1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Architecture Overview </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 13</head> 14 15<body> 16 17<h1> <img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18Architecture Overview </h1> 19 20<hr> 21 22<h2> Introduction </h2> 23 24<p> This document presents an overview of the Postfix architecture, 25and provides pointers to descriptions of every Postfix command 26or server program. The text gives the general context in which 27each command or server program is used, and provides pointers to 28documents with specific usage examples and background information. 29</p> 30 31<p> Topics covered by this document: </p> 32 33<ul> 34 35<li> <a href="#receiving"> How Postfix receives mail </a> 36 37<li> <a href="#delivering"> How Postfix delivers mail </a> 38 39<li> <a href="#behind"> Postfix behind the scenes </a> 40 41<li> <a href="#commands"> Postfix support commands </a> 42 43</ul> 44 45<h2><a name="receiving"> How Postfix receives mail </a> </h2> 46 47<p> When a message enters the Postfix mail system, the first stop 48on the inside is the incoming queue. The figure below shows the 49main processes that are involved with new mail. Names followed by 50a number are Postfix commands or server programs, while unnumbered 51names inside shaded areas represent Postfix queues. </p> 52 53<blockquote> 54 55<table> 56 57<tr> 58 59<td colspan="4"> </td> 60 61<td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8) </td> 62 63</tr> 64 65<tr> 66 67<td> Network </td> <td> <tt> -> </tt> </td> 68 69<td bgcolor="#f0f0ff" align="center" valign="middle"> smtpd(8) 70</td> 71 72<td> </td> 73 74<td rowspan="2" align="center"> <table> <tr> <td align="center"> 75^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 76</td> </tr> </table> </td> 77 78</tr> 79 80<tr> 81 82<td colspan="3"> </td> <td> <tt> \ </tt> </td> 83 84</tr> 85 86<tr> 87 88<td> Network </td> <td> <tt> -> </tt> </td> 89 90<td bgcolor="#f0f0ff" align="center" valign="middle"> qmqpd(8) 91</td> 92 93<td> <tt> -> </tt> </td> 94 95<td bgcolor="#f0f0ff" align="center" valign="middle"> cleanup(8) 96</td> 97 98<td> <tt> -> </tt> </td> 99 100<td bgcolor="#f0f0ff" align="center" valign="middle"> <a 101href="QSHAPE_README.html#incoming_queue"> incoming </a> </td> 102 103</tr> 104 105<tr> 106 107<td colspan="3"> </td> <td> <tt> / </tt> </td> 108 109</tr> 110 111<tr> 112 113<td colspan="2"> </td> 114 115<td bgcolor="#f0f0ff" align="center" valign="middle"> pickup(8) 116</td> 117 118<td> <tt> <- </tt> </td> 119 120<td bgcolor="#f0f0ff" align="center" valign="middle"> <a 121href="QSHAPE_README.html#maildrop_queue"> maildrop </a> </td> 122 123</tr> 124 125<tr> 126 127<td colspan="4" align="center"> </td> 128 129<td align="center"> ^<br> <tt> | </tt> </td> 130 131</tr> 132 133<tr> 134 135<td> Local </td> <td> <tt> -> </tt> </td> 136 137<td bgcolor="#f0f0ff" align="center" valign="middle"> sendmail(1) 138</td> 139 140<td> <tt> -> </tt> </td> 141 142<td bgcolor="#f0f0ff" align="center" valign="middle"> postdrop(1) 143</td> 144 145</tr> 146 147</table> 148 149</blockquote> 150 151<ul> 152 153<li> <p> Network mail enters Postfix via the smtpd(8) or qmqpd(8) 154servers. These servers remove the SMTP or QMQP protocol encapsulation, 155enforce some sanity checks to protect Postfix, and give the sender, 156recipients and message content to the cleanup(8) server. The 157smtpd(8) server can be configured to block unwanted mail, as 158described in the SMTPD_ACCESS_README document. </p> 159 160<li> <p> Local submissions are received with the Postfix sendmail(1) 161compatibility command, and are queued in the maildrop queue by 162the privileged postdrop(1) command. This arrangement even works 163while the Postfix mail system is not running. The local pickup(8) 164server picks up local submissions, enforces some sanity checks to 165protect Postfix, and gives the sender, recipients and message 166content to the cleanup(8) server. </p> 