recipient_bcc</b>". 3372</p> 3373 3374<p> 3375Note: if mail to the BCC address bounces it will be returned to 3376the sender. 3377</p> 3378 3379<p> Note: automatic BCC recipients are produced only for new mail. 3380To avoid mailer loops, automatic BCC recipients are not generated 3381after Postfix forwards mail internally, or after Postfix generates 3382mail itself. </p> 3383 3384<p> 3385Example: 3386</p> 3387 3388<pre> 3389recipient_bcc_maps = hash:/etc/postfix/recipient_bcc 3390</pre> 3391 3392%PARAM recipient_canonical_maps 3393 3394<p> 3395Optional address mapping lookup tables for envelope and header 3396recipient addresses. 3397The table format and lookups are documented in canonical(5). 3398</p> 3399 3400<p> 3401Note: $recipient_canonical_maps is processed before $canonical_maps. 3402</p> 3403 3404<p> 3405Example: 3406</p> 3407 3408<pre> 3409recipient_canonical_maps = hash:/etc/postfix/recipient_canonical 3410</pre> 3411 3412%PARAM recipient_delimiter 3413 3414<p> 3415The separator between user names and address extensions (user+foo). 3416See canonical(5), local(8), relocated(5) and virtual(5) for the 3417effects this has on aliases, canonical, virtual, relocated and 3418on .forward file lookups. Basically, the software tries user+foo 3419and .forward+foo before trying user and .forward. 3420</p> 3421 3422<p> 3423Example: 3424</p> 3425 3426<pre> 3427recipient_delimiter = + 3428</pre> 3429 3430%PARAM reject_code 554 3431 3432<p> 3433The numerical Postfix SMTP server response code when a remote SMTP 3434client request is rejected by the "reject" restriction. 3435</p> 3436 3437<p> 3438Do not change this unless you have a complete understanding of RFC 2821. 3439</p> 3440 3441%PARAM relay_domains $mydestination 3442 3443<p> What destination domains (and subdomains thereof) this system 3444will relay mail to. Subdomain matching is controlled with the 3445parent_domain_matches_subdomains parameter. For details about how 3446the relay_domains value is used, see the description of the 3447permit_auth_destination and reject_unauth_destination SMTP recipient 3448restrictions. </p> 3449 3450<p> Domains that match $relay_domains are delivered with the 3451$relay_transport mail delivery transport. The SMTP server validates 3452recipient addresses with $relay_recipient_maps and rejects non-existent 3453recipients. See also the relay domains address class in the 3454ADDRESS_CLASS_README file. </p> 3455 3456<p> Note: Postfix will not automatically forward mail for domains 3457that list this system as their primary or backup MX host. See the 3458permit_mx_backup restriction in the postconf(5) manual page. </p> 3459 3460<p> Specify a list of host or domain names, "/file/name" patterns 3461or "type:table" lookup tables, separated by commas and/or whitespace. 3462Continue long lines by starting the next line with whitespace. A 3463"/file/name" pattern is replaced by its contents; a "type:table" 3464lookup table is matched when a (parent) domain appears as lookup 3465key. Specify "!pattern" to exclude a domain from the list. The form 3466"!/file/name" is supported only in Postfix version 2.4 and later. 3467</p> 3468 3469%PARAM relay_domains_reject_code 554 3470 3471<p> 3472The numerical Postfix SMTP server response code when a client 3473request is rejected by the reject_unauth_destination recipient 3474restriction. 3475</p> 3476 3477<p> 3478Do not change this unless you have a complete understanding of RFC 2821. 3479</p> 3480 3481%PARAM relay_recipient_maps 3482 3483<p> Optional lookup tables with all valid addresses in the domains 3484that match $relay_domains. Specify @domain as a wild-card for 3485domains that have no valid recipient list, and become a source of 3486backscatter mail: Postfix accepts spam for non-existent recipients 3487and then floods innocent people with undeliverable mail. Technically, 3488tables 3489listed with $relay_recipient_maps are used as lists: Postfix needs 3490to know only if a lookup string is found or not, but it does not 3491use the result from table lookup. </p> 3492 3493<p> 3494If this parameter is non-empty, then the Postfix SMTP server will reject 3495mail to unknown relay users. This feature is off by default. 3496</p> 3497 3498<p> 3499See also the relay domains address class in the ADDRESS_CLASS_README 3500file. 3501</p> 3502 3503<p> 3504Example: 3505</p> 3506 3507<pre> 3508relay_recipient_maps = hash:/etc/postfix/relay_recipients 3509</pre> 3510 3511<p> 3512This feature is available in Postfix 2.0 and later. 3513</p> 3514 3515%PARAM relayhost 3516 3517<p> 3518The next-hop destination of non-local mail; overrides non-local 3519domains in recipient addresses. This information is overruled with 3520relay_transport, sender_dependent_default_transport_maps, 3521default_transport, sender_dependent_relayhost_maps 3522and with the transport(5) table. 3523</p> 3524 3525<p> 3526On an intranet, specify the organizational domain name. If your 3527internal DNS uses no MX records, specify the name of the intranet 3528gateway host instead. 3529</p> 3530 3531<p> 3532In the case of SMTP, specify a domain name, hostname, hostname:port, 3533[hostname]:port, [hostaddress] or [hostaddress]:port. The form 3534[hostname] turns off MX lookups. 3535</p> 3536 3537<p> 3538If you're connected via UUCP, see the UUCP_README file for useful 3539information. 3540</p> 3541 3542<p> 3543Examples: 3544</p> 3545 3546<pre> 3547relayhost = $mydomain 3548relayhost = [gateway.example.com] 3549relayhost = uucphost 3550relayhost = [an.ip.add.ress] 3551</pre> 3552 3553%PARAM relocated_maps 3554 3555<p> 3556Optional lookup tables with new contact information for users or 3557domains that no longer exist. The table format and lookups are 3558documented in relocated(5). 3559</p> 3560 3561<p> 3562If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to 3563build the necessary DBM or DB file after change, then "<b>postfix 3564reload</b>" to make the changes visible. 3565</p> 3566 3567<p> 3568Examples: 3569</p> 3570 3571<pre> 3572relocated_maps = dbm:/etc/postfix/relocated 3573relocated_maps = hash:/etc/postfix/relocated 3574</pre> 3575 3576%PARAM require_home_directory no 3577 3578<p> 3579Require that a local(8) recipient's home directory exists 3580before mail delivery is attempted. By default this test is disabled. 3581It can be useful for environments that import home directories to 3582the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). 3583</p> 3584 3585%PARAM resolve_dequoted_address yes 3586 3587<p> Resolve a recipient address safely instead of correctly, by 3588looking inside quotes. </p> 3589 3590<p> By default, the Postfix address resolver does not quote the 3591address localpart as per RFC 822, so that additional @ or % or ! 3592operators remain visible. This behavior is safe but it is also 3593technically incorrect. </p> 3594 3595<p> If you specify "resolve_dequoted_address = no", then 3596the Postfix 3597resolver will not know about additional @ etc. operators in the 3598address localpart. This opens opportunities for obscure mail relay 3599attacks with user@domain@domain addresses when Postfix provides 3600backup MX service for Sendmail systems. </p> 3601 3602%PARAM resolve_null_domain no 3603 3604<p> Resolve an address that ends in the "@" null domain as if the 3605local hostname were specified, instead of rejecting the address as 3606invalid. </p> 3607 3608<p> This feature is available in Postfix 2.1 and later. 3609Earlier versions always resolve the null domain as the local 3610hostname. </p> 3611 3612<p> The Postfix SMTP server uses this feature to reject mail from 3613or to addresses that end in the "@" null domain, and from addresses 3614that rewrite into a form that ends in the "@" null domain. </p> 3615 3616%PARAM sender_bcc_maps 3617 3618<p> Optional BCC (blind carbon-copy) address lookup tables, indexed 3619by sender address. The BCC address (multiple results are not 3620supported) is added when mail enters from outside of Postfix. </p> 3621 3622<p> 3623This feature is available in Postfix 2.1 and later. 3624</p> 3625 3626<p> 3627The table search order is as follows: 3628</p> 3629 3630<ul> 3631 3632<li> Look up the "user+extension@domain.tld" address including the 3633optional address extension. 3634 3635<li> Look up the "user@domain.tld" address without the optional 3636address extension. 3637 3638<li> Look up the "user+extension" address local part when the 3639sender domain equals $myorigin, $mydestination, $inet_interfaces 3640or $proxy_interfaces. 3641 3642<li> Look up the "user" address local part when the sender domain 3643equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. 3644 3645<li> Look up the "@domain.tld" part. 3646 3647</ul> 3648 3649<p> 3650Specify the types and names of databases to use. After change, 3651run "<b>postmap /etc/postfix/sender_bcc</b>". 3652</p> 3653 3654<p> 3655Note: if mail to the BCC address bounces it will be returned to 3656the sender. 3657</p> 3658 3659<p> Note: automatic BCC recipients are produced only for new mail. 3660To avoid mailer loops, automatic BCC recipients are not generated 3661after Postfix forwards mail internally, or after Postfix generates 3662mail itself. </p> 3663 3664<p> 3665Example: 3666</p> 3667 3668<pre> 3669sender_bcc_maps = hash:/etc/postfix/sender_bcc 3670</pre> 3671 3672%PARAM sender_canonical_maps 3673 3674<p> 3675Optional address mapping lookup tables for envelope and header 3676sender addresses. 3677The table format and lookups are documented in canonical(5). 3678</p> 3679 3680<p> 3681Example: you want to rewrite the SENDER address "user@ugly.domain" 3682to "user@pretty.domain", while still being able to send mail to 3683the RECIPIENT address "user@ugly.domain". 3684</p> 3685 3686<p> 3687Note: $sender_canonical_maps is processed before $canonical_maps. 3688</p> 3689 3690<p> 3691Example: 3692</p> 3693 3694<pre> 3695sender_canonical_maps = hash:/etc/postfix/sender_canonical 3696</pre> 3697 3698%PARAM smtp_always_send_ehlo yes 3699 3700<p> 3701Always send EHLO at the start of an SMTP session. 3702</p> 3703 3704<p> 3705With "smtp_always_send_ehlo = no", Postfix sends EHLO only when 3706the word "ESMTP" appears in the server greeting banner (example: 3707220 spike.porcupine.org ESMTP Postfix). 3708</p> 3709 3710%PARAM smtp_bind_address 3711 3712<p> 3713An optional numerical network address that the Postfix SMTP client 3714should bind to when making an IPv4 connection. 3715</p> 3716 3717<p> 3718This can be specified in the main.cf file for all SMTP clients, or 3719it can be specified in the master.cf file for a specific client, 3720for example: 3721</p> 3722 3723<blockquote> 3724<pre> 3725/etc/postfix/master.cf: 3726 smtp ... smtp -o smtp_bind_address=11.22.33.44 3727</pre> 3728</blockquote> 3729 3730<p> Note 1: when inet_interfaces specifies no more than one IPv4 3731address, and that address is a non-loopback address, it is 3732automatically used as the smtp_bind_address. This supports virtual 3733IP hosting, but can be a problem on multi-homed firewalls. See the 3734inet_interfaces documentation for more detail. </p> 3735 3736<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 3737but this form is not required here. </p> 3738 3739%PARAM smtp_bind_address6 3740 3741<p> 3742An optional numerical network address that the Postfix SMTP client 3743should bind to when making an IPv6 connection. 3744</p> 3745 3746<p> This feature is available in Postfix 2.2 and later. </p> 3747 3748<p> 3749This can be specified in the main.cf file for all SMTP clients, or 3750it can be specified in the master.cf file for a specific client, 3751for example: 3752</p> 3753 3754<blockquote> 3755<pre> 3756/etc/postfix/master.cf: 3757 smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8 3758</pre> 3759</blockquote> 3760 3761<p> Note 1: when inet_interfaces specifies no more than one IPv6 3762address, and that address is a non-loopback address, it is 3763automatically used as the smtp_bind_address6. This supports virtual 3764IP hosting, but can be a problem on multi-homed firewalls. See the 3765inet_interfaces documentation for more detail. </p> 3766 3767<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 3768but this form is not recommended here. </p> 3769 3770%PARAM smtp_connection_cache_time_limit 2s 3771 3772<p> When SMTP connection caching is enabled, the amount of time that 3773an unused SMTP client socket is kept open before it is closed. Do 3774not specify larger values without permission from the remote sites. 3775</p> 3776 3777<p> This feature is available in Postfix 2.2 and later. </p> 3778 3779%PARAM smtp_connection_cache_reuse_limit 10 3780 3781<p> When SMTP connection caching is enabled, the number of times that 3782an SMTP session may be reused before it is closed. 3783</p> 3784 3785<p> This feature is available in Postfix 2.2. In Postfix 2.3 it is 3786replaced by $smtp_connection_reuse_time_limit.</p> 3787 3788%PARAM smtp_connection_reuse_time_limit 300s 3789 3790<p> The amount of time during which Postfix will use an SMTP 3791connection repeatedly. The timer starts when the connection is 3792initiated (i.e. it includes the connect, greeting and helo latency, 3793in addition to the latencies of subsequent mail delivery transactions). 3794</p> 3795 3796<p> This feature addresses a performance stability problem with 3797remote SMTP servers. This problem is not specific to Postfix: it 3798can happen when any MTA sends large amounts of SMTP email to a site 3799that has multiple MX hosts. </p> 3800 3801<p> The problem starts when one of a set of MX hosts becomes slower 3802than the rest. Even though SMTP clients connect to fast and slow 3803MX hosts with equal probability, the slow MX host ends up with more 3804simultaneous inbound connections than the faster MX hosts, because 3805the slow MX host needs more time to serve each client request. </p> 3806 3807<p> The slow MX host becomes a connection attractor. If one MX 3808host becomes N times slower than the rest, it dominates mail delivery 3809latency unless there are more than N fast MX hosts to counter the 3810effect. And if the number of MX hosts is smaller than N, the mail 3811delivery latency becomes effectively that of the slowest MX host 3812divided by the total number of MX hosts. </p> 3813 3814<p> The solution uses connection caching in a way that differs from 3815Postfix version 2.2. By limiting the amount of time during which a connection 3816can be used repeatedly (instead of limiting the number of deliveries 3817over that connection), Postfix not only restores fairness in the 3818distribution of simultaneous connections across a set of MX hosts, 3819it also favors deliveries over connections that perform well, which 3820is exactly what we want. </p> 3821 3822<p> The default reuse time limit, 300s, is comparable to the various 3823smtp transaction timeouts which are fair estimates of maximum excess 3824latency for a slow delivery. Note that hosts may accept thousands 3825of messages over a single connection within the default connection 3826reuse time limit. This number is much larger than the default Postfix 3827version 2.2 limit of 10 messages per cached connection. It may prove necessary 3828to lower the limit to avoid interoperability issues with MTAs that 3829exhibit bugs when many messages are delivered via a single connection. 3830A lower reuse time limit risks losing the benefit of connection 3831reuse when the average connection and mail delivery latency exceeds 3832the reuse time limit. </p> 3833 3834<p> This feature is available in Postfix 2.3 and later. </p> 3835 3836%PARAM smtp_connection_cache_destinations 3837 3838<p> Permanently enable SMTP connection caching for the specified 3839destinations. With SMTP connection caching, a connection is not 3840closed immediately after completion of a mail transaction. Instead, 3841the connection is kept open for up to $smtp_connection_cache_time_limit 3842seconds. This allows connections to be reused for other deliveries, 3843and can improve mail delivery performance. </p> 3844 3845<p> Specify a comma or white space separated list of destinations 3846or pseudo-destinations: </p> 3847 3848<ul> 3849 3850<li> if mail is sent without a relay host: a domain name (the 3851right-hand side of an email address, without the [] around a numeric 3852IP address), 3853 3854<li> if mail is sent via a relay host: a relay host name (without 3855[] or non-default TCP port), as specified in main.cf or in the 3856transport map, 3857 3858<li> if mail is sent via a UNIX-domain socket: a pathname (without 3859the unix: prefix), 3860 3861<li> a /file/name with domain names and/or relay host names as 3862defined above, 3863 3864<li> a "type:table" with domain names and/or relay host names on 3865the left-hand side. The right-hand side result from "type:table" 3866lookups is ignored. 3867 3868</ul> 3869 3870<p> This feature is available in Postfix 2.2 and later. </p> 3871 3872%PARAM smtp_connection_cache_on_demand yes 3873 3874<p> Temporarily enable SMTP connection caching while a destination 3875has a high volume of mail in the active queue. With SMTP connection 3876caching, a connection is not closed immediately after completion 3877of a mail transaction. Instead, the connection is kept open for 3878up to $smtp_connection_cache_time_limit seconds. This allows 3879connections to be reused for other deliveries, and can improve mail 3880delivery performance. </p> 3881 3882<p> This feature is available in Postfix 2.2 and later. </p> 3883 3884%PARAM smtp_connect_timeout 30s 3885 3886<p> 3887The SMTP client time limit for completing a TCP connection, or 3888zero (use the operating system built-in time limit). 3889</p> 3890 3891<p> 3892When no connection can be made within the deadline, the Postfix 3893SMTP client 3894tries the next address on the mail exchanger list. Specify 0 to 3895disable the time limit (i.e. use whatever timeout is implemented by 3896the operating system). 3897</p> 3898 3899<p> 3900Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3901The default time unit is s (seconds). 3902</p> 3903 3904%PARAM smtp_data_done_timeout 600s 3905 3906<p> 3907The SMTP client time limit for sending the SMTP ".", and for receiving 3908the server response. 3909</p> 3910 3911<p> 3912When no response is received within the deadline, a warning is 3913logged that the mail may be delivered multiple times. 3914</p> 3915 3916<p> 3917Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3918The default time unit is s (seconds). 3919</p> 3920 3921%PARAM smtp_data_init_timeout 120s 3922 3923<p> 3924The SMTP client time limit for sending the SMTP DATA command, and for 3925receiving the server response. 3926</p> 3927 3928<p> 3929Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3930The default time unit is s (seconds). 3931</p> 3932 3933%PARAM smtp_data_xfer_timeout 180s 3934 3935<p> 3936The SMTP client time limit for sending the SMTP message content. 3937When the connection makes no progress for more than $smtp_data_xfer_timeout 3938seconds the Postfix SMTP client terminates the transfer. 3939</p> 3940 3941<p> 3942Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3943The default time unit is s (seconds). 3944</p> 3945 3946%PARAM smtp_defer_if_no_mx_address_found no 3947 3948<p> 3949Defer mail delivery when no MX record resolves to an IP address. 3950</p> 3951 3952<p> 3953The default (no) is to return the mail as undeliverable. With older 3954Postfix versions the default was to keep trying to deliver the mail 3955until someone fixed the MX record or until the mail was too old. 3956</p> 3957 3958<p> 3959Note: Postfix always ignores MX records with equal or worse preference 3960than the local MTA itself. 3961</p> 3962 3963<p> 3964This feature is available in Postfix 2.1 and later. 3965</p> 3966 3967%PARAM lmtp_destination_concurrency_limit $default_destination_concurrency_limit 3968 3969<p> The maximal number of parallel deliveries to the same destination 3970via the lmtp message delivery transport. This limit is enforced by 3971the queue manager. The message delivery transport name is the first 3972field in the entry in the master.cf file. </p> 3973 3974%PARAM lmtp_destination_recipient_limit $default_destination_recipient_limit 3975 3976<p> The maximal number of recipients per message for the lmtp 3977message delivery transport. This limit is enforced by the queue 3978manager. The message delivery transport name is the first field in 3979the entry in the master.cf file. </p> 3980 3981<p> Setting this parameter to a value of 1 changes the meaning of 3982lmtp_destination_concurrency_limit from concurrency per domain into 3983concurrency per recipient. </p> 3984 3985%PARAM relay_destination_concurrency_limit $default_destination_concurrency_limit 3986 3987<p> The maximal number of parallel deliveries to the same destination 3988via the relay message delivery transport. This limit is enforced 3989by the queue manager. The message delivery transport name is the 3990first field in the entry in the master.cf file. </p> 3991 3992<p> This feature is available in Postfix 2.0 and later. </p> 3993 3994%PARAM relay_destination_recipient_limit $default_destination_recipient_limit 3995 3996<p> The maximal number of recipients per message for the relay 3997message delivery transport. This limit is enforced by the queue 3998manager. The message delivery transport name is the first field in 3999the entry in the master.cf file. </p> 4000 4001<p> Setting this parameter to a value of 1 changes the meaning of 4002relay_destination_concurrency_limit from concurrency per domain 4003into concurrency per recipient. </p> 4004 4005<p> This feature is available in Postfix 2.0 and later. </p> 4006 4007%PARAM smtp_destination_concurrency_limit $default_destination_concurrency_limit 4008 4009<p> The maximal number of parallel deliveries to the same destination 4010via the smtp message delivery transport. This limit is enforced by 4011the queue manager. The message delivery transport name is the first 4012field in the entry in the master.cf file. </p> 4013 4014%PARAM smtp_destination_recipient_limit $default_destination_recipient_limit 4015 4016<p> The maximal number of recipients per message for the smtp 4017message delivery transport. This limit is enforced by the queue 4018manager. The message delivery transport name is the first field in 4019the entry in the master.cf file. </p> 4020 4021<p> Setting this parameter to a value of 1 changes the meaning of 4022smtp_destination_concurrency_limit from concurrency per domain 4023into concurrency per recipient. </p> 4024 4025%PARAM virtual_destination_concurrency_limit $default_destination_concurrency_limit 4026 4027<p> The maximal number of parallel deliveries to the same destination 4028via the virtual message delivery transport. This limit is enforced 4029by the queue manager. The message delivery transport name is the 4030first field in the entry in the master.cf file. </p> 4031 4032%PARAM virtual_destination_recipient_limit $default_destination_recipient_limit 4033 4034<p> The maximal number of recipients per message for the virtual 4035message delivery transport. This limit is enforced by the queue 4036manager. The message delivery transport name is the first field in 4037the entry in the master.cf file. </p> 4038 4039<p> Setting this parameter to a value of 1 changes the meaning of 4040virtual_destination_concurrency_limit from concurrency per domain 4041into concurrency per recipient. </p> 4042 4043%PARAM smtp_helo_name $myhostname 4044 4045<p> 4046The hostname to send in the SMTP EHLO or HELO command. 4047</p> 4048 4049<p> 4050The default value is the machine hostname. Specify a hostname or 4051[ip.add.re.ss]. 4052</p> 4053 4054<p> 4055This information can be specified in the main.cf file for all SMTP 4056clients, or it can be specified in the master.cf file for a specific 4057client, for example: 4058</p> 4059 4060<blockquote> 4061<pre> 4062/etc/postfix/master.cf: 4063 mysmtp ... smtp -o smtp_helo_name=foo.bar.com 4064</pre> 4065</blockquote> 4066 4067<p> 4068This feature is available in Postfix 2.0 and later. 4069</p> 4070 4071%PARAM smtp_helo_timeout 300s 4072 4073<p> 4074The SMTP client time limit for sending the HELO or EHLO command, 4075and for receiving the initial server response. 4076</p> 4077 4078<p> 4079Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4080The default time unit is s (seconds). 4081</p> 4082 4083%PARAM smtp_host_lookup dns 4084 4085<p> 4086What mechanisms the Postfix SMTP client uses to look up a host's IP 4087address. This parameter is ignored when DNS lookups are disabled 4088(see: disable_dns_lookups). 4089</p> 4090 4091<p> 4092Specify one of the following: 4093</p> 4094 4095<dl> 4096 4097<dt><b>dns</b></dt> 4098 4099<dd>Hosts can be found in the DNS (preferred). </dd> 4100 4101<dt><b>native</b></dt> 4102 4103<dd>Use the native naming service only (nsswitch.conf, or equivalent 4104mechanism). </dd> 4105 4106<dt><b>dns, native</b></dt> 4107 4108<dd>Use the native service for hosts not found in the DNS. </dd> 4109 4110</dl> 4111 4112<p> 4113This feature is available in Postfix 2.1 and later. 4114</p> 4115 4116%PARAM smtp_line_length_limit 990 4117 4118<p> 4119The maximal length of message header and body lines that Postfix 4120will send via SMTP. Longer lines are broken by inserting 4121"<CR><LF><SPACE>". This minimizes the damage to 4122MIME formatted mail. 4123</p> 4124 4125<p> 4126By default, the line length is limited to 990 characters, because 4127some server implementations cannot receive mail with long lines. 4128</p> 4129 4130%PARAM smtp_mail_timeout 300s 4131 4132<p> 4133The SMTP client time limit for sending the MAIL FROM command, and 4134for receiving the server response. 4135</p> 4136 4137<p> 4138Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4139The default time unit is s (seconds). 4140</p> 4141 4142%PARAM smtp_mx_address_limit 5 4143 4144<p> 4145The maximal number of MX (mail exchanger) IP addresses that can 4146result from mail exchanger lookups, or zero (no limit). Prior to 4147Postfix version 2.3, this limit was disabled by default. 4148</p> 4149 4150<p> 4151This feature is available in Postfix 2.1 and later. 4152</p> 4153 4154%PARAM smtp_mx_session_limit 2 4155 4156<p> The maximal number of SMTP sessions per delivery request before 4157giving up or delivering to a fall-back relay host, or zero (no 4158limit). This restriction ignores sessions that fail to complete the 4159SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to 4160complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p> 4161 4162<p> This feature is available in Postfix 2.1 and later. </p> 4163 4164%PARAM smtp_never_send_ehlo no 4165 4166<p> Never send EHLO at the start of an SMTP session. See also the 4167smtp_always_send_ehlo parameter. </p> 4168 4169%PARAM smtp_pix_workaround_threshold_time 500s 4170 4171<p> How long a message must be queued before the Postfix SMTP client 4172turns on the PIX firewall "<CR><LF>.<CR><LF>" 4173bug workaround for delivery through firewalls with "smtp fixup" 4174mode turned on. </p> 4175 4176<p> 4177By default, the workaround is turned off for mail that is queued 4178for less than 500 seconds. In other words, the workaround is normally 4179turned off for the first delivery attempt. 4180</p> 4181 4182<p> 4183Specify 0 to enable the PIX firewall 4184"<CR><LF>.<CR><LF>" bug workaround upon the 4185first delivery attempt. 4186</p> 4187 4188%PARAM smtp_quit_timeout 300s 4189 4190<p> 4191The SMTP client time limit for sending the QUIT command, and for 4192receiving the server response. 4193</p> 4194 4195<p> 4196Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4197The default time unit is s (seconds). 4198</p> 4199 4200%PARAM smtp_quote_rfc821_envelope yes 4201 4202<p> 4203Quote addresses in SMTP MAIL FROM and RCPT TO commands as required 4204by RFC 2821. This includes putting quotes around an address localpart 4205that ends in ".". 4206</p> 4207 4208<p> 4209The default is to comply with RFC 2821. If you have to send mail to 4210a broken SMTP server, configure a special SMTP client in master.cf: 4211</p> 4212 4213<blockquote> 4214<pre> 4215/etc/postfix/master.cf: 4216 broken-smtp . . . smtp -o smtp_quote_rfc821_envelope=no 4217</pre> 4218</blockquote> 4219 4220<p> 4221and route mail for the destination in question to the "broken-smtp" 4222message delivery with a transport(5) table. 4223</p> 4224 4225<p> 4226This feature is available in Postfix 2.1 and later. 4227</p> 4228 4229%PARAM smtp_rcpt_timeout 300s 4230 4231<p> 4232The SMTP client time limit for sending the SMTP RCPT TO command, and 4233for receiving the server response. 4234</p> 4235 4236<p> 4237Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4238The default time unit is s (seconds). 4239</p> 4240 4241%PARAM smtp_sasl_auth_enable no 4242 4243<p> 4244Enable SASL authentication in the Postfix SMTP client. By default, 4245the Postfix SMTP client uses no authentication. 4246</p> 4247 4248<p> 4249Example: 4250</p> 4251 4252<pre> 4253smtp_sasl_auth_enable = yes 4254</pre> 4255 4256%PARAM smtp_sasl_password_maps 4257 4258<p> 4259Optional SMTP client lookup tables with one username:password entry 4260per remote hostname or domain, or sender address when sender-dependent 4261authentication is enabled. If no username:password entry is found, 4262then the Postfix SMTP client will not 4263attempt to authenticate to the remote host. 4264</p> 4265 4266<p> 4267The Postfix SMTP client opens the lookup table before going to 4268chroot jail, so you can leave the password file in /etc/postfix. 4269</p> 4270 4271%PARAM smtp_sasl_security_options noplaintext, noanonymous 4272 4273<p> Postfix SMTP client SASL security options; as of Postfix 2.3 4274the list of available 4275features depends on the SASL client implementation that is selected 4276with <b>smtp_sasl_type</b>. </p> 4277 4278<p> The following security features are defined for the <b>cyrus</b> 4279client SASL implementation: </p> 4280 4281<p> 4282Specify zero or more of the following: 4283</p> 4284 4285<dl> 4286 4287<dt><b>noplaintext</b></dt> 4288 4289<dd>Disallow methods that use plaintext passwords. </dd> 4290 4291<dt><b>noactive</b></dt> 4292 4293<dd>Disallow methods subject to active (non-dictionary) attack. 4294</dd> 4295 4296<dt><b>nodictionary</b></dt> 4297 4298<dd>Disallow methods subject to passive (dictionary) attack. </dd> 4299 4300<dt><b>noanonymous</b></dt> 4301 4302<dd>Disallow methods that allow anonymous authentication. </dd> 4303 4304<dt><b>mutual_auth</b></dt> 4305 4306<dd>Only allow methods that provide mutual authentication (not 4307available with SASL version 1). </dd> 4308 4309</dl> 4310 4311<p> 4312Example: 4313</p> 4314 4315<pre> 4316smtp_sasl_security_options = noplaintext 4317</pre> 4318 4319%PARAM smtp_sasl_mechanism_filter 4320 4321<p> 4322If non-empty, a Postfix SMTP client filter for the remote SMTP 4323server's list of offered SASL mechanisms. Different client and 4324server implementations may support different mechanism lists. By 4325default, the Postfix SMTP client will use the intersection of the 4326two. smtp_sasl_mechanism_filter further restricts what server 4327mechanisms the client will take into consideration. </p> 4328 4329<p> Specify mechanism names, "/file/name" patterns or "type:table" 4330lookup tables. The right-hand side result from "type:table" lookups 4331is ignored. Specify "!pattern" to exclude a mechanism name from the 4332list. The form "!/file/name" is supported only in Postfix version 43332.4 and later. </p> 4334 4335<p> This feature is available in Postfix 2.2 and later. </p> 4336 4337<p> 4338Examples: 4339</p> 4340 4341<pre> 4342smtp_sasl_mechanism_filter = plain, login 4343smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs 4344smtp_sasl_mechanism_filter = !gssapi, !login, static:rest 4345</pre> 4346 4347%PARAM smtp_send_xforward_command no 4348 4349<p> 4350Send the non-standard XFORWARD command when the Postfix SMTP server 4351EHLO response announces XFORWARD support. 4352</p> 4353 4354<p> 4355This allows an "smtp" delivery agent, used for injecting mail into 4356a content filter, to forward the name, address, protocol and HELO 4357name of the original client to the content filter and downstream 4358queuing SMTP server. This can produce more useful logging than 4359localhost[127.0.0.1] etc. 4360</p> 4361 4362<p> 4363This feature is available in Postfix 2.1 and later. 4364</p> 4365 4366%PARAM smtp_skip_4xx_greeting yes 4367 4368<p> 4369Skip SMTP servers that greet with a 4XX status code (go away, try 4370again later). 4371</p> 4372 4373<p> 4374By default, Postfix moves on the next mail exchanger. Specify 4375"smtp_skip_4xx_greeting = no" if Postfix should defer delivery 4376immediately. 4377</p> 4378 4379<p> This feature is available in Postfix 2.0 and earlier. 4380Later Postfix versions always skip SMTP servers that greet with a 43814XX status code. </p> 4382 4383%PARAM smtp_skip_5xx_greeting yes 4384 4385<p> 4386Skip SMTP servers that greet with a 5XX status code (go away, do 4387not try again later). 4388</p> 4389 4390<p> By default, the Postfix SMTP client moves on the next mail 4391exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should 4392bounce the mail immediately. The default setting is incorrect, but 4393it is what a lot of people expect to happen. </p> 4394 4395%PARAM smtp_skip_quit_response yes 4396 4397<p> 4398Do not wait for the response to the SMTP QUIT command. 4399</p> 4400 4401%PARAM smtp_xforward_timeout 300s 4402 4403<p> 4404The SMTP client time limit for sending the XFORWARD command, and 4405for receiving the server response. 4406</p> 4407 4408<p> 4409Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4410The default time unit is s (seconds). 4411</p> 4412 4413<p> 4414This feature is available in Postfix 2.1 and later. 4415</p> 4416 4417%PARAM authorized_verp_clients $mynetworks 4418 4419<p> What SMTP clients are allowed to specify the XVERP command. 4420This command requests that mail be delivered one recipient at a 4421time with a per recipient return address. </p> 4422 4423<p> By default, only trusted clients are allowed to specify XVERP. 4424</p> 4425 4426<p> This parameter was introduced with Postfix version 1.1. Postfix 4427version 2.1 renamed this parameter to smtpd_authorized_verp_clients 4428and changed the default to none. </p> 4429 4430<p> Specify a list of network/netmask patterns, separated by commas 4431and/or whitespace. The mask specifies the number of bits in the 4432network part of a host address. You can also specify hostnames or 4433.domain names (the initial dot causes the domain to match any name 4434below it), "/file/name" or "type:table" patterns. A "/file/name" 4435pattern is replaced by its contents; a "type:table" lookup table 4436is matched when a table entry matches a lookup string (the lookup 4437result is ignored). Continue long lines by starting the next line 4438with whitespace. Specify "!pattern" to exclude an address or network 4439block from the list. The form "!/file/name" is supported only in 4440Postfix version 2.4 and later. </p> 4441 4442<p> Note: IP version 6 address information must be specified inside 4443<tt>[]</tt> in the authorized_verp_clients value, and in files 4444specified with "/file/name". IP version 6 addresses contain the 4445":" character, and would otherwise be confused with a "type:table" 4446pattern. </p> 4447 4448%PARAM smtpd_authorized_verp_clients $authorized_verp_clients 4449 4450<p> What SMTP clients are allowed to specify the XVERP command. 4451This command requests that mail be delivered one recipient at a 4452time with a per recipient return address. </p> 4453 4454<p> By default, no clients are allowed to specify XVERP. </p> 4455 4456<p> This parameter was renamed with Postfix version 2.1. The default value 4457is backwards compatible with Postfix version 2.0. </p> 4458 4459<p> Specify a list of network/netmask patterns, separated by commas 4460and/or whitespace. The mask specifies the number of bits in the 4461network part of a host address. You can also specify hostnames or 4462.domain names (the initial dot causes the domain to match any name 4463below it), "/file/name" or "type:table" patterns. A "/file/name" 4464pattern is replaced by its contents; a "type:table" lookup table 4465is matched when a table entry matches a lookup string (the lookup 4466result is ignored). Continue long lines by starting the next line 4467with whitespace. Specify "!pattern" to exclude an address or network 4468block from the list. The form "!/file/name" is supported only in 4469Postfix version 2.4 and later. </p> 4470 4471<p> Note: IP version 6 address information must be specified inside 4472<tt>[]</tt> in the smtpd_authorized_verp_clients value, and in 4473files specified with "/file/name". IP version 6 addresses contain 4474the ":" character, and would otherwise be confused with a "type:table" 4475pattern. </p> 4476 4477%PARAM smtpd_authorized_xclient_hosts 4478 4479<p> 4480What SMTP clients are allowed to use the XCLIENT feature. This 4481command overrides SMTP client information that is used for access 4482control. Typical use is for SMTP-based content filters, fetchmail-like 4483programs, or SMTP server access rule testing. See the XCLIENT_README 4484document for details. 4485</p> 4486 4487<p> 4488This feature is available in Postfix 2.1 and later. 4489</p> 4490 4491<p> 4492By default, no clients are allowed to specify XCLIENT. 4493</p> 4494 4495<p> 4496Specify a list of network/netmask patterns, separated by commas 4497and/or whitespace. The mask specifies the number of bits in the 4498network part of a host address. You can also specify hostnames or 4499.domain names (the initial dot causes the domain to match any name 4500below it), "/file/name" or "type:table" patterns. A "/file/name" 4501pattern is replaced by its contents; a "type:table" lookup table 4502is matched when a table entry matches a lookup string (the lookup 4503result is ignored). Continue long lines by starting the next line 4504with whitespace. Specify "!pattern" to exclude an address or network 4505block from the list. The form "!/file/name" is supported only in 4506Postfix version 2.4 and later. </p> 4507 4508<p> Note: IP version 6 address information must be specified inside 4509<tt>[]</tt> in the smtpd_authorized_xclient_hosts value, and in 4510files specified with "/file/name". IP version 6 addresses contain 4511the ":" character, and would otherwise be confused with a "type:table" 4512pattern. </p> 4513 4514%PARAM smtpd_authorized_xforward_hosts 4515 4516<p> 4517What SMTP clients are allowed to use the XFORWARD feature. This 4518command forwards information that is used to improve logging after 4519SMTP-based content filters. See the XFORWARD_README document for 4520details. 4521</p> 4522 4523<p> 4524This feature is available in Postfix 2.1 and later. 4525</p> 4526 4527<p> 4528By default, no clients are allowed to specify XFORWARD. 4529</p> 4530 4531<p> 4532Specify a list of network/netmask patterns, separated by commas 4533and/or whitespace. The mask specifies the number of bits in the 4534network part of a host address. You can also specify hostnames or 4535.domain names (the initial dot causes the domain to match any name 4536below it), "/file/name" or "type:table" patterns. A "/file/name" 4537pattern is replaced by its contents; a "type:table" lookup table 4538is matched when a table entry matches a lookup string (the lookup 4539result is ignored). Continue long lines by starting the next line 4540with whitespace. Specify "!pattern" to exclude an address or network 4541block from the list. The form "!/file/name" is supported only in 4542Postfix version 2.4 and later. </p> 4543 4544<p> Note: IP version 6 address information must be specified inside 4545<tt>[]</tt> in the smtpd_authorized_xforward_hosts value, and in 4546files specified with "/file/name". IP version 6 addresses contain 4547the ":" character, and would otherwise be confused with a "type:table" 4548pattern. </p> 4549 4550%PARAM smtpd_banner $myhostname ESMTP $mail_name 4551 4552<p> 4553The text that follows the 220 status code in the SMTP greeting 4554banner. Some people like to see the mail version advertised. By 4555default, Postfix shows no version. 4556</p> 4557 4558<p> 4559You MUST specify $myhostname at the start of the text. This is 4560required by the SMTP protocol. 4561</p> 4562 4563<p> 4564Example: 4565</p> 4566 4567<pre> 4568smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) 4569</pre> 4570 4571%PARAM smtpd_client_connection_count_limit 50 4572 4573<p> 4574How many simultaneous connections any client is allowed to 4575make to this service. By default, the limit is set to half 4576the default process limit value. 4577</p> 4578 4579<p> 4580To disable this feature, specify a limit of 0. 4581</p> 4582 4583<p> 4584WARNING: The purpose of this feature is to limit abuse. It must 4585not be used to regulate legitimate mail traffic. 4586</p> 4587 4588<p> 4589This feature is available in Postfix 2.2 and later. 4590</p> 4591 4592%PARAM smtpd_client_event_limit_exceptions $mynetworks 4593 4594<p> 4595Clients that are excluded from smtpd_client_*_count/rate_limit 4596restrictions. See the mynetworks parameter 4597description for the parameter value syntax. 4598</p> 4599 4600<p> 4601By default, clients in trusted networks are excluded. Specify a 4602list of network blocks, hostnames or .domain names (the initial 4603dot causes the domain to match any name below it). 4604</p> 4605 4606<p> Note: IP version 6 address information must be specified inside 4607<tt>[]</tt> in the smtpd_client_event_limit_exceptions value, and 4608in files specified with "/file/name". IP version 6 addresses 4609contain the ":" character, and would otherwise be confused with a 4610"type:table" pattern. </p> 4611 4612<p> 4613This feature is available in Postfix 2.2 and later. 4614</p> 4615 4616%PARAM smtpd_client_connection_rate_limit 0 4617 4618<p> 4619The maximal number of connection attempts any client is allowed to 4620make to this service per time unit. The time unit is specified 4621with the anvil_rate_time_unit configuration parameter. 4622</p> 4623 4624<p> 4625By default, a client can make as many connections per time unit as 4626Postfix can accept. 4627</p> 4628 4629<p> 4630To disable this feature, specify a limit of 0. 4631</p> 4632 4633<p> 4634WARNING: The purpose of this feature is to limit abuse. It must 4635not be used to regulate legitimate mail traffic. 4636</p> 4637 4638<p> 4639This feature is available in Postfix 2.2 and later. 4640</p> 4641 4642<p> 4643Example: 4644</p> 4645 4646<pre> 4647smtpd_client_connection_rate_limit = 1000 4648</pre> 4649 4650%PARAM smtpd_client_message_rate_limit 0 4651 4652<p> 4653The maximal number of message delivery requests that any client is 4654allowed to make to this service per time unit, regardless of whether 4655or not Postfix actually accepts those messages. The time unit is 4656specified with the anvil_rate_time_unit configuration parameter. 4657</p> 4658 4659<p> 4660By default, a client can send as many message delivery requests 4661per time unit as Postfix can accept. 4662</p> 4663 4664<p> 4665To disable this feature, specify a limit of 0. 4666</p> 4667 4668<p> 4669WARNING: The purpose of this feature is to limit abuse. It must 4670not be used to regulate legitimate mail traffic. 4671</p> 4672 4673<p> 4674This feature is available in Postfix 2.2 and later. 4675</p> 4676 4677<p> 4678Example: 4679</p> 4680 4681<pre> 4682smtpd_client_message_rate_limit = 1000 4683</pre> 4684 4685%PARAM smtpd_client_recipient_rate_limit 0 4686 4687<p> 4688The maximal number of recipient addresses that any client is allowed 4689to send to this service per time unit, regardless of whether or not 4690Postfix actually accepts those recipients. The time unit is specified 4691with the anvil_rate_time_unit configuration parameter. 4692</p> 4693 4694<p> 4695By default, a client can send as many recipient addresses per time 4696unit as Postfix can accept. 4697</p> 4698 4699<p> 4700To disable this feature, specify a limit of 0. 4701</p> 4702 4703<p> 4704WARNING: The purpose of this feature is to limit abuse. It must 4705not be used to regulate legitimate mail traffic. 4706</p> 4707 4708<p> 4709This feature is available in Postfix 2.2 and later. 4710</p> 4711 4712<p> 4713Example: 4714</p> 4715 4716<pre> 4717smtpd_client_recipient_rate_limit = 1000 4718</pre> 4719 4720%PARAM smtpd_client_new_tls_session_rate_limit 0 4721 4722<p> 4723The maximal number of new (i.e., uncached) TLS sessions that a 4724remote SMTP client is allowed to negotiate with this service per 4725time unit. The time unit is specified with the anvil_rate_time_unit 4726configuration parameter. 4727</p> 4728 4729<p> 4730By default, a remote SMTP client can negotiate as many new TLS 4731sessions per time unit as Postfix can accept. 4732</p> 4733 4734<p> 4735To disable this feature, specify a limit of 0. Otherwise, specify 4736a limit that is at least the per-client concurrent session limit, 4737or else legitimate client sessions may be rejected. 4738</p> 4739 4740<p> 4741WARNING: The purpose of this feature is to limit abuse. It must 4742not be used to regulate legitimate mail traffic. 4743</p> 4744 4745<p> 4746This feature is available in Postfix 2.3 and later. 4747</p> 4748 4749<p> 4750Example: 4751</p> 4752 4753<pre> 4754smtpd_client_new_tls_session_rate_limit = 100 4755</pre> 4756 4757%PARAM smtpd_client_restrictions 4758 4759<p> 4760Optional SMTP server access restrictions in the context of a client 4761SMTP connection request. 4762See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 4763restriction lists" for a discussion of evaluation context and time. 4764</p> 4765 4766<p> 4767The default is to allow all connection requests. 4768</p> 4769 4770<p> 4771Specify a list of restrictions, separated by commas and/or whitespace. 4772Continue long lines by starting the next line with whitespace. 4773Restrictions are applied in the order as specified; the first 4774restriction that matches wins. 4775</p> 4776 4777<p> 4778The following restrictions are specific to client hostname or 4779client network address information. 4780</p> 4781 4782<dl> 4783 4784<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4785 4786<dd> Use the client certificate fingerprint as lookup key for the 4787specified access(5) database; with Postfix version 2.2, also require that 4788the SMTP client certificate is verified successfully. 4789The fingerprint digest algorithm is configurable via the 4790smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 4791Postfix version 2.5). This feature is available with Postfix version 47922.2 and later. </dd> 4793 4794<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4795 4796<dd>Search the specified access database for the client hostname, 4797parent domains, client IP address, or networks obtained by stripping 4798least significant octets. See the access(5) manual page for details. </dd> 4799 4800<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4801 4802<dd>Search the specified access(5) database for the MX hosts for the 4803client hostname, and execute the corresponding action. Note: a result 4804of "OK" is not allowed for safety reasons. Instead, use DUNNO in order 4805to exclude specific hosts from blacklists. This feature is available 4806in Postfix 2.7 and later. </dd> 4807 4808<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4809 4810<dd>Search the specified access(5) database for the DNS servers for 4811the client hostname, and execute the corresponding action. Note: a 4812result of "OK" is not allowed for safety reasons. Instead, use DUNNO 4813in order to exclude specific hosts from blacklists. This feature is 4814available in Postfix 2.7 and later. </dd> 4815 4816<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4817 4818<dd>Search the specified access database for the unverified reverse 4819client hostname, parent domains, client IP address, or networks 4820obtained by stripping least significant octets. See the access(5) 4821manual page for details. Note: a result of "OK" is not allowed for 4822safety reasons. Instead, use DUNNO in order to exclude specific 4823hosts from blacklists. This feature is available in Postfix 2.6 4824and later.</dd> 4825 4826<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4827 4828<dd>Search the specified access(5) database for the MX hosts for the 4829unverified reverse client hostname, and execute the corresponding 4830action. Note: a result of "OK" is not allowed for safety reasons. 4831Instead, use DUNNO in order to exclude specific hosts from blacklists. 4832This feature is available in Postfix 2.7 and later. </dd> 4833 4834<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4835 4836<dd>Search the specified access(5) database for the DNS servers for 4837the unverified reverse client hostname, and execute the corresponding 4838action. Note: a result of "OK" is not allowed for safety reasons. 4839Instead, use DUNNO in order to exclude specific hosts from blacklists. 4840This feature is available in Postfix 2.7 and later. </dd> 4841 4842<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 4843 4844<dd>Permit the request when the client IP address matches 4845$inet_interfaces. </dd> 4846 4847<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt> 4848 4849<dd>Permit the request when the client IP address matches any 4850network or network address listed in $mynetworks. </dd> 4851 4852<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> 4853 4854<dd> Permit the request when the client is successfully 4855authenticated via the RFC 4954 (AUTH) protocol. </dd> 4856 4857 4858<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> 4859 4860<dd> Permit the request when the remote SMTP client certificate is 4861verified successfully. This option must be used only if a special 4862CA issues the certificates and only this CA is listed as trusted 4863CA. Otherwise, clients with a third-party certificate would also 4864be allowed to relay. Specify "tls_append_default_CA = no" when the 4865trusted CA is specified with smtpd_tls_CAfile or smtpd_tls_CApath, 4866to prevent Postfix from appending the system-supplied default CAs. 4867This feature is available with Postfix version 2.2.