167 168<li> <p> Mail from internal sources is given directly to the 169cleanup(8) server. These sources are not shown in the figure, and 170include: mail that is forwarded by the local(8) delivery agent (see 171next section), messages that are returned to the sender by the 172bounce(8) server (see second-next section), and postmaster 173notifications about problems with Postfix. </p> 174 175<li> <p> The cleanup(8) server implements the final processing 176stage before mail is queued. It adds missing From: and other message 177headers, and transforms addresses as described in the 178ADDRESS_REWRITING_README 179document. Optionally, the cleanup(8) server can be configured to 180do light-weight content inspection with regular expressions as 181described in the BUILTIN_FILTER_README document. The cleanup(8) 182server places the result as a single file into the incoming queue, 183and notifies the queue manager (see next section) of the arrival 184of new mail. </p> 185 186<li> <p> The trivial-rewrite(8) server rewrites addresses to the 187standard "user@fully.qualified.domain" form, as described in the 188ADDRESS_REWRITING_README document. Postfix currently does not 189implement a rewriting language, but a lot can be done via table 190lookups and, if need be, regular expressions. </p> 191 192</ul> 193 194<h2> <a name="delivering"> How Postfix delivers mail </a> </h2> 195 196<p> Once a message has reached the incoming queue the next step is 197to deliver it. The figure shows the main components of the Postfix 198mail delivery apparatus. Names followed by a number are Postfix 199commands or server programs, while unnumbered names inside shaded 200areas represent Postfix queues. </p> 201 202<blockquote> 203 204<table> 205 206<tr> 207 208<td rowspan="2" colspan="4"> </td> 209 210<td rowspan="2" bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8) 211</td> 212 213<td> </td> 214 215<td bgcolor="#f0f0ff" align="center"> smtp(8) </td> 216 217<td> <tt> -> </tt> </td> <td> Network </td> 218 219</tr> 220 221<tr> 222 223<td align="right"> <tt> / </tt> </td> 224 225</tr> 226 227<tr> 228 229<td rowspan="2" colspan="4"> </td> 230 231<td rowspan="2" align="center"> <table> <tr> <td align="center"> 232^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 233</td> </tr> </table> </td> 234 235<td align="right"> <tt> - </tt> </td> 236 237<td bgcolor="#f0f0ff" align="center"> lmtp(8) </td> 238 239<td> <tt> -> </tt> </td> <td> Network </td> 240 241</tr> 242 243<tr> 244 245<td align="left"> <tt> / </tt> </td> 246 247</tr> 248 249<tr> 250 251<td bgcolor="#f0f0ff" align="center"> <a 252href="QSHAPE_README.html#incoming_queue"> incoming </a> </td> 253 254<td> <tt> -> </tt> </td> 255 256<td bgcolor="#f0f0ff" align="center"> <a 257href="QSHAPE_README.html#active_queue"> active </a> </td> 258 259<td> <tt> -> </tt> </td> 260 261<td bgcolor="#f0f0ff" align="center"> qmgr(8) </td> 262 263<td align="right"> <tt> --- </tt> </td> 264 265<td bgcolor="#f0f0ff" align="center"> local(8) </td> 266 267<td> <tt> -> </tt> </td> <td> File, command </td> 268 269</tr> 270 271<tr> 272 273<td rowspan="2" colspan="2"> </td> 274 275<td rowspan="2" align="center"> <table> <tr> <td align="center"> 276^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 277</td> </tr> </table> </td> 278 279<td rowspan="2" colspan="2"> </td> 280 281<td align="left"> <tt> \ </tt> </td> 282 283</tr> 284 285<tr> 286 287<td align="right"> <tt> - </tt> </td> 288 289<td bgcolor="#f0f0ff" align="center"> virtual(8) </td> 290 291<td> <tt> -> </tt> </td> <td> File </td> 292 293</tr> 294 295<tr> 296 297<td colspan="2"> </td> 298 299<td bgcolor="#f0f0ff" align="center"> <a 300href="QSHAPE_README.html#deferred_queue"> deferred </a> </td> 301 302<td colspan="2"> </td> 303 304<td align="right"> <tt> \ </tt> </td> 305 306</tr> 307 308<tr> 309 310<td colspan="6"> 311 312<td bgcolor="#f0f0ff" align="center"> pipe(8) </td> 313 314<td> <tt> -> </tt> </td> <td> Command </td> 315 316</tr> 317 318</table> 319 320</blockquote> 321 322<ul> 323 324<li> <p> The queue manager (the qmgr(8) server process in the 325figure) is the heart of Postfix mail delivery. It contacts the 326smtp(8), lmtp(8), local(8), virtual(8), pipe(8), discard(8) or 327error(8) delivery agents, and sends a delivery request for one 328or more recipient addresses. The discard(8) and error(8) delivery 329agents are special: they discard or bounce all mail, and are not 330shown in the figure above. </p> 331 332<p> The queue manager maintains a small active queue with the 333messages that it has opened for delivery. The active queue acts as 334a limited window on potentially large incoming or deferred queues. 335The limited active queue prevents the queue manager from running 336out of memory under heavy load. </p> 337 338<p> The queue manager maintains a separate deferred queue for mail 339that cannot be delivered, so that a large mail backlog will not 340slow down normal queue accesses. The queue manager's strategy for 341delayed mail delivery attempts is described in the QSHAPE_README 342and TUNING_README documents. </p> 343 344<li> <p> The trivial-rewrite(8) server resolves each recipient 345address according to its local or remote address class, as defined 346in the ADDRESS_CLASS_README document. Additional routing information 347can be specified with the optional transport(5) table. The 348trivial-rewrite(8) server optionally queries the relocated(5) table 349for recipients whose address has changed; mail for such recipients is 350returned to the sender with an explanation. </p> 351 352<li> <p> The smtp(8) client looks up a list of mail exchangers for 353the destination host, sorts the list by preference, and tries each 354server in turn until it finds a server that responds. It then 355encapsulates the sender, recipient and message content as required 356by the SMTP protocol; this includes conversion of 8-bit MIME to 3577-bit encoding. </p> 358 359<li> <p> The lmtp(8) client speaks a protocol similar to SMTP that 360is optimized for delivery to mailbox servers such as Cyrus. The 361advantage of this setup is that one Postfix machine can feed multiple 362mailbox servers over LMTP. The opposite is true as well: one 363mailbox server can be fed over LMTP by multiple Postfix machines. 364</p> 365 366<li> <p> The local(8) delivery agent understands UNIX-style mailboxes, 367qmail-compatible maildir files, Sendmail-style system-wide aliases(5) 368databases, and Sendmail-style per-user .forward files. Multiple 369local delivery agents can be run in parallel, but parallel delivery 370to the same user is usually limited. </p> 371 372<p> The local(8) delivery agent has hooks for alternative forms of 373local delivery: you can configure it to deliver to mailbox files 374in user home directories, you can configure it to delegate mailbox 375delivery to an external command such as procmail, or you can delegate 376delivery to a different Postfix delivery agent. </p> 377 378<li> <p> The virtual(8) delivery agent is a bare-bones delivery 379agent that delivers to UNIX-style mailbox or qmail-style maildir 380files only. This delivery agent can deliver mail for multiple 381domains, which makes it especially suitable for hosting lots of 382small domains on a single machine. This is described in the 383VIRTUAL_README document. </p> 384 385<li> <p> The pipe(8) mailer is the outbound interface to other mail 386processing systems (the Postfix sendmail(1) command being the 387inbound interface). The interface is UNIX compatible: it provides 388information on the command line and on the standard input stream, 389and expects a process exit status code as defined in <sysexits.h>. 390Examples of delivery via the pipe(8) mailer are in the MAILDROP_README 391and UUCP_README documents. 