</dd> 4868 4869<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt> 4870 4871<dd>Permit the request when the remote SMTP client certificate 4872fingerprint is listed in $relay_clientcerts. 4873The fingerprint digest algorithm is configurable via the 4874smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 4875Postfix version 2.5). This feature is available with Postfix version 48762.2. </dd> 4877 4878<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 4879 4880<dd>Reject the request when the reversed client network address is 4881listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 4882(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 4883or a pattern inside "[]" that contains one or more ";"-separated 4884numbers or number..number ranges (Postfix version 2.8 and later). 4885If no "<i>=d.d.d.d</i>" is specified, reject the request when the 4886reversed client network address is listed with any A record under 4887<i>rbl_domain</i>. <br> 4888The maps_rbl_reject_code parameter specifies the response code for 4889rejected requests (default: 554), the default_rbl_reply parameter 4890specifies the default server reply, and the rbl_reply_maps parameter 4891specifies tables with server replies indexed by <i>rbl_domain</i>. 4892This feature is available in Postfix 2.0 and later. </dd> 4893 4894<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt> 4895 4896<dd>Accept the request when the reversed client network address is 4897listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>. 4898Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 4899one or more ";"-separated numbers or number..number ranges. 4900If no "<i>=d.d.d.d</i>" is specified, accept the request when the 4901reversed client network address is listed with any A record under 4902<i>dnswl_domain</i>. <br> For safety, permit_dnswl_client is silently 4903ignored when it would override reject_unauth_destination. The 4904result is DEFER_IF_REJECT when whitelist lookup fails. This feature 4905is available in Postfix 2.8 and later. </dd> 4906 4907<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 4908 4909<dd>Reject the request when the client hostname is listed with the 4910A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 49112.1 and later only). Each "<i>d</i>" is a number, or a pattern 4912inside "[]" that contains one or more ";"-separated numbers or 4913number..number ranges (Postfix version 2.8 and later). If no 4914"<i>=d.d.d.d</i>" is specified, reject the request when the client 4915hostname is listed with 4916any A record under <i>rbl_domain</i>. See the reject_rbl_client 4917description above for additional RBL related configuration parameters. 4918This feature is available in Postfix 2.0 and later; with Postfix 4919version 2.8 and later, reject_rhsbl_reverse_client will usually 4920produce better results. </dd> 4921 4922<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt> 4923 4924<dd>Accept the request when the client hostname is listed with the 4925A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>" 4926is a number, or a pattern inside "[]" that contains one or more 4927";"-separated numbers or number..number ranges. If no 4928"<i>=d.d.d.d</i>" is specified, accept the request when the client 4929hostname is listed with any A record under <i>rhswl_domain</i>. 4930<br> Caution: client name whitelisting is fragile, since the client 4931name lookup can fail due to temporary outages. Client name 4932whitelisting should be used only to reduce false positives in e.g. 4933DNS-based blocklists, and not for making access rule exceptions. 4934<br> For safety, permit_rhswl_client is silently ignored when it 4935would override reject_unauth_destination. The result is DEFER_IF_REJECT 4936when whitelist lookup fails. This feature is available in Postfix 49372.8 and later. </dd> 4938 4939<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 4940 4941<dd>Reject the request when the unverified reverse client hostname 4942is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>. 4943Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 4944one or more ";"-separated numbers or number..number ranges. 4945If no "<i>=d.d.d.d</i>" is specified, reject the request when the 4946unverified reverse client hostname is listed with any A record under 4947<i>rbl_domain</i>. See the reject_rbl_client description above for 4948additional RBL related configuration parameters. This feature is 4949available in Postfix 2.8 and later. </dd> 4950 4951<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt> 4952 4953<dd>Reject the request when 1) the client IP address->name mapping 4954fails, 2) the name->address mapping fails, or 3) the name->address 4955mapping does not match the client IP address. <br> This is a 4956stronger restriction than the reject_unknown_reverse_client_hostname 4957feature, which triggers only under condition 1) above. <br> The 4958unknown_client_reject_code parameter specifies the response code 4959for rejected requests (default: 450). The reply is always 450 in 4960case the address->name or name->address lookup failed due to 4961a temporary problem. </dd> 4962 4963<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt> 4964 4965<dd>Reject the request when the client IP address has no address->name 4966mapping. <br> This is a weaker restriction than the 4967reject_unknown_client_hostname feature, which requires not only 4968that the address->name and name->address mappings exist, but 4969also that the two mappings reproduce the client IP address. <br> 4970The unknown_client_reject_code parameter specifies the response 4971code for rejected requests (default: 450). The reply is always 450 4972in case the address->name lookup failed due to a temporary 4973problem. <br> This feature is available in Postfix 2.3 and 4974later. </dd> 4975 4976#<dt><b><a name="reject_unknown_forward_client_hostname">reject_unknown_forward_client_hostname</a></b></dt> 4977# 4978#<dd>Reject the request when the client IP address has no address->name 4979#or name ->address mapping. <br> This is a weaker restriction 4980#than the reject_unknown_client_hostname feature, which requires not 4981#only that the address->name and name->address mappings exist, 4982#but also that the two mappings reproduce the client IP address. 4983#<br> The unknown_client_reject_code parameter specifies the response 4984#code for rejected requests (default: 450). The reply is always 450 4985#in case the address->name or name ->address lookup failed due 4986#to a temporary problem. <br> This feature is available in Postfix 4987#version 2.3 and later. </dd> 4988 4989</dl> 4990 4991<p> 4992In addition, you can use any of the following <a name="generic"> 4993generic</a> restrictions. These restrictions are applicable in 4994any SMTP command context. 4995</p> 4996 4997<dl> 4998 4999<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt> 5000 5001<dd>Query the specified policy server. See the SMTPD_POLICY_README 5002document for details. This feature is available in Postfix 2.1 5003and later. </dd> 5004 5005<dt><b><a name="defer">defer</a></b></dt> 5006 5007<dd>Defer the request. The client is told to try again later. This 5008restriction is useful at the end of a restriction list, to make 5009the default policy explicit. <br> The defer_code parameter specifies 5010the SMTP server reply code (default: 450).</dd> 5011 5012<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt> 5013 5014<dd>Defer the request if some later restriction would result in an 5015explicit or implicit PERMIT action. This is useful when a blacklisting 5016feature fails due to a temporary problem. This feature is available 5017in Postfix version 2.1 and later. </dd> 5018 5019<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt> 5020 5021<dd>Defer the request if some later restriction would result in a 5022REJECT action. This is useful when a whitelisting feature fails 5023due to a temporary problem. This feature is available in Postfix 5024version 2.1 and later. </dd> 5025 5026<dt><b><a name="permit">permit</a></b></dt> 5027 5028<dd>Permit the request. This restriction is useful at the end of 5029a restriction list, to make the default policy explicit.</dd> 5030 5031<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt> 5032 5033<dd>Reject the request when the envelope sender is the null address, 5034and the message has multiple envelope recipients. This usage has 5035rare but legitimate applications: under certain conditions, 5036multi-recipient mail that was posted with the DSN option NOTIFY=NEVER 5037may be forwarded with the null sender address. 5038<br> Note: this restriction can only work reliably 5039when used in smtpd_data_restrictions or 5040smtpd_end_of_data_restrictions, because the total number of 5041recipients is not known at an earlier stage of the SMTP conversation. 5042Use at the RCPT stage will only reject the second etc. recipient. 5043<br> 5044The multi_recipient_bounce_reject_code parameter specifies the 5045response code for rejected requests (default: 550). This feature 5046is available in Postfix 2.1 and later. </dd> 5047 5048<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt> 5049 5050<dd>Reject the request when the connection is not encrypted. This 5051restriction should not be used before the client has had a chance 5052to negotiate encryption with the AUTH or STARTTLS commands. 5053<br> 5054The plaintext_reject_code parameter specifies the response 5055code for rejected requests (default: 450). This feature is available 5056in Postfix 2.3 and later. </dd> 5057 5058<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt> 5059 5060<dd>Reject the request when the client sends SMTP commands ahead 5061of time where it is not allowed, or when the client sends SMTP 5062commands ahead of time without knowing that Postfix actually supports 5063ESMTP command pipelining. This stops mail from bulk mail software 5064that improperly uses ESMTP command pipelining in order to speed up 5065deliveries. 5066<br> With Postfix 2.6 and later, the SMTP server sets a per-session 5067flag whenever it detects illegal pipelining, including pipelined 5068EHLO or HELO commands. The reject_unauth_pipelining feature simply 5069tests whether the flag was set at any point in time during the 5070session. 5071<br> With older Postfix versions, reject_unauth_pipelining checks 5072the current status of the input read queue, and its usage is not 5073recommended in contexts other than smtpd_data_restrictions. </dd> 5074 5075<dt><b><a name="reject">reject</a></b></dt> 5076 5077<dd>Reject the request. This restriction is useful at the end of 5078a restriction list, to make the default policy explicit. The 5079reject_code configuration parameter specifies the response code for 5080rejected requests (default: 554).</dd> 5081 5082<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt> 5083 5084<dd>Pause for the specified number of seconds and proceed with 5085the next restriction in the list, if any. This may stop zombie 5086mail when used as: 5087<pre> 5088/etc/postfix/main.cf: 5089 smtpd_client_restrictions = 5090 sleep 1, reject_unauth_pipelining 5091 smtpd_delay_reject = no 5092</pre> 5093This feature is available in Postfix 2.3. </dd> 5094 5095<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt> 5096 5097<dd>Change the meaning of the next restriction, so that it logs 5098a warning instead of rejecting a request (look for logfile records 5099that contain "reject_warning"). This is useful for testing new 5100restrictions in a "live" environment without risking unnecessary 5101loss of mail. </dd> 5102 5103</dl> 5104 5105<p> 5106Other restrictions that are valid in this context: 5107</p> 5108 5109<ul> 5110 5111<li> SMTP command specific restrictions that are described under 5112the smtpd_helo_restrictions, smtpd_sender_restrictions or 5113smtpd_recipient_restrictions parameters. When helo, sender or 5114recipient restrictions are listed under smtpd_client_restrictions, 5115they have effect only with "smtpd_delay_reject = yes", so that 5116$smtpd_client_restrictions is evaluated at the time of the RCPT TO 5117command. 5118 5119</ul> 5120 5121<p> 5122Example: 5123</p> 5124 5125<pre> 5126smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname 5127</pre> 5128 5129%CLASS smtpd-tarpit Tarpit features 5130 5131<p> 5132When a remote SMTP client makes errors, the Postfix SMTP server 5133can insert delays before responding. This can help to slow down 5134run-away software. The behavior is controlled by an error counter 5135that counts the number of errors within an SMTP session that a 5136client makes without delivering mail. 5137</p> 5138 5139<ul> 5140 5141<li><p>When the error counter is less than $smtpd_soft_error_limit the 5142Postfix SMTP server replies immediately (Postfix version 2.0 and earlier 5143delay their 4xx or 5xx error response). </p> 5144 5145<li><p>When the error counter reaches $smtpd_soft_error_limit, the Postfix 5146SMTP server delays all its responses. </p> 5147 5148<li><p>When the error counter reaches $smtpd_hard_error_limit the Postfix 5149SMTP server breaks the connection. </p> 5150 5151</ul> 5152 5153%PARAM smtpd_error_sleep_time 1s 5154 5155<p>With Postfix version 2.1 and later: the SMTP server response delay after 5156a client has made more than $smtpd_soft_error_limit errors, and 5157fewer than $smtpd_hard_error_limit errors, without delivering mail. 5158</p> 5159 5160<p>With Postfix version 2.0 and earlier: the SMTP server delay before 5161sending a reject (4xx or 5xx) response, when the client has made 5162fewer than $smtpd_soft_error_limit errors without delivering 5163mail. </p> 5164 5165%PARAM smtpd_soft_error_limit 10 5166 5167<p> 5168The number of errors a remote SMTP client is allowed to make without 5169delivering mail before the Postfix SMTP server slows down all its 5170responses. 5171</p> 5172 5173<ul> 5174 5175<li><p>With Postfix version 2.1 and later, the Postfix SMTP server 5176delays all responses by $smtpd_error_sleep_time seconds. </p> 5177 5178<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP 5179server delays all responses by (number of errors) seconds. </p> 5180 5181</ul> 5182 5183%PARAM smtpd_hard_error_limit normal: 20, overload: 1 5184 5185<p> 5186The maximal number of errors a remote SMTP client is allowed to 5187make without delivering mail. The Postfix SMTP server disconnects 5188when the limit is exceeded. Normally the default limit is 20, but 5189it changes under overload to just 1. With Postfix 2.5 and earlier, 5190the SMTP server always allows up to 20 errors by default. 5191 5192</p> 5193 5194%PARAM smtpd_junk_command_limit normal: 100, overload: 1 5195 5196<p> 5197The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote 5198SMTP client can send before the Postfix SMTP server starts to 5199increment the error counter with each junk command. The junk 5200command count is reset after mail is delivered. See also the 5201smtpd_error_sleep_time and smtpd_soft_error_limit configuration 5202parameters. Normally the default limit is 100, but it changes under 5203overload to just 1. With Postfix 2.5 and earlier, the SMTP server 5204always allows up to 100 junk commands by default. </p> 5205 5206%PARAM smtpd_recipient_overshoot_limit 1000 5207 5208<p> The number of recipients that a remote SMTP client can send in 5209excess of the limit specified with $smtpd_recipient_limit, before 5210the Postfix SMTP server increments the per-session error count 5211for each excess recipient. </p> 5212 5213%PARAM smtpd_etrn_restrictions 5214 5215<p> 5216Optional SMTP server access restrictions in the context of a client 5217ETRN request. 5218See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 5219restriction lists" for a discussion of evaluation context and time. 5220</p> 5221 5222<p> 5223The Postfix ETRN implementation accepts only destinations that are 5224eligible for the Postfix "fast flush" service. See the ETRN_README 5225file for details. 5226</p> 5227 5228<p> 5229Specify a list of restrictions, separated by commas and/or whitespace. 5230Continue long lines by starting the next line with whitespace. 5231Restrictions are applied in the order as specified; the first 5232restriction that matches wins. 5233</p> 5234 5235<p> 5236The following restrictions are specific to the domain name information 5237received with the ETRN command. 5238</p> 5239 5240<dl> 5241 5242<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5243 5244<dd>Search the specified access database for the ETRN domain name 5245or its parent domains. See the access(5) manual page for details. 5246</dd> 5247 5248</dl> 5249 5250<p> 5251Other restrictions that are valid in this context: 5252</p> 5253 5254<ul> 5255 5256<li><a href="#generic">Generic</a> restrictions that can be used 5257in any SMTP command context, described under smtpd_client_restrictions. 5258 5259<li>SMTP command specific restrictions described under 5260smtpd_client_restrictions and smtpd_helo_restrictions. 5261 5262</ul> 5263 5264<p> 5265Example: 5266</p> 5267 5268<pre> 5269smtpd_etrn_restrictions = permit_mynetworks, reject 5270</pre> 5271 5272%PARAM smtpd_expansion_filter see "postconf -d" output 5273 5274<p> 5275What characters are allowed in $name expansions of RBL reply 5276templates. Characters not in the allowed set are replaced by "_". 5277Use C like escapes to specify special characters such as whitespace. 5278</p> 5279 5280<p> 5281This parameter is not subjected to $parameter expansion. 5282</p> 5283 5284<p> 5285This feature is available in Postfix 2.0 and later. 5286</p> 5287 5288%PARAM smtpd_forbidden_commands CONNECT, GET, POST 5289 5290<p> 5291List of commands that cause the Postfix SMTP server to immediately 5292terminate the session with a 221 code. This can be used to disconnect 5293clients that obviously attempt to abuse the system. In addition to the 5294commands listed in this parameter, commands that follow the "Label:" 5295format of message headers will also cause a disconnect. 5296</p> 5297 5298<p> 5299This feature is available in Postfix 2.2 and later. 5300</p> 5301 5302%PARAM smtpd_helo_required no 5303 5304<p> 5305Require that a remote SMTP client introduces itself with the HELO 5306or EHLO command before sending the MAIL command or other commands 5307that require EHLO negotiation. 5308</p> 5309 5310<p> 5311Example: 5312</p> 5313 5314<pre> 5315smtpd_helo_required = yes 5316</pre> 5317 5318%PARAM smtpd_helo_restrictions 5319 5320<p> 5321Optional restrictions that the Postfix SMTP server applies in the 5322context of the SMTP HELO command. 5323See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 5324restriction lists" for a discussion of evaluation context and time. 5325</p> 5326 5327<p> 5328The default is to permit everything. 5329</p> 5330 5331<p> Note: specify "smtpd_helo_required = yes" to fully enforce this 5332restriction (without "smtpd_helo_required = yes", a client can 5333simply skip smtpd_helo_restrictions by not sending HELO or EHLO). 5334</p> 5335 5336<p> 5337Specify a list of restrictions, separated by commas and/or whitespace. 5338Continue long lines by starting the next line with whitespace. 5339Restrictions are applied in the order as specified; the first 5340restriction that matches wins. 5341</p> 5342 5343<p> 5344The following restrictions are specific to the hostname information 5345received with the HELO or EHLO command. 5346</p> 5347 5348<dl> 5349 5350<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5351 5352<dd>Search the specified access(5) database for the HELO or EHLO 5353hostname or parent domains, and execute the corresponding action. 5354Note: specify "smtpd_helo_required = yes" to fully enforce this 5355restriction (without "smtpd_helo_required = yes", a client can 5356simply skip check_helo_access by not sending HELO or EHLO). </dd> 5357 5358<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5359 5360<dd>Search the specified access(5) database for the MX hosts for 5361the HELO or EHLO hostname, and execute the corresponding action. 5362Note 1: a result of "OK" is not allowed for safety reasons. Instead, 5363use DUNNO in order to exclude specific hosts from blacklists. Note 53642: specify "smtpd_helo_required = yes" to fully enforce this 5365restriction (without "smtpd_helo_required = yes", a client can 5366simply skip check_helo_mx_access by not sending HELO or EHLO). This 5367feature is available in Postfix 2.1 and later. 5368</dd> 5369 5370<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5371 5372<dd>Search the specified access(5) database for the DNS servers 5373for the HELO or EHLO hostname, and execute the corresponding action. 5374Note 1: a result of "OK" is not allowed for safety reasons. Instead, 5375use DUNNO in order to exclude specific hosts from blacklists. Note 53762: specify "smtpd_helo_required = yes" to fully enforce this 5377restriction (without "smtpd_helo_required = yes", a client can 5378simply skip check_helo_ns_access by not sending HELO or EHLO). This 5379feature is available in Postfix 2.1 and later. 5380</dd> 5381 5382<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt> 5383 5384<dd>Reject the request when the HELO or EHLO hostname syntax is 5385invalid. Note: specify "smtpd_helo_required = yes" to fully enforce 5386this restriction (without "smtpd_helo_required = yes", a client can simply 5387skip reject_invalid_helo_hostname by not sending HELO or EHLO). 5388<br> The invalid_hostname_reject_code specifies the response code 5389for rejected requests (default: 501).</dd> 5390 5391<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt> 5392 5393<dd>Reject the request when the HELO or EHLO hostname is not in 5394fully-qualified domain form, as required by the RFC. Note: specify 5395"smtpd_helo_required = yes" to fully enforce this restriction 5396(without "smtpd_helo_required = yes", a client can simply skip 5397reject_non_fqdn_helo_hostname by not sending HELO or EHLO). <br> 5398The non_fqdn_reject_code parameter specifies the response code for 5399rejected requests (default: 504).</dd> 5400 5401<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt> 5402 5403<dd>Reject the request when the HELO or EHLO hostname hostname is 5404listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 5405(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 5406or a pattern inside "[]" that contains one or more ";"-separated 5407numbers or number..number ranges (Postfix version 2.8 and later). 5408If no "<i>=d.d.d.d</i>" is 5409specified, reject the request when the HELO or EHLO hostname is 5410listed with any A record under <i>rbl_domain</i>. See the 5411reject_rbl_client description for additional RBL related configuration 5412parameters. Note: specify "smtpd_helo_required = yes" to fully 5413enforce this restriction (without "smtpd_helo_required = yes", a 5414client can simply skip reject_rhsbl_helo by not sending HELO or 5415EHLO). This feature is available in Postfix 2.0 5416and later. </dd> 5417 5418<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt> 5419 5420<dd>Reject the request when the HELO or EHLO hostname has no DNS A 5421or MX record. <br> The unknown_hostname_reject_code parameter 5422specifies the numerical response code for rejected requests (default: 5423450). <br> The unknown_helo_hostname_tempfail_action parameter 5424specifies the action after a temporary DNS error (default: 5425defer_if_permit). Note: specify "smtpd_helo_required = yes" to fully 5426enforce this restriction (without "smtpd_helo_required = yes", a 5427client can simply skip reject_unknown_helo_hostname by not sending 5428HELO or EHLO). </dd> 5429 5430</dl> 5431 5432<p> 5433Other restrictions that are valid in this context: 5434</p> 5435 5436<ul> 5437 5438<li> <a href="#generic">Generic</a> restrictions that can be used 5439in any SMTP command context, described under smtpd_client_restrictions. 5440 5441<li> Client hostname or network address specific restrictions 5442described under smtpd_client_restrictions. 5443 5444<li> SMTP command specific restrictions described under 5445smtpd_sender_restrictions or smtpd_recipient_restrictions. When 5446sender or recipient restrictions are listed under smtpd_helo_restrictions, 5447they have effect only with "smtpd_delay_reject = yes", so that 5448$smtpd_helo_restrictions is evaluated at the time of the RCPT TO 5449command. 5450 5451</ul> 5452 5453<p> 5454Examples: 5455</p> 5456 5457<pre> 5458smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname 5459smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname 5460</pre> 5461 5462%PARAM smtpd_history_flush_threshold 100 5463 5464<p> 5465The maximal number of lines in the Postfix SMTP server command history 5466before it is flushed upon receipt of EHLO, RSET, or end of DATA. 5467</p> 5468 5469%PARAM smtpd_noop_commands 5470 5471<p> 5472List of commands that the Postfix SMTP server replies to with "250 5473Ok", without doing any syntax checks and without changing state. 5474This list overrides any commands built into the Postfix SMTP server. 5475</p> 5476 5477%PARAM smtpd_proxy_ehlo $myhostname 5478 5479<p> 5480How the Postfix SMTP server announces itself to the proxy filter. 5481By default, the Postfix hostname is used. 5482</p> 5483 5484<p> 5485This feature is available in Postfix 2.1 and later. 5486</p> 5487 5488%PARAM smtpd_proxy_options 5489 5490<p> 5491List of options that control how the Postfix SMTP server 5492communicates with a before-queue content filter. Specify zero or 5493more of the following, separated by comma or whitespace. </p> 5494 5495<dl> 5496 5497<dt><b>speed_adjust</b></dt> 5498 5499<dd> <p> Do not connect to a before-queue content filter until an entire 5500message has been received. This reduces the number of simultaneous 5501before-queue content filter processes. </p> 5502 5503<p> NOTE 1: A filter must not <i>selectively</i> reject recipients 5504of a multi-recipient message. Rejecting all recipients is OK, as 5505is accepting all recipients. </p> 5506 5507<p> NOTE 2: This feature increases the minimum amount of free queue 5508space by $message_size_limit. The extra space is needed to save the 5509message to a temporary file. </p> </dd> 5510 5511</dl> 5512 5513<p> 5514This feature is available in Postfix 2.7 and later. 5515</p> 5516 5517%CLASS smtpd-proxy SMTP Proxy filter 5518 5519<p> 5520As of Postfix version 2.1, the SMTP server can forward all incoming 5521mail to a content filtering proxy server that inspects all mail 5522BEFORE it is stored in the Postfix mail queue. 5523</p> 5524 5525<p> 5526WARNING: the proxy filter must reply within a fixed deadline or 5527else the remote SMTP client times out and mail duplication happens. 5528This becomes a problem as mail load increases so that fewer and 5529fewer CPU cycles remain available to mead the fixed deadline. 5530</p> 5531 5532%PARAM smtpd_proxy_filter 5533 5534<p> The hostname and TCP port of the mail filtering proxy server. 5535The proxy receives all mail from the Postfix SMTP server, and is 5536supposed to give the result to another Postfix SMTP server process. 5537</p> 5538 5539<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or 5540"unix:pathname" for a UNIX-domain endpoint. The host can be specified 5541as an IP address or as a symbolic name; no MX lookups are done. 5542When no "host" or "host:" are specified, the local machine is 5543assumed. Pathname interpretation is relative to the Postfix queue 5544directory. </p> 5545 5546<p> This feature is available in Postfix 2.1 and later. </p> 5547 5548<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3 5549and later. </p> 5550 5551%PARAM smtpd_proxy_timeout 100s 5552 5553<p> 5554The time limit for connecting to a proxy filter and for sending or 5555receiving information. When a connection fails the client gets a 5556generic error message while more detailed information is logged to 5557the maillog file. 5558</p> 5559 5560<p> 5561Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5562The default time unit is s (seconds). 5563</p> 5564 5565<p> 5566This feature is available in Postfix 2.1 and later. 5567</p> 5568 5569%PARAM smtpd_recipient_limit 1000 5570 5571<p> 5572The maximal number of recipients that the Postfix SMTP server 5573accepts per message delivery request. 5574</p> 5575 5576%PARAM smtpd_recipient_restrictions permit_mynetworks, reject_unauth_destination 5577 5578<p> 5579The access restrictions that the Postfix SMTP server applies in 5580the context of the RCPT TO command. 5581See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 5582restriction lists" for a discussion of evaluation context and time. 5583</p> 5584 5585<p> 5586By default, the Postfix SMTP server accepts: 5587</p> 5588 5589<ul> 5590 5591<li> Mail from clients whose IP address matches $mynetworks, or: 5592 5593<li> Mail to remote destinations that match $relay_domains, except 5594for addresses that contain sender-specified routing 5595(user@elsewhere@domain), or: 5596 5597<li> Mail to local destinations that match $inet_interfaces 5598or $proxy_interfaces, $mydestination, $virtual_alias_domains, or 5599$virtual_mailbox_domains. 5600 5601</ul> 5602 5603<p> 5604IMPORTANT: If you change this parameter setting, you must specify 5605at least one of the following restrictions. Otherwise Postfix will 5606refuse to receive mail: 5607</p> 5608 5609<blockquote> 5610<pre> 5611reject, defer, defer_if_permit, reject_unauth_destination 5612</pre> 5613</blockquote> 5614 5615<p> 5616Specify a list of restrictions, separated by commas and/or whitespace. 5617Continue long lines by starting the next line with whitespace. 5618Restrictions are applied in the order as specified; the first 5619restriction that matches wins. 5620</p> 5621 5622<p> 5623The following restrictions are specific to the recipient address 5624that is received with the RCPT TO command. 5625</p> 5626 5627<dl> 5628 5629<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5630 5631<dd>Search the specified access(5) database for the resolved RCPT 5632TO address, domain, parent domains, or localpart@, and execute the 5633corresponding action. </dd> 5634 5635<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5636 5637<dd>Search the specified access(5) database for the MX hosts for 5638the RCPT TO domain, and execute the corresponding action. Note: 5639a result of "OK" is not allowed for safety reasons. Instead, use 5640DUNNO in order to exclude specific hosts from blacklists. This 5641feature is available in Postfix 2.1 and later. </dd> 5642 5643<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5644 5645<dd>Search the specified access(5) database for the DNS servers 5646for the RCPT TO domain, and execute the corresponding action. 5647Note: a result of "OK" is not allowed for safety reasons. Instead, 5648use DUNNO in order to exclude specific hosts from blacklists. This 5649feature is available in Postfix 2.1 and later. </dd> 5650 5651<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt> 5652 5653<dd>Permit the request when one of the following is true: 5654 5655<ul> 5656 5657<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 5658$relay_domains or a subdomain thereof, and the address contains no 5659sender-specified routing (user@elsewhere@domain), 5660 5661<li> Postfix is the final destination: the resolved RCPT TO domain 5662matches $mydestination, $inet_interfaces, $proxy_interfaces, 5663$virtual_alias_domains, or $virtual_mailbox_domains, and the address 5664contains no sender-specified routing (user@elsewhere@domain). 5665 5666</ul></dd> 5667 5668<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> 5669 5670<dd>Permit the request when the local mail system is backup MX for 5671the RCPT TO domain, or when the domain is an authorized destination 5672(see permit_auth_destination for definition). 5673 5674<ul> 5675 5676<li> Safety: permit_mx_backup does not accept addresses that have 5677sender-specified routing information (example: user@elsewhere@domain). 5678 5679<li> Safety: permit_mx_backup can be vulnerable to mis-use when 5680access is not restricted with permit_mx_backup_networks. 5681 5682<li> Safety: as of Postfix version 2.3, permit_mx_backup no longer 5683accepts the address when the local mail system is primary MX for 5684the recipient domain. Exception: permit_mx_backup accepts the address 5685when it specifies an authorized destination (see permit_auth_destination 5686for definition). 5687 5688<li> Limitation: mail may be rejected in case of a temporary DNS 5689lookup problem with Postfix prior to version 2.0. 5690 5691</ul></dd> 5692 5693<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> 5694 5695<dd>Reject the request when the RCPT TO address is not in 5696fully-qualified domain form, as required by the RFC. <br> The 5697non_fqdn_reject_code parameter specifies the response code for 5698rejected requests (default: 504). </dd> 5699 5700<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt> 5701 5702<dd>Reject the request when the RCPT TO domain is listed with the 5703A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 57042.1 and later only). Each "<i>d</i>" is a number, or a pattern 5705inside "[]" that contains one or more ";"-separated numbers or 5706number..number ranges (Postfix version 2.8 and later). If no 5707"<i>=d.d.d.d</i>" is specified, reject 5708the request when the RCPT TO domain is listed with 5709any A record under <i>rbl_domain</i>. <br> The maps_rbl_reject_code 5710parameter specifies the response code for rejected requests (default: 5711554); the default_rbl_reply parameter specifies the default server 5712reply; and the rbl_reply_maps parameter specifies tables with server 5713replies indexed by <i>rbl_domain</i>. This feature is available 5714in Postfix version 2.0 and later.</dd> 5715 5716<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt> 5717 5718<dd>Reject the request unless one of the following is true: 5719 5720<ul> 5721 5722<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 5723$relay_domains or a subdomain thereof, and contains no sender-specified 5724routing (user@elsewhere@domain), 5725 5726<li> Postfix is the final destination: the resolved RCPT TO domain 5727matches $mydestination, $inet_interfaces, $proxy_interfaces, 5728$virtual_alias_domains, or $virtual_mailbox_domains, and contains 5729no sender-specified routing (user@elsewhere@domain). 5730 5731</ul> The relay_domains_reject_code parameter specifies the response 5732code for rejected requests (default: 554). </dd> 5733 5734<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt> 5735 5736<dd>Reject the request when Postfix is not final destination for 5737the recipient domain, and the RCPT TO domain has no DNS A or MX 5738record, or when it has a malformed MX record such as a record with 5739a zero-length MX hostname (Postfix version 2.3 and later). <br> The 5740unknown_address_reject_code parameter specifies the numerical 5741response code for rejected requests (default: 450). The response 5742is always 450 in case of a temporary DNS error. <br> The 5743unknown_address_tempfail_action parameter specifies the action 5744after a temporary DNS error (default: defer_if_permit). </dd> 5745 5746<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt> 5747 5748<dd> Reject the request when the RCPT TO address is not listed in 5749the list of valid recipients for its domain class. See the 5750smtpd_reject_unlisted_recipient parameter description for details. 5751This feature is available in Postfix 2.1 and later.</dd> 5752 5753<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt> 5754 5755<dd>Reject the request when mail to the RCPT TO address is known 5756to bounce, or when the recipient address destination is not reachable. 5757Address verification information is managed by the verify(8) server; 5758see the ADDRESS_VERIFICATION_README file for details. <br> The 5759unverified_recipient_reject_code parameter specifies the numerical 5760response code when an address is known to bounce (default: 450, 5761change into 550 when you are confident that it is safe to do so). 5762<br>The unverified_recipient_defer_code parameter specifies the 5763numerical response code when an address probe failed due to a 5764temporary problem (default: 450). <br> The 5765unverified_recipient_tempfail_action parameter specifies the action 5766after addres probe failure due to a temporary problem (default: 5767defer_if_permit). <br> This feature is available in Postfix 2.1 5768and later. </dd> 5769 5770</dl> 5771 5772<p> 5773Other restrictions that are valid in this context: 5774</p> 5775 5776<ul> 5777 5778<li><a href="#generic">Generic</a> restrictions that can be used 5779in any SMTP command context, described under smtpd_client_restrictions. 5780 5781<li>SMTP command specific restrictions described under 5782smtpd_client_restrictions, smtpd_helo_restrictions and 5783smtpd_sender_restrictions. 5784 5785</ul> 5786 5787<p> 5788Example: 5789</p> 5790 5791<pre> 5792smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination 5793</pre> 5794 5795%CLASS sasl-auth SASL Authentication 5796 5797<p> 5798Postfix SASL support (RFC 4954) can be used to authenticate remote 5799SMTP clients to the Postfix SMTP server, and to authenticate the 5800Postfix SMTP client to a remote SMTP server. 5801See the SASL_README document for details. 5802</p> 5803 5804%PARAM smtpd_sasl_auth_enable no 5805 5806<p> 5807Enable SASL authentication in the Postfix SMTP server. By default, 5808the Postfix SMTP server does not use authentication. 5809</p> 5810 5811<p> 5812If a remote SMTP client is authenticated, the permit_sasl_authenticated 5813access restriction can be used to permit relay access, like this: 5814</p> 5815 5816<blockquote> 5817<pre> 5818smtpd_recipient_restrictions = 5819 permit_mynetworks, permit_sasl_authenticated, ... 5820</pre> 5821</blockquote> 5822 5823<p> To reject all SMTP connections from unauthenticated clients, 5824specify "smtpd_delay_reject = yes" (which is the default) and use: 5825</p> 5826 5827<blockquote> 5828<pre> 5829smtpd_client_restrictions = permit_sasl_authenticated, reject 5830</pre> 5831</blockquote> 5832 5833<p> 5834See the SASL_README file for SASL configuration and operation details. 5835</p> 5836 5837%PARAM smtpd_sasl_authenticated_header no 5838 5839<p> Report the SASL authenticated user name in the smtpd(8) Received 5840message header. </p> 5841 5842<p> This feature is available in Postfix 2.3 and later. </p> 5843 5844%PARAM smtpd_sasl_exceptions_networks 5845 5846<p> 5847What remote SMTP clients the Postfix SMTP server will not offer 5848AUTH support to. 5849</p> 5850 5851<p> 5852Some clients (Netscape 4 at least) have a bug that causes them to 5853require a login and password whenever AUTH is offered, whether it's 5854necessary or not. To work around this, specify, for example, 5855$mynetworks to prevent Postfix from offering AUTH to local clients. 5856</p> 5857 5858<p> 5859Specify a list of network/netmask patterns, separated by commas 5860and/or whitespace. The mask specifies the number of bits in the 5861network part of a host address. You can also "/file/name" or 5862"type:table" patterns. A "/file/name" pattern is replaced by its 5863contents; a "type:table" lookup table is matched when a table entry 5864matches a lookup string (the lookup result is ignored). Continue 5865long lines by starting the next line with whitespace. Specify 5866"!pattern" to exclude an address or network block from the list. 5867The form "!/file/name" is supported only in Postfix version 2.4 and 5868later. </p> 5869 5870<p> Note: IP version 6 address information must be specified inside 5871<tt>[]</tt> in the smtpd_sasl_exceptions_networks value, and in 5872files specified with "/file/name". IP version 6 addresses contain 5873the ":" character, and would otherwise be confused with a "type:table" 5874pattern. </p> 5875 5876<p> 5877Example: 5878</p> 5879 5880<pre> 5881smtpd_sasl_exceptions_networks = $mynetworks 5882</pre> 5883 5884<p> 5885This feature is available in Postfix 2.1 and later. 5886</p> 5887 5888%PARAM smtpd_sasl_local_domain 5889 5890<p> 5891The name of the Postfix SMTP server's local SASL authentication 5892realm. 5893</p> 5894 5895<p> 5896By default, the local authentication realm name is the null string. 5897</p> 5898 5899<p> 5900Examples: 5901</p> 5902 5903<pre> 5904smtpd_sasl_local_domain = $mydomain 5905smtpd_sasl_local_domain = $myhostname 5906</pre> 5907 5908%PARAM smtpd_sasl_security_options noanonymous 5909 5910<p> Postfix SMTP server SASL security options; as of Postfix 2.3 5911the list of available 5912features depends on the SASL server implementation that is selected 5913with <b>smtpd_sasl_type</b>. </p> 5914 5915<p> The following security features are defined for the <b>cyrus</b> 5916server SASL implementation: </p> 5917 5918<p> 5919Restrict what authentication mechanisms the Postfix SMTP server 5920will offer to the client. The list of available authentication 5921mechanisms is system dependent. 5922</p> 5923 5924<p> 5925Specify zero or more of the following: 5926</p> 5927 5928<dl> 5929 5930<dt><b>noplaintext</b></dt> 5931 5932<dd>Disallow methods that use plaintext passwords. </dd> 5933 5934<dt><b>noactive</b></dt> 5935 5936<dd>Disallow methods subject to active (non-dictionary) attack. </dd> 5937 5938<dt><b>nodictionary</b></dt> 5939 5940<dd>Disallow methods subject to passive (dictionary) attack. </dd> 5941 5942<dt><b>noanonymous</b></dt> 5943 5944<dd>Disallow methods that allow anonymous authentication. </dd> 5945 5946<dt><b>forward_secrecy</b></dt> 5947 5948<dd>Only allow methods that support forward secrecy (Dovecot only). 5949</dd> 5950 5951<dt><b>mutual_auth</b></dt> 5952 5953<dd>Only allow methods that provide mutual authentication (not available 5954with Cyrus SASL version 1). </dd> 5955 5956</dl> 5957 5958<p> 5959By default, the Postfix SMTP server accepts plaintext passwords but 5960not anonymous logins. 5961</p> 5962 5963<p> 5964Warning: it appears that clients try authentication methods in the 5965order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) 5966which means that if you disable plaintext passwords, clients will 5967log in anonymously, even when they should be able to use CRAM-MD5. 5968So, if you disable plaintext logins, disable anonymous logins too. 5969Postfix treats anonymous login as no authentication. 5970</p> 5971 5972<p> 5973Example: 5974</p> 5975 5976<pre> 5977smtpd_sasl_security_options = noanonymous, noplaintext 5978</pre> 5979 5980%PARAM smtpd_sender_login_maps 5981 5982<p> 5983Optional lookup table with the SASL login names that own sender 5984(MAIL FROM) addresses. 5985</p> 5986 5987<p> 5988Specify zero or more "type:table" lookup tables. With lookups from 5989indexed files such as DB or DBM, or from networked tables such as 5990NIS, LDAP or SQL, the following search operations are done with a 5991sender address of <i>user@domain</i>: </p> 5992 5993<dl> 5994 5995<dt> 1) <i>user@domain</i> </dt> 5996 5997<dd>This table lookup is always done and has the highest precedence. </dd> 5998 5999<dt> 2) <i>user</i> </dt> 6000 6001<dd>This table lookup is done only when the <i>domain</i> part of the 6002sender address matches $myorigin, $mydestination, $inet_interfaces 6003or $proxy_interfaces. </dd> 6004 6005<dt> 3) <i>@domain</i> </dt> 6006 6007<dd>This table lookup is done last and has the lowest precedence. </dd> 6008 6009</dl> 6010 6011<p> 6012In all cases the result of table lookup must be either "not found" 6013or a list of SASL login names separated by comma and/or whitespace. 6014</p> 6015 6016%PARAM smtpd_sender_restrictions 6017 6018<p> 6019Optional restrictions that the Postfix SMTP server applies in the 6020context of the MAIL FROM command. 6021See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 6022restriction lists" for a discussion of evaluation context and time. 6023</p> 6024 6025<p> 6026The default is to permit everything. 6027</p> 6028 6029<p> 6030Specify a list of restrictions, separated by commas and/or whitespace. 6031Continue long lines by starting the next line with whitespace. 6032Restrictions are applied in the order as specified; the first 6033restriction that matches wins. 6034</p> 6035 6036<p> 6037The following restrictions are specific to the sender address 6038received with the MAIL FROM command. 6039</p> 6040 6041<dl> 6042 6043<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 6044 6045<dd>Search the specified access(5) database for the MAIL FROM 6046address, domain, parent domains, or localpart@, and execute the 6047corresponding action. </dd> 6048 6049<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 6050 6051<dd>Search the specified access(5) database for the MX hosts for 6052the MAIL FROM address, and execute the corresponding action. Note: 6053a result of "OK" is not allowed for safety reasons. Instead, use 6054DUNNO in order to exclude specific hosts from blacklists. This 6055feature is available in Postfix 2.1 and later. </dd> 6056 6057<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 6058 6059<dd>Search the specified access(5) database for the DNS servers 6060for the MAIL FROM address, and execute the corresponding action. 6061Note: a result of "OK" is not allowed for safety reasons. Instead, 6062use DUNNO in order to exclude specific hosts from blacklists. This 6063feature is available in Postfix 2.1 and later. </dd> 6064 6065<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> 6066 6067<dd>Enforces the reject_sender_login_mismatch restriction for 6068authenticated clients only. This feature is available in 6069Postfix version 2.1 and later. </dd> 6070 6071<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> 6072 6073<dd>Reject the request when the MAIL FROM address is not in 6074fully-qualified domain form, as required by the RFC. <br> The 6075non_fqdn_reject_code parameter specifies the response code for 6076rejected requests (default: 504). </dd> 6077 6078<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt> 6079 6080<dd>Reject the request when the MAIL FROM domain is listed with 6081the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix 6082version 2.1 and later only). Each "<i>d</i>" is a number, or a 6083pattern inside "[]" that contains one or more ";"-separated numbers 6084or number..number ranges (Postfix version 2.8 and later). If no 6085"<i>=d.d.d.d</i>" is specified, 6086reject the request when the MAIL FROM domain is 6087listed with any A record under <i>rbl_domain</i>. <br> The 6088maps_rbl_reject_code parameter specifies the response code for 6089rejected requests (default: 554); the default_rbl_reply parameter 6090specifies the default server reply; and the rbl_reply_maps parameter 6091specifies tables with server replies indexed by <i>rbl_domain</i>. 6092This feature is available in Postfix 2.0 and later.</dd> 6093 6094<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> 6095 6096<dd>Reject the request when $smtpd_sender_login_maps specifies an 6097owner for the MAIL FROM address, but the client is not (SASL) logged 6098in as that MAIL FROM address owner; or when the client is (SASL) 6099logged in, but the client login name doesn't own the MAIL FROM 6100address according to $smtpd_sender_login_maps.</dd> 6101 6102<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> 6103 6104<dd>Enforces the reject_sender_login_mismatch restriction for 6105unauthenticated clients only. This feature is available in 6106Postfix version 2.1 and later. </dd> 6107 6108<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> 6109 6110<dd>Reject the request when Postfix is not final destination for 6111the sender address, and the MAIL FROM address has no DNS A or MX 6112record, or when it has a malformed MX record such as a record with 6113a zero-length MX hostname (Postfix version 2.3 and later). <br> The 6114unknown_address_reject_code parameter specifies the numerical 6115response code for rejected requests (default: 450). The response 6116is always 450 in case of a temporary DNS error. <br> The 6117unknown_address_tempfail_action parameter specifies the action 6118after a temporary DNS error (default: defer_if_permit). </dd> 6119 6120<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt> 6121 6122<dd>Reject the request when the MAIL FROM address is not listed in 6123the list of valid recipients for its domain class. See the 6124smtpd_reject_unlisted_sender parameter description for details. 6125This feature is available in Postfix 2.1 and later.</dd> 6126 6127<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt> 6128 6129<dd>Reject the request when mail to the MAIL FROM address is known to 6130bounce, or when the sender address destination is not reachable. 6131Address verification information is managed by the verify(8) server; 6132see the ADDRESS_VERIFICATION_README file for details. <br> The 6133unverified_sender_reject_code parameter specifies the numerical 6134response code when an address is known to bounce (default: 450, 6135change into 550 when you are confident that it is safe to do so). 6136<br>The unverified_sender_defer_code specifies the numerical response 6137code when an address address probe failed due to a temporary problem 6138(default: 450). <br> The unverified_sender_tempfail_action parameter 6139specifies the action after address probe failure due to a temporary 6140problem (default: defer_if_permit). <br> This feature is available 6141in Postfix 2.1 and later. </dd> 6142 6143</dl> 6144 6145<p> 6146Other restrictions that are valid in this context: 6147</p> 6148 6149<ul> 6150 6151<li> <a href="#generic">Generic</a> restrictions that can be used 6152in any SMTP command context, described under smtpd_client_restrictions. 6153 6154<li> SMTP command specific restrictions described under 6155smtpd_client_restrictions and smtpd_helo_restrictions. 6156 6157<li> SMTP command specific restrictions described under 6158smtpd_recipient_restrictions. When recipient restrictions are listed 6159under smtpd_sender_restrictions, they have effect only with 6160"smtpd_delay_reject = yes", so that $smtpd_sender_restrictions is 6161evaluated at the time of the RCPT TO command. 6162 6163</ul> 6164 6165<p> 6166Examples: 6167</p> 6168 6169<pre> 6170smtpd_sender_restrictions = reject_unknown_sender_domain 6171smtpd_sender_restrictions = reject_unknown_sender_domain, 6172 check_sender_access hash:/etc/postfix/access 6173</pre> 6174 6175%PARAM smtpd_timeout normal: 300s, overload: 10s 6176 6177<p> 6178The time limit for sending a Postfix SMTP server response and for 6179receiving a remote SMTP client request. Normally the default limit 6180is 300s, but it changes under overload to just 10s. With Postfix 61812.5 and earlier, the SMTP server always uses a time limit of 300s 6182by default. 6183</p> 6184 6185<p> 6186Note: if you set SMTP time limits to very large values you may have 6187to update the global ipc_timeout parameter. 6188</p> 6189 6190<p> 6191Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6192The default time unit is s (seconds). 6193</p> 6194 6195%PARAM soft_bounce no 6196 6197<p> 6198Safety net to keep mail queued that would otherwise be returned to 6199the sender. This parameter disables locally-generated bounces, 6200and prevents the Postfix SMTP server from rejecting mail permanently, 6201by changing 5xx reply codes into 4xx. However, soft_bounce is no 6202cure for address rewriting mistakes or mail routing mistakes. 6203</p> 6204 6205<p> 6206Example: 6207</p> 6208 6209<pre> 6210soft_bounce = yes 6211</pre> 6212 6213%PARAM stale_lock_time 500s 6214 6215<p> 6216The time after which a stale exclusive mailbox lockfile is removed. 6217This is used for delivery to file or mailbox. 6218</p> 6219 6220<p> 6221Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6222The default time unit is s (seconds). 6223</p> 6224 6225%PARAM strict_rfc821_envelopes no 6226 6227<p> 6228Require that addresses received in SMTP MAIL FROM and RCPT TO 6229commands are enclosed with <>, and that those addresses do 6230not contain RFC 822 style comments or phrases. This stops mail 6231from poorly written software. 6232</p> 6233 6234<p> 6235By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL 6236FROM and RCPT TO addresses. 6237</p> 6238 6239%PARAM swap_bangpath yes 6240 6241<p> 6242Enable the rewriting of "site!user" into "user@site". This is 6243necessary if your machine is connected to UUCP networks. It is 6244enabled by default. 6245</p> 6246 6247<p> Note: with Postfix version 2.2, message header address rewriting 6248happens only when one of the following conditions is true: </p> 6249 6250<ul> 6251 6252<li> The message is received with the Postfix sendmail(1) command, 6253 6254<li> The message is received from a network client that matches 6255$local_header_rewrite_clients, 6256 6257<li> The message is received from the network, and the 6258remote_header_rewrite_domain parameter specifies a non-empty value. 6259 6260</ul> 6261 6262<p> To get the behavior before Postfix version 2.2, specify 6263"local_header_rewrite_clients = static:all". </p> 6264 6265<p> 6266Example: 6267</p> 6268 6269<pre> 6270swap_bangpath = no 6271</pre> 6272 6273%PARAM syslog_facility mail 6274 6275<p> 6276The syslog facility of Postfix logging. Specify a facility as 6277defined in syslog.conf(5). The default facility is "mail". 6278</p> 6279 6280<p> 6281Warning: a non-default syslog_facility setting takes effect only 6282after a Postfix process has completed initialization. Errors during 6283process initialization will be logged with the default facility. 6284Examples are errors while parsing the command line arguments, and 6285errors while accessing the Postfix main.cf configuration file. 6286</p> 6287 6288%PARAM syslog_name see "postconf -d" output 6289 6290<p> 6291The mail system name that is prepended to the process name in syslog 6292records, so that "smtpd" becomes, for example, "postfix/smtpd". 6293</p> 6294 6295<p> 6296Warning: a non-default syslog_name setting takes effect only after 6297a Postfix process has completed initialization. Errors during 6298process initialization will be logged with the default name. Examples 6299are errors while parsing the command line arguments, and errors 6300while accessing the Postfix main.cf configuration file. 6301</p> 6302 6303%PARAM transport_maps 6304 6305<p> 6306Optional lookup tables with mappings from recipient address to 6307(message delivery transport, next-hop destination). See transport(5) 6308for details. 6309</p> 6310 6311<p> 6312Specify zero or more "type:table" lookup tables. If you use this 6313feature with local files, run "<b>postmap /etc/postfix/transport</b>" 6314after making a change. </p> 6315 6316<p> For safety reasons, as of Postfix 2.3 this feature does not 6317allow $number substitutions in regular expression maps. </p> 6318 6319<p> 6320Examples: 6321</p> 6322 6323<pre> 6324transport_maps = dbm:/etc/postfix/transport 6325transport_maps = hash:/etc/postfix/transport 6326</pre> 6327 6328%PARAM transport_retry_time 60s 6329 6330<p> 6331The time between attempts by the Postfix queue manager to contact 6332a malfunctioning message delivery transport. 6333</p> 6334 6335<p> 6336Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6337The default time unit is s (seconds). 6338</p> 6339 6340%PARAM trigger_timeout 10s 6341 6342<p> 6343The time limit for sending a trigger to a Postfix daemon (for 6344example, the pickup(8) or qmgr(8) daemon). This time limit prevents 6345programs from getting stuck when the mail system is under heavy 6346load. 6347</p> 6348 6349<p> 6350Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6351The default time unit is s (seconds). 6352</p> 6353 6354%PARAM unknown_address_reject_code 450 6355 6356<p> 6357The numerical Postfix SMTP server response code when a sender or 6358recipient address is rejected by the reject_unknown_sender_domain 6359or reject_unknown_recipient_domain restriction. The response is 6360always 450 in case of a temporary DNS error. 6361</p> 6362 6363<p> 6364Do not change this unless you have a complete understanding of RFC 2821. 6365</p> 6366 6367%PARAM unknown_client_reject_code 450 6368 6369<p> 6370The numerical Postfix SMTP server response code when a client 6371without valid address <=> name mapping is rejected by the 6372reject_unknown_client_hostname restriction. The SMTP server always replies 6373with 450 when the mapping failed due to a temporary error condition. 6374</p> 6375 6376<p> 6377Do not change this unless you have a complete understanding of RFC 2821. 6378</p> 6379 6380%PARAM unknown_hostname_reject_code 450 6381 6382<p> 6383The numerical Postfix SMTP server response code when the hostname 6384specified with the HELO or EHLO command is rejected by the 6385reject_unknown_helo_hostname restriction. 6386</p> 6387 6388<p> 6389Do not change this unless you have a complete understanding of RFC 2821. 6390</p> 6391 6392%PARAM unknown_local_recipient_reject_code 550 6393 6394<p> 6395The numerical Postfix SMTP server response code when a recipient 6396address is local, and $local_recipient_maps specifies a list of 6397lookup tables that does not match the recipient. A recipient 6398address is local when its domain matches $mydestination, 6399$proxy_interfaces or $inet_interfaces. 6400</p> 6401 6402<p> 6403The default setting is 550 (reject mail) but it is safer to initially 6404use 450 (try again later) so you have time to find out if your 6405local_recipient_maps settings are OK. 6406</p> 6407 6408<p> 6409Example: 6410</p> 6411 6412<pre> 6413unknown_local_recipient_reject_code = 450 6414</pre> 6415 6416<p> 6417This feature is available in Postfix 2.0 and later. 6418</p> 6419 6420%PARAM unverified_recipient_reject_code 450 6421 6422<p> 6423The numerical Postfix SMTP server response when a recipient address 6424is rejected by the reject_unverified_recipient restriction. 6425</p> 6426 6427<p> 6428Unlike elsewhere in Postfix, you can specify 250 in order to 6429accept the address anyway. 6430</p> 6431 6432<p> 6433Do not change this unless you have a complete understanding of RFC 2821. 6434</p> 6435 6436<p> 6437This feature is available in Postfix 2.1 and later. 6438</p> 6439 6440%PARAM unverified_recipient_defer_code 450 6441 6442<p> 6443The numerical Postfix SMTP server response when a recipient address 6444probe fails due to a temporary error condition. 6445</p> 6446 6447<p> 6448Unlike elsewhere in Postfix, you can specify 250 in order to 6449accept the address anyway. 6450</p> 6451 6452<p> 6453Do not change this unless you have a complete understanding of RFC 2821. 6454</p> 6455 6456<p> 6457This feature is available in Postfix 2.6 and later. 6458</p> 6459 6460%PARAM unverified_sender_reject_code 450 6461 6462<p> 6463The numerical Postfix SMTP server response code when a recipient 6464address is rejected by the reject_unverified_sender restriction. 6465</p> 6466 6467<p> 6468Unlike elsewhere in Postfix, you can specify 250 in order to 6469accept the address anyway. 6470</p> 6471 6472<p> 6473Do not change this unless you have a complete understanding of RFC 2821. 6474</p> 6475 6476<p> 6477This feature is available in Postfix 2.1 and later. 6478</p> 6479 6480%PARAM unverified_sender_defer_code 450 6481 6482<p> 6483The numerical Postfix SMTP server response code when a sender address 6484probe fails due to a temporary error condition. 6485</p> 6486 6487<p> 6488Unlike elsewhere in Postfix, you can specify 250 in order to 6489accept the address anyway. 6490</p> 6491 6492<p> 6493Do not change this unless you have a complete understanding of RFC 2821. 6494</p> 6495 6496<p> 6497This feature is available in Postfix 2.6 and later. 6498</p> 6499 6500%PARAM virtual_alias_domains $virtual_alias_maps 6501 6502<p> Postfix is final destination for the specified list of virtual 6503alias domains, that is, domains for which all addresses are aliased 6504to addresses in other local or remote domains. The SMTP server 6505validates recipient addresses with $virtual_alias_maps and rejects 6506non-existent recipients. See also the virtual alias domain class 6507in the ADDRESS_CLASS_README file </p> 6508 6509<p> 6510This feature is available in Postfix 2.0 and later. The default 6511value is backwards compatible with Postfix version 1.1. 6512</p> 6513 6514<p> 6515The default value is $virtual_alias_maps so that you can keep all 6516information about virtual alias domains in one place. If you have 6517many users, it is better to separate information that changes more 6518frequently (virtual address -> local or remote address mapping) 6519from information that changes less frequently (the list of virtual 6520domain names). 6521</p> 6522 6523<p> Specify a list of host or domain names, "/file/name" or 6524"type:table" patterns, separated by commas and/or whitespace. A 6525"/file/name" pattern is replaced by its contents; a "type:table" 6526lookup table is matched when a table entry matches a lookup string 6527(the lookup result is ignored). Continue long lines by starting 6528the next line with whitespace. Specify "!pattern" to exclude a host 6529or domain name from the list. The form "!/file/name" is supported 6530only in Postfix version 2.4 and later. </p> 6531 6532<p> 6533See also the VIRTUAL_README and ADDRESS_CLASS_README documents 6534for further information. 6535</p> 6536 6537<p> 6538Example: 6539</p> 6540 6541<pre> 6542virtual_alias_domains = virtual1.tld virtual2.tld 6543</pre> 6544 6545%PARAM virtual_alias_expansion_limit 1000 6546 6547<p> 6548The maximal number of addresses that virtual alias expansion produces 6549from each original recipient. 6550</p> 6551 6552<p> 6553This feature is available in Postfix 2.1 and later. 6554</p> 6555 6556%PARAM virtual_alias_maps $virtual_maps 6557 6558<p> 6559Optional lookup tables that alias specific mail addresses or domains 6560to other local or remote address. The table format and lookups 6561are documented in virtual(5). For an overview of Postfix address 6562manipulations see the ADDRESS_REWRITING_README document. 6563</p> 6564 6565<p> 6566This feature is available in Postfix 2.0 and later. The default 6567value is backwards compatible with Postfix version 1.1. 6568</p> 6569 6570<p> 6571If you use this feature with indexed files, run "<b>postmap 6572/etc/postfix/virtual</b>" after changing the file. 6573</p> 6574 6575<p> 6576Examples: 6577</p> 6578 6579<pre> 6580virtual_alias_maps = dbm:/etc/postfix/virtual 6581virtual_alias_maps = hash:/etc/postfix/virtual 6582</pre> 6583 6584%PARAM virtual_alias_recursion_limit 1000 6585 6586<p> 6587The maximal nesting depth of virtual alias expansion. Currently 6588the recursion limit is applied only to the left branch of the 6589expansion graph, so the depth of the tree can in the worst case 6590reach the sum of the expansion and recursion limits. This may 6591change in the future. 6592</p> 6593 6594<p> 6595This feature is available in Postfix 2.1 and later. 6596</p> 6597 6598%CLASS trouble-shooting Trouble shooting 6599 6600<p> 6601The DEBUG_README document describes how to debug parts of the 6602Postfix mail system. The methods vary from making the software log 6603a lot of detail, to running some daemon processes under control of 6604a call tracer or debugger. 6605</p> 6606 6607%PARAM debugger_command 6608 6609<p> 6610The external command to execute when a Postfix daemon program is 6611invoked with the -D option. 6612</p> 6613 6614<p> 6615Use "command .. & sleep 5" so that the debugger can attach before 6616the process marches on. If you use an X-based debugger, be sure to 6617set up your XAUTHORITY environment variable before starting Postfix. 6618</p> 6619 6620<p> 6621Example: 6622</p> 6623 6624<pre> 6625debugger_command = 6626 PATH=/usr/bin:/usr/X11R6/bin 6627 ddd $daemon_directory/$process_name $process_id & sleep 5 6628</pre> 6629 6630%PARAM 2bounce_notice_recipient postmaster 6631 6632<p> The recipient of undeliverable mail that cannot be returned to 6633the sender. This feature is enabled with the notify_classes 6634parameter. </p> 6635 6636%PARAM address_verify_service_name verify 6637 6638<p> 6639The name of the verify(8) address verification service. This service 6640maintains the status of sender and/or recipient address verification 6641probes, and generates probes on request by other Postfix processes. 6642</p> 6643 6644%PARAM alternate_config_directories 6645 6646<p> 6647A list of non-default Postfix configuration directories that may 6648be specified with "-c config_directory" on the command line, or 6649via the MAIL_CONFIG environment parameter. 6650</p> 6651 6652<p> 6653This list must be specified in the default Postfix configuration 6654directory, and is used by set-gid Postfix commands such as postqueue(1) 6655and postdrop(1). 6656</p> 6657 6658%PARAM append_at_myorigin yes 6659 6660<p> 6661With locally submitted mail, append the string "@$myorigin" to mail 6662addresses without domain information. With remotely submitted mail, 6663append the string "@$remote_header_rewrite_domain" instead. 6664</p> 6665 6666<p> 6667Note 1: this feature is enabled by default and must not be turned off. 6668Postfix does not support domain-less addresses. 6669</p> 6670 6671<p> Note 2: with Postfix version 2.2, message header address rewriting 6672happens only when one of the following conditions is true: </p> 6673 6674<ul> 6675 6676<li> The message is received with the Postfix sendmail(1) command, 6677 6678<li> The message is received from a network client that matches 6679$local_header_rewrite_clients, 6680 6681<li> The message is received from the network, and the 6682remote_header_rewrite_domain parameter specifies a non-empty value. 6683 6684</ul> 6685 6686<p> To get the behavior before Postfix version 2.2, specify 6687"local_header_rewrite_clients = static:all". </p> 6688 6689%PARAM append_dot_mydomain yes 6690 6691<p> 6692With locally submitted mail, append the string ".$mydomain" to 6693addresses that have no ".domain" information. With remotely submitted 6694mail, append the string ".$remote_header_rewrite_domain" 6695instead. 6696</p> 6697 6698<p> 6699Note 1: this feature is enabled by default. If disabled, users will not be 6700able to send mail to "user@partialdomainname" but will have to 6701specify full domain names instead. 6702</p> 6703 6704<p> Note 2: with Postfix version 2.2, message header address rewriting 6705happens only when one of the following conditions is true: </p> 6706 6707<ul> 6708 6709<li> The message is received with the Postfix sendmail(1) command, 6710 6711<li> The message is received from a network client that matches 6712$local_header_rewrite_clients, 6713 6714<li> The message is received from the network, and the 6715remote_header_rewrite_domain parameter specifies a non-empty value. 6716 6717</ul> 6718 6719<p> To get the behavior before Postfix version 2.2, specify 6720"local_header_rewrite_clients = static:all". </p> 6721 6722%PARAM application_event_drain_time 100s 6723 6724<p> 6725How long the postkick(1) command waits for a request to enter the 6726server's input buffer before giving up. 6727</p> 6728 6729<p> 6730Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6731The default time unit is s (seconds). 6732</p> 6733 6734<p> 6735This feature is available in Postfix 2.1 and later. 6736</p> 6737 6738%PARAM authorized_flush_users static:anyone 6739 6740<p> 6741List of users who are authorized to flush the queue. 6742</p> 6743 6744<p> 6745By default, all users are allowed to flush the queue. Access is 6746always granted if the invoking user is the super-user or the 6747$mail_owner user. Otherwise, the real UID of the process is looked 6748up in the system password file, and access is granted only if the 6749corresponding login name is on the access list. The username 6750"unknown" is used for processes whose real UID is not found in the 6751password file. </p> 6752 6753<p> 6754Specify a list of user names, "/file/name" or "type:table" patterns, 6755separated by commas and/or whitespace. The list is matched left to 6756right, and the search stops on the first match. A "/file/name" 6757pattern is replaced 6758by its contents; a "type:table" lookup table is matched when a name 6759matches a lookup key (the lookup result is ignored). Continue long 6760lines by starting the next line with whitespace. Specify "!pattern" 6761to exclude a name from the list. The form "!/file/name" is supported 6762only in Postfix version 2.4 and later. </p> 6763 6764<p> 6765This feature is available in Postfix 2.2 and later. 6766</p> 6767 6768%PARAM authorized_mailq_users static:anyone 6769 6770<p> 6771List of users who are authorized to view the queue. 6772</p> 6773 6774<p> 6775By default, all users are allowed to view the queue. Access is 6776always granted if the invoking user is the super-user or the 6777$mail_owner user. Otherwise, the real UID of the process is looked 6778up in the system password file, and access is granted only if the 6779corresponding login name is on the access list. The username 6780"unknown" is used for processes whose real UID is not found in the 6781password file. </p> 6782 6783<p> 6784Specify a list of user names, "/file/name" or "type:table" patterns, 6785separated by commas and/or whitespace. The list is matched left to 6786right, and the search stops on the first match. A "/file/name" 6787pattern is replaced 6788by its contents; a "type:table" lookup table is matched when a name 6789matches a lookup key (the lookup result is ignored). Continue long 6790lines by starting the next line with whitespace. Specify "!pattern" 6791to exclude a user name from the list. The form "!/file/name" is 6792supported only in Postfix version 2.4 and later. </p> 6793 6794<p> 6795This feature is available in Postfix 2.2 and later. 6796</p> 6797 6798%PARAM authorized_submit_users static:anyone 6799 6800<p> 6801List of users who are authorized to submit mail with the sendmail(1) 6802command (and with the privileged postdrop(1) helper command). 6803</p> 6804 6805<p> 6806By default, all users are allowed to submit mail. Otherwise, the 6807real UID of the process is looked up in the system password file, 6808and access is granted only if the corresponding login name is on 6809the access list. The username "unknown" is used for processes 6810whose real UID is not found in the password file. To deny mail 6811submission access to all users specify an empty list. </p> 6812 6813<p> 6814Specify a list of user names, "/file/name" or "type:table" patterns, 6815separated by commas and/or whitespace. The list is matched left to right, 6816and the search stops on the first match. A "/file/name" pattern is 6817replaced by its contents; 6818a "type:table" lookup table is matched when a name matches a lookup key 6819(the lookup result is ignored). Continue long lines by starting the 6820next line with whitespace. Specify "!pattern" to exclude a user 6821name from the list. The form "!/file/name" is supported only in 6822Postfix version 2.4 and later. </p> 6823 6824<p> 6825Example: 6826</p> 6827 6828<pre> 6829authorized_submit_users = !www, static:all 6830</pre> 6831 6832<p> 6833This feature is available in Postfix 2.2 and later. 6834</p> 6835 6836%PARAM backwards_bounce_logfile_compatibility yes 6837 6838<p> 6839Produce additional bounce(8) logfile records that can be read by 6840Postfix versions before 2.0. The current and more extensible "name = 6841value" format is needed in order to implement more sophisticated 6842functionality. 6843</p> 6844 6845<p> 6846This feature is available in Postfix 2.1 and later. 6847</p> 6848 6849%PARAM bounce_notice_recipient postmaster 6850 6851<p> 6852The recipient of postmaster notifications with the message headers 6853of mail that Postfix did not deliver and of SMTP conversation 6854transcripts of mail that Postfix did not receive. This feature is 6855enabled with the notify_classes parameter. </p> 6856 6857%PARAM bounce_service_name bounce 6858 6859<p> 6860The name of the bounce(8) service. This service maintains a record 6861of failed delivery attempts and generates non-delivery notifications. 6862</p> 6863 6864<p> 6865This feature is available in Postfix 2.0 and later. 6866</p> 6867 6868%PARAM broken_sasl_auth_clients no 6869 6870<p> 6871Enable inter-operability with SMTP clients that implement an obsolete 6872version of the AUTH command (RFC 4954). Examples of such clients 6873are MicroSoft Outlook Express version 4 and MicroSoft Exchange 6874version 5.0. 6875</p> 6876 6877<p> 6878Specify "broken_sasl_auth_clients = yes" to have Postfix advertise 6879AUTH support in a non-standard way. 6880</p> 6881 6882%PARAM cleanup_service_name cleanup 6883 6884<p> 6885The name of the cleanup(8) service. This service rewrites addresses 6886into the standard form, and performs canonical(5) address mapping 6887and virtual(5) aliasing. 6888</p> 6889 6890<p> 6891This feature is available in Postfix 2.0 and later. 6892</p> 6893 6894%PARAM anvil_status_update_time 600s 6895 6896<p> 6897How frequently the anvil(8) connection and rate limiting server 6898logs peak usage information. 6899</p> 6900 6901<p> 6902This feature is available in Postfix 2.2 and later. 6903</p> 6904 6905<p> 6906Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6907The default time unit is s (seconds). 6908</p> 6909 6910%PARAM enable_errors_to no 6911 6912<p> Report mail delivery errors to the address specified with the 6913non-standard Errors-To: message header, instead of the envelope 6914sender address (this feature is removed with Postfix version 2.2, is 6915turned off by default with Postfix version 2.1, and is always turned on 6916with older Postfix versions). </p> 6917 6918%PARAM extract_recipient_limit 10240 6919 6920<p> 6921The maximal number of recipient addresses that Postfix will extract 6922from message headers when mail is submitted with "<b>sendmail -t</b>". 6923</p> 6924 6925<p> 6926This feature was removed in Postfix version 2.1. 6927</p> 6928 6929%PARAM anvil_rate_time_unit 60s 6930 6931<p> 6932The time unit over which client connection rates and other rates 6933are calculated. 6934</p> 6935 6936<p> 6937This feature is implemented by the anvil(8) service which is available 6938in Postfix version 2.2 and later. 6939</p> 6940 6941<p> 6942The default interval is relatively short. Because of the high 6943frequency of updates, the anvil(8) server uses volatile memory 6944only. Thus, information is lost whenever the process terminates. 6945</p> 6946 6947<p> 6948Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6949The default time unit is s (seconds). 6950</p> 6951 6952%PARAM command_expansion_filter see "postconf -d" output 6953 6954<p> 6955Restrict the characters that the local(8) delivery agent allows in 6956$name expansions of $mailbox_command and $command_execution_directory. 6957Characters outside the 6958allowed set are replaced by underscores. 6959</p> 6960 6961%PARAM content_filter 6962 6963<p> After the message is queued, send the entire message to the 6964specified <i>transport:destination</i>. The <i>transport</i> name 6965specifies the first field of a mail delivery agent definition in 6966master.cf; the syntax of the next-hop <i>destination</i> is described 6967in the manual page of the corresponding delivery agent. More 6968information about external content filters is in the Postfix 6969FILTER_README file. </p> 6970 6971<p> Notes: </p> 6972 6973<ul> 6974 6975<li> <p> This setting has lower precedence than a FILTER action 6976that is specified in an access(5), header_checks(5) or body_checks(5) 6977table. </p> 6978 6979<li> <p> The meaning of an empty next-hop filter <i>destination</i> 6980is version dependent. Postfix 2.7 and later will use the recipient 6981domain; earlier versions will use $myhostname. Specify 6982"default_filter_nexthop = $myhostname" for compatibility with Postfix 69832.6 or earlier, or specify a content_filter value with an explicit 6984next-hop <i>destination</i>. </p> 6985 6986</ul> 6987 6988%PARAM default_delivery_slot_discount 50 6989 6990<p> 6991The default value for transport-specific _delivery_slot_discount 6992settings. 6993</p> 6994 6995<p> 6996This parameter speeds up the moment when a message preemption can 6997happen. Instead of waiting until the full amount of delivery slots 6998required is available, the preemption can happen when 6999transport_delivery_slot_discount percent of the required amount 7000plus transport_delivery_slot_loan still remains to be accumulated. 7001Note that the full amount will still have to be accumulated before 7002another preemption can take place later. 7003</p> 7004 7005<p> Use <i>transport</i>_delivery_slot_discount to specify a 7006transport-specific override, where <i>transport</i> is the master.cf 7007name of the message delivery transport. 7008</p> 7009 7010%PARAM default_delivery_slot_loan 3 7011 7012<p> 7013The default value for transport-specific _delivery_slot_loan 7014settings. 7015</p> 7016 7017<p> 7018This parameter speeds up the moment when a message preemption can 7019happen. Instead of waiting until the full amount of delivery slots 7020required is available, the preemption can happen when 7021transport_delivery_slot_discount percent of the required amount 7022plus transport_delivery_slot_loan still remains to be accumulated. 7023Note that the full amount will still have to be accumulated before 7024another preemption can take place later. 7025</p> 7026 7027<p> Use <i>transport</i>_delivery_slot_loan to specify a 7028transport-specific override, where <i>transport</i> is the master.cf 7029name of the message delivery transport. 7030</p> 7031 7032%CLASS verp VERP Support 7033 7034<p> 7035With VERP style delivery, each recipient of a message receives a 7036customized copy of the message with his/her own recipient address 7037encoded in the envelope sender address. The VERP_README file 7038describes configuration and operation details of Postfix support 7039for variable envelope return path addresses. VERP style delivery 7040is requested with the SMTP XVERP command or with the "<b>sendmail 7041-V</b>" command-line option and is available in Postfix 70421.1 and later. 7043</p> 7044 7045%PARAM default_verp_delimiters += 7046 7047<p> The two default VERP delimiter characters. These are used when 7048no explicit delimiters are specified with the SMTP XVERP command 7049or with the "<b>sendmail -V</b>" command-line option. Specify 7050characters that are allowed by the verp_delimiter_filter setting. 7051</p> 7052 7053<p> 7054This feature is available in Postfix 1.1 and later. 7055</p> 7056 7057%PARAM defer_service_name defer 7058 7059<p> 7060The name of the defer service. This service is implemented by the 7061bounce(8) daemon and maintains a record 7062of failed delivery attempts and generates non-delivery notifications. 7063</p> 7064 7065<p> 7066This feature is available in Postfix 2.0 and later. 7067</p> 7068 7069%PARAM delay_notice_recipient postmaster 7070 7071<p> 7072The recipient of postmaster notifications with the message headers 7073of mail that cannot be delivered within $delay_warning_time time 7074units. </p> 7075 7076<p> 7077This feature is enabled with the delay_warning_time parameter. 7078</p> 7079 7080%PARAM delay_warning_time 0h 7081 7082<p> 7083The time after which the sender receives the message headers of 7084mail that is still queued. 7085</p> 7086 7087<p> 7088To enable this feature, specify a non-zero time value (an integral 7089value plus an optional one-letter suffix that specifies the time 7090unit). 7091</p> 7092 7093<p> 7094Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 7095The default time unit is h (hours). 7096</p> 7097 7098%PARAM disable_dns_lookups no 7099 7100<p> 7101Disable DNS lookups in the Postfix SMTP and LMTP clients. When 7102disabled, hosts are looked up with the getaddrinfo() system 7103library routine which normally also looks in /etc/hosts. 7104</p> 7105 7106<p> 7107DNS lookups are enabled by default. 7108</p> 7109 7110%CLASS mime MIME Processing 7111 7112<p> 7113MIME processing is available in Postfix as of version 2.0. Older 7114Postfix versions do not recognize MIME headers inside the message 7115body. 7116</p> 7117 7118%PARAM disable_mime_input_processing no 7119 7120<p> 7121Turn off MIME processing while receiving mail. This means that no 7122special treatment is given to Content-Type: message headers, and 7123that all text after the initial message headers is considered to 7124be part of the message body. 7125</p> 7126 7127<p> 7128This feature is available in Postfix 2.0 and later. 7129</p> 7130 7131<p> 7132Mime input processing is enabled by default, and is needed in order 7133to recognize MIME headers in message content. 7134</p> 7135 7136%PARAM disable_mime_output_conversion no 7137 7138<p> 7139Disable the conversion of 8BITMIME format to 7BIT format. Mime 7140output conversion is needed when the destination does not advertise 71418BITMIME support. 7142</p> 7143 7144<p> 7145This feature is available in Postfix 2.0 and later. 7146</p> 7147 7148%PARAM disable_verp_bounces no 7149 7150<p> 7151Disable sending one bounce report per recipient. 7152</p> 7153 7154<p> 7155The default, one per recipient, is what ezmlm needs. 7156</p> 7157 7158<p> 7159This feature is available in Postfix 1.1 and later. 7160</p> 7161 7162%PARAM dont_remove 0 7163 7164<p> 7165Don't remove queue files and save them to the "saved" mail queue. 7166This is a debugging aid. To inspect the envelope information and 7167content of a Postfix queue file, use the postcat(1) command. 7168</p> 7169 7170%PARAM empty_address_recipient MAILER-DAEMON 7171 7172<p> 7173The recipient of mail addressed to the null address. Postfix does 7174not accept such addresses in SMTP commands, but they may still be 7175created locally as the result of configuration or software error. 7176</p> 7177 7178%PARAM error_notice_recipient postmaster 7179 7180<p> The recipient of postmaster notifications about mail delivery 7181problems that are caused by policy, resource, software or protocol 7182errors. These notifications are enabled with the notify_classes 7183parameter. </p> 7184 7185%PARAM error_service_name error 7186 7187<p> 7188The name of the error(8) pseudo delivery agent. This service always 7189returns mail as undeliverable. 7190</p> 7191 7192<p> 7193This feature is available in Postfix 2.0 and later. 7194</p> 7195 7196%PARAM expand_owner_alias no 7197 7198<p> 7199When delivering to an alias "aliasname" that has an "owner-aliasname" 7200companion alias, set the envelope sender address to the expansion 7201of the "owner-aliasname" alias. Normally, Postfix sets the envelope 7202sender address to the name of the "owner-aliasname" alias. 7203</p> 7204 7205%PARAM fallback_transport 7206 7207<p> 7208Optional message delivery transport that the local(8) delivery 7209agent should use for names that are not found in the aliases(5) 7210or UNIX password database. 7211</p> 7212 7213<p> The precedence of local(8) delivery features from high to low 7214is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 7215mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 7216fallback_transport_maps, fallback_transport and luser_relay. </p> 7217 7218%PARAM fault_injection_code 0 7219 7220<p> 7221Force specific internal tests to fail, to test the handling of 7222errors that are difficult to reproduce otherwise. 7223</p> 7224 7225%PARAM flush_service_name flush 7226 7227<p> 7228The name of the flush(8) service. This service maintains per-destination 7229logfiles with the queue file names of mail that is queued for those 7230destinations. 7231</p> 7232 7233<p> 7234This feature is available in Postfix 2.0 and later. 7235</p> 7236 7237%PARAM forward_expansion_filter see "postconf -d" output 7238 7239<p> 7240Restrict the characters that the local(8) delivery agent allows in 7241$name expansions of $forward_path. Characters outside the 7242allowed set are replaced by underscores. 7243</p> 7244 7245%PARAM header_address_token_limit 10240 7246 7247<p> 7248The maximal number of address tokens are allowed in an address 7249message header. Information that exceeds the limit is discarded. 7250The limit is enforced by the cleanup(8) server. 7251</p> 7252 7253%PARAM helpful_warnings yes 7254 7255<p> 7256Log warnings about problematic configuration settings, and provide 7257helpful suggestions. 7258</p> 7259 7260<p> 7261This feature is available in Postfix 2.0 and later. 7262</p> 7263 7264%PARAM lmtp_cache_connection yes 7265 7266<p> 7267Keep Postfix LMTP client connections open for up to $max_idle 7268seconds. When the LMTP client receives a request for the same 7269connection the connection is reused. 7270</p> 7271 7272<p> This parameter is available in Postfix version 2.2 and earlier. 7273With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand, 7274lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit. 7275</p> 7276 7277<p> 7278The effectiveness of cached connections will be determined by the 7279number of LMTP servers in use, and the concurrency limit specified 7280for the LMTP client. Cached connections are closed under any of 7281the following conditions: 7282</p> 7283 7284<ul> 7285 7286<li> The LMTP client idle time limit is reached. This limit is 7287specified with the Postfix max_idle configuration parameter. 7288 7289<li> A delivery request specifies a different destination than the 7290one currently cached. 7291 7292<li> The per-process limit on the number of delivery requests is 7293reached. This limit is specified with the Postfix max_use 7294configuration parameter. 7295 7296<li> Upon the onset of another delivery request, the LMTP server 7297associated with the current session does not respond to the RSET 7298command. 7299 7300</ul> 7301 7302<p> 7303Most of these limitations will be removed after Postfix implements 7304a connection cache that is shared among multiple LMTP client 7305programs. 7306</p> 7307 7308%PARAM lmtp_sasl_auth_enable no 7309 7310<p> 7311Enable SASL authentication in the Postfix LMTP client. 7312</p> 7313 7314%PARAM lmtp_sasl_password_maps 7315 7316<p> 7317Optional LMTP client lookup tables with one username:password entry 7318per host or domain. If a remote host or domain has no username:password 7319entry, then the Postfix LMTP client will not attempt to authenticate 7320to the remote host. 7321</p> 7322 7323%PARAM lmtp_sasl_security_options noplaintext, noanonymous 7324 7325<p> SASL security options; as of Postfix 2.3 the list of available 7326features depends on the SASL client implementation that is selected 7327with <b>lmtp_sasl_type</b>. </p> 7328 7329<p> The following security features are defined for the <b>cyrus</b> 7330client SASL implementation: </p> 7331 7332<dl> 7333 7334<dt><b>noplaintext</b></dt> 7335 7336<dd>Disallow authentication methods that use plaintext passwords. </dd> 7337 7338<dt><b>noactive</b></dt> 7339 7340<dd>Disallow authentication methods that are vulnerable to non-dictionary 7341active attacks. </dd> 7342 7343<dt><b>nodictionary</b></dt> 7344 7345<dd>Disallow authentication methods that are vulnerable to passive 7346dictionary attack. </dd> 7347 7348<dt><b>noanonymous</b></dt> 7349 7350<dd>Disallow anonymous logins. </dd> 7351 7352</dl> 7353 7354<p> 7355Example: 7356</p> 7357 7358<pre> 7359lmtp_sasl_security_options = noplaintext 7360</pre> 7361 7362%PARAM lmtp_tcp_port 24 7363 7364<p> 7365The default TCP port that the Postfix LMTP client connects to. 7366</p> 7367 7368%PARAM mail_release_date see "postconf -d" output 7369 7370<p> 7371The Postfix release date, in "YYYYMMDD" format. 7372</p> 7373 7374%PARAM mailbox_command_maps 7375 7376<p> 7377Optional lookup tables with per-recipient external commands to use 7378for local(8) mailbox delivery. Behavior is as with mailbox_command. 7379</p> 7380 7381<p> The precedence of local(8) delivery features from high to low 7382is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 7383mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 7384fallback_transport_maps, fallback_transport and luser_relay. </p> 7385 7386%PARAM mailbox_delivery_lock see "postconf -d" output 7387 7388<p> 7389How to lock a UNIX-style local(8) mailbox before attempting delivery. 7390For a list of available file locking methods, use the "<b>postconf 7391-l</b>" command. 7392</p> 7393 7394<p> 7395This setting is ignored with <b>maildir</b> style delivery, 7396because such deliveries are safe without explicit locks. 7397</p> 7398 7399<p> 7400Note: The <b>dotlock</b> method requires that the recipient UID or 7401GID has write access to the parent directory of the mailbox file. 7402</p> 7403 7404<p> 7405Note: the default setting of this parameter is system dependent. 7406</p> 7407 7408%PARAM mailbox_transport 7409 7410<p> 7411Optional message delivery transport that the local(8) delivery 7412agent should use for mailbox delivery to all local recipients, 7413whether or not they are found in the UNIX passwd database. 7414</p> 7415 7416<p> The precedence of local(8) delivery features from high to low 7417is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 7418mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 7419fallback_transport_maps, fallback_transport and luser_relay. </p> 7420 7421%PARAM mailq_path see "postconf -d" output 7422 7423<p> 7424Sendmail compatibility feature that specifies where the Postfix 7425mailq(1) command is installed. This command can be used to 7426list the Postfix mail queue. 7427</p> 7428 7429%PARAM manpage_directory see "postconf -d" output 7430 7431<p> 7432Where the Postfix manual pages are installed. 7433</p> 7434 7435%PARAM maps_rbl_domains 7436 7437<p> 7438Obsolete feature: use the reject_rbl_client feature instead. 7439</p> 7440 7441%PARAM mime_boundary_length_limit 2048 7442 7443<p> 7444The maximal length of MIME multipart boundary strings. The MIME 7445processor is unable to distinguish between boundary strings that 7446do not differ in the first $mime_boundary_length_limit characters. 7447</p> 7448 7449<p> 7450This feature is available in Postfix 2.0 and later. 7451</p> 7452 7453%PARAM mime_header_checks $header_checks 7454 7455<p> 7456Optional lookup tables for content inspection of MIME related 7457message headers, as described in the header_checks(5) manual page. 7458</p> 7459 7460<p> 7461This feature is available in Postfix 2.0 and later. 7462</p> 7463 7464%PARAM mime_nesting_limit 100 7465 7466<p> 7467The maximal recursion level that the MIME processor will handle. 7468Postfix refuses mail that is nested deeper than the specified limit. 7469</p> 7470 7471<p> 7472This feature is available in Postfix 2.0 and later. 7473</p> 7474 7475%PARAM mynetworks_style subnet 7476 7477<p> 7478The method to generate the default value for the mynetworks parameter. 7479This is the list of trusted networks for relay access control etc. 7480</p> 7481 7482<ul> 7483 7484<li><p>Specify "mynetworks_style = host" when Postfix should 7485"trust" only the local machine. </p> 7486 7487<li><p>Specify "mynetworks_style = subnet" when Postfix 7488should "trust" SMTP clients in the same IP subnetworks as the local 7489machine. On Linux, this works correctly only with interfaces 7490specified with the "ifconfig" command. </p> 7491 7492<li><p>Specify "mynetworks_style = class" when Postfix should 7493"trust" SMTP clients in the same IP class A/B/C networks as the 7494local machine. Don't do this with a dialup site - it would cause 7495Postfix to "trust" your entire provider's network. Instead, specify 7496an explicit mynetworks list by hand, as described with the mynetworks 7497configuration parameter. </p> 7498 7499</ul> 7500 7501%PARAM nested_header_checks $header_checks 7502 7503<p> 7504Optional lookup tables for content inspection of non-MIME message 7505headers in attached messages, as described in the header_checks(5) 7506manual page. 7507</p> 7508 7509<p> 7510This feature is available in Postfix 2.0 and later. 7511</p> 7512 7513%PARAM newaliases_path see "postconf -d" output 7514 7515<p> 7516Sendmail compatibility feature that specifies the location of the 7517newaliases(1) command. This command can be used to rebuild the 7518local(8) aliases(5) database. 7519</p> 7520 7521%PARAM non_fqdn_reject_code 504 7522 7523<p> 7524The numerical Postfix SMTP server reply code when a client request 7525is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender 7526or reject_non_fqdn_recipient restriction. 7527</p> 7528 7529%PARAM owner_request_special yes 7530 7531<p> 7532Give special treatment to owner-listname and listname-request 7533address localparts: don't split such addresses when the 7534recipient_delimiter is set to "-". This feature is useful for 7535mailing lists. 7536</p> 7537 7538%PARAM permit_mx_backup_networks 7539 7540<p> 7541Restrict the use of the permit_mx_backup SMTP access feature to 7542only domains whose primary MX hosts match the listed networks. 7543The parameter value syntax is the same as with the mynetworks 7544parameter; note, however, that the default value is empty. </p> 7545 7546%PARAM pickup_service_name pickup 7547 7548<p> 7549The name of the pickup(8) service. This service picks up local mail 7550submissions from the Postfix maildrop queue. 7551</p> 7552 7553<p> 7554This feature is available in Postfix 2.0 and later. 7555</p> 7556 7557%PARAM prepend_delivered_header command, file, forward 7558 7559<p> The message delivery contexts where the Postfix local(8) delivery 7560agent prepends a Delivered-To: message header with the address 7561that the mail was delivered to. This information is used for mail 7562delivery loop detection. </p> 7563 7564<p> 7565By default, the Postfix local delivery agent prepends a Delivered-To: 7566header when forwarding mail and when delivering to file (mailbox) 7567and command. Turning off the Delivered-To: header when forwarding 7568mail is not recommended. 7569</p> 7570 7571<p> 7572Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>. 7573</p> 7574 7575<p> 7576Example: 7577</p> 7578 7579<pre> 7580prepend_delivered_header = forward 7581</pre> 7582 7583%PARAM process_name read-only 7584 7585<p> 7586The process name of a Postfix command or daemon process. 7587</p> 7588 7589%PARAM process_id read-only 7590 7591<p> 7592The process ID of a Postfix command or daemon process. 7593</p> 7594 7595%PARAM process_id_directory pid 7596 7597<p> 7598The location of Postfix PID files relative to $queue_directory. 7599This is a read-only parameter. 7600</p> 7601 7602%PARAM proxy_read_maps see "postconf -d" output 7603 7604<p> 7605The lookup tables that the proxymap(8) server is allowed to 7606access for the read-only service. 7607Table references that don't begin with proxy: are ignored. 7608</p> 7609 7610<p> 7611This feature is available in Postfix 2.0 and later. 7612</p> 7613 7614%PARAM proxy_write_maps see "postconf -d" output 7615 7616<p> The lookup tables that the proxymap(8) server is allowed to 7617access for the read-write service. Postfix-owned local database 7618files should be stored under the Postfix-owned data_directory. 7619Table references that don't begin with proxy: are ignored. </p> 7620 7621<p> 7622This feature is available in Postfix 2.5 and later. 7623</p> 7624 7625%PARAM qmgr_clog_warn_time 300s 7626 7627<p> 7628The minimal delay between warnings that a specific destination is 7629clogging up the Postfix active queue. Specify 0 to disable. 7630</p> 7631 7632<p> 7633This feature is enabled with the helpful_warnings parameter. 7634</p> 7635 7636<p> 7637This feature is available in Postfix 2.0 and later. 7638</p> 7639 7640%PARAM qmgr_fudge_factor 100 7641 7642<p> 7643Obsolete feature: the percentage of delivery resources that a busy 7644mail system will use up for delivery of a large mailing list 7645message. 7646</p> 7647 7648<p> 7649This feature exists only in the oqmgr(8) old queue manager. The 7650current queue manager solves the problem in a better way. 7651</p> 7652 7653%PARAM queue_directory see "postconf -d" output 7654 7655<p> 7656The location of the Postfix top-level queue directory. This is the 7657root directory of Postfix daemon processes that run chrooted. 7658</p> 7659 7660%PARAM queue_file_attribute_count_limit 100 7661 7662<p> 7663The maximal number of (name=value) attributes that may be stored 7664in a Postfix queue file. The limit is enforced by the cleanup(8) 7665server. 7666</p> 7667 7668<p> 7669This feature is available in Postfix 2.0 and later. 7670</p> 7671 7672%PARAM queue_service_name qmgr 7673 7674<p> 7675The name of the qmgr(8) service. This service manages the Postfix 7676queue and schedules delivery requests. 7677</p> 7678 7679<p> 7680This feature is available in Postfix 2.0 and later. 7681</p> 7682 7683%PARAM html_directory see "postconf -d" output 7684 7685<p> 7686The location of Postfix HTML files that describe how to build, 7687configure or operate a specific Postfix subsystem or feature. 7688</p> 7689 7690%PARAM readme_directory see "postconf -d" output 7691 7692<p> 7693The location of Postfix README files that describe how to build, 7694configure or operate a specific Postfix subsystem or feature. 7695</p> 7696 7697%PARAM relay_transport relay 7698 7699<p> 7700The default mail delivery transport and next-hop destination for 7701remote delivery to domains listed with $relay_domains. In order of 7702decreasing precedence, the nexthop destination is taken from 7703$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or 7704from the recipient domain. This information can be overruled with 7705the transport(5) table. 7706</p> 7707 7708<p> 7709Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 7710is the name of a mail delivery transport defined in master.cf. 7711The <i>:nexthop</i> destination is optional; its syntax is documented 7712in the manual page of the corresponding delivery agent. 7713</p> 7714 7715<p> 7716See also the relay domains address class in the ADDRESS_CLASS_README 7717file. 7718</p> 7719 7720<p> 7721This feature is available in Postfix 2.0 and later. 7722</p> 7723 7724%PARAM rewrite_service_name rewrite 7725 7726<p> 7727The name of the address rewriting service. This service rewrites 7728addresses to standard form and resolves them to a (delivery method, 7729next-hop host, recipient) triple. 7730</p> 7731 7732<p> 7733This feature is available in Postfix 2.0 and later. 7734</p> 7735 7736%PARAM sample_directory /etc/postfix 7737 7738<p> 7739The name of the directory with example Postfix configuration files. 7740Starting with Postfix 2.1, these files have been replaced with the 7741postconf(5) manual page. 7742</p> 7743 7744%PARAM sender_based_routing no 7745 7746<p> 7747This parameter should not be used. It was replaced by sender_dependent_relayhost_maps 7748in Postfix version 2.3. 7749</p> 7750 7751%PARAM sendmail_path see "postconf -d" output 7752 7753<p> 7754A Sendmail compatibility feature that specifies the location of 7755the Postfix sendmail(1) command. This command can be used to 7756submit mail into the Postfix queue. 7757</p> 7758 7759%PARAM service_throttle_time 60s 7760 7761<p> 7762How long the Postfix master(8) waits before forking a server that 7763appears to be malfunctioning. 7764</p> 7765 7766<p> 7767Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 7768The default time unit is s (seconds). 7769</p> 7770 7771%PARAM setgid_group postdrop 7772 7773<p> 7774The group ownership of set-gid Postfix commands and of group-writable 7775Postfix directories. When this parameter value is changed you need 7776to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and 7777earlier: "<b>/etc/postfix/post-install set-permissions</b>". 7778</p> 7779 7780%PARAM show_user_unknown_table_name yes 7781 7782<p> 7783Display the name of the recipient table in the "User unknown" 7784responses. The extra detail makes trouble shooting easier but also 7785reveals information that is nobody elses business. 7786</p> 7787 7788<p> 7789This feature is available in Postfix 2.0 and later. 7790</p> 7791 7792%PARAM showq_service_name showq 7793 7794<p> 7795The name of the showq(8) service. This service produces mail queue 7796status reports. 7797</p> 7798 7799<p> 7800This feature is available in Postfix 2.0 and later. 7801</p> 7802 7803%PARAM smtp_pix_workaround_delay_time 10s 7804 7805<p> 7806How long the Postfix SMTP client pauses before sending 7807".<CR><LF>" in order to work around the PIX firewall 7808"<CR><LF>.<CR><LF>" bug. 7809</p> 7810 7811<p> 7812Choosing a too short time makes this workaround ineffective when 7813sending large messages over slow network connections. 7814</p> 7815 7816%PARAM smtp_randomize_addresses yes 7817 7818<p> 7819Randomize the order of equal-preference MX host addresses. This 7820is a performance feature of the Postfix SMTP client. 7821</p> 7822 7823%PARAM smtp_rset_timeout 20s 7824 7825<p> The SMTP client time limit for sending the RSET command, and 7826for receiving the server response. The SMTP client sends RSET in 7827order to finish a recipient address probe, or to verify that a 7828cached session is still usable. </p> 7829 7830<p> This feature is available in Postfix 2.1 and later. </p> 7831 7832%PARAM smtpd_data_restrictions 7833 7834<p> 7835Optional access restrictions that the Postfix SMTP server applies 7836in the context of the SMTP DATA command. 7837See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 7838restriction lists" for a discussion of evaluation context and time. 7839</p> 7840 7841<p> 7842This feature is available in Postfix 2.0 and later. 7843</p> 7844 7845<p> 7846Specify a list of restrictions, separated by commas and/or whitespace. 7847Continue long lines by starting the next line with whitespace. 7848Restrictions are applied in the order as specified; the first 7849restriction that matches wins. 7850</p> 7851 7852<p> 7853The following restrictions are valid in this context: 7854</p> 7855 7856<ul> 7857 7858<li><a href="#generic">Generic</a> restrictions that can be used 7859in any SMTP command context, described under smtpd_client_restrictions. 7860 7861<li>SMTP command specific restrictions described under 7862smtpd_client_restrictions, smtpd_helo_restrictions, 7863smtpd_sender_restrictions or smtpd_recipient_restrictions. 7864 7865<li>However, no recipient information is available in the case of 7866multi-recipient mail. Acting on only one recipient would be misleading, 7867because any decision will affect all recipients equally. Acting on 7868all recipients would require a possibly very large amount of memory, 7869and would also be misleading for the reasons mentioned before. 7870 7871</ul> 7872 7873<p> 7874Examples: 7875</p> 7876 7877<pre> 7878smtpd_data_restrictions = reject_unauth_pipelining 7879smtpd_data_restrictions = reject_multi_recipient_bounce 7880</pre> 7881 7882%PARAM smtpd_end_of_data_restrictions 7883 7884<p> Optional access restrictions that the Postfix SMTP server 7885applies in the context of the SMTP END-OF-DATA command. 7886See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 7887restriction lists" for a discussion of evaluation context and time. 7888</p> 7889 7890<p> This feature is available in Postfix 2.2 and later. </p> 7891 7892<p> See smtpd_data_restrictions for details and limitations. </p> 7893 7894%PARAM smtpd_delay_reject yes 7895 7896<p> 7897Wait until the RCPT TO command before evaluating 7898$smtpd_client_restrictions, $smtpd_helo_restrictions and 7899$smtpd_sender_restrictions, or wait until the ETRN command before 7900evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. 7901</p> 7902 7903<p> 7904This feature is turned on by default because some clients apparently 7905mis-behave when the Postfix SMTP server rejects commands before 7906RCPT TO. 7907</p> 7908 7909<p> 7910The default setting has one major benefit: it allows Postfix to log 7911recipient address information when rejecting a client name/address 7912or sender address, so that it is possible to find out whose mail 7913is being rejected. 7914</p> 7915 7916%PARAM smtpd_null_access_lookup_key <> 7917 7918<p> 7919The lookup key to be used in SMTP access(5) tables instead of the 7920null sender address. 7921</p> 7922 7923%CLASS smtpd-policy SMTP server policy delegation 7924 7925<p> 7926The Postfix SMTP server has a number of built-in mechanisms to 7927block or accept mail at specific SMTP protocol stages. As of version 79282.1 Postfix can be configured to delegate policy decisions to an 7929external server that runs outside Postfix. See the file 7930SMTPD_POLICY_README for more information. 7931</p> 7932 7933%PARAM smtpd_policy_service_max_idle 300s 7934 7935<p> 7936The time after which an idle SMTPD policy service connection is 7937closed. 7938</p> 7939 7940<p> 7941This feature is available in Postfix 2.1 and later. 7942</p> 7943 7944%PARAM smtpd_policy_service_max_ttl 1000s 7945 7946<p> 7947The time after which an active SMTPD policy service connection is 7948closed. 7949</p> 7950 7951<p> 7952This feature is available in Postfix 2.1 and later. 7953</p> 7954 7955%PARAM smtpd_policy_service_timeout 100s 7956 7957<p> 7958The time limit for connecting to, writing to or receiving from a 7959delegated SMTPD policy server. 7960</p> 7961 7962<p> 7963This feature is available in Postfix 2.1 and later. 7964</p> 7965 7966%PARAM smtpd_reject_unlisted_recipient yes 7967 7968<p> 7969Request that the Postfix SMTP server rejects mail for unknown 7970recipient addresses, even when no explicit reject_unlisted_recipient 7971access restriction is specified. This prevents the Postfix queue 7972from filling up with undeliverable MAILER-DAEMON messages. 7973</p> 7974 7975<p> An address is always considered "known" when it matches a 7976virtual(5) alias or a canonical(5) mapping. 7977 7978<ul> 7979 7980<li> The recipient domain matches $mydestination, $inet_interfaces 7981or $proxy_interfaces, but the recipient is not listed in 7982$local_recipient_maps, and $local_recipient_maps is not null. 7983 7984<li> The recipient domain matches $virtual_alias_domains but the 7985recipient is not listed in $virtual_alias_maps. 7986 7987<li> The recipient domain matches $virtual_mailbox_domains but the 7988recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps 7989is not null. 7990 7991<li> The recipient domain matches $relay_domains but the recipient 7992is not listed in $relay_recipient_maps, and $relay_recipient_maps 7993is not null. 7994 7995</ul> 7996 7997<p> 7998This feature is available in Postfix 2.1 and later. 7999</p> 8000 8001%PARAM smtpd_reject_unlisted_sender no 8002 8003<p> Request that the Postfix SMTP server rejects mail from unknown 8004sender addresses, even when no explicit reject_unlisted_sender 8005access restriction is specified. This can slow down an explosion 8006of forged mail from worms or viruses. </p> 8007 8008<p> An address is always considered "known" when it matches a 8009virtual(5) alias or a canonical(5) mapping. 8010 8011<ul> 8012 8013<li> The sender domain matches $mydestination, $inet_interfaces or 8014$proxy_interfaces, but the sender is not listed in 8015$local_recipient_maps, and $local_recipient_maps is not null. 8016 8017<li> The sender domain matches $virtual_alias_domains but the sender 8018is not listed in $virtual_alias_maps. 8019 8020<li> The sender domain matches $virtual_mailbox_domains but the 8021sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps 8022is not null. 8023 8024<li> The sender domain matches $relay_domains but the sender is 8025not listed in $relay_recipient_maps, and $relay_recipient_maps is 8026not null. 8027 8028</ul> 8029 8030<p> 8031This feature is available in Postfix 2.1 and later. 8032</p> 8033 8034%PARAM smtpd_restriction_classes 8035 8036<p> 8037User-defined aliases for groups of access restrictions. The aliases 8038can be specified in smtpd_recipient_restrictions etc., and on the 8039right-hand side of a Postfix access(5) table. 8040</p> 8041 8042<p> 8043One major application is for implementing per-recipient UCE control. 8044See the RESTRICTION_CLASS_README document for other examples. 8045</p> 8046 8047%PARAM smtpd_sasl_application_name smtpd 8048 8049<p> 8050The application name that the Postfix SMTP server uses for SASL 8051server initialization. This 8052controls the name of the SASL configuration file. The default value 8053is <b>smtpd</b>, corresponding to a SASL configuration file named 8054<b>smtpd.conf</b>. 8055</p> 8056 8057<p> 8058This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 8059it was renamed to smtpd_sasl_path. 8060</p> 8061 8062%PARAM strict_7bit_headers no 8063 8064<p> 8065Reject mail with 8-bit text in message headers. This blocks mail 8066from poorly written applications. 8067</p> 8068 8069<p> 8070This feature should not be enabled on a general purpose mail server, 8071because it is likely to reject legitimate email. 8072</p> 8073 8074<p> 8075This feature is available in Postfix 2.0 and later. 8076</p> 8077 8078%PARAM strict_8bitmime no 8079 8080<p> 8081Enable both strict_7bit_headers and strict_8bitmime_body. 8082</p> 8083 8084<p> 8085This feature should not be enabled on a general purpose mail server, 8086because it is likely to reject legitimate email. 8087</p> 8088 8089<p> 8090This feature is available in Postfix 2.0 and later. 8091</p> 8092 8093%PARAM strict_8bitmime_body no 8094 8095<p> 8096Reject 8-bit message body text without 8-bit MIME content encoding 8097information. This blocks mail from poorly written applications. 8098</p> 8099 8100<p> 8101Unfortunately, this also rejects majordomo approval requests when 8102the included request contains valid 8-bit MIME mail, and it rejects 8103bounces from mailers that do not MIME encapsulate 8-bit content 8104(for example, bounces from qmail or from old versions of Postfix). 8105</p> 8106 8107<p> 8108This feature should not be enabled on a general purpose mail server, 8109because it is likely to reject legitimate email. 8110</p> 8111 8112<p> 8113This feature is available in Postfix 2.0 and later. 8114</p> 8115 8116%PARAM strict_mime_encoding_domain no 8117 8118<p> 8119Reject mail with invalid Content-Transfer-Encoding: information 8120for the message/* or multipart/* MIME content types. This blocks 8121mail from poorly written software. 8122</p> 8123 8124<p> 8125This feature should not be enabled on a general purpose mail server, 8126because it will reject mail after a single violation. 8127</p> 8128 8129<p> 8130This feature is available in Postfix 2.0 and later. 8131</p> 8132 8133%PARAM sun_mailtool_compatibility no 8134 8135<p> 8136Obsolete SUN mailtool compatibility feature. Instead, use 8137"mailbox_delivery_lock = dotlock". 8138</p> 8139 8140%PARAM trace_service_name trace 8141 8142<p> 8143The name of the trace service. This service is implemented by the 8144bounce(8) daemon and maintains a record 8145of mail deliveries and produces a mail delivery report when verbose 8146delivery is requested with "<b>sendmail -v</b>". 8147</p> 8148 8149<p> 8150This feature is available in Postfix 2.1 and later. 8151</p> 8152 8153%PARAM undisclosed_recipients_header see "postconf -d" output 8154 8155<p> 8156Message header that the Postfix cleanup(8) server inserts when a 8157message contains no To: or Cc: message header. With Postfix 2.8 8158and later, the default value is empty. With Postfix 2.4-2.7, 8159specify an empty value to disable this feature. </p> 8160 8161<p> Example: </p> 8162 8163<pre> 8164# Default value before Postfix 2.8. 8165# Note: the ":" and ";" are both required. 8166undisclosed_recipients_header = To: undisclosed-recipients:; 8167</pre> 8168 8169%PARAM unknown_relay_recipient_reject_code 550 8170 8171<p> 8172The numerical Postfix SMTP server reply code when a recipient 8173address matches $relay_domains, and relay_recipient_maps specifies 8174a list of lookup tables that does not match the recipient address. 8175</p> 8176 8177<p> 8178This feature is available in Postfix 2.0 and later. 8179</p> 8180 8181%PARAM unknown_virtual_alias_reject_code 550 8182 8183<p> 8184The SMTP server reply code when a recipient address matches 8185$virtual_alias_domains, and $virtual_alias_maps specifies a list 8186of lookup tables that does not match the recipient address. 8187</p> 8188 8189<p> 8190This feature is available in Postfix 2.0 and later. 8191</p> 8192 8193%PARAM unknown_virtual_mailbox_reject_code 550 8194 8195<p> 8196The SMTP server reply code when a recipient address matches 8197$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list 8198of lookup tables that does not match the recipient address. 8199</p> 8200 8201<p> 8202This feature is available in Postfix 2.0 and later. 8203</p> 8204 8205%PARAM verp_delimiter_filter -=+ 8206 8207<p> 8208The characters Postfix accepts as VERP delimiter characters on the 8209Postfix sendmail(1) command line and in SMTP commands. 8210</p> 8211 8212<p> 8213This feature is available in Postfix 1.1 and later. 8214</p> 8215 8216%PARAM virtual_gid_maps 8217 8218<p> 8219Lookup tables with the per-recipient group ID for virtual(8) mailbox 8220delivery. 8221</p> 8222 8223<p> 8224In a lookup table, specify a left-hand side of "@domain.tld" to 8225match any user in the specified domain that does not have a specific 8226"user@domain.tld" entry. 8227</p> 8228 8229<p> 8230When a recipient address has an optional address extension 8231(user+foo@domain.tld), the virtual(8) delivery agent looks up 8232the full address first, and when the lookup fails, it looks up the 8233unextended address (user@domain.tld). 8234</p> 8235 8236<p> 8237Note 1: for security reasons, the virtual(8) delivery agent disallows 8238regular expression substitution of $1 etc. in regular expression 8239lookup tables, because that would open a security hole. 8240</p> 8241 8242<p> 8243Note 2: for security reasons, the virtual(8) delivery agent will 8244silently ignore requests to use the proxymap(8) server. Instead 8245it will open the table directly. Before Postfix version 2.2, the 8246virtual(8) delivery agent will terminate with a fatal error. 8247</p> 8248 8249%PARAM virtual_mailbox_base 8250 8251<p> 8252A prefix that the virtual(8) delivery agent prepends to all pathname 8253results from $virtual_mailbox_maps table lookups. This is a safety 8254measure to ensure that an out of control map doesn't litter the 8255file system with mailboxes. While virtual_mailbox_base could be 8256set to "/", this setting isn't recommended. 8257</p> 8258 8259<p> 8260Example: 8261</p> 8262 8263<pre> 8264virtual_mailbox_base = /var/mail 8265</pre> 8266 8267%PARAM virtual_mailbox_domains $virtual_mailbox_maps 8268 8269<p> Postfix is final destination for the specified list of domains; 8270mail is delivered via the $virtual_transport mail delivery transport. 8271By default this is the Postfix virtual(8) delivery agent. The SMTP 8272server validates recipient addresses with $virtual_mailbox_maps 8273and rejects mail for non-existent recipients. See also the virtual 8274mailbox domain class in the ADDRESS_CLASS_README file. </p> 8275 8276<p> This parameter expects the same syntax as the mydestination 8277configuration parameter. </p> 8278 8279<p> 8280This feature is available in Postfix 2.0 and later. The default 8281value is backwards compatible with Postfix version 1.1. 8282</p> 8283 8284%PARAM virtual_mailbox_limit 51200000 8285 8286<p> 8287The maximal size in bytes of an individual virtual(8) mailbox or 8288maildir file, or zero (no limit). </p> 8289 8290%PARAM virtual_mailbox_lock see "postconf -d" output 8291 8292<p> 8293How to lock a UNIX-style virtual(8) mailbox before attempting 8294delivery. For a list of available file locking methods, use the 8295"<b>postconf -l</b>" command. 8296</p> 8297 8298<p> 8299This setting is ignored with <b>maildir</b> style delivery, because 8300such deliveries are safe without application-level locks. 8301</p> 8302 8303<p> 8304Note 1: the <b>dotlock</b> method requires that the recipient UID 8305or GID has write access to the parent directory of the recipient's 8306mailbox file. 8307</p> 8308 8309<p> 8310Note 2: the default setting of this parameter is system dependent. 8311</p> 8312 8313%PARAM virtual_mailbox_maps 8314 8315<p> 8316Optional lookup tables with all valid addresses in the domains that 8317match $virtual_mailbox_domains. 8318</p> 8319 8320<p> 8321In a lookup table, specify a left-hand side of "@domain.tld" to 8322match any user in the specified domain that does not have a specific 8323"user@domain.tld" entry. 8324</p> 8325 8326<p> 8327The virtual(8) delivery agent uses this table to look up the 8328per-recipient mailbox or maildir pathname. If the lookup result 8329ends in a slash ("/"), maildir-style delivery is carried out, 8330otherwise the path is assumed to specify a UNIX-style mailbox file. 8331Note that $virtual_mailbox_base is unconditionally prepended to 8332this path. 8333</p> 8334 8335<p> 8336When a recipient address has an optional address extension 8337(user+foo@domain.tld), the virtual(8) delivery agent looks up 8338the full address first, and when the lookup fails, it looks up the 8339unextended address (user@domain.tld). 8340</p> 8341 8342<p> 8343Note 1: for security reasons, the virtual(8) delivery agent disallows 8344regular expression substitution of $1 etc. in regular expression 8345lookup tables, because that would open a security hole. 8346</p> 8347 8348<p> 8349Note 2: for security reasons, the virtual(8) delivery agent will 8350silently ignore requests to use the proxymap(8) server. Instead 8351it will open the table directly. Before Postfix version 2.2, the 8352virtual(8) delivery agent will terminate with a fatal error. 8353</p> 8354 8355%PARAM virtual_minimum_uid 100 8356 8357<p> 8358The minimum user ID value that the virtual(8) delivery agent accepts 8359as a result from $virtual_uid_maps table lookup. Returned 8360values less than this will be rejected, and the message will be 8361deferred. 8362</p> 8363 8364%PARAM virtual_transport virtual 8365 8366<p> 8367The default mail delivery transport and next-hop destination for 8368final delivery to domains listed with $virtual_mailbox_domains. 8369This information can be overruled with the transport(5) table. 8370</p> 8371 8372<p> 8373Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 8374is the name of a mail delivery transport defined in master.cf. 8375The <i>:nexthop</i> destination is optional; its syntax is documented 8376in the manual page of the corresponding delivery agent. 8377</p> 8378 8379<p> 8380This feature is available in Postfix 2.0 and later. 8381</p> 8382 8383%PARAM virtual_uid_maps 8384 8385<p> 8386Lookup tables with the per-recipient user ID that the virtual(8) 8387delivery agent uses while writing to the recipient's mailbox. 8388</p> 8389 8390<p> 8391In a lookup table, specify a left-hand side of "@domain.tld" 8392to match any user in the specified domain that does not have a 8393specific "user@domain.tld" entry. 8394</p> 8395 8396<p> 8397When a recipient address has an optional address extension 8398(user+foo@domain.tld), the virtual(8) delivery agent looks up 8399the full address first, and when the lookup fails, it looks up the 8400unextended address (user@domain.tld). 8401</p> 8402 8403<p> 8404Note 1: for security reasons, the virtual(8) delivery agent disallows 8405regular expression substitution of $1 etc. in regular expression 8406lookup tables, because that would open a security hole. 8407</p> 8408 8409<p> 8410Note 2: for security reasons, the virtual(8) delivery agent will 8411silently ignore requests to use the proxymap(8) server. Instead 8412it will open the table directly. Before Postfix version 2.2, the 8413virtual(8) delivery agent will terminate with a fatal error. 8414</p> 8415 8416%PARAM config_directory see "postconf -d" output 8417 8418<p> The default location of the Postfix main.cf and master.cf 8419configuration files. This can be overruled via the following 8420mechanisms: </p> 8421 8422<ul> 8423 8424<li> <p> The MAIL_CONFIG environment variable (daemon processes 8425and commands). </p> 8426 8427<li> <p> The "-c" command-line option (commands only). </p> 8428 8429</ul> 8430 8431<p> With Postfix command that run with set-gid privileges, a 8432config_directory override requires either root privileges, or it 8433requires that the directory is listed with the alternate_config_directories 8434parameter in the default main.cf file. </p> 8435 8436%PARAM virtual_maps 8437 8438<p> Optional lookup tables with a) names of domains for which all 8439addresses are aliased to addresses in other local or remote domains, 8440and b) addresses that are aliased to addresses in other local or 8441remote domains. Available before Postfix version 2.0. With Postfix 8442version 2.0 and later, this is replaced by separate controls: virtual_alias_domains 8443and virtual_alias_maps. </p> 8444 8445%PARAM smtp_discard_ehlo_keywords 8446 8447<p> A case insensitive list of EHLO keywords (pipelining, starttls, 8448auth, etc.) that the Postfix SMTP client will ignore in the EHLO 8449response from a remote SMTP server. </p> 8450 8451<p> This feature is available in Postfix 2.2 and later. </p> 8452 8453<p> Notes: </p> 8454 8455<ul> 8456 8457<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 8458this action from being logged. </p> 8459 8460<li> <p> Use the smtp_discard_ehlo_keyword_address_maps feature to 8461discard EHLO keywords selectively. </p> 8462 8463</ul> 8464 8465%PARAM smtpd_discard_ehlo_keywords 8466 8467<p> A case insensitive list of EHLO keywords (pipelining, starttls, 8468auth, etc.) that the SMTP server will not send in the EHLO response 8469to a remote SMTP client. </p> 8470 8471<p> This feature is available in Postfix 2.2 and later. </p> 8472 8473<p> Notes: </p> 8474 8475<ul> 8476 8477<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 8478this action from being logged. </p> 8479 8480<li> <p> Use the smtpd_discard_ehlo_keyword_address_maps feature 8481to discard EHLO keywords selectively. </p> 8482 8483</ul> 8484 8485%PARAM smtp_discard_ehlo_keyword_address_maps 8486 8487<p> Lookup tables, indexed by the remote SMTP server address, with 8488case insensitive lists of EHLO keywords (pipelining, starttls, auth, 8489etc.) that the Postfix SMTP client will ignore in the EHLO response from a 8490remote SMTP server. See smtp_discard_ehlo_keywords for details. The 8491table is not indexed by hostname for consistency with 8492smtpd_discard_ehlo_keyword_address_maps. </p> 8493 8494<p> This feature is available in Postfix 2.2 and later. </p> 8495 8496%PARAM smtpd_discard_ehlo_keyword_address_maps 8497 8498<p> Lookup tables, indexed by the remote SMTP client address, with 8499case insensitive lists of EHLO keywords (pipelining, starttls, auth, 8500etc.) that the SMTP server will not send in the EHLO response to a 8501remote SMTP client. See smtpd_discard_ehlo_keywords for details. 8502The table is not searched by hostname for robustness reasons. </p> 8503 8504<p> This feature is available in Postfix 2.2 and later. </p> 8505 8506%PARAM connection_cache_service_name scache 8507 8508<p> The name of the scache(8) connection cache service. This service 8509maintains a limited pool of cached sessions. </p> 8510 8511<p> This feature is available in Postfix 2.2 and later. </p> 8512 8513%PARAM connection_cache_ttl_limit 2s 8514 8515<p> The maximal time-to-live value that the scache(8) connection 8516cache server 8517allows. Requests that specify a larger TTL will be stored with the 8518maximum allowed TTL. The purpose of this additional control is to 8519protect the infrastructure against careless people. The cache TTL 8520is already bounded by $max_idle. </p> 8521 8522%PARAM connection_cache_status_update_time 600s 8523 8524<p> How frequently the scache(8) server logs usage statistics with 8525connection cache hit and miss rates for logical destinations and for 8526physical endpoints. </p> 8527 8528%PARAM remote_header_rewrite_domain 8529 8530<p> Don't rewrite message headers from remote clients at all when 8531this parameter is empty; otherwise, rewrite message headers and 8532append the specified domain name to incomplete addresses. The 8533local_header_rewrite_clients parameter controls what clients Postfix 8534considers local. </p> 8535 8536<p> Examples: </p> 8537 8538<p> The safe setting: append "domain.invalid" to incomplete header 8539addresses from remote SMTP clients, so that those addresses cannot 8540be confused with local addresses. </p> 8541 8542<blockquote> 8543<pre> 8544remote_header_rewrite_domain = domain.invalid 8545</pre> 8546</blockquote> 8547 8548<p> The default, purist, setting: don't rewrite headers from remote 8549clients at all. </p> 8550 8551<blockquote> 8552<pre> 8553remote_header_rewrite_domain = 8554</pre> 8555</blockquote> 8556 8557%PARAM local_header_rewrite_clients permit_inet_interfaces 8558 8559<p> Rewrite message header addresses in mail from these clients and 8560update incomplete addresses with the domain name in $myorigin or 8561$mydomain; either don't rewrite message headers from other clients 8562at all, or rewrite message headers and update incomplete addresses 8563with the domain specified in the remote_header_rewrite_domain 8564parameter. </p> 8565 8566<p> See the append_at_myorigin and append_dot_mydomain parameters 8567for details of how domain names are appended to incomplete addresses. 8568</p> 8569 8570<p> Specify a list of zero or more of the following: </p> 8571 8572<dl> 8573 8574<dt><b>permit_inet_interfaces</b></dt> 8575 8576<dd> Append the domain name in $myorigin or $mydomain when the 8577client IP address matches $inet_interfaces. This is enabled by 8578default. </dd> 8579 8580<dt><b>permit_mynetworks</b></dt> 8581 8582<dd> Append the domain name in $myorigin or $mydomain when the 8583client IP address matches any network or network address listed in 8584$mynetworks. This setting will not prevent remote mail header 8585address rewriting when mail from a remote client is forwarded by 8586a neighboring system. </dd> 8587 8588<dt><b>permit_sasl_authenticated </b></dt> 8589 8590<dd> Append the domain name in $myorigin or $mydomain when the 8591client is successfully authenticated via the RFC 4954 (AUTH) 8592protocol. </dd> 8593 8594<dt><b>permit_tls_clientcerts </b></dt> 8595 8596<dd> Append the domain name in $myorigin or $mydomain when the 8597client TLS certificate fingerprint is listed in $relay_clientcerts. 8598The fingerprint digest algorithm is configurable via the 8599smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 8600Postfix version 2.5). </dd> 8601 8602<dt><b>permit_tls_all_clientcerts </b></dt> 8603 8604<dd> Append the domain name in $myorigin or $mydomain when the 8605client TLS certificate is successfully verified, regardless of 8606whether it is listed on the server, and regardless of the certifying 8607authority. </dd> 8608 8609<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 8610 8611<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 8612 8613<dd> Append the domain name in $myorigin or $mydomain when the 8614client IP address matches the specified lookup table. 8615The lookup result is ignored, and no subnet lookup is done. This 8616is suitable for, e.g., pop-before-smtp lookup tables. </dd> 8617 8618</dl> 8619 8620<p> Examples: </p> 8621 8622<p> The Postfix < 2.2 backwards compatible setting: always rewrite 8623message headers, and always append my own domain to incomplete 8624header addresses. </p> 8625 8626<blockquote> 8627<pre> 8628local_header_rewrite_clients = static:all 8629</pre> 8630</blockquote> 8631 8632<p> The purist (and default) setting: rewrite headers only in mail 8633from Postfix sendmail and in SMTP mail from this machine. </p> 8634 8635<blockquote> 8636<pre> 8637local_header_rewrite_clients = permit_inet_interfaces 8638</pre> 8639</blockquote> 8640 8641<p> The intermediate setting: rewrite header addresses and append 8642$myorigin or $mydomain information only with mail from Postfix 8643sendmail, from local clients, or from authorized SMTP clients. </p> 8644 8645<p> Note: this setting will not prevent remote mail header address 8646rewriting when mail from a remote client is forwarded by a neighboring 8647system. </p> 8648 8649<blockquote> 8650<pre> 8651local_header_rewrite_clients = permit_mynetworks, 8652 permit_sasl_authenticated permit_tls_clientcerts 8653 check_address_map hash:/etc/postfix/pop-before-smtp 8654</pre> 8655</blockquote> 8656 8657%PARAM smtpd_tls_cert_file 8658 8659<p> File with the Postfix SMTP server RSA certificate in PEM format. 8660This file may also contain the Postfix SMTP server private RSA key. </p> 8661 8662<p> Public Internet MX hosts without certificates signed by a "reputable" 8663CA must generate, and be prepared to present to most clients, a 8664self-signed or private-CA signed certificate. The client will not be 8665able to authenticate the server, but unless it is running Postfix 2.3 or 8666similar software, it will still insist on a server certificate. </p> 8667 8668<p> For servers that are <b>not</b> public Internet MX hosts, Postfix 86692.3 supports configurations with no certificates. This entails the 8670use of just the anonymous TLS ciphers, which are not supported by 8671typical SMTP clients. Since such clients will not, as a rule, fall 8672back to plain text after a TLS handshake failure, the server will 8673be unable to receive email from TLS enabled clients. To avoid 8674accidental configurations with no certificates, Postfix 2.3 enables 8675certificate-less operation only when the administrator explicitly 8676sets "smtpd_tls_cert_file = none". This ensures that new Postfix 8677configurations will not accidentally run with no certificates. </p> 8678 8679<p> Both RSA and DSA certificates are supported. When both types 8680are present, the cipher used determines which certificate will be 8681presented to the client. For Netscape and OpenSSL clients without 8682special cipher choices the RSA certificate is preferred. </p> 8683 8684<p> To enable a remote SMTP client to verify the Postfix SMTP server 8685certificate, the issuing CA certificates must be made available to the 8686client. You should include the required certificates in the server 8687certificate file, the server certificate first, then the issuing 8688CA(s) (bottom-up order). </p> 8689 8690<p> Example: the certificate for "server.example.com" was issued by 8691"intermediate CA" which itself has a certificate of "root CA". 8692Create the server.pem file with "cat server_cert.pem intermediate_CA.pem 8693root_CA.pem > server.pem". </p> 8694 8695<p> If you also want to verify client certificates issued by these 8696CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which 8697case it is not necessary to have them in the smtpd_tls_cert_file or 8698smtpd_tls_dcert_file. </p> 8699 8700<p> A certificate supplied here must be usable as an SSL server certificate 8701and hence pass the "openssl verify -purpose sslserver ..." test. </p> 8702 8703<p> Example: </p> 8704 8705<pre> 8706smtpd_tls_cert_file = /etc/postfix/server.pem 8707</pre> 8708 8709<p> This feature is available in Postfix 2.2 and later. </p> 8710 8711%PARAM smtpd_tls_key_file $smtpd_tls_cert_file 8712 8713<p> File with the Postfix SMTP server RSA private key in PEM format. 8714This file may be combined with the Postfix SMTP server RSA certificate 8715file specified with $smtpd_tls_cert_file. </p> 8716 8717<p> The private key must be accessible without a pass-phrase, i.e. it 8718must not be encrypted. File permissions should grant read-only 8719access to the system superuser account ("root"), and no access 8720to anyone else. </p> 8721 8722%PARAM smtpd_tls_dcert_file 8723 8724<p> File with the Postfix SMTP server DSA certificate in PEM format. 8725This file may also contain the Postfix SMTP server private DSA key. </p> 8726 8727<p> See the discussion under smtpd_tls_cert_file for more details. 8728</p> 8729 8730<p> Example: </p> 8731 8732<pre> 8733smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem 8734</pre> 8735 8736<p> This feature is available in Postfix 2.2 and later. </p> 8737 8738%PARAM smtpd_tls_dkey_file $smtpd_tls_dcert_file 8739 8740<p> File with the Postfix SMTP server DSA private key in PEM format. 8741This file may be combined with the Postfix SMTP server DSA certificate 8742file specified with $smtpd_tls_dcert_file. </p> 8743 8744<p> The private key must be accessible without a pass-phrase, i.e. it 8745must not be encrypted. File permissions should grant read-only 8746access to the system superuser account ("root"), and no access 8747to anyone else. </p> 8748 8749<p> This feature is available in Postfix 2.2 and later. </p> 8750 8751%PARAM smtpd_tls_CAfile 8752 8753<p> A file containing (PEM format) CA certificates of root CAs trusted 8754to sign either remote SMTP client certificates or intermediate CA 8755certificates. These are loaded into memory before the smtpd(8) server 8756enters the chroot jail. If the number of trusted roots is large, consider 8757using smtpd_tls_CApath instead, but note that the latter directory must 8758be present in the chroot jail if the smtpd(8) server is chrooted. This 8759file may also be used to augment the server certificate trust chain, 8760but it is best to include all the required certificates directly in the 8761server certificate file. </p> 8762 8763<p> Specify "tls_append_default_CA = no" to prevent Postfix from 8764appending the system-supplied default CAs and trusting third-party 8765certificates. </p> 8766 8767<p> By default (see smtpd_tls_ask_ccert), client certificates are not 8768requested, and smtpd_tls_CAfile should remain empty. If you do make use 8769of client certificates, the distinguished names (DNs) of the certificate 8770authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client 8771in the client certificate request message. MUAs with multiple client 8772certificates may use the list of preferred certificate authorities 8773to select the correct client certificate. You may want to put your 8774"preferred" CA or CAs in this file, and install other trusted CAs in 8775$smtpd_tls_CApath. </p> 8776 8777<p> Example: </p> 8778 8779<pre> 8780smtpd_tls_CAfile = /etc/postfix/CAcert.pem 8781</pre> 8782 8783<p> This feature is available in Postfix 2.2 and later. </p> 8784 8785%PARAM smtpd_tls_CApath 8786 8787<p> A directory containing (PEM format) CA certificates of root CAs 8788trusted to sign either remote SMTP client certificates or intermediate CA 8789certificates. Do not forget to create the necessary "hash" links with, 8790for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use 8791smtpd_tls_CApath in chroot mode, this directory (or a copy) must be 8792inside the chroot jail. </p> 8793 8794<p> Specify "tls_append_default_CA = no" to prevent Postfix from 8795appending the system-supplied default CAs and trusting third-party 8796certificates. </p> 8797 8798<p> By default (see smtpd_tls_ask_ccert), client certificates are 8799not requested, and smtpd_tls_CApath should remain empty. In contrast 8800to smtpd_tls_CAfile, DNs of certificate authorities installed 8801in $smtpd_tls_CApath are not included in the client certificate 8802request message. MUAs with multiple client certificates may use the 8803list of preferred certificate authorities to select the correct 8804client certificate. You may want to put your "preferred" CA or 8805CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in 8806$smtpd_tls_CApath. </p> 8807 8808<p> Example: </p> 8809 8810<pre> 8811smtpd_tls_CApath = /etc/postfix/certs 8812</pre> 8813 8814<p> This feature is available in Postfix 2.2 and later. </p> 8815 8816%PARAM smtpd_tls_loglevel 0 8817 8818<p> Enable additional Postfix SMTP server logging of TLS activity. 8819Each logging level also includes the information that is logged at 8820a lower logging level. </p> 8821 8822<dl compact> 8823 8824<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 8825 8826<dt> </dt> <dd> 1 Log TLS handshake and certificate information. </dd> 8827 8828<dt> </dt> <dd> 2 Log levels during TLS negotiation. </dd> 8829 8830<dt> </dt> <dd> 3 Log hexadecimal and ASCII dump of TLS negotiation 8831process. </dd> 8832 8833<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 8834transmission after STARTTLS. </dd> 8835 8836</dl> 8837 8838<p> Use "smtpd_tls_loglevel = 3" only in case of problems. Use of 8839loglevel 4 is strongly discouraged. </p> 8840 8841<p> This feature is available in Postfix 2.2 and later. </p> 8842 8843%PARAM smtpd_tls_received_header no 8844 8845<p> Request that the Postfix SMTP server produces Received: message 8846headers that include information about the protocol and cipher used, 8847as well as the client CommonName and client certificate issuer 8848CommonName. This is disabled by default, as the information may 8849be modified in transit through other mail servers. Only information 8850that was recorded by the final destination can be trusted. </p> 8851 8852<p> This feature is available in Postfix 2.2 and later. </p> 8853 8854%PARAM smtpd_use_tls no 8855 8856<p> Opportunistic TLS: announce STARTTLS support to SMTP clients, 8857but do not require that clients use TLS encryption. </p> 8858 8859<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 8860STARTTLS due to insufficient privileges to access the server private 8861key. This is intended behavior. </p> 8862 8863<p> This feature is available in Postfix 2.2 and later. With 8864Postfix 2.3 and later use smtpd_tls_security_level instead. </p> 8865 8866%PARAM smtpd_enforce_tls no 8867 8868<p> Mandatory TLS: announce STARTTLS support to SMTP clients, 8869and require that clients use TLS encryption. According to RFC 2487 8870this MUST NOT be applied in case of a publicly-referenced SMTP 8871server. This option is off by default and should be used only on 8872dedicated servers. </p> 8873 8874<p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p> 8875 8876<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 8877STARTTLS due to insufficient privileges to access the server private 8878key. This is intended behavior. </p> 8879 8880<p> This feature is available in Postfix 2.2 and later. With 8881Postfix 2.3 and later use smtpd_tls_security_level instead. </p> 8882 8883%PARAM smtpd_tls_wrappermode no 8884 8885<p> Run the Postfix SMTP server in the non-standard "wrapper" mode, 8886instead of using the STARTTLS command. </p> 8887 8888<p> If you want to support this service, enable a special port in 8889master.cf, and specify "-o smtpd_tls_wrappermode=yes" on the SMTP 8890server's command line. Port 465 (smtps) was once chosen for this 8891purpose. </p> 8892 8893<p> This feature is available in Postfix 2.2 and later. </p> 8894 8895%PARAM smtpd_tls_ask_ccert no 8896 8897<p> Ask a remote SMTP client for a client certificate. This 8898information is needed for certificate based mail relaying with, 8899for example, the permit_tls_clientcerts feature. </p> 8900 8901<p> Some clients such as Netscape will either complain if no 8902certificate is available (for the list of CAs in $smtpd_tls_CAfile) 8903or will offer multiple client certificates to choose from. This 8904may be annoying, so this option is "off" by default. </p> 8905 8906<p> This feature is available in Postfix 2.2 and later. </p> 8907 8908%PARAM smtpd_tls_req_ccert no 8909 8910<p> With mandatory TLS encryption, require a trusted remote SMTP client 8911certificate in order to allow TLS connections to proceed. This 8912option implies "smtpd_tls_ask_ccert = yes". </p> 8913 8914<p> When TLS encryption is optional, this setting is ignored with 8915a warning written to the mail log. </p> 8916 8917<p> This feature is available in Postfix 2.2 and later. </p> 8918 8919%PARAM smtpd_tls_ccert_verifydepth 9 8920 8921<p> The verification depth for remote SMTP client certificates. A 8922depth of 1 is sufficient if the issuing CA is listed in a local CA 8923file. </p> 8924 8925<p> The default verification depth is 9 (the OpenSSL default) for 8926compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 8927the default value was 5, but the limit was not actually enforced. If 8928you have set this to a lower non-default value, certificates with longer 8929trust chains may now fail to verify. Certificate chains with 1 or 2 8930CAs are common, deeper chains are more rare and any number between 5 8931and 9 should suffice in practice. You can choose a lower number if, 8932for example, you trust certificates directly signed by an issuing CA 8933but not any CAs it delegates to. </p> 8934 8935<p> This feature is available in Postfix 2.2 and later. </p> 8936 8937%PARAM smtpd_tls_auth_only no 8938 8939<p> When TLS encryption is optional in the Postfix SMTP server, do 8940not announce or accept SASL authentication over unencrypted 8941connections. </p> 8942 8943<p> This feature is available in Postfix 2.2 and later. </p> 8944 8945%PARAM smtpd_tls_session_cache_database 8946 8947<p> Name of the file containing the optional Postfix SMTP server 8948TLS session cache. Specify a database type that supports enumeration, 8949such as <b>btree</b> or <b>sdbm</b>; there is no need to support 8950concurrent access. The file is created if it does not exist. The smtpd(8) 8951daemon does not use this parameter directly, rather the cache is 8952implemented indirectly in the tlsmgr(8) daemon. This means that 8953per-smtpd-instance master.cf overrides of this parameter are not 8954effective. Note, that each of the cache databases supported by tlsmgr(8) 8955daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database 8956(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to be 8957stored separately. It is not at this time possible to store multiple 8958caches in a single database. </p> 8959 8960<p> Note: <b>dbm</b> databases are not suitable. TLS 8961session objects are too large. </p> 8962 8963<p> As of version 2.5, Postfix no longer uses root privileges when 8964opening this file. The file should now be stored under the Postfix-owned 8965data_directory. As a migration aid, an attempt to open the file 8966under a non-Postfix directory is redirected to the Postfix-owned 8967data_directory, and a warning is logged. </p> 8968 8969<p> Example: </p> 8970 8971<pre> 8972smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache 8973</pre> 8974 8975<p> This feature is available in Postfix 2.2 and later. </p> 8976 8977%PARAM smtpd_tls_session_cache_timeout 3600s 8978 8979<p> The expiration time of Postfix SMTP server TLS session cache 8980information. A cache cleanup is performed periodically 8981every $smtpd_tls_session_cache_timeout seconds. As with 8982$smtpd_tls_session_cache_database, this parameter is implemented in the 8983tlsmgr(8) daemon and therefore per-smtpd-instance master.cf overrides 8984are not possible. </p> 8985 8986<p> This feature is available in Postfix 2.2 and later. </p> 8987 8988%PARAM relay_clientcerts 8989 8990<p> List of tables with remote SMTP client-certificate fingerprints 8991for which the Postfix SMTP server will allow access with the 8992permit_tls_clientcerts feature. 8993The fingerprint digest algorithm is configurable via the 8994smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 8995Postfix version 2.5). </p> 8996 8997<p> Postfix lookup tables are in the form of (key, value) pairs. 8998Since we only need the key, the value can be chosen freely, e.g. 8999the name of the user or host: 9000D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p> 9001 9002<p> Example: </p> 9003 9004<pre> 9005relay_clientcerts = hash:/etc/postfix/relay_clientcerts 9006</pre> 9007 9008<p>For more fine-grained control, use check_ccert_access to select 9009an appropriate access(5) policy for each client. 9010See RESTRICTION_CLASS_README.</p> 9011 9012<p>This feature is available with Postfix version 2.2.</p> 9013 9014%PARAM smtpd_tls_cipherlist 9015 9016<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS 9017cipher list. It is easy to create inter-operability problems by choosing 9018a non-default cipher list. Do not use a non-default TLS cipherlist for 9019MX hosts on the public Internet. Clients that begin the TLS handshake, 9020but are unable to agree on a common cipher, may not be able to send any 9021email to the SMTP server. Using a restricted cipher list may be more 9022appropriate for a dedicated MSA or an internal mailhub, where one can 9023exert some control over the TLS software and settings of the connecting 9024clients. </p> 9025 9026<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 9027 9028<p>This feature is available with Postfix version 2.2. It is not used with 9029Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. </p> 9030 9031%PARAM smtpd_tls_dh1024_param_file 9032 9033<p> File with DH parameters that the Postfix SMTP server should 9034use with EDH ciphers. </p> 9035 9036<p> Instead of using the exact same parameter sets as distributed 9037with other TLS packages, it is more secure to generate your own 9038set of parameters with something like the following command: </p> 9039 9040<blockquote> 9041<pre> 9042openssl gendh -out /etc/postfix/dh_1024.pem -2 1024 9043</pre> 9044</blockquote> 9045 9046<p> Your actual source for entropy may differ. Some systems have 9047/dev/random; on other system you may consider using the "Entropy 9048Gathering Daemon EGD", available at http://egd.sourceforge.net/ 9049</p> 9050 9051<p> Example: </p> 9052 9053<pre> 9054smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem 9055</pre> 9056 9057<p>This feature is available with Postfix version 2.2.</p> 9058 9059%PARAM smtpd_tls_dh512_param_file 9060 9061<p> File with DH parameters that the Postfix SMTP server should 9062use with EDH ciphers. </p> 9063 9064<p> See also the discussion under the smtpd_tls_dh1024_param_file 9065configuration parameter. </p> 9066 9067<p> Example: </p> 9068 9069<pre> 9070smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem 9071</pre> 9072 9073<p>This feature is available with Postfix version 2.2.</p> 9074 9075%PARAM smtpd_starttls_timeout see "postconf -d" output 9076 9077<p> The time limit for Postfix SMTP server write and read operations 9078during TLS startup and shutdown handshake procedures. The current 9079default value is stress-dependent. Before Postfix version 2.8, it 9080was fixed at 300s. </p> 9081 9082<p> This feature is available in Postfix 2.2 and later. </p> 9083 9084%PARAM smtp_tls_cert_file 9085 9086<p> File with the Postfix SMTP client RSA certificate in PEM format. 9087This file may also contain the Postfix SMTP client private RSA key, 9088and these may be the same as the Postfix SMTP server RSA certificate and key 9089file. </p> 9090 9091<p> Do not configure client certificates unless you <b>must</b> present 9092client TLS certificates to one or more servers. Client certificates are 9093not usually needed, and can cause problems in configurations that work 9094well without them. The recommended setting is to let the defaults stand: </p> 9095 9096<blockquote> 9097<pre> 9098smtp_tls_cert_file = 9099smtp_tls_key_file = 9100smtp_tls_dcert_file = 9101smtp_tls_dkey_file = 9102smtp_tls_eccert_file = 9103smtp_tls_eckey_file = 9104</pre> 9105</blockquote> 9106 9107<p> The best way to use the default settings is to comment out the above 9108parameters in main.cf if present. </p> 9109 9110<p> To enable remote SMTP servers to verify the Postfix SMTP client 9111certificate, the issuing CA certificates must be made available to the 9112server. You should include the required certificates in the client 9113certificate file, the client certificate first, then the issuing 9114CA(s) (bottom-up order). </p> 9115 9116<p> Example: the certificate for "client.example.com" was issued by 9117"intermediate CA" which itself has a certificate issued by "root CA". 9118Create the client.pem file with "cat client_cert.pem intermediate_CA.pem 9119root_CA.pem > client.pem". </p> 9120 9121<p> If you also want to verify remote SMTP server certificates issued by 9122these CAs, you can add the CA certificates to the smtp_tls_CAfile, in 9123which case it is not necessary to have them in the smtp_tls_cert_file, 9124smtp_tls_dcert_file or smtp_tls_eccert_file. </p> 9125 9126<p> A certificate supplied here must be usable as an SSL client certificate 9127and hence pass the "openssl verify -purpose sslclient ..." test. </p> 9128 9129<p> Example: </p> 9130 9131<pre> 9132smtp_tls_cert_file = /etc/postfix/client.pem 9133</pre> 9134 9135<p> This feature is available in Postfix 2.2 and later. </p> 9136 9137%PARAM smtp_tls_key_file $smtp_tls_cert_file 9138 9139<p> File with the Postfix SMTP client RSA private key in PEM format. 9140This file may be combined with the Postfix SMTP client RSA certificate 9141file specified with $smtp_tls_cert_file. </p> 9142 9143<p> The private key must be accessible without a pass-phrase, i.e. it 9144must not be encrypted. File permissions should grant read-only 9145access to the system superuser account ("root"), and no access 9146to anyone else. </p> 9147 9148<p> Example: </p> 9149 9150<pre> 9151smtp_tls_key_file = $smtp_tls_cert_file 9152</pre> 9153 9154<p> This feature is available in Postfix 2.2 and later. </p> 9155 9156%PARAM smtp_tls_CAfile 9157 9158<p> A file containing CA certificates of root CAs trusted to sign 9159either remote SMTP server certificates or intermediate CA certificates. 9160These are loaded into memory before the smtp(8) client enters the 9161chroot jail. If the number of trusted roots is large, consider using 9162smtp_tls_CApath instead, but note that the latter directory must be 9163present in the chroot jail if the smtp(8) client is chrooted. This 9164file may also be used to augment the client certificate trust chain, 9165but it is best to include all the required certificates directly in 9166$smtp_tls_cert_file. </p> 9167 9168<p> Specify "tls_append_default_CA = no" to prevent Postfix from 9169appending the system-supplied default CAs and trusting third-party 9170certificates. </p> 9171 9172<p> Example: </p> 9173 9174<pre> 9175smtp_tls_CAfile = /etc/postfix/CAcert.pem 9176</pre> 9177 9178<p> This feature is available in Postfix 2.2 and later. </p> 9179 9180%PARAM smtp_tls_CApath 9181 9182<p> Directory with PEM format certificate authority certificates 9183that the Postfix SMTP client uses to verify a remote SMTP server 9184certificate. Don't forget to create the necessary "hash" links 9185with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 9186</p> 9187 9188<p> To use this option in chroot mode, this directory (or a copy) 9189must be inside the chroot jail. </p> 9190 9191<p> Specify "tls_append_default_CA = no" to prevent Postfix from 9192appending the system-supplied default CAs and trusting third-party 9193certificates. </p> 9194 9195<p> Example: </p> 9196 9197<pre> 9198smtp_tls_CApath = /etc/postfix/certs 9199</pre> 9200 9201<p> This feature is available in Postfix 2.2 and later. </p> 9202 9203%PARAM smtp_tls_loglevel 0 9204 9205<p> Enable additional Postfix SMTP client logging of TLS activity. 9206Each logging level also includes the information that is logged at 9207a lower logging level. </p> 9208 9209<dl compact> 9210 9211<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 9212 9213<dt> </dt> <dd> 1 Log TLS handshake and certificate information. </dd> 9214 9215<dt> </dt> <dd> 2 Log levels during TLS negotiation. </dd> 9216 9217<dt> </dt> <dd> 3 Log hexadecimal and ASCII dump of TLS negotiation 9218process. </dd> 9219 9220<dt> </dt> <dd> 4 Log hexadecimal and ASCII dump of complete 9221transmission after STARTTLS. </dd> 9222 9223</dl> 9224 9225<p> Use "smtp_tls_loglevel = 3" only in case of problems. Use of 9226loglevel 4 is strongly discouraged. </p> 9227 9228<p> This feature is available in Postfix 2.2 and later. </p> 9229 9230%PARAM smtp_tls_session_cache_database 9231 9232<p> Name of the file containing the optional Postfix SMTP client 9233TLS session cache. Specify a database type that supports enumeration, 9234such as <b>btree</b> or <b>sdbm</b>; there is no need to support 9235concurrent access. The file is created if it does not exist. The smtp(8) 9236daemon does not use this parameter directly, rather the cache is 9237implemented indirectly in the tlsmgr(8) daemon. This means that 9238per-smtp-instance master.cf overrides of this parameter are not effective. 9239Note, that each of the cache databases supported by tlsmgr(8) daemon: 9240$smtpd_tls_session_cache_database, $smtp_tls_session_cache_database 9241(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to 9242be stored separately. It is not at this time possible to store multiple 9243caches in a single database. </p> 9244 9245<p> Note: <b>dbm</b> databases are not suitable. TLS 9246session objects are too large. </p> 9247 9248<p> As of version 2.5, Postfix no longer uses root privileges when 9249opening this file. The file should now be stored under the Postfix-owned 9250data_directory. As a migration aid, an attempt to open the file 9251under a non-Postfix directory is redirected to the Postfix-owned 9252data_directory, and a warning is logged. </p> 9253 9254<p> Example: </p> 9255 9256<pre> 9257smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache 9258</pre> 9259 9260<p> This feature is available in Postfix 2.2 and later. </p> 9261 9262%PARAM smtp_tls_session_cache_timeout 3600s 9263 9264<p> The expiration time of Postfix SMTP client TLS session cache 9265information. A cache cleanup is performed periodically 9266every $smtp_tls_session_cache_timeout seconds. As with 9267$smtp_tls_session_cache_database, this parameter is implemented in the 9268tlsmgr(8) daemon and therefore per-smtp-instance master.cf overrides 9269are not possible. </p> 9270 9271<p> This feature is available in Postfix 2.2 and later. </p> 9272 9273%PARAM smtp_use_tls no 9274 9275<p> Opportunistic mode: use TLS when a remote SMTP server announces 9276STARTTLS support, otherwise send the mail in the clear. Beware: 9277some SMTP servers offer STARTTLS even if it is not configured. With 9278Postfix < 2.3, if the TLS handshake fails, and no other server is 9279available, delivery is deferred and mail stays in the queue. If this 9280is a concern for you, use the smtp_tls_per_site feature instead. </p> 9281 9282<p> This feature is available in Postfix 2.2 and later. With 9283Postfix 2.3 and later use smtp_tls_security_level instead. </p> 9284 9285%PARAM smtp_enforce_tls no 9286 9287<p> Enforcement mode: require that remote SMTP servers use TLS 9288encryption, and never send mail in the clear. This also requires 9289that the remote SMTP server hostname matches the information in 9290the remote server certificate, and that the remote SMTP server 9291certificate was issued by a CA that is trusted by the Postfix SMTP 9292client. If the certificate doesn't verify or the hostname doesn't 9293match, delivery is deferred and mail stays in the queue. </p> 9294 9295<p> The server hostname is matched against all names provided as 9296dNSNames in the SubjectAlternativeName. If no dNSNames are specified, 9297the CommonName is checked. The behavior may be changed with the 9298smtp_tls_enforce_peername option. </p> 9299 9300<p> This option is useful only if you are definitely sure that you 9301will only connect to servers that support RFC 2487 _and_ that 9302provide valid server certificates. Typical use is for clients that 9303send all their email to a dedicated mailhub. </p> 9304 9305<p> This feature is available in Postfix 2.2 and later. With 9306Postfix 2.3 and later use smtp_tls_security_level instead. </p> 9307 9308%PARAM smtp_tls_enforce_peername yes 9309 9310<p> With mandatory TLS encryption, require that the remote SMTP 9311server hostname matches the information in the remote SMTP server 9312certificate. As of RFC 2487 the requirements for hostname checking 9313for MTA clients are not specified. </p> 9314 9315<p> This option can be set to "no" to disable strict peer name 9316checking. This setting has no effect on sessions that are controlled 9317via the smtp_tls_per_site table. </p> 9318 9319<p> Disabling the hostname verification can make sense in closed 9320environment where special CAs are created. If not used carefully, 9321this option opens the danger of a "man-in-the-middle" attack (the 9322CommonName of this attacker will be logged). </p> 9323 9324<p> This feature is available in Postfix 2.2 and later. With 9325Postfix 2.3 and later use smtp_tls_security_level instead. </p> 9326 9327%PARAM smtp_tls_per_site 9328 9329<p> Optional lookup tables with the Postfix SMTP client TLS usage 9330policy by next-hop destination and by remote SMTP server hostname. 9331When both lookups succeed, the more specific per-site policy (NONE, 9332MUST, etc) overrides the less specific one (MAY), and the more secure 9333per-site policy (MUST, etc) overrides the less secure one (NONE). 9334With Postfix 2.3 and later smtp_tls_per_site is strongly discouraged: 9335use smtp_tls_policy_maps instead. </p> 9336 9337<p> Use of the bare hostname as the per-site table lookup key is 9338discouraged. Always use the full destination nexthop (enclosed in 9339[] with a possible ":port" suffix). A recipient domain or MX-enabled 9340transport next-hop with no port suffix may look like a bare hostname, 9341but is still a suitable <i>destination</i>. </p> 9342 9343<p> Specify a next-hop destination or server hostname on the left-hand 9344side; no wildcards are allowed. The next-hop destination is either 9345the recipient domain, or the destination specified with a transport(5) 9346table, the relayhost parameter, or the relay_transport parameter. 9347On the right hand side specify one of the following keywords: </p> 9348 9349<dl> 9350 9351<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less 9352specific <b>MAY</b> lookup result from the alternate host or next-hop 9353lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls, 9354and smtp_tls_enforce_peername settings. </dd> 9355 9356<dt> MAY </dt> <dd> Try to use TLS if the server announces support, 9357otherwise use the unencrypted connection. This has less precedence 9358than a more specific result (including <b>NONE</b>) from the alternate 9359host or next-hop lookup key, and has less precedence than the more 9360specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername 9361= yes". </dd> 9362 9363<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not 9364require that the remote SMTP server hostname matches the information 9365in the remote SMTP server certificate, or that the server certificate 9366was issued by a trusted CA. This overrides a less secure <b>NONE</b> 9367or a less specific <b>MAY</b> lookup result from the alternate host 9368or next-hop lookup key, and overrides the global smtp_use_tls, 9369smtp_enforce_tls and smtp_tls_enforce_peername settings. </dd> 9370 9371<dt> MUST </dt> <dd> Require TLS encryption, require that the remote 9372SMTP server hostname matches the information in the remote SMTP 9373server certificate, and require that the remote SMTP server certificate 9374was issued by a trusted CA. This overrides a less secure <b>NONE</b> 9375and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup 9376result from the alternate host or next-hop lookup key, and overrides 9377the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername 9378settings. </dd> 9379 9380</dl> 9381 9382<p> The above keywords correspond to the "none", "may", "encrypt" and 9383"verify" security levels for the new smtp_tls_security_level parameter 9384introduced in Postfix 2.3. Starting with Postfix 2.3, and independently 9385of how the policy is specified, the smtp_tls_mandatory_ciphers and 9386smtp_tls_mandatory_protocols parameters apply when TLS encryption 9387is mandatory. Connections for which encryption is optional typically 9388enable all "export" grade and better ciphers (see smtp_tls_ciphers 9389and smtp_tls_protocols). </p> 9390 9391<p> As long as no secure DNS lookup mechanism is available, false 9392hostnames in MX or CNAME responses can change the server hostname 9393that Postfix uses for TLS policy lookup and server certificate 9394verification. Even with a perfect match between the server hostname and 9395the server certificate, there is no guarantee that Postfix is connected 9396to the right server. See TLS_README (Closing a DNS loophole with obsolete 9397per-site TLS policies) for a possible work-around. </p> 9398 9399<p> This feature is available in Postfix 2.2 and later. With 9400Postfix 2.3 and later use smtp_tls_policy_maps instead. </p> 9401 9402%PARAM smtp_tls_scert_verifydepth 9 9403 9404<p> The verification depth for remote SMTP server certificates. A depth 9405of 1 is sufficient if the issuing CA is listed in a local CA file. </p> 9406 9407<p> The default verification depth is 9 (the OpenSSL default) for 9408compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 9409the default value was 5, but the limit was not actually enforced. If 9410you have set this to a lower non-default value, certificates with longer 9411trust chains may now fail to verify. Certificate chains with 1 or 2 9412CAs are common, deeper chains are more rare and any number between 5 9413and 9 should suffice in practice. You can choose a lower number if, 9414for example, you trust certificates directly signed by an issuing CA 9415but not any CAs it delegates to. </p> 9416 9417<p> This feature is available in Postfix 2.2 and later. </p> 9418 9419%PARAM smtp_tls_note_starttls_offer no 9420 9421<p> Log the hostname of a remote SMTP server that offers STARTTLS, 9422when TLS is not already enabled for that server. </p> 9423 9424<p> The logfile record looks like: </p> 9425 9426<pre> 9427postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] 9428</pre> 9429 9430<p> This feature is available in Postfix 2.2 and later. </p> 9431 9432%PARAM smtp_tls_cipherlist 9433 9434<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 9435cipher list. As this feature applies to all TLS security levels, it is easy 9436to create inter-operability problems by choosing a non-default cipher 9437list. Do not use a non-default TLS cipher list on hosts that deliver email 9438to the public Internet: you will be unable to send email to servers that 9439only support the ciphers you exclude. Using a restricted cipher list 9440may be more appropriate for an internal MTA, where one can exert some 9441control over the TLS software and settings of the peer servers. </p> 9442 9443<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 9444 9445<p> This feature is available in Postfix version 2.2. It is not used with 9446Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead. </p> 9447 9448%PARAM smtp_starttls_timeout 300s 9449 9450<p> Time limit for Postfix SMTP client write and read operations 9451during TLS startup and shutdown handshake procedures. </p> 9452 9453<p> This feature is available in Postfix 2.2 and later. </p> 9454 9455%PARAM smtp_tls_dkey_file $smtp_tls_dcert_file 9456 9457<p> File with the Postfix SMTP client DSA private key in PEM format. 9458This file may be combined with the Postfix SMTP client DSA certificate 9459file specified with $smtp_tls_dcert_file. </p> 9460 9461<p> The private key must be accessible without a pass-phrase, i.e. it 9462must not be encrypted. File permissions should grant read-only 9463access to the system superuser account ("root"), and no access 9464to anyone else. </p> 9465 9466<p> This feature is available in Postfix 2.2 and later. </p> 9467 9468%PARAM smtp_tls_dcert_file 9469 9470<p> File with the Postfix SMTP client DSA certificate in PEM format. 9471This file may also contain the Postfix SMTP client private DSA key. </p> 9472 9473<p> See the discussion under smtp_tls_cert_file for more details. 9474</p> 9475 9476<p> Example: </p> 9477 9478<pre> 9479smtp_tls_dcert_file = /etc/postfix/client-dsa.pem 9480</pre> 9481 9482<p> This feature is available in Postfix 2.2 and later. </p> 9483 9484%PARAM tls_append_default_CA no 9485 9486<p> Append the system-supplied default certificate authority 9487certificates to the ones specified with *_tls_CApath or *_tls_CAfile. 9488The default is "no"; this prevents Postfix from trusting third-party 9489certificates and giving them relay permission with 9490permit_tls_all_clientcerts. </p> 9491 9492<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, 94932.7.2 and later versions. Specify "tls_append_default_CA = yes" for 9494backwards compatibility, to avoid breaking certificate verification 9495with sites that don't use permit_tls_all_clientcerts. </p> 9496 9497%PARAM tls_random_exchange_name see "postconf -d" output 9498 9499<p> Name of the pseudo random number generator (PRNG) state file 9500that is maintained by tlsmgr(8). The file is created when it does 9501not exist, and its length is fixed at 1024 bytes. </p> 9502 9503<p> As of version 2.5, Postfix no longer uses root privileges when 9504opening this file, and the default file location was changed from 9505${config_directory}/prng_exch to ${data_directory}/prng_exch. As 9506a migration aid, an attempt to open the file under a non-Postfix 9507directory is redirected to the Postfix-owned data_directory, and a 9508warning is logged. </p> 9509 9510<p> This feature is available in Postfix 2.2 and later. </p> 9511 9512%PARAM tls_random_source see "postconf -d" output 9513 9514<p> The external entropy source for the in-memory tlsmgr(8) pseudo 9515random number generator (PRNG) pool. Be sure to specify a non-blocking 9516source. If this source is not a regular file, the entropy source 9517type must be prepended: egd:/path/to/egd_socket for a source with 9518EGD compatible socket interface, or dev:/path/to/device for a 9519device file. </p> 9520 9521<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom 9522gives timeout errors. </p> 9523 9524<p> This feature is available in Postfix 2.2 and later. </p> 9525 9526%PARAM tls_random_bytes 32 9527 9528<p> The number of bytes that tlsmgr(8) reads from $tls_random_source 9529when (re)seeding the in-memory pseudo random number generator (PRNG) 9530pool. The default of 32 bytes (256 bits) is good enough for 128bit 9531symmetric keys. If using EGD or a device file, a maximum of 255 9532bytes is read. </p> 9533 9534<p> This feature is available in Postfix 2.2 and later. </p> 9535 9536%PARAM tls_random_reseed_period 3600s 9537 9538<p> The maximal time between attempts by tlsmgr(8) to re-seed the 9539in-memory pseudo random number generator (PRNG) pool from external 9540sources. The actual time between re-seeding attempts is calculated 9541using the PRNG, and is between 0 and the time specified. </p> 9542 9543<p> This feature is available in Postfix 2.2 and later. </p> 9544 9545%PARAM tls_random_prng_update_period 3600s 9546 9547<p> The time between attempts by tlsmgr(8) to save the state of 9548the pseudo random number generator (PRNG) to the file specified 9549with $tls_random_exchange_name. </p> 9550 9551<p> This feature is available in Postfix 2.2 and later. </p> 9552 9553%PARAM tls_daemon_random_bytes 32 9554 9555<p> The number of pseudo-random bytes that an smtp(8) or smtpd(8) 9556process requests from the tlsmgr(8) server in order to seed its 9557internal pseudo random number generator (PRNG). The default of 32 9558bytes (equivalent to 256 bits) is sufficient to generate a 128bit 9559(or 168bit) session key. </p> 9560 9561<p> This feature is available in Postfix 2.2 and later. </p> 9562 9563%PARAM smtp_sasl_tls_security_options $smtp_sasl_security_options 9564 9565<p> The SASL authentication security options that the Postfix SMTP 9566client uses for TLS encrypted SMTP sessions. </p> 9567 9568<p> This feature is available in Postfix 2.2 and later. </p> 9569 9570%PARAM smtpd_sasl_tls_security_options $smtpd_sasl_security_options 9571 9572<p> The SASL authentication security options that the Postfix SMTP 9573server uses for TLS encrypted SMTP sessions. </p> 9574 9575<p> This feature is available in Postfix 2.2 and later. </p> 9576 9577%PARAM smtp_generic_maps 9578 9579<p> Optional lookup tables that perform address rewriting in the 9580SMTP client, typically to transform a locally valid address into 9581a globally valid address when sending mail across the Internet. 9582This is needed when the local machine does not have its own Internet 9583domain name, but uses something like <i>localdomain.local</i> 9584instead. </p> 9585 9586<p> The table format and lookups are documented in generic(5); 9587examples are shown in the ADDRESS_REWRITING_README and 9588STANDARD_CONFIGURATION_README documents. </p> 9589 9590<p> This feature is available in Postfix 2.2 and later. </p> 9591 9592%PARAM message_reject_characters 9593 9594<p> The set of characters that Postfix will reject in message 9595content. The usual C-like escape sequences are recognized: <tt>\a 9596\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 9597<tt>\\</tt>. </p> 9598 9599<p> Example: </p> 9600 9601<pre> 9602message_reject_characters = \0 9603</pre> 9604 9605<p> This feature is available in Postfix 2.3 and later. </p> 9606 9607%PARAM message_strip_characters 9608 9609<p> The set of characters that Postfix will remove from message 9610content. The usual C-like escape sequences are recognized: <tt>\a 9611\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 9612<tt>\\</tt>. </p> 9613 9614<p> Example: </p> 9615 9616<pre> 9617message_strip_characters = \0 9618</pre> 9619 9620<p> This feature is available in Postfix 2.3 and later. </p> 9621 9622%PARAM frozen_delivered_to yes 9623 9624<p> Update the local(8) delivery agent's idea of the Delivered-To: 9625address (see prepend_delivered_header) only once, at the start of 9626a delivery attempt; do not update the Delivered-To: address while 9627expanding aliases or .forward files. </p> 9628 9629<p> This feature is available in Postfix 2.3 and later. With older 9630Postfix releases, the behavior is as if this parameter is set to 9631"no". The old setting can be expensive with deeply nested aliases 9632or .forward files. When an alias or .forward file changes the 9633Delivered-To: address, it ties up one queue file and one cleanup 9634process instance while mail is being forwarded. </p> 9635 9636%PARAM smtpd_peername_lookup yes 9637 9638<p> Attempt to look up the remote SMTP client hostname, and verify that 9639the name matches the client IP address. A client name is set to 9640"unknown" when it cannot be looked up or verified, or when name 9641lookup is disabled. Turning off name lookup reduces delays due to 9642DNS lookup and increases the maximal inbound delivery rate. </p> 9643 9644<p> This feature is available in Postfix 2.3 and later. </p> 9645 9646%PARAM delay_logging_resolution_limit 2 9647 9648<p> The maximal number of digits after the decimal point when logging 9649sub-second delay values. Specify a number in the range 0..6. </p> 9650 9651<p> Large delay values are rounded off to an integral number seconds; 9652delay values below the delay_logging_resolution_limit are logged 9653as "0", and small delay values are logged with at most two-digit 9654precision. </p> 9655 9656<p> The format of the "delays=a/b/c/d" logging is as follows: </p> 9657 9658<ul> 9659 9660<li> a = time from message arrival to last active queue entry 9661 9662<li> b = time from last active queue entry to connection setup 9663 9664<li> c = time in connection setup, including DNS, EHLO and STARTTLS 9665 9666<li> d = time in message transmission 9667 9668</ul> 9669 9670<p> This feature is available in Postfix 2.3 and later. </p> 9671 9672%PARAM bounce_template_file 9673 9674<p> Pathname of a configuration file with bounce message templates. 9675These override the built-in templates of delivery status notification 9676(DSN) messages for undeliverable mail, for delayed mail, successful 9677delivery, or delivery verification. The bounce(5) manual page 9678describes how to edit and test template files. </p> 9679 9680<p> Template message body text may contain $name references to 9681Postfix configuration parameters. The result of $name expansion can 9682be previewed with "<b>postconf -b <i>file_name</i></b>" before the file 9683is placed into the Postfix configuration directory. </p> 9684 9685<p> This feature is available in Postfix 2.3 and later. </p> 9686 9687%PARAM sender_dependent_relayhost_maps 9688 9689<p> A sender-dependent override for the global relayhost parameter 9690setting. The tables are searched by the envelope sender address and 9691@domain. A lookup result of DUNNO terminates the search without 9692overriding the global relayhost parameter setting (Postfix 2.6 and 9693later). This information is overruled with relay_transport, 9694sender_dependent_default_transport_maps, default_transport and with 9695the transport(5) table. </p> 9696 9697<p> For safety reasons, this feature does not allow $number 9698substitutions in regular expression maps. </p> 9699 9700<p> 9701This feature is available in Postfix 2.3 and later. 9702</p> 9703 9704%PARAM empty_address_relayhost_maps_lookup_key <> 9705 9706<p> The sender_dependent_relayhost_maps search string that will be 9707used instead of the null sender address. </p> 9708 9709<p> This feature is available in Postfix 2.5 and later. With 9710earlier versions, sender_dependent_relayhost_maps lookups were 9711skipped for the null sender address. </p> 9712 9713%PARAM address_verify_sender_dependent_relayhost_maps $sender_dependent_relayhost_maps 9714 9715<p> 9716Overrides the sender_dependent_relayhost_maps parameter setting for address 9717verification probes. 9718</p> 9719 9720<p> 9721This feature is available in Postfix 2.3 and later. 9722</p> 9723 9724%PARAM smtp_sender_dependent_authentication no 9725 9726<p> 9727Enable sender-dependent authentication in the Postfix SMTP client; this is 9728available only with SASL authentication, and disables SMTP connection 9729caching to ensure that mail from different senders will use the 9730appropriate credentials. </p> 9731 9732<p> 9733This feature is available in Postfix 2.3 and later. 9734</p> 9735 9736%PARAM lmtp_lhlo_name $myhostname 9737 9738<p> 9739The hostname to send in the LMTP LHLO command. 9740</p> 9741 9742<p> 9743The default value is the machine hostname. Specify a hostname or 9744[ip.add.re.ss]. 9745</p> 9746 9747<p> 9748This information can be specified in the main.cf file for all LMTP 9749clients, or it can be specified in the master.cf file for a specific 9750client, for example: 9751</p> 9752 9753<blockquote> 9754<pre> 9755/etc/postfix/master.cf: 9756 mylmtp ... lmtp -o lmtp_lhlo_name=foo.bar.com 9757</pre> 9758</blockquote> 9759 9760<p> 9761This feature is available in Postfix 2.3 and later. 9762</p> 9763 9764%PARAM lmtp_discard_lhlo_keyword_address_maps 9765 9766<p> Lookup tables, indexed by the remote LMTP server address, with 9767case insensitive lists of LHLO keywords (pipelining, starttls, 9768auth, etc.) that the LMTP client will ignore in the LHLO response 9769from a remote LMTP server. See lmtp_discard_lhlo_keywords for 9770details. The table is not indexed by hostname for consistency with 9771smtpd_discard_ehlo_keyword_address_maps. </p> 9772 9773<p> This feature is available in Postfix 2.3 and later. </p> 9774 9775%PARAM lmtp_discard_lhlo_keywords 9776 9777<p> A case insensitive list of LHLO keywords (pipelining, starttls, 9778auth, etc.) that the LMTP client will ignore in the LHLO response 9779from a remote LMTP server. </p> 9780 9781<p> This feature is available in Postfix 2.3 and later. </p> 9782 9783<p> Notes: </p> 9784 9785<ul> 9786 9787<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 9788this action from being logged. </p> 9789 9790<li> <p> Use the lmtp_discard_lhlo_keyword_address_maps feature to 9791discard LHLO keywords selectively. </p> 9792 9793</ul> 9794 9795%PARAM lmtp_lhlo_timeout 300s 9796 9797<p> The LMTP client time limit for sending the LHLO command, and 9798for receiving the initial server response. </p> 9799 9800<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 9801(weeks). The default time unit is s (seconds). </p> 9802 9803%PARAM lmtp_sasl_tls_security_options $lmtp_sasl_security_options 9804 9805<p> The LMTP-specific version of the smtp_sasl_tls_security_options 9806configuration parameter. See there for details. </p> 9807 9808<p> This feature is available in Postfix 2.3 and later. </p> 9809 9810%PARAM lmtp_sasl_mechanism_filter 9811 9812<p> The LMTP-specific version of the smtp_sasl_mechanism_filter 9813configuration parameter. See there for details. </p> 9814 9815<p> This feature is available in Postfix 2.3 and later. </p> 9816 9817%PARAM lmtp_bind_address 9818 9819<p> The LMTP-specific version of the smtp_bind_address configuration 9820parameter. See there for details. </p> 9821 9822<p> This feature is available in Postfix 2.3 and later. </p> 9823 9824%PARAM lmtp_bind_address6 9825 9826<p> The LMTP-specific version of the smtp_bind_address6 configuration 9827parameter. See there for details. </p> 9828 9829<p> This feature is available in Postfix 2.3 and later. </p> 9830 9831%PARAM lmtp_host_lookup dns 9832 9833<p> The LMTP-specific version of the smtp_host_lookup configuration 9834parameter. See there for details. </p> 9835 9836<p> This feature is available in Postfix 2.3 and later. </p> 9837 9838%PARAM lmtp_connection_cache_destinations 9839 9840<p> The LMTP-specific version of the smtp_connection_cache_destinations 9841configuration parameter. See there for details. </p> 9842 9843<p> This feature is available in Postfix 2.3 and later. </p> 9844 9845%PARAM lmtp_tls_per_site 9846 9847<p> The LMTP-specific version of the smtp_tls_per_site configuration 9848parameter. See there for details. </p> 9849 9850<p> This feature is available in Postfix 2.3 and later. </p> 9851 9852%PARAM lmtp_generic_maps 9853 9854<p> The LMTP-specific version of the smtp_generic_maps configuration 9855parameter. See there for details. </p> 9856 9857<p> This feature is available in Postfix 2.3 and later. </p> 9858 9859%PARAM lmtp_pix_workaround_threshold_time 500s 9860 9861<p> The LMTP-specific version of the smtp_pix_workaround_threshold_time 9862configuration parameter. See there for details. </p> 9863 9864<p> This feature is available in Postfix 2.3 and later. </p> 9865 9866%PARAM lmtp_pix_workaround_delay_time 10s 9867 9868<p> The LMTP-specific version of the smtp_pix_workaround_delay_time 9869configuration parameter. See there for details. </p> 9870 9871<p> This feature is available in Postfix 2.3 and later. </p> 9872 9873%PARAM lmtp_connection_reuse_time_limit 300s 9874 9875<p> The LMTP-specific version of the smtp_connection_reuse_time_limit 9876configuration parameter. See there for details. </p> 9877 9878<p> This feature is available in Postfix 2.3 and later. </p> 9879 9880%PARAM lmtp_starttls_timeout 300s 9881 9882<p> The LMTP-specific version of the smtp_starttls_timeout configuration 9883parameter. See there for details. </p> 9884 9885<p> This feature is available in Postfix 2.3 and later. </p> 9886 9887%PARAM lmtp_line_length_limit 990 9888 9889<p> The LMTP-specific version of the smtp_line_length_limit 9890configuration parameter. See there for details. </p> 9891 9892<p> This feature is available in Postfix 2.3 and later. </p> 9893 9894%PARAM lmtp_mx_address_limit 5 9895 9896<p> The LMTP-specific version of the smtp_mx_address_limit configuration 9897parameter. See there for details. </p> 9898 9899<p> This feature is available in Postfix 2.3 and later. </p> 9900 9901%PARAM lmtp_mx_session_limit 2 9902 9903<p> The LMTP-specific version of the smtp_mx_session_limit configuration 9904parameter. See there for details. </p> 9905 9906<p> This feature is available in Postfix 2.3 and later. </p> 9907 9908%PARAM lmtp_tls_scert_verifydepth 9 9909 9910<p> The LMTP-specific version of the smtp_tls_scert_verifydepth 9911configuration parameter. See there for details. </p> 9912 9913<p> This feature is available in Postfix 2.3 and later. </p> 9914 9915%PARAM lmtp_skip_5xx_greeting yes 9916 9917<p> The LMTP-specific version of the smtp_skip_5xx_greeting 9918configuration parameter. See there for details. </p> 9919 9920<p> This feature is available in Postfix 2.3 and later. </p> 9921 9922%PARAM lmtp_randomize_addresses yes 9923 9924<p> The LMTP-specific version of the smtp_randomize_addresses 9925configuration parameter. See there for details. </p> 9926 9927<p> This feature is available in Postfix 2.3 and later. </p> 9928 9929%PARAM lmtp_quote_rfc821_envelope yes 9930 9931<p> The LMTP-specific version of the smtp_quote_rfc821_envelope 9932configuration parameter. See there for details. </p> 9933 9934<p> This feature is available in Postfix 2.3 and later. </p> 9935 9936%PARAM lmtp_defer_if_no_mx_address_found no 9937 9938<p> The LMTP-specific version of the smtp_defer_if_no_mx_address_found 9939configuration parameter. See there for details. </p> 9940 9941<p> This feature is available in Postfix 2.3 and later. </p> 9942 9943%PARAM lmtp_connection_cache_on_demand yes 9944 9945<p> The LMTP-specific version of the smtp_connection_cache_on_demand 9946configuration parameter. See there for details. </p> 9947 9948<p> This feature is available in Postfix 2.3 and later. </p> 9949 9950%PARAM lmtp_use_tls no 9951 9952<p> The LMTP-specific version of the smtp_use_tls configuration 9953parameter. See there for details. </p> 9954 9955<p> This feature is available in Postfix 2.3 and later. </p> 9956 9957%PARAM lmtp_enforce_tls no 9958 9959<p> The LMTP-specific version of the smtp_enforce_tls configuration 9960parameter. See there for details. </p> 9961 9962<p> This feature is available in Postfix 2.3 and later. </p> 9963 9964%PARAM lmtp_tls_security_level 9965 9966<p> The LMTP-specific version of the smtp_tls_security_level configuration 9967parameter. See there for details. </p> 9968 9969<p> This feature is available in Postfix 2.3 and later. </p> 9970 9971%PARAM lmtp_tls_enforce_peername yes 9972 9973<p> The LMTP-specific version of the smtp_tls_enforce_peername 9974configuration parameter. See there for details. </p> 9975 9976<p> This feature is available in Postfix 2.3 and later. </p> 9977 9978%PARAM lmtp_tls_note_starttls_offer no 9979 9980<p> The LMTP-specific version of the smtp_tls_note_starttls_offer 9981configuration parameter. See there for details. </p> 9982 9983<p> This feature is available in Postfix 2.3 and later. </p> 9984 9985%PARAM lmtp_sender_dependent_authentication no 9986 9987<p> The LMTP-specific version of the smtp_sender_dependent_authentication 9988configuration parameter. See there for details. </p> 9989 9990<p> This feature is available in Postfix 2.3 and later. </p> 9991 9992%PARAM connection_cache_protocol_timeout 5s 9993 9994<p> Time limit for connection cache connect, send or receive 9995operations. The time limit is enforced in the client. </p> 9996 9997<p> This feature is available in Postfix 2.3 and later. </p> 9998 9999%PARAM smtpd_sasl_type cyrus 10000 10001<p> The SASL plug-in type that the Postfix SMTP server should use 10002for authentication. The available types are listed with the 10003"<b>postconf -a</b>" command. </p> 10004 10005<p> This feature is available in Postfix 2.3 and later. </p> 10006 10007%PARAM smtp_sasl_type cyrus 10008 10009<p> The SASL plug-in type that the Postfix SMTP client should use 10010for authentication. The available types are listed with the 10011"<b>postconf -A</b>" command. </p> 10012 10013<p> This feature is available in Postfix 2.3 and later. </p> 10014 10015 10016%PARAM lmtp_sasl_type cyrus 10017 10018<p> The SASL plug-in type that the Postfix LMTP client should use 10019for authentication. The available types are listed with the 10020"<b>postconf -A</b>" command. </p> 10021 10022<p> This feature is available in Postfix 2.3 and later. </p> 10023 10024%PARAM smtpd_sasl_path smtpd 10025 10026<p> Implementation-specific information that the Postfix SMTP server 10027passes through to 10028the SASL plug-in implementation that is selected with 10029<b>smtpd_sasl_type</b>. Typically this specifies the name of a 10030configuration file or rendezvous point. </p> 10031 10032<p> This feature is available in Postfix 2.3 and later. In earlier 10033releases it was called <b>smtpd_sasl_application_name</b>. </p> 10034 10035%PARAM cyrus_sasl_config_path 10036 10037<p> Search path for Cyrus SASL application configuration files, 10038currently used only to locate the $smtpd_sasl_path.conf file. 10039Specify zero or more directories separated by a colon character, 10040or an empty value to use Cyrus SASL's built-in search path. </p> 10041 10042<p> This feature is available in Postfix 2.5 and later when compiled 10043with Cyrus SASL 2.1.22 or later. </p> 10044 10045%PARAM smtp_sasl_path 10046 10047<p> Implementation-specific information that the Postfix SMTP client 10048passes through to 10049the SASL plug-in implementation that is selected with 10050<b>smtp_sasl_type</b>. Typically this specifies the name of a 10051configuration file or rendezvous point. </p> 10052 10053<p> This feature is available in Postfix 2.3 and later. </p> 10054 10055%PARAM lmtp_sasl_path 10056 10057<p> Implementation-specific information that is passed through to 10058the SASL plug-in implementation that is selected with 10059<b>lmtp_sasl_type</b>. Typically this specifies the name of a 10060configuration file or rendezvous point. </p> 10061 10062<p> This feature is available in Postfix 2.3 and later. </p> 10063 10064%PARAM plaintext_reject_code 450 10065 10066<p> 10067The numerical Postfix SMTP server response code when a request 10068is rejected by the <b>reject_plaintext_session</b> restriction. 10069</p> 10070 10071<p> This feature is available in Postfix 2.3 and later. </p> 10072 10073%PARAM resolve_numeric_domain no 10074 10075<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of 10076rejecting the address as invalid. </p> 10077 10078<p> This feature is available in Postfix 2.3 and later. 10079 10080%PARAM mailbox_transport_maps 10081 10082<p> Optional lookup tables with per-recipient message delivery 10083transports to use for local(8) mailbox delivery, whether or not the 10084recipients are found in the UNIX passwd database. </p> 10085 10086<p> The precedence of local(8) delivery features from high to low 10087is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 10088mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 10089fallback_transport_maps, fallback_transport and luser_relay. </p> 10090 10091<p> For safety reasons, this feature does not allow $number 10092substitutions in regular expression maps. </p> 10093 10094<p> This feature is available in Postfix 2.3 and later. </p> 10095 10096%PARAM fallback_transport_maps 10097 10098<p> Optional lookup tables with per-recipient message delivery 10099transports for recipients that the local(8) delivery agent could 10100not find in the aliases(5) or UNIX password database. </p> 10101 10102<p> The precedence of local(8) delivery features from high to low 10103is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 10104mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 10105fallback_transport_maps, fallback_transport and luser_relay. </p> 10106 10107<p> For safety reasons, this feature does not allow $number 10108substitutions in regular expression maps. </p> 10109 10110<p> This feature is available in Postfix 2.3 and later. </p> 10111 10112%PARAM smtp_cname_overrides_servername version dependent 10113 10114<p> Allow DNS CNAME records to override the servername that the 10115Postfix SMTP client uses for logging, SASL password lookup, TLS 10116policy decisions, or TLS certificate verification. The value "no" 10117hardens Postfix smtp_tls_per_site hostname-based policies against 10118false hostname information in DNS CNAME records, and makes SASL 10119password file lookups more predictable. This is the default setting 10120as of Postfix 2.3. </p> 10121 10122<p> This feature is available in Postfix 2.2.9 and later. </p> 10123 10124%PARAM lmtp_cname_overrides_servername yes 10125 10126<p> The LMTP-specific version of the smtp_cname_overrides_servername 10127configuration parameter. See there for details. </p> 10128 10129<p> This feature is available in Postfix 2.3 and later. </p> 10130 10131%PARAM smtp_sasl_tls_verified_security_options $smtp_sasl_tls_security_options 10132 10133<p> The SASL authentication security options that the Postfix SMTP 10134client uses for TLS encrypted SMTP sessions with a verified server 10135certificate. </p> 10136 10137<p> When mail is sent to the public MX host for the recipient's 10138domain, server certificates are by default optional, and delivery 10139proceeds even if certificate verification fails. For delivery via 10140a submission service that requires SASL authentication, it may be 10141appropriate to send plaintext passwords only when the connection 10142to the server is strongly encrypted <b>and</b> the server identity 10143is verified. </p> 10144 10145<p> The smtp_sasl_tls_verified_security_options parameter makes it 10146possible to only enable plaintext mechanisms when a secure connection 10147to the server is available. Submission servers subject to this 10148policy must either have verifiable certificates or offer suitable 10149non-plaintext SASL mechanisms. </p> 10150 10151<p> This feature is available in Postfix 2.6 and later. </p> 10152 10153%PARAM lmtp_sasl_tls_verified_security_options $lmtp_sasl_tls_security_options 10154 10155<p> The LMTP-specific version of the 10156smtp_sasl_tls_verified_security_options configuration parameter. 10157See there for details. </p> 10158 10159<p> This feature is available in Postfix 2.3 and later. </p> 10160 10161%PARAM lmtp_connection_cache_time_limit 2s 10162 10163<p> The LMTP-specific version of the 10164smtp_connection_cache_time_limit configuration parameter. 10165See there for details. </p> 10166 10167<p> This feature is available in Postfix 2.3 and later. </p> 10168 10169%PARAM smtpd_delay_open_until_valid_rcpt yes 10170 10171<p> Postpone the start of an SMTP mail transaction until a valid 10172RCPT TO command is received. Specify "no" to create a mail transaction 10173as soon as the SMTP server receives a valid MAIL FROM command. </p> 10174 10175<p> With sites that reject lots of mail, the default setting reduces 10176the use of 10177disk, CPU and memory resources. The downside is that rejected 10178recipients are logged with NOQUEUE instead of a mail transaction 10179ID. This complicates the logfile analysis of multi-recipient mail. 10180</p> 10181 10182<p> This feature is available in Postfix 2.3 and later. </p> 10183 10184%PARAM lmtp_tls_cert_file 10185 10186<p> The LMTP-specific version of the smtp_tls_cert_file 10187configuration parameter. See there for details. </p> 10188 10189<p> This feature is available in Postfix 2.3 and later. </p> 10190 10191%PARAM lmtp_tls_key_file $lmtp_tls_cert_file 10192 10193<p> The LMTP-specific version of the smtp_tls_key_file 10194configuration parameter. See there for details. </p> 10195 10196<p> This feature is available in Postfix 2.3 and later. </p> 10197 10198%PARAM lmtp_tls_dcert_file 10199 10200<p> The LMTP-specific version of the smtp_tls_dcert_file 10201configuration parameter. See there for details. </p> 10202 10203<p> This feature is available in Postfix 2.3 and later. </p> 10204 10205%PARAM lmtp_tls_dkey_file $lmtp_tls_dcert_file 10206 10207<p> The LMTP-specific version of the smtp_tls_dkey_file 10208configuration parameter. See there for details. </p> 10209 10210<p> This feature is available in Postfix 2.3 and later. </p> 10211 10212%PARAM lmtp_tls_CAfile 10213 10214<p> The LMTP-specific version of the smtp_tls_CAfile 10215configuration parameter. See there for details. </p> 10216 10217<p> This feature is available in Postfix 2.3 and later. </p> 10218 10219%PARAM lmtp_tls_CApath 10220 10221<p> The LMTP-specific version of the smtp_tls_CApath 10222configuration parameter. See there for details. </p> 10223 10224<p> This feature is available in Postfix 2.3 and later. </p> 10225 10226%PARAM lmtp_tls_loglevel 0 10227 10228<p> The LMTP-specific version of the smtp_tls_loglevel 10229configuration parameter. See there for details. </p> 10230 10231<p> This feature is available in Postfix 2.3 and later. </p> 10232 10233%PARAM lmtp_tls_session_cache_database 10234 10235<p> The LMTP-specific version of the smtp_tls_session_cache_database 10236configuration parameter. See there for details. </p> 10237 10238<p> This feature is available in Postfix 2.3 and later. </p> 10239 10240%PARAM lmtp_tls_session_cache_timeout 3600s 10241 10242<p> The LMTP-specific version of the smtp_tls_session_cache_timeout 10243configuration parameter. See there for details. </p> 10244 10245<p> This feature is available in Postfix 2.3 and later. </p> 10246 10247%PARAM smtp_tls_policy_maps 10248 10249<p> Optional lookup tables with the Postfix SMTP client TLS security 10250policy by next-hop destination; when a non-empty value is specified, 10251this overrides the obsolete smtp_tls_per_site parameter. See 10252TLS_README for a more detailed discussion of TLS security levels. 10253</p> 10254 10255<p> The TLS policy table is indexed by the full next-hop destination, 10256which is either the recipient domain, or the verbatim next-hop 10257specified in the transport table, $local_transport, $virtual_transport, 10258$relay_transport or $default_transport. This includes any enclosing 10259square brackets and any non-default destination server port suffix. The 10260LMTP socket type prefix (inet: or unix:) is not included in the lookup 10261key. </p> 10262 10263<p> Only the next-hop domain, or $myhostname with LMTP over UNIX-domain 10264sockets, is used as the nexthop name for certificate verification. The 10265port and any enclosing square brackets are used in the table lookup key, 10266but are not used for server name verification. </p> 10267 10268<p> When the lookup key is a domain name without enclosing square brackets 10269or any <i>:port</i> suffix (typically the recipient domain), and the full 10270domain is not found in the table, just as with the transport(5) table, 10271the parent domain starting with a leading "." is matched recursively. This 10272allows one to specify a security policy for a recipient domain and all 10273its sub-domains. </p> 10274 10275<p> The lookup result is a security level, followed by an optional list 10276of whitespace and/or comma separated name=value attributes that override 10277related main.cf settings. The TLS security levels in order of increasing 10278security are: </p> 10279 10280<dl> 10281 10282<dt><b>none</b></dt> 10283<dd>No TLS. No additional attributes are supported at this level. </dd> 10284 10285<dt><b>may</b></dt> 10286<dd>Opportunistic TLS. Since sending in the clear is acceptable, 10287demanding stronger than default TLS security merely reduces 10288inter-operability. The optional "ciphers", "exclude" and "protocols" 10289attributes (available for opportunistic TLS with Postfix ≥ 2.6) 10290override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and 10291"smtp_tls_protocols" configuration parameters. When opportunistic TLS 10292handshakes fail, Postfix retries the connection with TLS disabled. 10293This allows mail delivery to sites with non-interoperable TLS 10294implementations.</dd> 10295 10296<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level 10297and higher, the optional "protocols" attribute overrides the main.cf 10298smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute 10299overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the 10300optional "exclude" attribute (Postfix ≥ 2.6) overrides the main.cf 10301smtp_tls_mandatory_exclude_ciphers parameter. In the policy table, 10302multiple protocols or excluded ciphers must be separated by colons, 10303as attribute values may not contain whitespace or commas. </dd> 10304 10305<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint 10306verification. Available with Postfix 2.5 and later. At this security 10307level, there are no trusted certificate authorities. The certificate 10308trust chain, expiration date, ... are not checked. Instead, 10309the optional <b>match</b> attribute, or else the main.cf 10310<b>smtp_tls_fingerprint_cert_match</b> parameter, lists the 10311valid "fingerprints" of the server certificate. The digest 10312algorithm used to calculate the fingerprint is selected by the 10313<b>smtp_tls_fingerprint_digest</b> parameter. Multiple fingerprints can 10314be combined with a "|" delimiter in a single match attribute, or multiple 10315match attributes can be employed. The ":" character is not used as a 10316delimiter as it occurs between each pair of fingerprint (hexadecimal) 10317digits. </dd> 10318 10319<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security 10320level, DNS MX lookups are trusted to be secure enough, and the name 10321verified in the server certificate is usually obtained indirectly via 10322unauthenticated DNS MX lookups. The optional "match" attribute overrides 10323the main.cf smtp_tls_verify_cert_match parameter. In the policy table, 10324multiple match patterns and strategies must be separated by colons. 10325In practice explicit control over matching is more common with the 10326"secure" policy, described below. </dd> 10327 10328<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level, DNS 10329MX lookups, though potentially used to determine the candidate next-hop 10330gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS 10331peername verification. Instead, the default name verified in the server 10332certificate is obtained directly from the next-hop, or is explicitly 10333specified via the optional <b>match</b> attribute which overrides the 10334main.cf smtp_tls_secure_cert_match parameter. In the policy table, 10335multiple match patterns and strategies must be separated by colons. 10336The match attribute is most useful when multiple domains are supported by 10337common server, the policy entries for additional domains specify matching 10338rules for the primary domain certificate. While transport table overrides 10339routing the secondary domains to the primary nexthop also allow secure 10340verification, they risk delivery to the wrong destination when domains 10341change hands or are re-assigned to new gateways. With the "match" 10342attribute approach, routing is not perturbed, and mail is deferred if 10343verification of a new MX host fails. </dd> 10344 10345</dl> 10346 10347<p> 10348Example: 10349</p> 10350 10351<pre> 10352/etc/postfix/main.cf: 10353 smtp_tls_policy_maps = hash:/etc/postfix/tls_policy 10354 # Postfix 2.5 and later 10355 smtp_tls_fingerprint_digest = md5 10356</pre> 10357 10358<pre> 10359/etc/postfix/tls_policy: 10360 example.edu none 10361 example.mil may 10362 example.gov encrypt protocols=TLSv1 10363 example.com verify ciphers=high 10364 example.net secure 10365 .example.net secure match=.example.net:example.net 10366 [mail.example.org]:587 secure match=nexthop 10367 # Postfix 2.5 and later 10368 [thumb.example.org] fingerprint 10369 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 10370 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 10371</pre> 10372 10373<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default 10374setting of smtp_tls_secure_cert_match or in the <b>match</b> attribute 10375in the policy table can render the <b>secure</b> level vulnerable to 10376DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel 10377configurations in environments where DNS security is not assured. </p> 10378 10379<p> This feature is available in Postfix 2.3 and later. </p> 10380 10381%PARAM smtp_tls_mandatory_protocols !SSLv2 10382 10383<p> List of SSL/TLS protocols that the Postfix SMTP client will use with 10384mandatory TLS encryption. In main.cf the values are separated by 10385whitespace, commas or colons. In the policy table "protocols" attribute 10386(see smtp_tls_policy_maps) the only valid separator is colon. An 10387empty value means allow all protocols. The valid protocol names, (see 10388<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". </p> 10389 10390<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 10391and "TLSv1.2". If an older Postfix version is linked against OpenSSL 103921.0.1 or later, these, or any other new protocol versions, are 10393unconditionally enabled. </p> 10394 10395<p> With Postfix ≥ 2.5 the parameter syntax is expanded to support 10396protocol exclusions. One can now explicitly exclude SSLv2 by setting 10397"smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and 10398SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing 10399the protocols to include, rather than protocols to exclude, is 10400supported, but not recommended. The exclusion form more closely 10401matches the behaviour when the OpenSSL library is newer than Postfix. 10402</p> 10403 10404<p> Since SSL version 2 has known protocol weaknesses and is now 10405deprecated, the default setting excludes "SSLv2". This means that by 10406default, SSL version 2 will not be used at the "encrypt" security level 10407and higher. </p> 10408 10409<p> See the documentation of the smtp_tls_policy_maps parameter and 10410TLS_README for more information about security levels. </p> 10411 10412<p> Example: </p> 10413 10414<pre> 10415# Preferred form with Postfix ≥ 2.5: 10416smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 10417# Alternative form. 10418smtp_tls_mandatory_protocols = TLSv1 10419</pre> 10420 10421<p> This feature is available in Postfix 2.3 and later. </p> 10422 10423%PARAM smtp_tls_verify_cert_match hostname 10424 10425<p> The server certificate peername verification method for the 10426"verify" TLS security level. In a "verify" TLS policy table 10427($smtp_tls_policy_maps) entry the optional "match" attribute 10428overrides this main.cf setting. </p> 10429 10430<p> This parameter specifies one or more patterns or strategies separated 10431by commas, whitespace or colons. In the policy table the only valid 10432separator is the colon character. </p> 10433 10434<p> Patterns specify domain names, or domain name suffixes: </p> 10435 10436<dl> 10437 10438<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain, 10439i.e. one of the names the server certificate must be <i>example.com</i>, 10440upper and lower case distinctions are ignored. </dd> 10441 10442<dt><i>.example.com</i></dt> 10443<dd> Match subdomains of the <i>example.com</i> domain, i.e. match 10444a name in the server certificate that consists of a non-zero number of 10445labels followed by a <i>.example.com</i> suffix. Case distinctions are 10446ignored.</dd> 10447 10448</dl> 10449 10450<p> Strategies specify a transformation from the next-hop domain 10451to the expected name in the server certificate: </p> 10452 10453<dl> 10454 10455<dt>nexthop</dt> 10456<dd> Match against the next-hop domain, which is either the recipient 10457domain, or the transport next-hop configured for the domain stripped of 10458any optional socket type prefix, enclosing square brackets and trailing 10459port. When MX lookups are not suppressed, this is the original nexthop 10460domain prior to the MX lookup, not the result of the MX lookup. For 10461LMTP delivery via UNIX-domain sockets, the verified next-hop name is 10462$myhostname. This strategy is suitable for use with the "secure" 10463policy. Case is ignored.</dd> 10464 10465<dt>dot-nexthop</dt> 10466<dd> As above, but match server certificate names that are subdomains 10467of the next-hop domain. Case is ignored.</dd> 10468 10469<dt>hostname</dt> <dd> Match against the hostname of the server, often 10470obtained via an unauthenticated DNS MX lookup. For LMTP delivery via 10471UNIX-domain sockets, the verified name is $myhostname. This matches 10472the verification strategy of the "MUST" keyword in the obsolete 10473smtp_tls_per_site table, and is suitable for use with the "verify" 10474security level. When the next-hop name is enclosed in square brackets 10475to suppress MX lookups, the "hostname" strategy is the same as the 10476"nexthop" strategy. Case is ignored.</dd> 10477 10478</dl> 10479 10480<p> 10481Sample main.cf setting: 10482</p> 10483 10484<pre> 10485smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop 10486</pre> 10487 10488<p> 10489Sample policy table override: 10490</p> 10491 10492<pre> 10493example.com verify match=hostname:nexthop 10494.example.com verify match=example.com:.example.com:hostname 10495</pre> 10496 10497<p> This feature is available in Postfix 2.3 and later. </p> 10498 10499%PARAM smtp_tls_secure_cert_match nexthop, dot-nexthop 10500 10501<p> The server certificate peername verification method for the 10502"secure" TLS security level. In a "secure" TLS policy table 10503($smtp_tls_policy_maps) entry the optional "match" attribute 10504overrides this main.cf setting. </p> 10505 10506<p> This parameter specifies one or more patterns or strategies separated 10507by commas, whitespace or colons. In the policy table the only valid 10508separator is the colon character. </p> 10509 10510<p> For a description of the pattern and strategy syntax see the 10511smtp_tls_verify_cert_match parameter. The "hostname" strategy should 10512be avoided in this context, as in the absence of a secure global DNS, using 10513the results of MX lookups in certificate verification is not immune to active 10514(man-in-the-middle) attacks on DNS. </p> 10515 10516<p> 10517Sample main.cf setting: 10518</p> 10519 10520<blockquote> 10521<pre> 10522smtp_tls_secure_cert_match = nexthop 10523</pre> 10524</blockquote> 10525 10526<p> 10527Sample policy table override: 10528</p> 10529 10530<blockquote> 10531<pre> 10532example.net secure match=example.com:.example.com 10533.example.net secure match=example.com:.example.com 10534</pre> 10535</blockquote> 10536 10537<p> This feature is available in Postfix 2.3 and later. </p> 10538 10539%PARAM lmtp_tls_policy_maps 10540 10541<p> The LMTP-specific version of the smtp_tls_policy_maps 10542configuration parameter. See there for details. </p> 10543 10544<p> This feature is available in Postfix 2.3 and later. </p> 10545 10546%PARAM lmtp_tls_mandatory_protocols !SSLv2 10547 10548<p> The LMTP-specific version of the smtp_tls_mandatory_protocols 10549configuration parameter. See there for details. </p> 10550 10551<p> This feature is available in Postfix 2.3 and later. </p> 10552 10553%PARAM lmtp_tls_verify_cert_match hostname 10554 10555<p> The LMTP-specific version of the smtp_tls_verify_cert_match 10556configuration parameter. See there for details. </p> 10557 10558<p> This feature is available in Postfix 2.3 and later. </p> 10559 10560%PARAM lmtp_tls_secure_cert_match nexthop 10561 10562<p> The LMTP-specific version of the smtp_tls_secure_cert_match 10563configuration parameter. See there for details. </p> 10564 10565<p> This feature is available in Postfix 2.3 and later. </p> 10566 10567%PARAM smtpd_tls_mandatory_protocols !SSLv2 10568 10569<p> The SSL/TLS protocols accepted by the Postfix SMTP server with 10570mandatory TLS encryption. If the list is empty, the server supports all 10571available SSL/TLS protocol versions. A non-empty value is a list 10572of protocol 10573names separated by whitespace, commas or colons. The supported protocol 10574names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p> 10575 10576<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 10577and "TLSv1.2". If an older Postfix version is linked against OpenSSL 105781.0.1 or later, these, or any other new protocol versions, are 10579unconditionally enabled. </p> 10580 10581<p> With Postfix ≥ 2.5 the parameter syntax is expanded to support 10582protocol exclusions. One can now explicitly exclude SSLv2 by setting 10583"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and 10584SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing 10585the protocols to include, rather than protocols to exclude, is 10586supported, but not recommended. The exclusion form more closely 10587matches the behaviour when the OpenSSL library is newer than Postfix. 10588</p> 10589 10590<p> Since SSL version 2 has known protocol weaknesses and is now 10591deprecated, the default setting excludes "SSLv2". This means that 10592by default, SSL version 2 will not be used at the "encrypt" security 10593level. </p> 10594 10595<p> Example: </p> 10596 10597<pre> 10598smtpd_tls_mandatory_protocols = TLSv1 10599# Alternative form with Postfix ≥ 2.5: 10600smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 10601</pre> 10602 10603<p> This feature is available in Postfix 2.3 and later. </p> 10604 10605%PARAM smtp_tls_security_level 10606 10607<p> The default SMTP TLS security level for the Postfix SMTP client; 10608when a non-empty value is specified, this overrides the obsolete 10609parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 10610</p> 10611 10612<p> Specify one of the following security levels: </p> 10613 10614<dl> 10615 10616<dt><b>none</b></dt> <dd> TLS will not be used unless enabled for specific 10617destinations via smtp_tls_policy_maps. </dd> 10618 10619<dt><b>may</b></dt> 10620<dd> Opportunistic TLS. Use TLS if this is supported by the remote 10621SMTP server, otherwise use plaintext. Since 10622sending in the clear is acceptable, demanding stronger than default TLS 10623security merely reduces inter-operability. 10624The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6) 10625configuration parameters provide control over the protocols and 10626cipher grade used with opportunistic TLS. With earlier releases the 10627opportunistic TLS cipher grade is always "export" and no protocols 10628are disabled. 10629When TLS handshakes fail, the connection is retried with TLS disabled. 10630This allows mail delivery to sites with non-interoperable TLS 10631implementations. </dd> 10632 10633<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Since a minimum 10634level of security is intended, it is reasonable to be specific about 10635sufficiently secure protocol versions and ciphers. At this security level 10636and higher, the main.cf parameters smtp_tls_mandatory_protocols and 10637smtp_tls_mandatory_ciphers specify the TLS protocols and minimum 10638cipher grade which the administrator considers secure enough for 10639mandatory encrypted sessions. This security level is not an appropriate 10640default for systems delivering mail to the Internet. </dd> 10641 10642<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint 10643verification. Available with Postfix 2.5 and later. At this security 10644level, there are no trusted certificate authorities. The certificate 10645trust chain, expiration date, ... are not checked. Instead, 10646the <b>smtp_tls_fingerprint_cert_match</b> parameter lists 10647the valid "fingerprints" of the server certificate. The digest 10648algorithm used to calculate the fingerprint is selected by the 10649<b>smtp_tls_fingerprint_digest</b> parameter. </dd> 10650 10651<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security 10652level, DNS MX lookups are trusted to be secure enough, and the name 10653verified in the server certificate is usually obtained indirectly 10654via unauthenticated DNS MX lookups. The smtp_tls_verify_cert_match 10655parameter controls how the server name is verified. In practice explicit 10656control over matching is more common at the "secure" level, described 10657below. This security level is not an appropriate default for systems 10658delivering mail to the Internet. </dd> 10659 10660<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level, 10661DNS MX lookups, though potentially used to determine the candidate 10662next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough 10663for TLS peername verification. Instead, the default name verified in 10664the server certificate is obtained from the next-hop domain as specified 10665in the smtp_tls_secure_cert_match configuration parameter. The default 10666matching rule is that a server certificate matches when its name is equal 10667to or is a sub-domain of the nexthop domain. This security level is not 10668an appropriate default for systems delivering mail to the Internet. </dd> 10669 10670</dl> 10671 10672<p> 10673Examples: 10674</p> 10675 10676<pre> 10677# No TLS. Formerly: smtp_use_tls=no and smtp_enforce_tls=no. 10678smtp_tls_security_level = none 10679</pre> 10680 10681<pre> 10682# Opportunistic TLS. 10683smtp_tls_security_level = may 10684# Postfix ≥ 2.6: 10685# Do not tweak opportunistic ciphers or protocol unless it is essential 10686# to do so (if a security vulnerability is found in the SSL library that 10687# can be mitigated by disabling a particular protocol or raising the 10688# cipher grade from "export" to "low" or "medium"). 10689smtp_tls_ciphers = export 10690smtp_tls_protocols = !SSLv2 10691</pre> 10692 10693<pre> 10694# Mandatory (high-grade) TLS encryption. 10695smtp_tls_security_level = encrypt 10696smtp_tls_mandatory_ciphers = high 10697</pre> 10698 10699<pre> 10700# Mandatory TLS verification of hostname or nexthop domain. 10701smtp_tls_security_level = verify 10702smtp_tls_mandatory_ciphers = high 10703smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop 10704</pre> 10705 10706<pre> 10707# Secure channel TLS with exact nexthop name match. 10708smtp_tls_security_level = secure 10709smtp_tls_mandatory_protocols = TLSv1 10710smtp_tls_mandatory_ciphers = high 10711smtp_tls_secure_cert_match = nexthop 10712</pre> 10713 10714<pre> 10715# Certificate fingerprint verification (Postfix ≥ 2.5). 10716# The CA-less "fingerprint" security level only scales to a limited 10717# number of destinations. As a global default rather than a per-site 10718# setting, this is practical when mail for all recipients is sent 10719# to a central mail hub. 10720relayhost = [mailhub.example.com] 10721smtp_tls_security_level = fingerprint 10722smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 10723smtp_tls_mandatory_ciphers = high 10724smtp_tls_fingerprint_cert_match = 10725 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 10726 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 10727</pre> 10728 10729<p> This feature is available in Postfix 2.3 and later. </p> 10730 10731%PARAM smtpd_milters 10732 10733<p> A list of Milter (mail filter) applications for new mail that 10734arrives via the Postfix smtpd(8) server. See the MILTER_README 10735document for details. </p> 10736 10737<p> This feature is available in Postfix 2.3 and later. </p> 10738 10739%PARAM non_smtpd_milters 10740 10741<p> A list of Milter (mail filter) applications for new mail that 10742does not arrive via the Postfix smtpd(8) server. This includes local 10743submission via the sendmail(1) command line, new mail that arrives 10744via the Postfix qmqpd(8) server, and old mail that is re-injected 10745into the queue with "postsuper -r". See the MILTER_README document 10746for details. </p> 10747 10748<p> This feature is available in Postfix 2.3 and later. </p> 10749 10750%PARAM milter_protocol 6 10751 10752<p> The mail filter protocol version and optional protocol extensions 10753for communication with a Milter application; prior to Postfix 2.6 10754the default protocol is 2. Postfix 10755sends this version number during the initial protocol handshake. 10756It should match the version number that is expected by the mail 10757filter application (or by its Milter library). </p> 10758 10759<p>Protocol versions: </p> 10760 10761<dl compact> 10762 10763<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default 10764with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 .. 107652.5).</dd> 10766 10767<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd> 10768 10769<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd> 10770 10771<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default 10772with Sendmail version 8.14 and Postfix version 2.6).</dd> 10773 10774</dl> 10775 10776<p>Protocol extensions: </p> 10777 10778<dl compact> 10779 10780<dt>no_header_reply</dt> <dd> Specify this when the Milter application 10781will not reply for each individual message header.</dd> 10782 10783</dl> 10784 10785<p> This feature is available in Postfix 2.3 and later. </p> 10786 10787%PARAM milter_default_action tempfail 10788 10789<p> The default action when a Milter (mail filter) application is 10790unavailable or mis-configured. Specify one of the following: </p> 10791 10792<dl compact> 10793 10794<dt>accept</dt> <dd>Proceed as if the mail filter was not present. 10795</dd> 10796 10797<dt>reject</dt> <dd>Reject all further commands in this session 10798with a permanent status code.</dd> 10799 10800<dt>tempfail</dt> <dd>Reject all further commands in this session 10801with a temporary status code. </dd> 10802 10803<dt>quarantine</dt> <dd>Like "accept", but freeze the message in 10804the "hold" queue. Available with Postfix 2.6 and later. </dd> 10805 10806</dl> 10807 10808<p> This feature is available in Postfix 2.3 and later. </p> 10809 10810%PARAM milter_connect_timeout 30s 10811 10812<p> The time limit for connecting to a Milter (mail filter) 10813application, and for negotiating protocol options. </p> 10814 10815<p> Specify a non-zero time value (an integral value plus an optional 10816one-letter suffix that specifies the time unit). </p> 10817 10818<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 10819(weeks). The default time unit is s (seconds). </p> 10820 10821<p> This feature is available in Postfix 2.3 and later. </p> 10822 10823%PARAM milter_command_timeout 30s 10824 10825<p> The time limit for sending an SMTP command to a Milter (mail 10826filter) application, and for receiving the response. </p> 10827 10828<p> Specify a non-zero time value (an integral value plus an optional 10829one-letter suffix that specifies the time unit). </p> 10830 10831<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 10832(weeks). The default time unit is s (seconds). </p> 10833 10834<p> This feature is available in Postfix 2.3 and later. </p> 10835 10836%PARAM milter_content_timeout 300s 10837 10838<p> The time limit for sending message content to a Milter (mail 10839filter) application, and for receiving the response. </p> 10840 10841<p> Specify a non-zero time value (an integral value plus an optional 10842one-letter suffix that specifies the time unit). </p> 10843 10844<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 10845(weeks). The default time unit is s (seconds). </p> 10846 10847<p> This feature is available in Postfix 2.3 and later. </p> 10848 10849%PARAM milter_connect_macros see "postconf -d" output 10850 10851<p> The macros that are sent to Milter (mail filter) applications 10852after completion of an SMTP connection. See MILTER_README 10853for a list of available macro names and their meanings. </p> 10854 10855<p> This feature is available in Postfix 2.3 and later. </p> 10856 10857%PARAM milter_helo_macros see "postconf -d" output 10858 10859<p> The macros that are sent to Milter (mail filter) applications 10860after the SMTP HELO or EHLO command. See 10861MILTER_README for a list of available macro names and their meanings. 10862</p> 10863 10864<p> This feature is available in Postfix 2.3 and later. </p> 10865 10866%PARAM milter_mail_macros see "postconf -d" output 10867 10868<p> The macros that are sent to Milter (mail filter) applications 10869after the SMTP MAIL FROM command. See MILTER_README 10870for a list of available macro names and their meanings. </p> 10871 10872<p> This feature is available in Postfix 2.3 and later. </p> 10873 10874%PARAM milter_rcpt_macros see "postconf -d" output 10875 10876<p> The macros that are sent to Milter (mail filter) applications 10877after the SMTP RCPT TO command. See MILTER_README 10878for a list of available macro names and their meanings. </p> 10879 10880<p> This feature is available in Postfix 2.3 and later. </p> 10881 10882%PARAM milter_data_macros see "postconf -d" output 10883 10884<p> The macros that are sent to version 4 or higher Milter (mail 10885filter) applications after the SMTP DATA command. See MILTER_README 10886for a list of available macro names and their meanings. </p> 10887 10888<p> This feature is available in Postfix 2.3 and later. </p> 10889 10890%PARAM milter_end_of_header_macros see "postconf -d" output 10891 10892<p> The macros that are sent to Milter (mail filter) applications 10893after the end of the message header. See MILTER_README for a list 10894of available macro names and their meanings. </p> 10895 10896<p> This feature is available in Postfix 2.5 and later. </p> 10897 10898%PARAM milter_end_of_data_macros see "postconf -d" output 10899 10900<p> The macros that are sent to Milter (mail filter) applications 10901after the message end-of-data. See MILTER_README for a list of 10902available macro names and their meanings. </p> 10903 10904<p> This feature is available in Postfix 2.3 and later. </p> 10905 10906%PARAM milter_unknown_command_macros see "postconf -d" output 10907 10908<p> The macros that are sent to version 3 or higher Milter (mail 10909filter) applications after an unknown SMTP command. See MILTER_README 10910for a list of available macro names and their meanings. </p> 10911 10912<p> This feature is available in Postfix 2.3 and later. </p> 10913 10914%PARAM milter_macro_daemon_name $myhostname 10915 10916<p> The {daemon_name} macro value for Milter (mail filter) applications. 10917See MILTER_README for a list of available macro names and their 10918meanings. </p> 10919 10920<p> This feature is available in Postfix 2.3 and later. </p> 10921 10922%PARAM milter_macro_v $mail_name $mail_version 10923 10924<p> The {v} macro value for Milter (mail filter) applications. 10925See MILTER_README for a list of available macro names and their 10926meanings. </p> 10927 10928<p> This feature is available in Postfix 2.3 and later. </p> 10929 10930%PARAM smtpd_tls_mandatory_ciphers medium 10931 10932<p> The minimum TLS cipher grade that the Postfix SMTP server will 10933use with mandatory TLS encryption. The default grade ("medium") is 10934sufficiently strong that any benefit from globally restricting TLS 10935sessions to a more stringent grade is likely negligible, especially 10936given the fact that many implementations still do not offer any stronger 10937("high" grade) ciphers, while those that do, will always use "high" 10938grade ciphers. So insisting on "high" grade ciphers is generally 10939counter-productive. Allowing "export" or "low" ciphers is typically 10940not a good idea, as systems limited to just these are limited to 10941obsolete browsers. No known SMTP clients fail to support at least 10942one "medium" or "high" grade cipher. </p> 10943 10944<p> The following cipher grades are supported: </p> 10945 10946<dl> 10947<dt><b>export</b></dt> 10948<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. 10949This is the most appropriate setting for public MX hosts, and is always 10950used with opportunistic TLS encryption. The underlying cipherlist 10951is specified via the tls_export_cipherlist configuration parameter, 10952which you are strongly encouraged to not change. </dd> 10953 10954<dt><b>low</b></dt> 10955<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The 10956underlying cipherlist is specified via the tls_low_cipherlist 10957configuration parameter, which you are strongly encouraged to 10958not change. </dd> 10959 10960<dt><b>medium</b></dt> 10961<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit 10962or longer symmetric bulk-encryption keys. This is the default minimum 10963strength for mandatory TLS encryption. The underlying cipherlist is 10964specified via the tls_medium_cipherlist configuration parameter, which 10965you are strongly encouraged to not change. </dd> 10966 10967<dt><b>high</b></dt> 10968<dd> Enable only "HIGH" grade OpenSSL ciphers. The 10969underlying cipherlist is specified via the tls_high_cipherlist 10970configuration parameter, which you are strongly encouraged to 10971not change. </dd> 10972 10973<dt><b>null</b></dt> 10974<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 10975without encryption. This setting is only appropriate in the rare 10976case that all clients are prepared to use NULL ciphers (not normally 10977enabled in TLS clients). The underlying cipherlist is specified via the 10978tls_null_cipherlist configuration parameter, which you are strongly 10979encouraged to not change. </dd> 10980 10981</dl> 10982 10983<p> Cipher types listed in 10984smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are 10985excluded from the base definition of the selected cipher grade. See 10986smtpd_tls_ciphers for cipher controls that apply to opportunistic 10987TLS. </p> 10988 10989<p> The underlying cipherlists for grades other than "null" include 10990anonymous ciphers, but these are automatically filtered out if the 10991server is configured to ask for client certificates. You are very 10992unlikely to need to take any steps to exclude anonymous ciphers, they 10993are excluded automatically as required. If you must exclude anonymous 10994ciphers even when Postfix does not need or use peer certificates, set 10995"smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only 10996when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers = aNULL". </p> 10997 10998<p> This feature is available in Postfix 2.3 and later. </p> 10999 11000%PARAM smtpd_tls_exclude_ciphers 11001 11002<p> List of ciphers or cipher types to exclude from the SMTP server 11003cipher list at all TLS security levels. Excluding valid ciphers 11004can create interoperability problems. DO NOT exclude ciphers unless it 11005is essential to do so. This is not an OpenSSL cipherlist; it is a simple 11006list separated by whitespace and/or commas. The elements are a single 11007cipher, or one or more "+" separated cipher properties, in which case 11008only ciphers matching <b>all</b> the properties are excluded. </p> 11009 11010<p> Examples (some of these will cause problems): </p> 11011 11012<blockquote> 11013<pre> 11014smtpd_tls_exclude_ciphers = aNULL 11015smtpd_tls_exclude_ciphers = MD5, DES 11016smtpd_tls_exclude_ciphers = DES+MD5 11017smtpd_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5 11018smtpd_tls_exclude_ciphers = kEDH+aRSA 11019</pre> 11020</blockquote> 11021 11022<p> The first setting disables anonymous ciphers. The next setting 11023disables ciphers that use the MD5 digest algorithm or the (single) DES 11024encryption algorithm. The next setting disables ciphers that use MD5 and 11025DES together. The next setting disables the two ciphers "AES256-SHA" 11026and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 11027key exchange with RSA authentication. </p> 11028 11029<p> This feature is available in Postfix 2.3 and later. </p> 11030 11031%PARAM smtpd_tls_mandatory_exclude_ciphers 11032 11033<p> Additional list of ciphers or cipher types to exclude from the 11034SMTP server cipher list at mandatory TLS security levels. This list 11035works in addition to the exclusions listed with smtpd_tls_exclude_ciphers 11036(see there for syntax details). </p> 11037 11038<p> This feature is available in Postfix 2.3 and later. </p> 11039 11040%PARAM smtp_tls_mandatory_ciphers medium 11041 11042<p> The minimum TLS cipher grade that the Postfix SMTP client will 11043use with 11044mandatory TLS encryption. The default value "medium" is suitable 11045for most destinations with which you may want to enforce TLS, and 11046is beyond the reach of today's cryptanalytic methods. See 11047smtp_tls_policy_maps for information on how to configure ciphers 11048on a per-destination basis. </p> 11049 11050<p> The following cipher grades are supported: </p> 11051 11052<dl> 11053<dt><b>export</b></dt> 11054<dd> Enable "EXPORT" grade or better OpenSSL 11055ciphers. This is the default for opportunistic encryption. It is 11056not recommended for mandatory encryption unless you must enforce TLS 11057with "crippled" peers. The underlying cipherlist is specified via the 11058tls_export_cipherlist configuration parameter, which you are strongly 11059encouraged to not change. </dd> 11060 11061<dt><b>low</b></dt> 11062<dd> Enable "LOW" grade or better OpenSSL ciphers. This 11063setting is only appropriate for internal mail servers. The underlying 11064cipherlist is specified via the tls_low_cipherlist configuration 11065parameter, which you are strongly encouraged to not change. </dd> 11066 11067<dt><b>medium</b></dt> 11068<dd> Enable "MEDIUM" grade or better OpenSSL ciphers. 11069The underlying cipherlist is specified via the tls_medium_cipherlist 11070configuration parameter, which you are strongly encouraged to not change. 11071</dd> 11072 11073<dt><b>high</b></dt> 11074<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may 11075be appropriate when all mandatory TLS destinations (e.g. when all 11076mail is routed to a suitably capable relayhost) support at least one 11077"HIGH" grade cipher. The underlying cipherlist is specified via the 11078tls_high_cipherlist configuration parameter, which you are strongly 11079encouraged to not change. </dd> 11080 11081<dt><b>null</b></dt> 11082<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 11083without encryption. This setting is only appropriate in the rare case 11084that all servers are prepared to use NULL ciphers (not normally enabled 11085in TLS servers). A plausible use-case is an LMTP server listening on a 11086UNIX-domain socket that is configured to support "NULL" ciphers. The 11087underlying cipherlist is specified via the tls_null_cipherlist 11088configuration parameter, which you are strongly encouraged to not 11089change. </dd> 11090 11091</dl> 11092 11093<p> The underlying cipherlists for grades other than "null" include 11094anonymous ciphers, but these are automatically filtered out if the 11095Postfix SMTP client is configured to verify server certificates. 11096You are very unlikely to need to take any steps to exclude anonymous 11097ciphers, they are excluded automatically as necessary. If you must 11098exclude anonymous ciphers at the "may" or "encrypt" security levels, 11099when the Postfix SMTP client does not need or use peer certificates, set 11100"smtp_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only when 11101TLS is enforced, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </p> 11102 11103<p> This feature is available in Postfix 2.3 and later. </p> 11104 11105%PARAM smtp_tls_exclude_ciphers 11106 11107<p> List of ciphers or cipher types to exclude from the Postfix 11108SMTP client cipher 11109list at all TLS security levels. This is not an OpenSSL cipherlist, it is 11110a simple list separated by whitespace and/or commas. The elements are a 11111single cipher, or one or more "+" separated cipher properties, in which 11112case only ciphers matching <b>all</b> the properties are excluded. </p> 11113 11114<p> Examples (some of these will cause problems): </p> 11115 11116<blockquote> 11117<pre> 11118smtp_tls_exclude_ciphers = aNULL 11119smtp_tls_exclude_ciphers = MD5, DES 11120smtp_tls_exclude_ciphers = DES+MD5 11121smtp_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5 11122smtp_tls_exclude_ciphers = kEDH+aRSA 11123</pre> 11124</blockquote> 11125 11126<p> The first setting, disables anonymous ciphers. The next setting 11127disables ciphers that use the MD5 digest algorithm or the (single) DES 11128encryption algorithm. The next setting disables ciphers that use MD5 and 11129DES together. The next setting disables the two ciphers "AES256-SHA" 11130and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 11131key exchange with RSA authentication. </p> 11132 11133<p> This feature is available in Postfix 2.3 and later. </p> 11134 11135%PARAM smtp_tls_mandatory_exclude_ciphers 11136 11137<p> Additional list of ciphers or cipher types to exclude from the 11138SMTP client cipher list at mandatory TLS security levels. This list 11139works in addition to the exclusions listed with smtp_tls_exclude_ciphers 11140(see there for syntax details). </p> 11141 11142<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be 11143specified on a per-destination basis via the TLS policy "exclude" 11144attribute. See smtp_tls_policy_maps for notes and examples. </p> 11145 11146<p> This feature is available in Postfix 2.3 and later. </p> 11147 11148%PARAM tls_high_cipherlist ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH 11149 11150<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines 11151the meaning of the "high" setting in smtpd_tls_mandatory_ciphers, 11152smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are 11153strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 11154later the cipherlist may start with an "aNULL:" prefix, which restores 11155the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 11156list when they are enabled. This prefix is not needed with previous 11157OpenSSL releases. </p> 11158 11159<p> This feature is available in Postfix 2.3 and later. </p> 11160 11161%PARAM tls_medium_cipherlist ALL:!EXPORT:!LOW:+RC4:@STRENGTH 11162 11163<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This 11164defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers, 11165smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is 11166the default cipherlist for mandatory TLS encryption in the TLS 11167client (with anonymous ciphers disabled when verifying server 11168certificates). You are strongly encouraged to not change this 11169setting. With OpenSSL 1.0.0 and later the cipherlist may start with an 11170"aNULL:" prefix, which restores the 0.9.8-compatible ordering of the 11171aNULL ciphers to the top of the list when they are enabled. This prefix 11172is not needed with previous OpenSSL releases. </p> 11173 11174<p> This feature is available in Postfix 2.3 and later. </p> 11175 11176%PARAM tls_low_cipherlist ALL:!EXPORT:+RC4:@STRENGTH 11177 11178<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines 11179the meaning of the "low" setting in smtpd_tls_mandatory_ciphers, 11180smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are 11181strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 11182later the cipherlist may start with an "aNULL:" prefix, which restores 11183the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 11184list when they are enabled. This prefix is not needed with previous 11185OpenSSL releases. </p> 11186 11187<p> This feature is available in Postfix 2.3 and later. </p> 11188 11189%PARAM tls_export_cipherlist ALL:+RC4:@STRENGTH 11190 11191<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This 11192defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers, 11193smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is 11194the cipherlist for the opportunistic ("may") TLS client security 11195level and is the default cipherlist for the SMTP server. You are 11196strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 11197later the cipherlist may start with an "aNULL:" prefix, which restores 11198the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 11199list when they are enabled. This prefix is not needed with previous 11200OpenSSL releases. </p> 11201 11202<p> This feature is available in Postfix 2.3 and later. </p> 11203 11204%PARAM tls_null_cipherlist eNULL:!aNULL 11205 11206<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide 11207authentication without encryption. This defines the meaning of the "null" 11208setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and 11209lmtp_tls_mandatory_ciphers. You are strongly encouraged to not 11210change this setting. </p> 11211 11212<p> This feature is available in Postfix 2.3 and later. </p> 11213 11214%PARAM lmtp_tls_mandatory_ciphers 11215 11216<p> The LMTP-specific version of the smtp_tls_mandatory_ciphers 11217configuration parameter. See there for details. </p> 11218 11219<p> This feature is available in Postfix 2.3 and later. </p> 11220 11221%PARAM lmtp_tls_exclude_ciphers 11222 11223<p> The LMTP-specific version of the smtp_tls_exclude_ciphers 11224configuration parameter. See there for details. </p> 11225 11226<p> This feature is available in Postfix 2.3 and later. </p> 11227 11228%PARAM lmtp_tls_mandatory_exclude_ciphers 11229 11230<p> The LMTP-specific version of the smtp_tls_mandatory_exclude_ciphers 11231configuration parameter. See there for details. </p> 11232 11233<p> This feature is available in Postfix 2.3 and later. </p> 11234 11235%PARAM smtpd_tls_security_level 11236 11237<p> The SMTP TLS security level for the Postfix SMTP server; when 11238a non-empty value is specified, this overrides the obsolete parameters 11239smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with 11240"smtpd_tls_wrappermode = yes". </p> 11241 11242<p> Specify one of the following security levels: </p> 11243 11244<dl> 11245 11246<dt><b>none</b></dt> <dd> TLS will not be used. </dd> 11247 11248<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support 11249to SMTP clients, but do not require that clients use TLS encryption. 11250</dd> 11251 11252<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce 11253STARTTLS support to SMTP clients, and require that clients use TLS 11254encryption. According to RFC 2487 this MUST NOT be applied in case 11255of a publicly-referenced SMTP server. Instead, this option should 11256be used only on dedicated servers. </dd> 11257 11258</dl> 11259 11260<p> Note 1: the "fingerprint", "verify" and "secure" levels are not 11261supported here. 11262The Postfix SMTP server logs a warning and uses "encrypt" instead. 11263To verify SMTP client certificates, see TLS_README for a discussion 11264of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts 11265features. </p> 11266 11267<p> Note 2: The parameter setting "smtpd_tls_security_level = 11268encrypt" implies "smtpd_tls_auth_only = yes".</p> 11269 11270<p> Note 3: when invoked via "sendmail -bs", Postfix will never 11271offer STARTTLS due to insufficient privileges to access the server 11272private key. This is intended behavior.</p> 11273 11274<p> This feature is available in Postfix 2.3 and later. </p> 11275 11276%PARAM internal_mail_filter_classes 11277 11278<p> What categories of Postfix-generated mail are subject to 11279before-queue content inspection by non_smtpd_milters, header_checks 11280and body_checks. Specify zero or more of the following, separated 11281by whitespace or comma. </p> 11282 11283<dl> 11284 11285<dt><b>bounce</b></dt> <dd> Inspect the content of delivery 11286status notifications. </dd> 11287 11288<dt><b>notify</b></dt> <dd> Inspect the content of postmaster 11289notifications by the smtp(8) and smtpd(8) processes. </dd> 11290 11291</dl> 11292 11293<p> NOTE: It's generally not safe to enable content inspection of 11294Postfix-generated email messages. The user is warned. </p> 11295 11296<p> This feature is available in Postfix 2.3 and later. </p> 11297 11298%PARAM smtpd_tls_always_issue_session_ids yes 11299 11300<p> Force the Postfix SMTP server to issue a TLS session id, even 11301when TLS session caching is turned off (smtpd_tls_session_cache_database 11302is empty). This behavior is compatible with Postfix < 2.3. </p> 11303 11304<p> With Postfix 2.3 and later the Postfix SMTP server can disable 11305session id generation when TLS session caching is turned off. This 11306keeps clients from caching sessions that almost certainly cannot 11307be re-used. </p> 11308 11309<p> By default, the Postfix SMTP server always generates TLS session 11310ids. This works around a known defect in mail client applications 11311such as MS Outlook, and may also prevent interoperability issues 11312with other MTAs. </p> 11313 11314<p> Example: </p> 11315 11316<pre> 11317smtpd_tls_always_issue_session_ids = no 11318</pre> 11319 11320<p> This feature is available in Postfix 2.3 and later. </p> 11321 11322%PARAM smtp_pix_workarounds disable_esmtp, delay_dotcrlf 11323 11324<p> A list that specifies zero or more workarounds for CISCO PIX 11325firewall bugs. These workarounds are implemented by the Postfix 11326SMTP client. Workaround names are separated by comma or space, and 11327are case insensitive. This parameter setting can be overruled with 11328per-destination smtp_pix_workaround_maps settings. </p> 11329 11330<dl> 11331 11332<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending 11333".<CR><LF>" after the end of the message content. The 11334delay is subject to the smtp_pix_workaround_delay_time and 11335smtp_pix_workaround_threshold_time parameter settings. </dd> 11336 11337<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands: 11338send HELO instead of EHLO. </dd> 11339 11340</dl> 11341 11342<p> This feature is available in Postfix 2.4 and later. The default 11343settings are backwards compatible with earlier Postfix versions. 11344</p> 11345 11346%PARAM smtp_pix_workaround_maps 11347 11348<p> Lookup tables, indexed by the remote SMTP server address, with 11349per-destination workarounds for CISCO PIX firewall bugs. The table 11350is not indexed by hostname for consistency with 11351smtp_discard_ehlo_keyword_address_maps. </p> 11352 11353<p> This feature is available in Postfix 2.4 and later. </p> 11354 11355%PARAM lmtp_pix_workarounds 11356 11357<p> The LMTP-specific version of the smtp_pix_workaround 11358configuration parameter. See there for details. </p> 11359 11360<p> This feature is available in Postfix 2.4 and later. </p> 11361 11362%PARAM smtp_tls_fingerprint_digest md5 11363 11364<p> The message digest algorithm used to construct remote SMTP server 11365certificate fingerprints. At the "fingerprint" TLS security level 11366(<b>smtp_tls_security_level</b> = fingerprint), the server certificate is 11367verified by directly matching its <i>fingerprint</i>. The fingerprint 11368is the message digest of the server certificate using the selected 11369algorithm. With a digest algorithm resistant to "second pre-image" 11370attacks, it is not feasible to create a new public key and a matching 11371certificate that has the same fingerprint. </p> 11372 11373<p> The default algorithm is <b>md5</b>; this is consistent with 11374the backwards compatible setting of the digest used to verify client 11375certificates in the SMTP server. </p> 11376 11377<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash 11378function cryptanalysis have led to md5 being deprecated in favor of sha1. 11379However, as long as there are no known "second pre-image" attacks 11380against md5, its use in this context can still be considered safe. 11381</p> 11382 11383<p> While additional digest algorithms are often available with OpenSSL's 11384libcrypto, only those used by libssl in SSL cipher suites are available to 11385Postfix. For now this means just md5 or sha1. </p> 11386 11387<p> To find the fingerprint of a specific certificate file, with a 11388specific digest algorithm, run: 11389</p> 11390 11391<blockquote> 11392<pre> 11393$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 11394</pre> 11395</blockquote> 11396 11397<p> The text to the right of "=" sign is the desired fingerprint. 11398For example: </p> 11399 11400<blockquote> 11401<pre> 11402$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 11403SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 11404</pre> 11405</blockquote> 11406 11407<p> This feature is available in Postfix 2.5 and later. </p> 11408 11409%PARAM smtp_tls_fingerprint_cert_match 11410 11411<p> List of acceptable remote SMTP server certificate fingerprints 11412for the "fingerprint" TLS security level (<b>smtp_tls_security_level</b> = 11413fingerprint). At this security level, certificate authorities are 11414not used, and certificate expiration times are ignored. Instead, 11415server certificates are verified directly via their "fingerprint". The 11416fingerprint is a message digest of the server certificate. The digest 11417algorithm is selected via the <b>smtp_tls_fingerprint_digest</b> 11418parameter. </p> 11419 11420<p> When an <b>smtp_tls_policy_maps</b> table entry specifies the 11421"fingerprint" security level, any "match" attributes in that entry specify 11422the list of valid fingerprints for the corresponding destination. Multiple 11423fingerprints can be combined with a "|" delimiter in a single match 11424attribute, or multiple match attributes can be employed. </p> 11425 11426<p> Example: Certificate fingerprint verification with internal mailhub. 11427Two matching fingerprints are listed. The relayhost may be multiple 11428physical hosts behind a load-balancer, each with its own private/public 11429key and self-signed certificate. Alternatively, a single relayhost may 11430be in the process of switching from one set of private/public keys to 11431another, and both keys are trusted just prior to the transition. </p> 11432 11433<blockquote> 11434<pre> 11435relayhost = [mailhub.example.com] 11436smtp_tls_security_level = fingerprint 11437smtp_tls_fingerprint_digest = md5 11438smtp_tls_fingerprint_cert_match = 11439 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11440 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11441</pre> 11442</blockquote> 11443 11444<p> Example: Certificate fingerprint verification with selected destinations. 11445As in the example above, we show two matching fingerprints: </p> 11446 11447<blockquote> 11448<pre> 11449/etc/postfix/main.cf: 11450 smtp_tls_policy_maps = hash:/etc/postfix/tls_policy 11451 smtp_tls_fingerprint_digest = md5 11452</pre> 11453</blockquote> 11454 11455<blockquote> 11456<pre> 11457/etc/postfix/tls_policy: 11458 example.com fingerprint 11459 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11460 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11461</pre> 11462</blockquote> 11463 11464<p> This feature is available in Postfix 2.5 and later. </p> 11465 11466%PARAM lmtp_tls_fingerprint_cert_match 11467 11468<p> The LMTP-specific version of the smtp_tls_fingerprint_cert_match 11469configuration parameter. See there for details. </p> 11470 11471<p> This feature is available in Postfix 2.5 and later. </p> 11472 11473%PARAM lmtp_tls_fingerprint_digest md5 11474 11475<p> The LMTP-specific version of the smtp_tls_fingerprint_digest 11476configuration parameter. See there for details. </p> 11477 11478<p> This feature is available in Postfix 2.5 and later. </p> 11479 11480%PARAM smtpd_tls_fingerprint_digest md5 11481 11482<p> The message digest algorithm used to construct client-certificate 11483fingerprints for <b>check_ccert_access</b> and 11484<b>permit_tls_clientcerts</b>. The default algorithm is <b>md5</b>, 11485for backwards compatibility with Postfix releases prior to 2.5. 11486</p> 11487 11488<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash 11489function cryptanalysis have led to md5 being deprecated in favor of sha1. 11490However, as long as there are no known "second pre-image" attacks 11491against md5, its use in this context can still be considered safe. 11492</p> 11493 11494<p> While additional digest algorithms are often available with OpenSSL's 11495libcrypto, only those used by libssl in SSL cipher suites are available to 11496Postfix. For now this means just md5 or sha1. </p> 11497 11498<p> To find the fingerprint of a specific certificate file, with a 11499specific digest algorithm, run: </p> 11500 11501<blockquote> 11502<pre> 11503$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 11504</pre> 11505</blockquote> 11506 11507<p> The text to the right of "=" sign is the desired fingerprint. 11508For example: </p> 11509 11510<blockquote> 11511<pre> 11512$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 11513SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 11514</pre> 11515</blockquote> 11516 11517<p> Example: client-certificate access table, with sha1 fingerprints: </p> 11518 11519<blockquote> 11520<pre> 11521/etc/postfix/main.cf: 11522 smtpd_tls_fingerprint_digest = sha1 11523 smtpd_client_restrictions = 11524 check_ccert_access hash:/etc/postfix/access, 11525 reject 11526</pre> 11527<pre> 11528/etc/postfix/access: 11529 # Action folded to next line... 11530 AF:88:7C:AD:51:95:6F:36:96:F6:01:FB:2E:48:CD:AB:49:25:A2:3B 11531 OK 11532 85:16:78:FD:73:6E:CE:70:E0:31:5F:0D:3C:C8:6D:C4:2C:24:59:E1 11533 permit_auth_destination 11534</pre> 11535</blockquote> 11536 11537<p> This feature is available in Postfix 2.5 and later. </p> 11538 11539%PARAM lmtp_pix_workaround_maps 11540 11541<p> The LMTP-specific version of the smtp_pix_workaround_maps 11542configuration parameter. See there for details. </p> 11543 11544<p> This feature is available in Postfix 2.4 and later. </p> 11545 11546%PARAM detect_8bit_encoding_header yes 11547 11548<p> Automatically detect 8BITMIME body content by looking at 11549Content-Transfer-Encoding: message headers; historically, this 11550behavior was hard-coded to be "always on". </p> 11551 11552<p> This feature is available in Postfix 2.5 and later. </p> 11553 11554%PARAM send_cyrus_sasl_authzid no 11555 11556<p> When authenticating to a remote SMTP or LMTP server with the 11557default setting "no", send no SASL authoriZation ID (authzid); send 11558only the SASL authentiCation ID (authcid) plus the authcid's password. 11559</p> 11560 11561<p> The non-default setting "yes" enables the behavior of older 11562Postfix versions. These always send a SASL authzid that is equal 11563to the SASL authcid, but this causes inter-operability problems 11564with some SMTP servers. </p> 11565 11566<p> This feature is available in Postfix 2.4.4 and later. </p> 11567 11568%PARAM smtpd_client_port_logging no 11569 11570<p> Enable logging of the remote SMTP client port in addition to 11571the hostname and IP address. The logging format is "host[address]:port". 11572</p> 11573 11574<p> This feature is available in Postfix 2.5 and later. </p> 11575 11576%PARAM qmqpd_client_port_logging no 11577 11578<p> Enable logging of the remote QMQP client port in addition to 11579the hostname and IP address. The logging format is "host[address]:port". 11580</p> 11581 11582<p> This feature is available in Postfix 2.5 and later. </p> 11583 11584%PARAM smtp_tls_protocols !SSLv2 11585 11586<p> List of TLS protocols that the Postfix SMTP client will exclude or 11587include with opportunistic TLS encryption. Starting with Postfix 2.6, 11588the Postfix SMTP client will by default not use the obsolete SSLv2 11589protocol. </p> 11590 11591<p> In main.cf the values are separated by whitespace, commas or 11592colons. In the policy table (see smtp_tls_policy_maps) the only valid 11593separator is colon. An empty value means allow all protocols. The valid 11594protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" 11595and "TLSv1". </p> 11596 11597<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11598and "TLSv1.2". If an older Postfix version is linked against OpenSSL 115991.0.1 or later, these, or any other new protocol versions, are 11600unconditionally enabled. </p> 11601 11602<p> To include a protocol list its name, to exclude it, prefix the name 11603with a "!" character. To exclude SSLv2 even for opportunistic TLS set 11604"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 11605"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to 11606include, rather than protocols to exclude, is supported, but not 11607recommended. The exclusion form more closely matches the behaviour 11608when the OpenSSL library is newer than Postfix. </p> 11609 11610<p> Example: </p> 11611<pre> 11612# TLSv1 only! 11613smtp_tls_protocols = !SSLv2, !SSLv3 11614</pre> 11615 11616<p> This feature is available in Postfix 2.6 and later. </p> 11617 11618%PARAM smtpd_tls_protocols 11619 11620<p> List of TLS protocols that the Postfix SMTP server will exclude 11621or include with opportunistic TLS encryption. This parameter SHOULD be 11622left at its default empty value, allowing all protocols to be used with 11623opportunistic TLS. </p> 11624 11625<p> In main.cf the values are separated by whitespace, commas or 11626colons. An empty value means allow all protocols. The valid protocol 11627names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and 11628"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute 11629values are separated by a colon. </p> 11630 11631<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11632and "TLSv1.2". If an older Postfix version is linked against OpenSSL 116331.0.1 or later, these, or any other new protocol versions, are 11634unconditionally enabled. </p> 11635 11636<p> To include a protocol list its name, to exclude it, prefix the name 11637with a "!" character. To exclude SSLv2 even for opportunistic TLS set 11638"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 11639"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to 11640include, rather than protocols to exclude, is supported, but not 11641recommended. The exclusion form more closely matches the behaviour 11642when the OpenSSL library is newer than Postfix. </p> 11643 11644<p> Example: </p> 11645<pre> 11646smtpd_tls_protocols = !SSLv2 11647</pre> 11648 11649<p> This feature is available in Postfix 2.6 and later. </p> 11650 11651%PARAM lmtp_tls_protocols 11652 11653<p> The LMTP-specific version of the smtp_tls_protocols configuration 11654parameter. See there for details. </p> 11655 11656<p> This feature is available in Postfix 2.6 and later. </p> 11657 11658%PARAM smtp_tls_ciphers export 11659 11660<p> The minimum TLS cipher grade that the Postfix SMTP client 11661will use with opportunistic TLS encryption. Cipher types listed in 11662smtp_tls_exclude_ciphers are excluded from the base definition of 11663the selected cipher grade. The default value "export" ensures maximum 11664inter-operability. Because encryption is optional, stronger controls 11665are not appropriate, and this setting SHOULD NOT be changed unless the 11666change is essential. </p> 11667 11668<p> When TLS is mandatory the cipher grade is chosen via the 11669smtp_tls_mandatory_ciphers configuration parameter, see there for syntax 11670details. See smtp_tls_policy_maps for information on how to configure 11671ciphers on a per-destination basis. </p> 11672 11673<p> Example: </p> 11674<pre> 11675smtp_tls_ciphers = export 11676</pre> 11677 11678<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 11679releases only the smtp_tls_mandatory_ciphers parameter is implemented, 11680and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 11681 11682%PARAM smtpd_tls_ciphers export 11683 11684<p> The minimum TLS cipher grade that the Postfix SMTP server 11685will use with opportunistic TLS encryption. Cipher types listed in 11686smtpd_tls_exclude_ciphers are excluded from the base definition of 11687the selected cipher grade. The default value "export" ensures maximum 11688inter-operability. Because encryption is optional, stronger controls 11689are not appropriate, and this setting SHOULD NOT be changed unless the 11690change is essential. </p> 11691 11692<p> When TLS is mandatory the cipher grade is chosen via the 11693smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax 11694details. </p> 11695 11696<p> Example: </p> 11697<pre> 11698smtpd_tls_ciphers = export 11699</pre> 11700 11701<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 11702releases only the smtpd_tls_mandatory_ciphers parameter is implemented, 11703and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 11704 11705%PARAM lmtp_tls_ciphers export 11706 11707<p> The LMTP-specific version of the smtp_tls_ciphers configuration 11708parameter. See there for details. </p> 11709 11710<p> This feature is available in Postfix 2.6 and later. </p> 11711 11712%PARAM tls_eecdh_strong_curve prime256v1 11713 11714<p> The elliptic curve used by the SMTP server for sensibly strong 11715ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 11716server when "smtpd_tls_eecdh_grade = strong". The phrase "sensibly 11717strong" means approximately 128-bit security based on best known 11718attacks. The selected curve must be implemented by OpenSSL (as 11719reported by ecparam(1) with the "-list_curves" option) and be one 11720of the curves listed in Section 5.1.1 of RFC 4492. You should not 11721generally change this setting. </p> 11722 11723<p> This default curve is specified in NSA "Suite B" Cryptography 11724(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for 11725information classified as SECRET. </p> 11726 11727<p> Note: elliptic curve names are poorly standardized; different 11728standards groups are assigning different names to the same underlying 11729curves. The curve with the X9.62 name "prime256v1" is also known 11730under the SECG name "secp256r1", but OpenSSL does not recognize the 11731latter name. </p> 11732 11733<p> This feature is available in Postfix 2.6 and later, when it is 11734compiled and linked with OpenSSL 1.0.0 or later. </p> 11735 11736%PARAM tls_eecdh_ultra_curve secp384r1 11737 11738<p> The elliptic curve used by the SMTP server for maximally strong 11739ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 11740server when "smtpd_tls_eecdh_grade = ultra". The phrase "maximally 11741strong" means approximately 192-bit security based on best known attacks. 11742This additional strength comes at a significant computational cost, most 11743users should instead set "smtpd_tls_eecdh_grade = strong". The selected 11744curve must be implemented by OpenSSL (as reported by ecparam(1) with the 11745"-list_curves" option) and be one of the curves listed in Section 5.1.1 11746of RFC 4492. You should not generally change this setting. </p> 11747 11748<p> This default "ultra" curve is specified in NSA "Suite B" Cryptography 11749(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for information 11750classified as TOP SECRET. </p> 11751 11752<p> This feature is available in Postfix 2.6 and later, when it is 11753compiled and linked with OpenSSL 1.0.0 or later. </p> 11754 11755%PARAM smtpd_tls_eecdh_grade see "postconf -d" output 11756 11757<p> The Postfix SMTP server security grade for ephemeral elliptic-curve 11758Diffie-Hellman (EECDH) key exchange. </p> 11759 11760<p> The available choices are: </p> 11761 11762<dl> 11763 11764<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key 11765exchange will be disabled. This is the default in Postfix versions 117662.6 and 2.7. </dd> 11767 11768<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128 11769bits of security at a reasonable computational cost. This is the 11770current best-practice trade-off between security and computational 11771efficiency. This is the default in Postfix version 2.8 and later. 11772</dd> 11773 11774<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of 11775security at computational cost that is approximately twice as high 11776as 128 bit strength ECC. Barring significant progress in attacks on 11777elliptic curve crypto-systems, the "strong" curve is sufficient for most 11778users. </dd> 11779 11780</dl> 11781 11782<p> This feature is available in Postfix 2.6 and later, when it is 11783compiled and linked with OpenSSL 1.0.0 or later. </p> 11784 11785%PARAM smtpd_tls_eccert_file 11786 11787<p> File with the Postfix SMTP server ECDSA certificate in PEM format. 11788This file may also contain the Postfix SMTP server private ECDSA key. </p> 11789 11790<p> See the discussion under smtpd_tls_cert_file for more details. </p> 11791 11792<p> Example: </p> 11793 11794<pre> 11795smtpd_tls_eccert_file = /etc/postfix/ecdsa-scert.pem 11796</pre> 11797 11798<p> This feature is available in Postfix 2.6 and later, when Postfix is 11799compiled and linked with OpenSSL 1.0.0 or later. </p> 11800 11801%PARAM smtpd_tls_eckey_file $smtpd_tls_eccert_file 11802 11803<p> File with the Postfix SMTP server ECDSA private key in PEM format. 11804This file may be combined with the Postfix SMTP server ECDSA certificate 11805file specified with $smtpd_tls_eccert_file. </p> 11806 11807<p> The private key must be accessible without a pass-phrase, i.e. it 11808must not be encrypted. File permissions should grant read-only 11809access to the system superuser account ("root"), and no access 11810to anyone else. </p> 11811 11812<p> This feature is available in Postfix 2.6 and later, when Postfix is 11813compiled and linked with OpenSSL 1.0.0 or later. </p> 11814 11815%PARAM smtp_tls_eccert_file 11816 11817<p> File with the Postfix SMTP client ECDSA certificate in PEM format. 11818This file may also contain the Postfix SMTP client ECDSA private key. </p> 11819 11820<p> See the discussion under smtp_tls_cert_file for more details. 11821</p> 11822 11823<p> Example: </p> 11824 11825<pre> 11826smtp_tls_eccert_file = /etc/postfix/ecdsa-ccert.pem 11827</pre> 11828 11829<p> This feature is available in Postfix 2.6 and later, when Postfix is 11830compiled and linked with OpenSSL 1.0.0 or later. </p> 11831 11832%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file 11833 11834<p> File with the Postfix SMTP client ECDSA private key in PEM format. 11835This file may be combined with the Postfix SMTP client ECDSA 11836certificate file specified with $smtp_tls_eccert_file. </p> 11837 11838<p> The private key must be accessible without a pass-phrase, i.e. it 11839must not be encrypted. File permissions should grant read-only 11840access to the system superuser account ("root"), and no access 11841to anyone else. </p> 11842 11843<p> This feature is available in Postfix 2.6 and later, when Postfix is 11844compiled and linked with OpenSSL 1.0.0 or later. </p> 11845 11846%PARAM lmtp_tls_eccert_file 11847 11848<p> The LMTP-specific version of the smtp_tls_eccert_file configuration 11849parameter. See there for details. </p> 11850 11851<p> This feature is available in Postfix 2.6 and later, when Postfix is 11852compiled and linked with OpenSSL 1.0.0 or later. </p> 11853 11854%PARAM lmtp_tls_eckey_file 11855 11856<p> The LMTP-specific version of the smtp_tls_eckey_file configuration 11857parameter. See there for details. </p> 11858 11859<p> This feature is available in Postfix 2.6 and later, when Postfix is 11860compiled and linked with OpenSSL 1.0.0 or later. </p> 11861 11862%PARAM smtp_header_checks 11863 11864<p> Restricted header_checks(5) tables for the Postfix SMTP client. 11865These tables are searched while mail is being delivered. Actions 11866that change the delivery time or destination are not available. 11867</p> 11868 11869<p> This feature is available in Postfix 2.5 and later. </p> 11870 11871%PARAM smtp_mime_header_checks 11872 11873<p> Restricted mime_header_checks(5) tables for the Postfix SMTP 11874client. These tables are searched while mail is being delivered. 11875Actions that change the delivery time or destination are not 11876available. </p> 11877 11878<p> This feature is available in Postfix 2.5 and later. </p> 11879 11880%PARAM smtp_nested_header_checks 11881 11882<p> Restricted nested_header_checks(5) tables for the Postfix SMTP 11883client. These tables are searched while mail is being delivered. 11884Actions that change the delivery time or destination are not 11885available. </p> 11886 11887<p> This feature is available in Postfix 2.5 and later. </p> 11888 11889%PARAM smtp_body_checks 11890 11891<p> Restricted body_checks(5) tables for the Postfix SMTP client. 11892These tables are searched while mail is being delivered. Actions 11893that change the delivery time or destination are not available. 11894</p> 11895 11896<p> This feature is available in Postfix 2.5 and later. </p> 11897 11898%PARAM destination_concurrency_feedback_debug no 11899 11900<p> Make the queue manager's feedback algorithm verbose for performance 11901analysis purposes. </p> 11902 11903<p> This feature is available in Postfix 2.5 and later. </p> 11904 11905%PARAM default_destination_concurrency_failed_cohort_limit 1 11906 11907<p> How many pseudo-cohorts must suffer connection or handshake 11908failure before a specific destination is considered unavailable 11909(and further delivery is suspended). Specify zero to disable this 11910feature. A destination's pseudo-cohort failure count is reset each 11911time a delivery completes without connection or handshake failure 11912for that specific destination. </p> 11913 11914<p> A pseudo-cohort is the number of deliveries equal to a destination's 11915delivery concurrency. </p> 11916 11917<p> Use <i>transport</i>_destination_concurrency_failed_cohort_limit to specify 11918a transport-specific override, where <i>transport</i> is the master.cf 11919name of the message delivery transport. </p> 11920 11921<p> This feature is available in Postfix 2.5. The default setting 11922is compatible with earlier Postfix versions. </p> 11923 11924%PARAM default_destination_concurrency_negative_feedback 1 11925 11926<p> The per-destination amount of delivery concurrency negative 11927feedback, after a delivery completes with a connection or handshake 11928failure. Feedback values are in the range 0..1 inclusive. With 11929negative feedback, concurrency is decremented at the beginning of 11930a sequence of length 1/feedback. This is unlike positive feedback, 11931where concurrency is incremented at the end of a sequence of length 119321/feedback. </p> 11933 11934<p> As of Postfix version 2.5, negative feedback cannot reduce 11935delivery concurrency to zero. Instead, a destination is marked 11936dead (further delivery suspended) after the failed pseudo-cohort 11937count reaches $default_destination_concurrency_failed_cohort_limit 11938(or $<i>transport</i>_destination_concurrency_failed_cohort_limit). 11939To make the scheduler completely immune to connection or handshake 11940failures, specify a zero feedback value and a zero failed pseudo-cohort 11941limit. </p> 11942 11943<p> Specify one of the following forms: </p> 11944 11945<dl> 11946 11947<dt> <b><i>number</i> </b> </dt> 11948 11949<dt> <b><i>number</i> / <i>number</i> </b> </dt> 11950 11951<dd> Constant feedback. The value must be in the range 0..1 inclusive. 11952The default setting of "1" is compatible with Postfix versions 11953before 2.5, where a destination's delivery concurrency is throttled 11954down to zero (and further delivery suspended) after a single failed 11955pseudo-cohort. </dd> 11956 11957<dt> <b><i>number</i> / concurrency </b> </dt> 11958 11959<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 11960The <i>number</i> must be in the range 0..1 inclusive. With 11961<i>number</i> equal to "1", a destination's delivery concurrency 11962is decremented by 1 after each failed pseudo-cohort. </dd> 11963 11964<!-- 11965 11966<dt> <b><i>number</i> / sqrt_concurrency </b> </dt> 11967 11968<dd> Variable feedback of "<i>number</i> / sqrt(delivery concurrency)". 11969The <i>number</i> must be in the range 0..1 inclusive. This setting 11970may be removed in a future version. </dd> 11971 11972--> 11973 11974</dl> 11975 11976<p> A pseudo-cohort is the number of deliveries equal to a destination's 11977delivery concurrency. </p> 11978 11979<p> Use <i>transport</i>_destination_concurrency_negative_feedback 11980to specify a transport-specific override, where <i>transport</i> 11981is the master.cf 11982name of the message delivery transport. </p> 11983 11984<p> This feature is available in Postfix 2.5. The default setting 11985is compatible with earlier Postfix versions. </p> 11986 11987%PARAM default_destination_concurrency_positive_feedback 1 11988 11989<p> The per-destination amount of delivery concurrency positive 11990feedback, after a delivery completes without connection or handshake 11991failure. Feedback values are in the range 0..1 inclusive. The 11992concurrency increases until it reaches the per-destination maximal 11993concurrency limit. With positive feedback, concurrency is incremented 11994at the end of a sequence with length 1/feedback. This is unlike 11995negative feedback, where concurrency is decremented at the start 11996of a sequence of length 1/feedback. </p> 11997 11998<p> Specify one of the following forms: </p> 11999 12000<dl> 12001 12002<dt> <b><i>number</i> </b> </dt> 12003 12004<dt> <b><i>number</i> / <i>number</i> </b> </dt> 12005 12006<dd> Constant feedback. The value must be in the range 0..1 12007inclusive. The default setting of "1" is compatible with Postfix 12008versions before 2.5, where a destination's delivery concurrency 12009doubles after each successful pseudo-cohort. </dd> 12010 12011<dt> <b><i>number</i> / concurrency </b> </dt> 12012 12013<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 12014The <i>number</i> must be in the range 0..1 inclusive. With 12015<i>number</i> equal to "1", a destination's delivery concurrency 12016is incremented by 1 after each successful pseudo-cohort. </dd> 12017 12018<!-- 12019 12020<dt> <b><i>number</i> / sqrt_concurrency </b> </dt> 12021 12022<dd> Variable feedback of "<i>number</i> / sqrt(delivery concurrency)". 12023The <i>number</i> must be in the range 0..1 inclusive. This setting 12024may be removed in a future version. </dd> 12025 12026--> 12027 12028</dl> 12029 12030<p> A pseudo-cohort is the number of deliveries equal to a destination's 12031delivery concurrency. </p> 12032 12033<p> Use <i>transport</i>_destination_concurrency_positive_feedback 12034to specify a transport-specific override, where <i>transport</i> 12035is the master.cf name of the message delivery transport. </p> 12036 12037<p> This feature is available in Postfix 2.5 and later. </p> 12038 12039%PARAM transport_destination_concurrency_failed_cohort_limit $default_destination_concurrency_failed_cohort_limit 12040 12041<p> A transport-specific override for the 12042default_destination_concurrency_failed_cohort_limit parameter value, 12043where <i>transport</i> is the master.cf name of the message delivery 12044transport. </p> 12045 12046<p> This feature is available in Postfix 2.5 and later. </p> 12047 12048%PARAM transport_destination_concurrency_positive_feedback $default_destination_concurrency_positive_feedback 12049 12050<p> A transport-specific override for the 12051default_destination_concurrency_positive_feedback parameter value, 12052where <i>transport</i> is the master.cf name of the message delivery 12053transport. </p> 12054 12055<p> This feature is available in Postfix 2.5 and later. </p> 12056 12057%PARAM transport_destination_concurrency_negative_feedback $default_destination_concurrency_negative_feedback 12058 12059<p> A transport-specific override for the 12060default_destination_concurrency_negative_feedback parameter value, 12061where <i>transport</i> is the master.cf name of the message delivery 12062transport. </p> 12063 12064<p> This feature is available in Postfix 2.5 and later. </p> 12065 12066%PARAM transport_initial_destination_concurrency $initial_destination_concurrency 12067 12068<p> A transport-specific override for the initial_destination_concurrency 12069parameter value, where <i>transport</i> is the master.cf name of 12070the message delivery transport. </p> 12071 12072<p> This feature is available in Postfix 2.5 and later. </p> 12073 12074%PARAM transport_destination_concurrency_limit $default_destination_concurrency_limit 12075 12076<p> A transport-specific override for the 12077default_destination_concurrency_limit parameter value, where 12078<i>transport</i> is the master.cf name of the message delivery 12079transport. </p> 12080 12081%PARAM transport_destination_recipient_limit $default_destination_recipient_limit 12082 12083<p> A transport-specific override for the 12084default_destination_recipient_limit parameter value, where 12085<i>transport</i> is the master.cf name of the message delivery 12086transport. </p> 12087 12088%PARAM transport_time_limit $command_time_limit 12089 12090<p> A transport-specific override for the command_time_limit parameter 12091value, where <i>transport</i> is the master.cf name of the message 12092delivery transport. </p> 12093 12094%PARAM transport_delivery_slot_cost $default_delivery_slot_cost 12095 12096<p> A transport-specific override for the default_delivery_slot_cost 12097parameter value, where <i>transport</i> is the master.cf name of 12098the message delivery transport. </p> 12099 12100%PARAM transport_delivery_slot_loan $default_delivery_slot_loan 12101 12102<p> A transport-specific override for the default_delivery_slot_loan 12103parameter value, where <i>transport</i> is the master.cf name of 12104the message delivery transport. </p> 12105 12106%PARAM transport_delivery_slot_discount $default_delivery_slot_discount 12107 12108<p> A transport-specific override for the default_delivery_slot_discount 12109parameter value, where <i>transport</i> is the master.cf name of 12110the message delivery transport. </p> 12111 12112%PARAM transport_minimum_delivery_slots $default_minimum_delivery_slots 12113 12114<p> A transport-specific override for the default_minimum_delivery_slots 12115parameter value, where <i>transport</i> is the master.cf name of 12116the message delivery transport. </p> 12117 12118%PARAM transport_recipient_limit $default_recipient_limit 12119 12120<p> A transport-specific override for the default_recipient_limit 12121parameter value, where <i>transport</i> is the master.cf name of 12122the message delivery transport. </p> 12123 12124%PARAM transport_extra_recipient_limit $default_extra_recipient_limit 12125 12126<p> A transport-specific override for the default_extra_recipient_limit 12127parameter value, where <i>transport</i> is the master.cf name of 12128the message delivery transport. </p> 12129 12130%PARAM transport_recipient_refill_limit $default_recipient_refill_limit 12131 12132<p> A transport-specific override for the default_recipient_refill_limit 12133parameter value, where <i>transport</i> is the master.cf name of 12134the message delivery transport. </p> 12135 12136<p> This feature is available in Postfix 2.4 and later. </p> 12137 12138%PARAM transport_recipient_refill_delay $default_recipient_refill_delay 12139 12140<p> A transport-specific override for the default_recipient_refill_delay 12141parameter value, where <i>transport</i> is the master.cf name of 12142the message delivery transport. </p> 12143 12144<p> This feature is available in Postfix 2.4 and later. </p> 12145 12146%PARAM default_destination_rate_delay 0s 12147 12148<p> The default amount of delay that is inserted between individual 12149deliveries to the same destination; with per-destination recipient 12150limit > 1, a destination is a domain, otherwise it is a recipient. 12151</p> 12152 12153<p> To enable the delay, specify a non-zero time value (an integral 12154value plus an optional one-letter suffix that specifies the time 12155unit). </p> 12156 12157<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 12158(weeks). The default time unit is s (seconds). </p> 12159 12160<p> NOTE: the delay is enforced by the queue manager. The delay 12161timer state does not survive "<b>postfix reload</b>" or "<b>postfix 12162stop</b>". 12163</p> 12164 12165<p> Use <i>transport</i>_destination_rate_delay to specify a 12166transport-specific override, where <i>transport</i> is the master.cf 12167name of the message delivery transport. 12168</p> 12169 12170<p> NOTE: with a non-zero _destination_rate_delay, specify a 12171<i>transport</i>_destination_concurrency_failed_cohort_limit of 10 12172or more to prevent Postfix from deferring all mail for the same 12173destination after only one connection or handshake error. </p> 12174 12175<p> This feature is available in Postfix 2.5 and later. </p> 12176 12177%PARAM transport_destination_rate_delay $default_destination_rate_delay 12178 12179<p> A transport-specific override for the default_destination_rate_delay 12180parameter value, where <i>transport</i> is the master.cf name of 12181the message delivery transport. </p> 12182 12183<p> This feature is available in Postfix 2.5 and later. </p> 12184 12185%PARAM data_directory see "postconf -d" output 12186 12187<p> The directory with Postfix-writable data files (for example: 12188caches, pseudo-random numbers). This directory must be owned by 12189the mail_owner account, and must not be shared with non-Postfix 12190software. </p> 12191 12192<p> This feature is available in Postfix 2.5 and later. </p> 12193 12194%PARAM stress 12195 12196<p> This feature is documented in the STRESS_README document. </p> 12197 12198<p> This feature is available in Postfix 2.5 and later. </p> 12199 12200%PARAM smtp_sasl_auth_soft_bounce yes 12201 12202<p> When a remote SMTP server rejects a SASL authentication request 12203with a 535 reply code, defer mail delivery instead of returning 12204mail as undeliverable. The latter behavior was hard-coded prior to 12205Postfix version 2.5. </p> 12206 12207<p> Note: the setting "yes" overrides the global soft_bounce 12208parameter, but the setting "no" does not. </p> 12209 12210<p> Example: </p> 12211 12212<pre> 12213# Default as of Postfix 2.5 12214smtp_sasl_auth_soft_bounce = yes 12215# The old hard-coded default 12216smtp_sasl_auth_soft_bounce = no 12217</pre> 12218 12219<p> This feature is available in Postfix 2.5 and later. </p> 12220 12221%PARAM smtp_sasl_auth_cache_name 12222 12223<p> An optional table to prevent repeated SASL authentication 12224failures with the same remote SMTP server hostname, username and 12225password. Each table (key, value) pair contains a server name, a 12226username and password, and the full server response. This information 12227is stored when a remote SMTP server rejects an authentication attempt 12228with a 535 reply code. As long as the smtp_sasl_password_maps 12229information does no change, and as long as the smtp_sasl_auth_cache_name 12230information does not expire (see smtp_sasl_auth_cache_time) the 12231Postfix SMTP client avoids SASL authentication attempts with the 12232same server, username and password, and instead bounces or defers 12233mail as controlled with the smtp_sasl_auth_soft_bounce configuration 12234parameter. </p> 12235 12236<p> Use a per-destination delivery concurrency of 1 (for example, 12237"smtp_destination_concurrency_limit = 1", 12238"relay_destination_concurrency_limit = 1", etc.), otherwise multiple 12239delivery agents may experience a login failure at the same time. 12240</p> 12241 12242<p> The table must be accessed via the proxywrite service, i.e. the 12243map name must start with "proxy:". The table should be stored under 12244the directory specified with the data_directory parameter. </p> 12245 12246<p> This feature uses cryptographic hashing to protect plain-text 12247passwords, and requires that Postfix is compiled with TLS support. 12248</p> 12249 12250<p> Example: </p> 12251 12252<pre> 12253smtp_sasl_auth_cache_name = proxy:btree:/var/db/postfix/sasl_auth_cache 12254</pre> 12255 12256<p> This feature is available in Postfix 2.5 and later. </p> 12257 12258%PARAM smtp_sasl_auth_cache_time 90d 12259 12260<p> The maximal age of an smtp_sasl_auth_cache_name entry before it 12261is removed. </p> 12262 12263<p> This feature is available in Postfix 2.5 and later. </p> 12264 12265%PARAM lmtp_sasl_auth_soft_bounce yes 12266 12267<p> The LMTP-specific version of the smtp_sasl_auth_soft_bounce 12268configuration parameter. See there for details. </p> 12269 12270<p> This feature is available in Postfix 2.5 and later. </p> 12271 12272%PARAM lmtp_sasl_auth_cache_name 12273 12274<p> The LMTP-specific version of the smtp_sasl_auth_cache_name 12275configuration parameter. See there for details. </p> 12276 12277<p> This feature is available in Postfix 2.5 and later. </p> 12278 12279%PARAM lmtp_sasl_auth_cache_time 90d 12280 12281<p> The LMTP-specific version of the smtp_sasl_auth_cache_time 12282configuration parameter. See there for details. </p> 12283 12284<p> This feature is available in Postfix 2.5 and later. </p> 12285 12286%PARAM unverified_sender_reject_reason 12287 12288<p> The Postfix SMTP server's reply when rejecting mail with 12289reject_unverified_sender. Do not include the numeric SMTP reply 12290code or the enhanced status code. By default, the response includes 12291actual address verification details. 12292 12293<p> Example: </p> 12294 12295<pre> 12296unverified_sender_reject_reason = Sender address lookup failed 12297</pre> 12298 12299<p> This feature is available in Postfix 2.6 and later. </p> 12300 12301%PARAM unverified_recipient_reject_reason 12302 12303<p> The Postfix SMTP server's reply when rejecting mail with 12304reject_unverified_recipient. Do not include the numeric SMTP reply 12305code or the enhanced status code. By default, the response includes 12306actual address verification details. 12307 12308<p> Example: </p> 12309 12310<pre> 12311unverified_recipient_reject_reason = Recipient address lookup failed 12312</pre> 12313 12314<p> This feature is available in Postfix 2.6 and later. </p> 12315 12316%PARAM strict_mailbox_ownership yes 12317 12318<p> Defer delivery when a mailbox file is not owned by its recipient. 12319The default setting is not backwards compatible. </p> 12320 12321<p> This feature is available in Postfix 2.5.3 and later. </p> 12322 12323%PARAM proxymap_service_name proxymap 12324 12325<p> The name of the proxymap read-only table lookup service. This 12326service is normally implemented by the proxymap(8) daemon. </p> 12327 12328<p> This feature is available in Postfix 2.6 and later. </p> 12329 12330%PARAM proxywrite_service_name proxywrite 12331 12332<p> The name of the proxywrite read-write table lookup service. 12333This service is normally implemented by the proxymap(8) daemon. 12334</p> 12335 12336<p> This feature is available in Postfix 2.6 and later. </p> 12337 12338%PARAM master_service_disable 12339 12340<p> Selectively disable master(8) listener ports by service type 12341or by service name and type. Specify a list of service types 12342("inet", "unix", "fifo", or "pass") or "name.type" tuples, where 12343"name" is the first field of a master.cf entry and "type" is a 12344service type. As with other Postfix matchlists, a search stops at 12345the first match. Specify "!pattern" to exclude a service from the 12346list. By default, all master(8) listener ports are enabled. </p> 12347 12348<p> Note: this feature does not support "/file/name" or "type:table" 12349patterns, nor does it support wildcards such as "*" or "all". This 12350is intentional. </p> 12351 12352<p> Examples: </p> 12353 12354<pre> 12355# Turn on all master(8) listener ports (the default). 12356master_service_disable = 12357# Turn off only the main SMTP listener port. 12358master_service_disable = smtp.inet 12359# Turn off all TCP/IP listener ports. 12360master_service_disable = inet 12361# Turn off all TCP/IP listener ports except "foo". 12362master_service_disable = !foo.inet, inet 12363</pre> 12364 12365<p> This feature is available in Postfix 2.6 and later. </p> 12366 12367%PARAM tcp_windowsize 0 12368 12369<p> An optional workaround for routers that break TCP window scaling. 12370Specify a value > 0 and < 65536 to enable this feature. With 12371Postfix TCP servers (smtpd(8), qmqpd(8)), this feature is implemented 12372by the Postfix master(8) daemon. </p> 12373 12374<p> To change this parameter without stopping Postfix, you need to 12375first terminate all Postfix TCP servers: </p> 12376 12377<blockquote> 12378<pre> 12379# postconf -e master_service_disable=inet 12380# postfix reload 12381</pre> 12382</blockquote> 12383 12384<p> This immediately terminates all processes that accept network 12385connections. Next, you enable Postfix TCP servers with the updated 12386tcp_windowsize setting: </p> 12387 12388<blockquote> 12389<pre> 12390# postconf -e tcp_windowsize=65535 master_service_disable= 12391# postfix reload 12392</pre> 12393</blockquote> 12394 12395<p> If you skip these steps with a running Postfix system, then the 12396tcp_windowsize change will work only for Postfix TCP clients (smtp(8), 12397lmtp(8)). </p> 12398 12399<p> This feature is available in Postfix 2.6 and later. </p> 12400 12401%PARAM multi_instance_directories 12402 12403<p> An optional list of non-default Postfix configuration directories; 12404these directories belong to additional Postfix instances that share 12405the Postfix executable files and documentation with the default 12406Postfix instance, and that are started, stopped, etc., together 12407with the default Postfix instance. Specify a list of pathnames 12408separated by comma or whitespace. </p> 12409 12410<p> When $multi_instance_directories is empty, the postfix(1) command 12411runs in single-instance mode and operates on a single Postfix 12412instance only. Otherwise, the postfix(1) command runs in multi-instance 12413mode and invokes the multi-instance manager specified with the 12414multi_instance_wrapper parameter. The multi-instance manager in 12415turn executes postfix(1) commands for the default instance and for 12416all Postfix instances in $multi_instance_directories. </p> 12417 12418<p> Currently, this parameter setting is ignored except for the 12419default main.cf file. </p> 12420 12421<p> This feature is available in Postfix 2.6 and later. </p> 12422 12423%PARAM multi_instance_wrapper 12424 12425<p> The pathname of a multi-instance manager command that the 12426postfix(1) command invokes when the multi_instance_directories 12427parameter value is non-empty. The pathname may be followed by 12428initial command arguments separated by whitespace; shell 12429metacharacters such as quotes are not supported in this context. 12430</p> 12431 12432<p> The postfix(1) command invokes the manager command with the 12433postfix(1) non-option command arguments on the manager command line, 12434and with all installation configuration parameters exported into 12435the manager command process environment. The manager command in 12436turn invokes the postfix(1) command for individual Postfix instances 12437as "postfix -c <i>config_directory</i> <i>command</i>". </p> 12438 12439<p> This feature is available in Postfix 2.6 and later. </p> 12440 12441%PARAM multi_instance_group 12442 12443<p> The optional instance group name of this Postfix instance. A 12444group identifies closely-related Postfix instances that the 12445multi-instance manager can start, stop, etc., as a unit. This 12446parameter is reserved for the multi-instance manager. </p> 12447 12448<p> This feature is available in Postfix 2.6 and later. </p> 12449 12450%PARAM multi_instance_name 12451 12452<p> The optional instance name of this Postfix instance. This name 12453becomes also the default value for the syslog_name parameter. </p> 12454 12455<p> This feature is available in Postfix 2.6 and later. </p> 12456 12457%PARAM multi_instance_enable no 12458 12459<p> Allow this Postfix instance to be started, stopped, etc., by a 12460multi-instance manager. By default, new instances are created in 12461a safe state that prevents them from being started inadvertently. 12462This parameter is reserved for the multi-instance manager. </p> 12463 12464<p> This feature is available in Postfix 2.6 and later. </p> 12465 12466%PARAM reject_tempfail_action defer_if_permit 12467 12468<p> The Postfix SMTP server's action when a reject-type restriction 12469fails due to a temporary error condition. Specify "defer" to defer 12470the remote SMTP client request immediately. With the default 12471"defer_if_permit" action, the Postfix SMTP server continues to look 12472for opportunities to reject mail, and defers the client request 12473only if it would otherwise be accepted. </p> 12474 12475<p> For finer control, see: unverified_recipient_tempfail_action, 12476unverified_sender_tempfail_action, unknown_address_tempfail_action, 12477and unknown_helo_hostname_tempfail_action. </p> 12478 12479<p> This feature is available in Postfix 2.6 and later. </p> 12480 12481%PARAM unverified_recipient_tempfail_action $reject_tempfail_action 12482 12483<p> The Postfix SMTP server's action when reject_unverified_recipient 12484fails due to a temporary error condition. Specify "defer" to defer 12485the remote SMTP client request immediately. With the default 12486"defer_if_permit" action, the Postfix SMTP server continues to look 12487for opportunities to reject mail, and defers the client request 12488only if it would otherwise be accepted. </p> 12489 12490<p> This feature is available in Postfix 2.6 and later. </p> 12491 12492%PARAM unverified_sender_tempfail_action $reject_tempfail_action 12493 12494<p> The Postfix SMTP server's action when reject_unverified_sender 12495fails due to a temporary error condition. Specify "defer" to defer 12496the remote SMTP client request immediately. With the default 12497"defer_if_permit" action, the Postfix SMTP server continues to look 12498for opportunities to reject mail, and defers the client request 12499only if it would otherwise be accepted. </p> 12500 12501<p> This feature is available in Postfix 2.6 and later. </p> 12502 12503%PARAM unknown_address_tempfail_action $reject_tempfail_action 12504 12505<p> The Postfix SMTP server's action when reject_unknown_sender_domain 12506or reject_unknown_recipient_domain fail due to a temporary error 12507condition. Specify "defer" to defer the remote SMTP client request 12508immediately. With the default "defer_if_permit" action, the Postfix 12509SMTP server continues to look for opportunities to reject mail, and 12510defers the client request only if it would otherwise be accepted. 12511</p> 12512 12513<p> This feature is available in Postfix 2.6 and later. </p> 12514 12515%PARAM unknown_helo_hostname_tempfail_action $reject_tempfail_action 12516 12517<p> The Postfix SMTP server's action when reject_unknown_helo_hostname 12518fails due to an temporary error condition. Specify "defer" to defer 12519the remote SMTP client request immediately. With the default 12520"defer_if_permit" action, the Postfix SMTP server continues to look 12521for opportunities to reject mail, and defers the client request 12522only if it would otherwise be accepted. </p> 12523 12524<p> This feature is available in Postfix 2.6 and later. </p> 12525 12526%PARAM postmulti_start_commands start 12527 12528<p> The postfix(1) commands that the postmulti(1) instance manager treats 12529as "start" commands. For these commands, disabled instances are "checked" 12530rather than "started", and failure to "start" a member instance of an 12531instance group will abort the start-up of later instances. </p> 12532 12533<p> This feature is available in Postfix 2.6 and later. </p> 12534 12535%PARAM postmulti_stop_commands see "postconf -d" output 12536 12537<p> The postfix(1) commands that the postmulti(1) instance manager treats 12538as "stop" commands. For these commands, disabled instances are skipped, 12539and enabled instances are processed in reverse order. </p> 12540 12541<p> This feature is available in Postfix 2.6 and later. </p> 12542 12543%PARAM postmulti_control_commands reload flush 12544 12545<p> The postfix(1) commands that the postmulti(1) instance manager 12546treats as "control" commands, that operate on running instances. For 12547these commands, disabled instances are skipped. </p> 12548 12549<p> This feature is available in Postfix 2.6 and later. </p> 12550 12551%PARAM lmtp_assume_final no 12552 12553<p> When an LMTP server announces no DSN support, assume that the 12554server performs final delivery, and send "delivered" delivery status 12555notifications instead of "relayed". The default setting is backwards 12556compatible to avoid the infinetisimal possibility of breaking 12557existing LMTP-based content filters. </p> 12558 12559%PARAM always_add_missing_headers no 12560 12561<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers 12562when not present. Postfix 2.6 and later add these headers only 12563when clients match the local_header_rewrite_clients parameter 12564setting. Earlier Postfix versions always add these headers; this 12565may break DKIM signatures that cover non-existent headers. </p> 12566 12567%PARAM lmtp_header_checks 12568 12569<p> The LMTP-specific version of the smtp_header_checks configuration 12570parameter. See there for details. </p> 12571 12572<p> This feature is available in Postfix 2.5 and later. </p> 12573 12574%PARAM lmtp_mime_header_checks 12575 12576<p> The LMTP-specific version of the smtp_mime_header_checks 12577configuration parameter. See there for details. </p> 12578 12579<p> This feature is available in Postfix 2.5 and later. </p> 12580 12581%PARAM lmtp_nested_header_checks 12582 12583<p> The LMTP-specific version of the smtp_nested_header_checks 12584configuration parameter. See there for details. </p> 12585 12586<p> This feature is available in Postfix 2.5 and later. </p> 12587 12588%PARAM lmtp_body_checks 12589 12590<p> The LMTP-specific version of the smtp_body_checks configuration 12591parameter. See there for details. </p> 12592 12593<p> This feature is available in Postfix 2.5 and later. </p> 12594 12595%PARAM milter_header_checks 12596 12597<p> Optional lookup tables for content inspection of message headers 12598that are produced by Milter applications. See the header_checks(5) 12599manual page available actions. Currently, PREPEND is not implemented. 12600</p> 12601 12602<p> The following example sends all mail that is marked as SPAM to 12603a spam handling machine. Note that matches are case-insensitive 12604by default. </p> 12605 12606<pre> 12607/etc/postfix/main.cf: 12608 milter_header_checks = pcre:/etc/postfix/milter_header_checks 12609</pre> 12610 12611<pre> 12612/etc/postfix/milter_header_checks: 12613 /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25 12614</pre> 12615 12616<p> The milter_header_checks mechanism could also be used for 12617whitelisting. For example it could be used to skip heavy content 12618inspection for DKIM-signed mail from known friendly domains. </p> 12619 12620<p> This feature is available in Postfix 2.7, and as an optional 12621patch for Postfix 2.6. </p> 12622 12623%PARAM postscreen_cache_map btree:$data_directory/postscreen_cache 12624 12625<p> Persistent storage for the postscreen(8) server decisions. </p> 12626 12627<p> This feature is available in Postfix 2.8. </p> 12628 12629%PARAM smtpd_service_name smtpd 12630 12631<p> The internal service that postscreen(8) forwards allowed 12632connections to. In a future version there may be different 12633classes of SMTP service. </p> 12634 12635<p> This feature is available in Postfix 2.8. </p> 12636 12637%PARAM postscreen_post_queue_limit $default_process_limit 12638 12639<p> The number of clients that can be waiting for service from a 12640real SMTP server process. When this queue is full, all clients will 12641receive a 421 reponse. </p> 12642 12643<p> This feature is available in Postfix 2.8. </p> 12644 12645%PARAM postscreen_pre_queue_limit $default_process_limit 12646 12647<p> The number of non-whitelisted clients that can be waiting for 12648a decision whether they will receive service from a real SMTP server 12649process. When this queue is full, all non-whitelisted clients will 12650receive a 421 reponse. </p> 12651 12652<p> This feature is available in Postfix 2.8. </p> 12653 12654%PARAM postscreen_greet_ttl 1d 12655 12656<p> The amount of time that postscreen(8) will use the result from 12657a successful PREGREET test. During this time, the client IP address 12658is excluded from this test. The default is relatively short, because 12659a good client can immediately talk to a real Postfix SMTP server. </p> 12660 12661<p> Specify a non-zero time value (an integral value plus an optional 12662one-letter suffix that specifies the time unit). Time units: s 12663(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 12664 12665<p> This feature is available in Postfix 2.8. </p> 12666 12667%PARAM postscreen_cache_retention_time 7d 12668 12669<p> The amount of time that postscreen(8) will cache an expired 12670temporary whitelist entry before it is removed. This prevents clients 12671from being logged as "NEW" just because their cache entry expired 12672an hour ago. It also prevents the cache from filling up with clients 12673that passed some deep protocol test once and never came back. </p> 12674 12675<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 12676(weeks). </p> 12677 12678<p> This feature is available in Postfix 2.8. </p> 12679 12680%PARAM postscreen_cache_cleanup_interval 12h 12681 12682<p> The amount of time between postscreen(8) cache cleanup runs. 12683Cache cleanup increases the load on the cache database and should 12684therefore not be run frequently. This feature requires that the 12685cache database supports the "delete" and "sequence" operators. 12686Specify a zero interval to disable cache cleanup. </p> 12687 12688<p> After each cache cleanup run, the postscreen(8) daemon logs the 12689number of entries that were retained and dropped. A cleanup run is 12690logged as "partial" when the daemon terminates early after "<b>postfix 12691reload</b>", "<b>postfix stop</b>", or no requests for $max_idle 12692seconds. </p> 12693 12694<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 12695(weeks). </p> 12696 12697<p> This feature is available in Postfix 2.8. </p> 12698 12699%PARAM postscreen_greet_wait ${stress?2}${stress:6}s 12700 12701<p> The amount of time that postscreen(8) will wait for an SMTP 12702client to send a command before its turn, and for DNS blocklist 12703lookup results to arrive (default: up to 2 seconds under stress, 12704up to 6 seconds otherwise). <p> 12705 12706<p> Specify a non-zero time value (an integral value plus an optional 12707one-letter suffix that specifies the time unit). </p> 12708 12709<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 12710(weeks). </p> 12711 12712<p> This feature is available in Postfix 2.8. </p> 12713 12714%PARAM postscreen_dnsbl_sites 12715 12716<p>Optional list of DNS white/blacklist domains, filters and weight 12717factors. When the list is non-empty, the dnsblog(8) daemon will 12718query these domains with the IP addresses of remote SMTP clients, 12719and postscreen(8) will update an SMTP client's DNSBL score with 12720each non-error reply. </p> 12721 12722<p> Caution: when postscreen rejects mail, it replies with the DNSBL 12723domain name. Use the postscreen_dnsbl_reply_map feature to hide 12724"password" information in DNSBL domain names. </p> 12725 12726<p> When a client's score is equal to or greater than the threshold 12727specified with postscreen_dnsbl_threshold, postscreen(8) can drop 12728the connection with the SMTP client. </p> 12729 12730<p> Specify a list of domain=filter*weight entries, separated by 12731comma or whitespace. </p> 12732 12733<ul> 12734 12735<li> <p> When no "=filter" is specified, postscreen(8) will use any 12736non-error DNSBL reply. Otherwise, postscreen(8) uses only DNSBL 12737replies that match the filter. The filter has the form d.d.d.d, 12738where each d is a number, or a pattern inside [] that contains one 12739or more ";"-separated numbers or number..number ranges. </p> 12740 12741<li> <p> When no "*weight" is specified, postscreen(8) increments 12742the SMTP client's DNSBL score by 1. Otherwise, the weight must be 12743an integral number, and postscreen(8) adds the specified weight to 12744the SMTP client's DNSBL score. Specify a negative number for 12745whitelisting. </p> 12746 12747<li> <p> When one postscreen_dnsbl_sites entry produces multiple 12748DNSBL responses, postscreen(8) applies the weight at most once. 12749</p> 12750 12751</ul> 12752 12753<p> Examples: </p> 12754 12755<p> To use example.com as a high-confidence blocklist, and to 12756block mail with example.net and example.org only when both agree: 12757</p> 12758 12759<pre> 12760postscreen_dnsbl_threshold = 2 12761postscreen_dnsbl_sites = example.com*2, example.net, example.org 12762</pre> 12763 12764<p> To filter only DNSBL replies containing 127.0.0.4: </p> 12765 12766<pre> 12767postscreen_dnsbl_sites = example.com=127.0.0.4 12768</pre> 12769 12770<p> This feature is available in Postfix 2.8. </p> 12771 12772%PARAM postscreen_dnsbl_action ignore 12773 12774<p>The action that postscreen(8) takes when an SMTP client's combined 12775DNSBL score is equal to or greater than a threshold (as defined 12776with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold 12777parameters). Specify one of the following: </p> 12778 12779<dl> 12780 12781<dt> <b>ignore</b> (default) </dt> 12782 12783<dd> Ignore the failure of this test. Allow other tests to complete. 12784Repeat this test the next time the client connects. 12785This option is useful for testing and collecting statistics 12786without blocking mail. </dd> 12787 12788<dt> <b>enforce</b> </dt> 12789 12790<dd> Allow other tests to complete. Reject attempts to deliver mail 12791with a 550 SMTP reply, and log the helo/sender/recipient information. 12792Repeat this test the next time the client connects. </dd> 12793 12794<dt> <b>drop</b> </dt> 12795 12796<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 12797this test the next time the client connects. </dd> 12798 12799</dl> 12800 12801<p> This feature is available in Postfix 2.8. </p> 12802 12803%PARAM postscreen_greet_action ignore 12804 12805<p>The action that postscreen(8) takes when an SMTP client speaks 12806before its turn within the time specified with the postscreen_greet_wait 12807parameter. Specify one of the following: </p> 12808 12809<dl> 12810 12811<dt> <b>ignore</b> (default) </dt> 12812 12813<dd> Ignore the failure of this test. Allow other tests to complete. 12814Repeat this test the next time the client connects. 12815This option is useful for testing and collecting statistics 12816without blocking mail. </dd> 12817 12818<dt> <b>enforce</b> </dt> 12819 12820<dd> Allow other tests to complete. Reject attempts to deliver mail 12821with a 550 SMTP reply, and log the helo/sender/recipient information. 12822Repeat this test the next time the client connects. </dd> 12823 12824<dt> <b>drop</b> </dt> 12825 12826<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 12827this test the next time the client connects. </dd> 12828 12829</dl> 12830 12831<p> In either case, postscreen(8) will not whitelist the SMTP client 12832IP address. </p> 12833 12834<p> This feature is available in Postfix 2.8. </p> 12835 12836#%PARAM postscreen_whitelist_networks $mynetworks 12837# 12838#<p> Network addresses that are permanently whitelisted, and that 12839#will not be subjected to postscreen(8) checks. This parameter uses 12840#the same address syntax as the mynetworks parameter. This feature 12841#never uses the remote SMTP client hostname. </p> 12842# 12843#<p> This feature is available in Postfix 2.8. </p> 12844# 12845#%PARAM postscreen_blacklist_networks 12846# 12847#<p> Network addresses that are permanently blacklisted; see the 12848#postscreen_blacklist_action parameter for possible actions. This 12849#parameter uses the same address syntax as the mynetworks parameter. 12850#The blacklist has higher precedence than whitelists. This feature 12851#never uses the remote SMTP client hostname. </p> 12852# 12853#<p> This feature is available in Postfix 2.8. </p> 12854 12855%PARAM postscreen_access_list permit_mynetworks 12856 12857<p> Permanent white/blacklist for remote SMTP client IP addresses. 12858postscreen(8) searches this list immediately after a remote SMTP 12859client connects. Specify a comma- or whitespace-separated list of 12860commands (in upper or lower case) or lookup tables. The search stops 12861upon the first command that fires for the client IP address. </p> 12862 12863<dl> 12864 12865<dt> <b> permit_mynetworks </b> </dt> <dd> Whitelist the client and 12866terminate the search if the client IP address matches $mynetworks. 12867Do not subject the client to any before/after 220 greeting tests. 12868Pass the connection immediately to a Postfix SMTP server process. 12869</dd> 12870 12871<dt> <b> type:table </b> </dt> <dd> Query the specified lookup 12872table. Each table lookup result is an access list, except that 12873access lists inside a table cannot specify type:table entries. <br> 12874To discourage the use of hash, btree, etc. tables, there is no 12875support for substring matching like smtpd(8). Use CIDR tables 12876instead. </dd> 12877 12878<dt> <b> permit </b> </dt> <dd> Whitelist the client and terminate 12879the search. Do not subject the client to any before/after 220 12880greeting tests. Pass the connection immediately to a Postfix SMTP 12881server process. </dd> 12882 12883<dt> <b> reject </b> </dt> <dd> Blacklist the client and terminate 12884the search. Subject the client to the action configured with the 12885postscreen_blacklist_action configuration parameter. </dd> 12886 12887<dt> <b> dunno </b> </dt> <dd> All postscreen(8) access lists 12888implicitly have this command at the end. <br> When <b> dunno </b> 12889is executed inside a lookup table, return from the lookup table and 12890evaluate the next command. <br> When <b> dunno </b> is executed 12891outside a lookup table, terminate the search, and subject the client 12892to the configured before/after 220 greeting tests. </dd> 12893 12894</dl> 12895 12896<p> Example: </p> 12897 12898<pre> 12899/etc/postfix/main.cf: 12900 postscreen_access_list = permit_mynetworks, 12901 cidr:/etc/postfix/postscreen_access.cidr 12902</pre> 12903 12904<pre> 12905/etc/postfix/postscreen_access.cidr: 12906 # Rules are evaluated in the order as specified. 12907 # Blacklist 192.168.* except 192.168.0.1. 12908 192.168.0.1 dunno 12909 192.168.0.0/16 reject 12910</pre> 12911 12912<p> This feature is available in Postfix 2.8. </p> 12913 12914%PARAM postscreen_greet_banner $smtpd_banner 12915 12916<p> The <i>text</i> in the optional "220-<i>text</i>..." server 12917response that 12918postscreen(8) sends ahead of the real Postfix SMTP server's "220 12919text..." response, in an attempt to confuse bad SMTP clients so 12920that they speak before their turn (pre-greet). Specify an empty 12921value to disable this feature. </p> 12922 12923<p> This feature is available in Postfix 2.8. </p> 12924 12925%PARAM postscreen_blacklist_action ignore 12926 12927<p> The action that postscreen(8) takes when an SMTP client is 12928permanently blacklisted with the postscreen_access_list parameter. 12929Specify one of the following: </p> 12930 12931<dl> 12932 12933<dt> <b>ignore</b> (default) </dt> 12934 12935<dd> Ignore this result. Allow other tests to complete. Repeat 12936this test the next time the client connects. 12937This option is useful for testing and collecting statistics 12938without blocking mail. </dd> 12939 12940<dt> <b>enforce</b> </dt> 12941 12942<dd> Allow other tests to complete. Reject attempts to deliver mail 12943with a 550 SMTP reply, and log the helo/sender/recipient information. 12944Repeat this test the next time the client connects. </dd> 12945 12946<dt> <b>drop</b> </dt> 12947 12948<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 12949this test the next time the client connects. </dd> 12950 12951</dl> 12952 12953<p> This feature is available in Postfix 2.8. </p> 12954 12955%PARAM smtpd_command_filter 12956 12957<p> A mechanism to transform commands from remote SMTP clients. 12958This is a last-resort tool to work around client commands that break 12959inter-operability with the Postfix SMTP server. Other uses involve 12960fault injection to test Postfix's handling of invalid commands. 12961</p> 12962 12963<p> Specify the name of a "type:table" lookup table. The search 12964string is the SMTP command as received from the remote SMTP client, 12965except that initial whitespace and the trailing <CR><LF> 12966are removed. The result value is executed by the Postfix SMTP 12967server. </p> 12968 12969<p> There is no need to use smtpd_command_filter for the following 12970cases: </p> 12971 12972<ul> 12973 12974<li> <p> Use "resolve_numeric_domain = yes" to accept 12975"<i>user@ipaddress</i>". </p> 12976 12977<li> <p> Postfix already accepts the correct form 12978"<i>user@[ipaddress]</i>". Use virtual_alias_maps or canonical_maps 12979to translate these into domain names if necessary. </p> 12980 12981<li> <p> Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<<i>User 12982Name <user@example.com>></i>". Postfix will ignore the "<i>User 12983Name</i>" part and deliver to the <i><user@example.com></i> address. 12984</p> 12985 12986</ul> 12987 12988<p> Examples of problems that can be solved with the smtpd_command_filter 12989feature: </p> 12990 12991<pre> 12992/etc/postfix/main.cf: 12993 smtpd_command_filter = pcre:/etc/postfix/command_filter 12994</pre> 12995 12996<pre> 12997/etc/postfix/command_filter: 12998 # Work around clients that send malformed HELO commands. 12999 /^HELO\s*$/ HELO domain.invalid 13000</pre> 13001 13002<pre> 13003 # Work around clients that send empty lines. 13004 /^\s*$/ NOOP 13005</pre> 13006 13007<pre> 13008 # Work around clients that send RCPT TO:<'user@domain'>. 13009 # WARNING: do not lose the parameters that follow the address. 13010 /^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2 13011</pre> 13012 13013<pre> 13014 # Bounce-never mail sink. Use notify_classes=bounce,resource,software 13015 # to send bounced mail to the postmaster (with message body removed). 13016 /^(RCPT\s+TO:.*?)\bNOTIFY=\S+\b(.*)/ $1 NOTIFY=NEVER $2 13017 /^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER 13018</pre> 13019 13020<p> This feature is available in Postfix 2.7. </p> 13021 13022%PARAM smtp_reply_filter 13023 13024<p> A mechanism to transform replies from remote SMTP servers one 13025line at a time. This is a last-resort tool to work around server 13026replies that break inter-operability with the Postfix SMTP client. 13027Other uses involve fault injection to test Postfix's handling of 13028invalid responses. </p> 13029 13030<p> Notes: </p> 13031 13032<ul> 13033 13034<li> <p> In the case of a multi-line reply, the Postfix SMTP client 13035uses the final reply line's numerical SMTP reply code and enhanced 13036status code. </p> 13037 13038<li> <p> The numerical SMTP reply code (XYZ) takes precedence over 13039the enhanced status code (X.Y.Z). When the enhanced status code 13040initial digit differs from the SMTP reply code initial digit, or 13041when no enhanced status code is present, the Postfix SMTP client 13042uses a generic enhanced status code (X.0.0) instead. </p> 13043 13044</ul> 13045 13046<p> Specify the name of a "type:table" lookup table. The search 13047string is a single SMTP reply line as received from the remote SMTP 13048server, except that the trailing <CR><LF> are removed. </p> 13049 13050<p> Examples: </p> 13051 13052<pre> 13053/etc/postfix/main.cf: 13054 smtp_reply_filter = pcre:/etc/postfix/reply_filter 13055</pre> 13056 13057<pre> 13058/etc/postfix/reply_filter: 13059 # Transform garbage into "250-filler..." so that it looks like 13060 # one line from a multi-line reply. It does not matter what we 13061 # substitute here as long it has the right syntax. The Postfix 13062 # SMTP client will use the final line's numerical SMTP reply 13063 # code and enhanced status code. 13064 !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage 13065</pre> 13066 13067<p> This feature is available in Postfix 2.7. </p> 13068 13069%PARAM lmtp_reply_filter 13070 13071<p> The LMTP-specific version of the smtp_reply_filter 13072configuration parameter. See there for details. </p> 13073 13074<p> This feature is available in Postfix 2.7 and later. </p> 13075 13076%PARAM smtp_tls_block_early_mail_reply no 13077 13078<p> Try to detect a mail hijacking attack based on a TLS protocol 13079vulnerability (CVE-2009-3555), where an attacker prepends malicious 13080HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 13081The attack would succeed with non-Postfix SMTP servers that reply 13082to the malicious HELO, MAIL, RCPT, DATA commands after negotiating 13083the Postfix SMTP client TLS session. </p> 13084 13085<p> This feature is available in Postfix 2.7. </p> 13086 13087%PARAM lmtp_tls_block_early_mail_reply 13088 13089<p> The LMTP-specific version of the smtp_tls_block_early_mail_reply 13090configuration parameter. See there for details. </p> 13091 13092<p> This feature is available in Postfix 2.7 and later. </p> 13093 13094%PARAM empty_address_default_transport_maps_lookup_key <> 13095 13096<p> The sender_dependent_default_transport_maps search string that 13097will be used instead of the null sender address. </p> 13098 13099<p> This feature is available in Postfix 2.7 and later. </p> 13100 13101%PARAM sender_dependent_default_transport_maps 13102 13103<p> A sender-dependent override for the global default_transport 13104parameter setting. The tables are searched by the envelope sender 13105address and @domain. A lookup result of DUNNO terminates the search 13106without overriding the global default_transport parameter setting. 13107This information is overruled with the transport(5) table. </p> 13108 13109<p> Note: this overrides default_transport, not transport_maps, and 13110therefore the expected syntax is that of default_transport, not the 13111syntax of transport_maps. Specifically, this does not support the 13112transport_maps syntax for null transport, null nexthop, or null 13113email addresses. </p> 13114 13115<p> For safety reasons, this feature does not allow $number 13116substitutions in regular expression maps. </p> 13117 13118<p> This feature is available in Postfix 2.7 and later. </p> 13119 13120%PARAM address_verify_sender_dependent_default_transport_maps $sender_dependent_default_transport_maps 13121 13122<p> Overrides the sender_dependent_default_transport_maps parameter 13123setting for address verification probes. </p> 13124 13125<p> This feature is available in Postfix 2.7 and later. </p> 13126 13127%PARAM default_filter_nexthop 13128 13129<p> When a content_filter or FILTER request specifies no explicit 13130next-hop destination, use $default_filter_nexthop instead; when 13131that value is empty, use the domain in the recipient address. 13132Specify "default_filter_nexthop = $myhostname" for compatibility 13133with Postfix version 2.6 and earlier, or specify an explicit next-hop 13134destination with each content_filter value or FILTER action. </p> 13135 13136<p> This feature is available in Postfix 2.7 and later. </p> 13137 13138%PARAM smtp_address_preference ipv6 13139 13140<p> The address type ("ipv6", "ipv4" or "any") that the Postfix 13141SMTP client will try first, when a destination has IPv6 and IPv4 13142addresses with equal MX preference. This feature has no effect 13143unless the inet_protocols setting enables both IPv4 and IPv6. </p> 13144 13145<p> This feature is available in Postfix 2.8 and later. </p> 13146 13147%PARAM lmtp_address_preference ipv6 13148 13149<p> The LMTP-specific version of the smtp_address_preference 13150configuration parameter. See there for details. </p> 13151 13152<p> This feature is available in Postfix 2.8 and later. </p> 13153 13154%PARAM smtp_dns_resolver_options 13155 13156<p> DNS Resolver options for the Postfix SMTP client. Specify zero 13157or more of the following options, separated by comma or whitespace. 13158Option names are case-sensitive. Some options refer to domain names 13159that are specified in the file /etc/resolv.conf or equivalent. </p> 13160 13161<dl> 13162 13163<dt><b>res_defnames</b></dt> 13164 13165<dd> Append the current domain name to single-component names (those 13166that do not contain a "." character). This can produce incorrect 13167results, and is the hard-coded behavior prior to Postfix 2.8. </dd> 13168 13169<dt><b>res_dnsrch</b></dt> 13170 13171<dd> Search for host names in the current domain and in parent 13172domains. This can produce incorrect results and is therefore not 13173recommended. </dd> 13174 13175</dl> 13176 13177<p> This feature is available in Postfix 2.8 and later. </p> 13178 13179%PARAM lmtp_dns_resolver_options 13180 13181<p> The LMTP-specific version of the smtp_dns_resolver_options 13182configuration parameter. See there for details. </p> 13183 13184<p> This feature is available in Postfix 2.8 and later. </p> 13185 13186%PARAM postscreen_dnsbl_threshold 1 13187 13188<p> The inclusive lower bound for blocking an SMTP client, based on 13189its combined DNSBL score as defined with the postscreen_dnsbl_sites 13190parameter. </p> 13191 13192<p> This feature is available in Postfix 2.8. </p> 13193 13194%PARAM postscreen_command_count_limit 20 13195 13196<p> The limit on the total number of commands per SMTP session for 13197postscreen(8)'s built-in SMTP protocol engine. This SMTP engine 13198defers or rejects all attempts to deliver mail, therefore there is 13199no need to enforce separate limits on the number of junk commands 13200and error commands. </p> 13201 13202<p> This feature is available in Postfix 2.8. </p> 13203 13204%PARAM postscreen_command_time_limit ${stress?10}${stress:300}s 13205 13206<p> The time limit to read an entire command line with postscreen(8)'s 13207built-in SMTP protocol engine. </p> 13208 13209<p> This feature is available in Postfix 2.8. </p> 13210 13211%PARAM postscreen_dnsbl_ttl 1h 13212 13213<p> The amount of time that postscreen(8) will use the result from 13214a successful DNS blocklist test. During this time, the client IP address 13215is excluded from this test. The default is relatively short, because a 13216good client can immediately talk to a real Postfix SMTP server. 13217</p> 13218 13219<p> Specify a non-zero time value (an integral value plus an optional 13220one-letter suffix that specifies the time unit). Time units: s 13221(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 13222 13223<p> This feature is available in Postfix 2.8. </p> 13224 13225%PARAM postscreen_pipelining_action enforce 13226 13227<p> The action that postscreen(8) takes when an SMTP client sends 13228multiple commands instead of sending one command and waiting for 13229the server to respond. Specify one of the following: </p> 13230 13231<dl> 13232 13233<dt> <b>ignore</b> </dt> 13234 13235<dd> Ignore the failure of this test. Allow other tests to complete. 13236Do <i>not</i> repeat this test before some the result from some 13237other test expires. 13238This option is useful for testing and collecting statistics 13239without blocking mail permanently. </dd> 13240 13241<dt> <b>enforce</b> </dt> 13242 13243<dd> Allow other tests to complete. Reject attempts to deliver mail 13244with a 550 SMTP reply, and log the helo/sender/recipient information. 13245Repeat this test the next time the client connects. </dd> 13246 13247<dt> <b>drop</b> </dt> 13248 13249<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 13250this test the next time the client connects. </dd> 13251 13252</dl> 13253 13254<p> This feature is available in Postfix 2.8. </p> 13255 13256%PARAM postscreen_pipelining_ttl 30d 13257 13258<p> The amount of time that postscreen(8) will use the result from 13259a successful "pipelining" SMTP protocol test. During this time, the 13260client IP address is excluded from this test. The default is 13261long because a good client must disconnect after it passes the test, 13262before it can talk to a real Postfix SMTP server. </p> 13263 13264<p> Specify a non-zero time value (an integral value plus an optional 13265one-letter suffix that specifies the time unit). Time units: s 13266(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 13267 13268<p> This feature is available in Postfix 2.8. </p> 13269 13270%PARAM postscreen_pipelining_enable no 13271 13272<p> Enable "pipelining" SMTP protocol tests in the postscreen(8) 13273server. These tests are expensive: a good client must disconnect 13274after it passes the test, before it can talk to a real Postfix SMTP 13275server. </p> 13276 13277<p> This feature is available in Postfix 2.8. </p> 13278 13279%PARAM postscreen_watchdog_timeout 10s 13280 13281<p> How much time a postscreen(8) process may take to respond to 13282an SMTP client command or to perform a cache operation before it 13283is terminated by a built-in watchdog timer. This is a safety 13284mechanism that prevents postscreen(8) from becoming non-responsive 13285due to a bug in Postfix itself or in system software. To avoid 13286false alarms and unnecessary cache corruption this limit cannot be 13287set under 10s. </p> 13288 13289<p> Specify a non-zero time value (an integral value plus an optional 13290one-letter suffix that specifies the time unit). Time units: s 13291(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 13292 13293<p> This feature is available in Postfix 2.8. </p> 13294 13295%PARAM postscreen_helo_required $smtpd_helo_required 13296 13297<p> Require that a remote SMTP client sends HELO or EHLO before 13298commencing a MAIL transaction. </p> 13299 13300<p> This feature is available in Postfix 2.8. </p> 13301 13302%PARAM postscreen_forbidden_commands $smtpd_forbidden_commands 13303 13304<p> List of commands that the postscreen(8) server considers in 13305violation of the SMTP protocol. See smtpd_forbidden_commands for 13306syntax, and postscreen_non_smtp_command_action for possible actions. 13307</p> 13308 13309<p> This feature is available in Postfix 2.8. </p> 13310 13311%PARAM postscreen_disable_vrfy_command $disable_vrfy_command 13312 13313<p> Disable the SMTP VRFY command in the postscreen(8) daemon. See 13314disable_vrfy_command for details. </p> 13315 13316<p> This feature is available in Postfix 2.8. </p> 13317 13318%PARAM postscreen_non_smtp_command_action drop 13319 13320<p> The action that postscreen(8) takes when an SMTP client sends 13321non-SMTP commands as specified with the postscreen_forbidden_commands 13322parameter. Specify one of the following: </p> 13323 13324<dl> 13325 13326<dt> <b>ignore</b> </dt> 13327 13328<dd> Ignore the failure of this test. Allow other tests to complete. 13329Do <i>not</i> repeat this test before some the result from some 13330other test expires. 13331This option is useful for testing and collecting statistics 13332without blocking mail permanently. </dd> 13333 13334<dt> <b>enforce</b> </dt> 13335 13336<dd> Allow other tests to complete. Reject attempts to deliver mail 13337with a 550 SMTP reply, and log the helo/sender/recipient information. 13338Repeat this test the next time the client connects. </dd> 13339 13340<dt> <b>drop</b> </dt> 13341 13342<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 13343this test the next time the client connects. This action is the 13344same as with the Postfix SMTP server's smtpd_forbidden_commands 13345feature. </dd> 13346 13347</dl> 13348 13349<p> This feature is available in Postfix 2.8. </p> 13350 13351%PARAM postscreen_non_smtp_command_ttl 30d 13352 13353<p> The amount of time that postscreen(8) will use the result from 13354a successful "non_smtp_command" SMTP protocol test. During this 13355time, the client IP address is excluded from this test. The default 13356is long because a client must disconnect after it passes the test, 13357before it can talk to a real Postfix SMTP server. </p> 13358 13359<p> Specify a non-zero time value (an integral value plus an optional 13360one-letter suffix that specifies the time unit). Time units: s 13361(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 13362 13363<p> This feature is available in Postfix 2.8. </p> 13364 13365%PARAM postscreen_non_smtp_command_enable no 13366 13367<p> Enable "non-SMTP command" tests in the postscreen(8) server. These 13368tests are expensive: a client must disconnect after it passes the 13369test, before it can talk to a real Postfix SMTP server. </p> 13370 13371<p> This feature is available in Postfix 2.8. </p> 13372 13373%PARAM postscreen_dnsbl_reply_map 13374 13375<p> A mapping from actual DNSBL domain name which includes a secret 13376password, to the DNSBL domain name that postscreen will reply with 13377when it rejects mail. When no mapping is found, the actual DNSBL 13378domain will be used. </p> 13379 13380<p> For maximal stability it is best to use a file that is read 13381into memory such as pcre:, regexp: or texthash: (texthash: is similar 13382to hash:, except a) there is no need to run postmap(1) before the 13383file can be used, and b) texthash: does not detect changes after 13384the file is read). </p> 13385 13386<p> Example: </p> 13387 13388<pre> 13389/etc/postfix/main.cf: 13390 postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply 13391</pre> 13392 13393<pre> 13394/etc/postfix/dnsbl_reply: 13395 secret.zen.spamhaus.org zen.spamhaus.org 13396</pre> 13397 13398<p> This feature is available in Postfix 2.8. </p> 13399 13400%PARAM postscreen_bare_newline_action ignore 13401 13402<p> The action that postscreen(8) takes when an SMTP client sends 13403a bare newline character, that is, a newline not preceded by carriage 13404return. Specify one of the following: </p> 13405 13406<dl> 13407 13408<dt> <b>ignore</b> </dt> 13409 13410<dd> Ignore the failure of this test. Allow other tests to complete. 13411Do <i>not</i> repeat this test before some the result from some 13412other test expires. 13413This option is useful for testing and collecting statistics 13414without blocking mail permanently. </dd> 13415 13416<dt> <b>enforce</b> </dt> 13417 13418<dd> Allow other tests to complete. Reject attempts to deliver mail 13419with a 550 SMTP reply, and log the helo/sender/recipient information. 13420Repeat this test the next time the client connects. </dd> 13421 13422<dt> <b>drop</b> </dt> 13423 13424<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 13425this test the next time the client connects. </dd> 13426 13427</dl> 13428 13429<p> This feature is available in Postfix 2.8. </p> 13430 13431%PARAM postscreen_bare_newline_ttl 30d 13432 13433<p> The amount of time that postscreen(8) will use the result from 13434a successful "bare newline" SMTP protocol test. During this 13435time, the client IP address is excluded from this test. The default 13436is long because a client must disconnect after it passes the test, 13437before it can talk to a real Postfix SMTP server. </p> 13438 13439<p> Specify a non-zero time value (an integral value plus an optional 13440one-letter suffix that specifies the time unit). Time units: s 13441(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 13442 13443<p> This feature is available in Postfix 2.8. </p> 13444 13445%PARAM postscreen_bare_newline_enable no 13446 13447<p> Enable "bare newline" SMTP protocol tests in the postscreen(8) 13448server. These tests are expensive: a client must disconnect after 13449it passes the test, before it can talk to a real Postfix SMTP server. 13450</p> 13451 13452<p> This feature is available in Postfix 2.8. </p> 13453 13454%PARAM postscreen_client_connection_count_limit $smtpd_client_connection_count_limit 13455 13456<p> How many simultaneous connections any client is allowed to have 13457with the postscreen(8) daemon. By default, this limit is the same 13458as with the Postfix SMTP server. Note that the triage process can 13459take several seconds, with the time spent in postscreen_greet_wait 13460delay, and with the time spent talking to the postscreen(8) built-in 13461dummy SMTP protocol engine. </p> 13462 13463<p> This feature is available in Postfix 2.8. </p> 13464 13465%PARAM dnsblog_reply_delay 0s 13466 13467<p> A debugging aid to artifically delay DNS responses. </p> 13468 13469<p> This feature is available in Postfix 2.8. </p> 13470 13471%PARAM reset_owner_alias no 13472 13473<p> Reset the local(8) delivery agent's idea of the owner-alias 13474attribute, when delivering mail to a child alias that does not have 13475its own owner alias. </p> 13476 13477<p> This feature is available in Postfix 2.8 and later. With older 13478Postfix releases, the behavior is as if this parameter is set to 13479"yes". </p> 13480 13481<p> As documented in aliases(5), when an alias <i>name</i> has a 13482companion alias named owner-<i>name</i>, delivery errors will be 13483reported to the owner alias instead of the sender. This configuration 13484is recommended for mailing lists. <p> 13485 13486<p> A less known property of the owner alias is that it also forces 13487the local(8) delivery agent to write local and remote addresses 13488from alias expansion to a new queue file, instead of attempting to 13489deliver mail to local addresses as soon as they come out of alias 13490expansion. </p> 13491 13492<p> Writing local addresses from alias expansion to a new queue 13493file allows for robust handling of temporary delivery errors: errors 13494with one local member have no effect on deliveries to other members 13495of the list. On the other hand, delivery to local addresses as 13496soon as they come out of alias expansion is fragile: a temporary 13497error with one local address from alias expansion will cause the 13498entire alias to be expanded repeatedly until the error goes away, 13499or until the message expires in the queue. In that case, a problem 13500with one list member results in multiple message deliveries to other 13501list members. </p> 13502 13503<p> The default behavior of Postfix 2.8 and later is to keep the 13504owner-alias attribute of the parent alias, when delivering mail to 13505a child alias that does not have its own owner alias. Then, local 13506addresses from that child alias will be written to a new queue file, 13507and a temporary error with one local address will not affect delivery 13508to other mailing list members. </p> 13509 13510<p> Unfortunately, older Postfix releases reset the owner-alias 13511attribute when delivering mail to a child alias that does not have 13512its own owner alias. The local(8) delivery agent then attempts to 13513deliver local addresses as soon as they come out of child alias 13514expansion. If delivery to any address from child alias expansion 13515fails with a temporary error condition, the entire mailing list may 13516be expanded repeatedly until the mail expires in the queue, resulting 13517in multiple deliveries of the same message to mailing list members. 13518</p> 13519 13520%PARAM qmgr_ipc_timeout 60s 13521 13522<p> The time limit for the queue manager to send or receive information 13523over an internal communication channel. The purpose is to break 13524out of deadlock situations. If the time limit is exceeded the 13525software either retries or aborts the operation. </p> 13526 13527<p> 13528Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 13529The default time unit is s (seconds). 13530</p> 13531 13532<p> This feature is available in Postfix 2.8 and later. </p> 13533 13534%PARAM qmgr_daemon_timeout 1000s 13535 13536<p> How much time a Postfix queue manager process may take to handle 13537a request before it is terminated by a built-in watchdog timer. 13538</p> 13539 13540<p> 13541Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 13542The default time unit is s (seconds). 13543</p> 13544 13545<p> This feature is available in Postfix 2.8 and later. </p> 13546 13547%PARAM tls_preempt_cipherlist no 13548 13549<p> With SSLv3 and later, use the server's cipher preference order 13550instead of the client's cipher preference order. </p> 13551 13552<p> By default, the OpenSSL server selects the client's most preferred 13553cipher that the server supports. With SSLv3 and later, the server may 13554choose its own most preferred cipher that is supported (offered) by 13555the client. Setting "tls_preempt_cipherlist = yes" enables server cipher 13556preferences. </p> 13557 13558<p> While server cipher selection may in some cases lead to a more secure 13559or performant cipher choice, there is some risk of interoperability 13560issues. In the past, some SSL clients have listed lower priority ciphers 13561that they did not implement correctly. If the server chooses a cipher 13562that the client prefers less, it may select a cipher whose client 13563implementation is flawed. </p> 13564 13565<p> This feature is available in Postfix 2.8 and later, in combination 13566with OpenSSL 0.9.7 and later. </p> 13567 13568%PARAM tls_disable_workarounds see "postconf -d" output 13569 13570<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p> 13571 13572<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS 13573implementations. Applications, such as Postfix, that want to maximize 13574interoperability ask the OpenSSL library to enable the full set of 13575recommended work-arounds. </p> 13576 13577<p> From time to time, it is discovered that a work-around creates a 13578security issue, and should no longer be used. If upgrading OpenSSL 13579to a fixed version is not an option or an upgrade is not available 13580in a timely manner, or in closed environments where no buggy clients 13581or servers exist, it may be appropriate to disable some or all of the 13582OpenSSL interoperability work-arounds. This parameter specifies which 13583bug work-arounds to disable. </p> 13584 13585<p> If the value of the parameter is a hexadecimal long integer starting 13586with "0x", the bug work-arounds corresponding to the bits specified in 13587its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask 13588(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more 13589bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying 135900xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should 13591also be sufficient on 64-bit systems, until OpenSSL abandons support 13592for 32-bit systems and starts using the high 32 bits of a 64-bit 13593bug-workaround mask. </p> 13594 13595<p> Otherwise, the parameter is a white-space or comma separated list 13596of specific named bug work-arounds chosen from the list below. It 13597is possible that your OpenSSL version includes new bug work-arounds 13598added after your Postfix source code was last updated, in that case 13599you can only disable one of these via the hexadecimal syntax above. </p> 13600 13601<dl> 13602 13603<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 13604 13605<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 13606 13607<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 13608 13609<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased 13610as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by 13611default with OpenSSL versions that may predate the fix. Fixed in 13612OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd> 13613 13614<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See 13615SSL_CTX_set_options(3)</dd> 13616 13617<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See 13618SSL_CTX_set_options(3)</dd> 13619 13620<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as 13621<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by 13622default with OpenSSL versions that may predate the fix. Fixed in 13623OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd> 13624 13625<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See 13626SSL_CTX_set_options(3)</dd> 13627 13628<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 13629 13630<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 13631 13632<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3). 13633This is disabled in OpenSSL 0.9.7 and later. Nobody should still 13634be using 0.9.6! </dd> 13635 13636<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See 13637SSL_CTX_set_options(3)</dd> 13638 13639<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in 13640OpenSSL 1.0.0.</dd> 13641 13642</dl> 13643 13644<p> This feature is available in Postfix 2.8 and later. </p> 13645 13646%PARAM tlsproxy_watchdog_timeout 10s 13647 13648<p> How much time a tlsproxy(8) process may take to process local 13649or remote I/O before it is terminated by a built-in watchdog timer. 13650This is a safety mechanism that prevents tlsproxy(8) from becoming 13651non-responsive due to a bug in Postfix itself or in system software. 13652To avoid false alarms and unnecessary cache corruption this limit 13653cannot be set under 10s. </p> 13654 13655<p> Specify a non-zero time value (an integral value plus an optional 13656one-letter suffix that specifies the time unit). Time units: s 13657(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 13658 13659<p> This feature is available in Postfix 2.8. </p> 13660 13661%PARAM postscreen_discard_ehlo_keywords $smtpd_discard_ehlo_keywords 13662 13663<p> A case insensitive list of EHLO keywords (pipelining, starttls, 13664auth, etc.) that the postscreen(8) server will not send in the EHLO 13665response to a remote SMTP client. See smtpd_discard_ehlo_keywords 13666for details. </p> 13667 13668<p> This feature is available in Postfix 2.8 and later. </p> 13669 13670%PARAM postscreen_discard_ehlo_keyword_address_maps $smtpd_discard_ehlo_keyword_address_maps 13671 13672<p> Lookup tables, indexed by the remote SMTP client address, with 13673case insensitive lists of EHLO keywords (pipelining, starttls, auth, 13674etc.) that the postscreen(8) server will not send in the EHLO response 13675to a remote SMTP client. See smtpd_discard_ehlo_keywords for details. 13676The table is not searched by hostname for robustness reasons. </p> 13677 13678<p> This feature is available in Postfix 2.8 and later. </p> 13679 13680%PARAM postscreen_use_tls $smtpd_use_tls 13681 13682<p> Opportunistic TLS: announce STARTTLS support to SMTP clients, 13683but do not require that clients use TLS encryption. </p> 13684 13685<p> This feature is available in Postfix 2.8 and later. 13686Preferably, use postscreen_tls_security_level instead. </p> 13687 13688%PARAM postscreen_enforce_tls $smtpd_enforce_tls 13689 13690<p> Mandatory TLS: announce STARTTLS support to SMTP clients, and 13691require that clients use TLS encryption. See smtpd_postscreen_enforce_tls 13692for details. </p> 13693 13694<p> This feature is available in Postfix 2.8 and later. 13695Preferably, use postscreen_tls_security_level instead. </p> 13696 13697%PARAM postscreen_tls_security_level $smtpd_tls_security_level 13698 13699<p> The SMTP TLS security level for the postscreen(8) server; when 13700a non-empty value is specified, this overrides the obsolete parameters 13701postscreen_use_tls and postscreen_enforce_tls. See smtpd_tls_security_level 13702for details. </p> 13703 13704<p> This feature is available in Postfix 2.8 and later. </p> 13705 13706%PARAM tlsproxy_enforce_tls $smtpd_enforce_tls 13707 13708<p> Mandatory TLS: announce STARTTLS support to SMTP clients, and 13709require that clients use TLS encryption. See smtpd_enforce_tls for 13710further details. </p> 13711 13712<p> This feature is available in Postfix 2.8 and later. </p> 13713 13714%PARAM tlsproxy_tls_CAfile $smtpd_tls_CAfile 13715 13716<p> A file containing (PEM format) CA certificates of root CAs 13717trusted to sign either remote SMTP client certificates or intermediate 13718CA certificates. See smtpd_tls_CAfile for further details. </p> 13719 13720<p> This feature is available in Postfix 2.8 and later. </p> 13721 13722%PARAM tlsproxy_tls_CApath $smtpd_tls_CApath 13723 13724<p> A directory containing (PEM format) CA certificates of root CAs 13725trusted to sign either remote SMTP client certificates or intermediate 13726CA certificates. See smtpd_tls_CApath for further details. </p> 13727 13728<p> This feature is available in Postfix 2.8 and later. </p> 13729 13730%PARAM tlsproxy_tls_always_issue_session_ids $smtpd_tls_always_issue_session_ids 13731 13732<p> Force the Postfix tlsproxy(8) server to issue a TLS session id, 13733even when TLS session caching is turned off. See 13734smtpd_tls_always_issue_session_ids for further details. </p> 13735 13736<p> This feature is available in Postfix 2.8 and later. </p> 13737 13738%PARAM tlsproxy_tls_ask_ccert $smtpd_tls_ask_ccert 13739 13740<p> Ask a remote SMTP client for a client certificate. See 13741smtpd_tls_ask_ccert for further details. </p> 13742 13743<p> This feature is available in Postfix 2.8 and later. </p> 13744 13745%PARAM tlsproxy_tls_ccert_verifydepth $smtpd_tls_ccert_verifydepth 13746 13747<p> The verification depth for remote SMTP client certificates. A 13748depth of 1 is sufficient if the issuing CA is listed in a local CA 13749file. See smtpd_tls_ccert_verifydepth for further details. </p> 13750 13751<p> This feature is available in Postfix 2.8 and later. </p> 13752 13753%PARAM tlsproxy_tls_cert_file $smtpd_tls_cert_file 13754 13755<p> File with the Postfix tlsproxy(8) server RSA certificate in PEM 13756format. This file may also contain the Postfix tlsproxy(8) server 13757private RSA key. See smtpd_tls_cert_file for further details. </p> 13758 13759<p> This feature is available in Postfix 2.8 and later. </p> 13760 13761%PARAM tlsproxy_tls_ciphers $smtpd_tls_ciphers 13762 13763<p> The minimum TLS cipher grade that the Postfix tlsproxy(8) server 13764will use with opportunistic TLS encryption. See smtpd_tls_ciphers 13765for further details. </p> 13766 13767<p> This feature is available in Postfix 2.8 and later. </p> 13768 13769%PARAM tlsproxy_tls_dcert_file $smtpd_tls_dcert_file 13770 13771<p> File with the Postfix tlsproxy(8) server DSA certificate in PEM 13772format. This file may also contain the Postfix tlsproxy(8) server 13773private DSA key. See smtpd_tls_dcert_file for further details. 13774</p> 13775 13776<p> This feature is available in Postfix 2.8 and later. </p> 13777 13778%PARAM tlsproxy_tls_dh1024_param_file $smtpd_tls_dh1024_param_file 13779 13780<p> File with DH parameters that the Postfix tlsproxy(8) server 13781should use with EDH ciphers. See smtpd_tls_dh1024_param_file for 13782further details. </p> 13783 13784<p> This feature is available in Postfix 2.8 and later. </p> 13785 13786%PARAM tlsproxy_tls_dh512_param_file $smtpd_tls_dh512_param_file 13787 13788<p> File with DH parameters that the Postfix tlsproxy(8) server 13789should use with EDH ciphers. See smtpd_tls_dh512_param_file for 13790further details. </p> 13791 13792<p> This feature is available in Postfix 2.8 and later. </p> 13793 13794%PARAM tlsproxy_tls_dkey_file $smtpd_tls_dkey_file 13795 13796<p> File with the Postfix tlsproxy(8) server DSA private key in PEM 13797format. This file may be combined with the Postfix tlsproxy(8) 13798server DSA certificate file specified with $smtpd_tls_dcert_file. 13799See smtpd_tls_dkey_file for further details. </p> 13800 13801<p> This feature is available in Postfix 2.8 and later. </p> 13802 13803%PARAM tlsproxy_tls_eccert_file $smtpd_tls_eccert_file 13804 13805<p> File with the Postfix tlsproxy(8) server ECDSA certificate in 13806PEM format. This file may also contain the Postfix tlsproxy(8) 13807server private ECDSA key. See smtpd_tls_eccert_file for further 13808details. </p> 13809 13810<p> This feature is available in Postfix 2.8 and later. </p> 13811 13812%PARAM tlsproxy_tls_eckey_file $smtpd_tls_eckey_file 13813 13814<p> File with the Postfix tlsproxy(8) server ECDSA private key in 13815PEM format. This file may be combined with the Postfix tlsproxy(8) 13816server ECDSA certificate file specified with $smtpd_tls_eccert_file. 13817See smtpd_tls_eckey_file for further details. </p> 13818 13819<p> This feature is available in Postfix 2.8 and later. </p> 13820 13821%PARAM tlsproxy_tls_eecdh_grade $smtpd_tls_eecdh_grade 13822 13823<p> The Postfix tlsproxy(8) server security grade for ephemeral 13824elliptic-curve Diffie-Hellman (EECDH) key exchange. See 13825smtpd_tls_eecdh_grade for further details. </p> 13826 13827<p> This feature is available in Postfix 2.8 and later. </p> 13828 13829%PARAM tlsproxy_tls_exclude_ciphers $smtpd_tls_exclude_ciphers 13830 13831<p> List of ciphers or cipher types to exclude from the tlsproxy(8) 13832server cipher list at all TLS security levels. See 13833smtpd_tls_exclude_ciphers for further details. </p> 13834 13835<p> This feature is available in Postfix 2.8 and later. </p> 13836 13837%PARAM tlsproxy_tls_fingerprint_digest $smtpd_tls_fingerprint_digest 13838 13839<p> The message digest algorithm used to construct client-certificate 13840fingerprints. See smtpd_tls_fingerprint_digest for further details. 13841</p> 13842 13843<p> This feature is available in Postfix 2.8 and later. </p> 13844 13845%PARAM tlsproxy_tls_key_file $smtpd_tls_key_file 13846 13847<p> File with the Postfix tlsproxy(8) server RSA private key in PEM 13848format. This file may be combined with the Postfix tlsproxy(8) 13849server RSA certificate file specified with $smtpd_tls_cert_file. 13850See smtpd_tls_key_file for further details. </p> 13851 13852<p> This feature is available in Postfix 2.8 and later. </p> 13853 13854%PARAM tlsproxy_tls_loglevel $smtpd_tls_loglevel 13855 13856<p> Enable additional Postfix tlsproxy(8) server logging of TLS 13857activity. Each logging level also includes the information that 13858is logged at a lower logging level. See smtpd_tls_loglevel for 13859further details. </p> 13860 13861<p> This feature is available in Postfix 2.8 and later. </p> 13862 13863%PARAM tlsproxy_tls_mandatory_ciphers $smtpd_tls_mandatory_ciphers 13864 13865<p> The minimum TLS cipher grade that the Postfix tlsproxy(8) server 13866will use with mandatory TLS encryption. See smtpd_tls_mandatory_ciphers 13867for further details. </p> 13868 13869<p> This feature is available in Postfix 2.8 and later. </p> 13870 13871%PARAM tlsproxy_tls_mandatory_exclude_ciphers $smtpd_tls_mandatory_exclude_ciphers 13872 13873<p> Additional list of ciphers or cipher types to exclude from the 13874tlsproxy(8) server cipher list at mandatory TLS security levels. 13875See smtpd_tls_mandatory_exclude_ciphers for further details. </p> 13876 13877<p> This feature is available in Postfix 2.8 and later. </p> 13878 13879%PARAM tlsproxy_tls_mandatory_protocols $smtpd_tls_mandatory_protocols 13880 13881<p> The SSL/TLS protocols accepted by the Postfix tlsproxy(8) server 13882with mandatory TLS encryption. If the list is empty, the server 13883supports all available SSL/TLS protocol versions. See 13884smtpd_tls_mandatory_protocols for further details. </p> 13885 13886<p> This feature is available in Postfix 2.8 and later. </p> 13887 13888%PARAM tlsproxy_tls_protocols $smtpd_tls_protocols 13889 13890<p> List of TLS protocols that the Postfix tlsproxy(8) server will 13891exclude or include with opportunistic TLS encryption. See 13892smtpd_tls_protocols for further details. </p> 13893 13894<p> This feature is available in Postfix 2.8 and later. </p> 13895 13896%PARAM tlsproxy_tls_req_ccert $smtpd_tls_req_ccert 13897 13898<p> With mandatory TLS encryption, require a trusted remote SMTP 13899client certificate in order to allow TLS connections to proceed. 13900See smtpd_tls_req_ccert for further details. </p> 13901 13902<p> This feature is available in Postfix 2.8 and later. </p> 13903 13904%PARAM tlsproxy_tls_security_level $smtpd_tls_security_level 13905 13906<p> The SMTP TLS security level for the Postfix tlsproxy(8) server; 13907when a non-empty value is specified, this overrides the obsolete 13908parameters smtpd_use_tls and smtpd_enforce_tls. See 13909smtpd_tls_security_level for further details. </p> 13910 13911<p> This feature is available in Postfix 2.8 and later. </p> 13912 13913%PARAM tlsproxy_tls_session_cache_timeout $smtpd_tls_session_cache_timeout 13914 13915<p> The expiration time of Postfix tlsproxy(8) server TLS session 13916cache information. A cache cleanup is performed periodically every 13917$smtpd_tls_session_cache_timeout seconds. See 13918smtpd_tls_session_cache_timeout for further details. </p> 13919 13920<p> This feature is available in Postfix 2.8 and later. </p> 13921 13922%PARAM tlsproxy_use_tls $smtpd_use_tls 13923 13924<p> Opportunistic TLS: announce STARTTLS support to SMTP clients, 13925but do not require that clients use TLS encryption. See smtpd_use_tls 13926for further details. </p> 13927 13928<p> This feature is available in Postfix 2.8 and later. </p> 13929 13930%PARAM smtpd_reject_footer 13931 13932<p> Optional information that is appended after each SMTP server 139334XX or 5XX response. </p> 13934 13935<p> Example: </p> 13936 13937<pre> 13938/etc/postfix/main.cf: 13939 smtpd_reject_footer = For assistance, call 800-555-0101. 13940 Please provide the following information in your problem report: 13941 time ($localtime), client ($client_address) and server 13942 ($server_name). 13943</pre> 13944 13945<p> Server response: </p> 13946 13947<pre> 13948 550-5.5.1 <user@example> Recipient address rejected: User unknown 13949 550 5.5.1 For assistance, call 800-555-0101. Please provide the 13950 following information in your problem report: time (Jan 4 15:42:00), 13951 client (192.168.1.248) and server (mail1.example.com). 13952</pre> 13953 13954<p> Note: the above text is meant to make it easier to find the 13955Postfix logfile records for a failed SMTP session. The text itself 13956is not logged to the Postfix SMTP server's maillog file. </p> 13957 13958<p> Be sure to keep the text as short as possible. Long text may 13959be truncated before it is logged to the remote SMTP client's maillog 13960file, or before it is returned to the sender in a delivery status 13961notification. </p> 13962 13963<p> This feature supports a limited number of $name attributes in 13964the footer text. These are replaced by their current value for the 13965SMTP session: </p> 13966 13967<dl> 13968 13969<dt> <b>client_address</b> </dt> <dd> The Client IP address that 13970is logged in the maillog file. </dd> 13971 13972<dt> <b>client_port</b> </dt> <dd> The client TCP port that is 13973logged in the maillog file. </dd> 13974 13975<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd 13976hh:mm:ss) that is logged in the maillog file. </dd> 13977 13978<dt> <b>server_name</b> </dt> <dd> The server's myhostname value. 13979This attribute is made available for sites with multiple MTAs 13980(perhaps behind a load-balancer), where the server name can help 13981the server support team to quickly find the right log files. </dd> 13982 13983</dl> 13984 13985<p> Notes: </p> 13986 13987<ul> 13988 13989<li> <p> NOT SUPPORTED are other attributes such as sender, recipient, 13990or main.cf parameters. </p> 13991 13992<li> <p> For safety reasons, text that does not match 13993$smtpd_expansion_filter is censored. </p> 13994 13995</ul> 13996 13997<p> This feature supports the two-character sequence \n as a request 13998for a line break in the footer text. Postfix automatically inserts 13999after each line break the three-digit SMTP reply code (and optional 14000enhanced status code) from the original Postfix reject message. 14001</p> 14002 14003<p> This feature is available in Postfix 2.8 and later. </p> 14004 14005%PARAM postscreen_expansion_filter see "postconf -d" output 14006 14007<p> List of characters that are permitted in postscreen_reject_footer 14008attribute expansions. See smtpd_expansion_filter for further 14009details. </p> 14010 14011<p> This feature is available in Postfix 2.8 and later. </p> 14012 14013%PARAM postscreen_reject_footer $smtpd_reject_footer 14014 14015<p> Optional information that is appended after a 4XX or 5XX server 14016response. See smtpd_reject_footer for further details. </p> 14017 14018<p> This feature is available in Postfix 2.8 and later. </p> 14019 14020%PARAM postscreen_command_filter $smtpd_command_filter 14021 14022<p> A mechanism to transform commands from remote SMTP clients. 14023See smtpd_command_filter for further details. </p> 14024 14025<p> This feature is available in Postfix 2.8 and later. </p> 14026 14027%PARAM dnsblog_service_name dnsblog 14028 14029<p> The name of the dnsblog(8) service entry in master.cf. This 14030service performs DNS white/blacklist lookups. </p> 14031 14032<p> This feature is available in Postfix 2.8 and later. </p> 14033 14034%PARAM tlsproxy_service_name tlsproxy 14035 14036<p> The name of the tlsproxy(8) service entry in master.cf. This 14037service performs plaintext <=> TLS ciphertext conversion. <p> 14038 14039<p> This feature is available in Postfix 2.8 and later. </p> 14040 14041