392 393</ul> 394 395<h2> <a name="behind"> Postfix behind the scenes </a> </h2> 396 397<p> The previous sections gave an overview of how Postfix server 398processes send and receive mail. These server processes rely on 399other server processes that do things behind the scenes. The text 400below attempts to visualize each service in its own context. As 401before, names followed by a number are Postfix commands or server 402programs, while unnumbered names inside shaded areas represent 403Postfix queues. </p> 404 405<ul> 406 407<li> <p> The resident master(8) server is the supervisor that keeps 408an eye on the well-being of the Postfix mail system. It is typically 409started at system boot time with the "postfix start" command, and 410keeps running until the system goes down. The master(8) server is 411responsible for starting Postfix server processes to receive and 412deliver mail, and for restarting servers that terminate prematurely 413because of some problem. The master(8) server is also responsible 414for enforcing the server process count limits as specified in the 415<b>master.cf</b> configuration file. The picture below gives the 416program hierarchy when Postfix is started up. Only some of the mail 417handling daemon processes are shown. </p> 418 419<table> 420 421<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 422postfix(1) </td> </tr> 423 424<tr> <td colspan="2"> </td> <td align="center"> |<br> |</td> </tr> 425 426<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 427postfix-script(1) </td> </tr> 428 429<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr> 430<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center"> 431|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr> 432<td> </td> <td> \ </td> </tr> </table> </td> </tr> 433 434<tr> <td align="center" bgcolor="#f0f0ff"> postsuper(1) </td> <td> 435</td> <td align="center" bgcolor="#f0f0ff"> master(8) </td> <td> 436</td> <td align="center" bgcolor="#f0f0ff"> postlog(1) </td> </tr> 437 438<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr> 439<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center"> 440|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr> 441<td> </td> <td> \ </td> </tr> </table> </td> </tr> 442 443<tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8) </td> <td> 444</td> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> 445</td> <td align="center" bgcolor="#f0f0ff"> local(8) </td> </tr> 446 447</table> 448 449<li> <p> The anvil(8) server implements client connection and 450request rate 451limiting for all smtpd(8) servers. The TUNING_README document 452provides guidance for dealing with mis-behaving SMTP clients. The 453anvil(8) service is available in Postfix version 2.2 and later. 454</p> 455 456<table> 457 458<tr> <td> Network </td> <td> <tt> -> </tt> </td> <td align="center" 459bgcolor="#f0f0ff"> <br> smtpd(8)<br><br> </td> <td> <tt> <-> 460</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> anvil(8)<br><br> 461</td> </tr> 462 463</table> 464 465<li> <p> The bounce(8), defer(8) and trace(8) services each maintain 466their own queue directory trees with per-message logfiles. Postfix 467uses this information when sending "failed", "delayed" or "success" 468delivery status notifications to the sender. </p> 469 470<p> The trace(8) service also implements support for the Postfix 471"sendmail 472-bv" and "sendmail -v" commands which produce reports about how 473Postfix delivers mail, and is available with Postfix version 2.1 474and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README 475</a> for examples. </p> 476 477<table> 478 479<tr> <td align="center" bgcolor="#f0f0ff"> cleanup(8) </td> <td 480valign="middle"> <tt> -> </tt> </td> <td align="center" 481bgcolor="#f0f0ff"> qmgr(8)<br> Postfix<br> queue </td> <td 482valign="middle"> <tt> -> </tt> </td> <td align="center" 483bgcolor="#f0f0ff"> Delivery<br> agents</td> </tr> 484 485<tr> <td align="center"> ^<br> <tt> | </tt> </td> <td> </td> <td 486align="center"> <tt> |<br> v </tt> </td> <td> </td> <td align="center"> 487<tt> |<br> v </tt> </td> </tr> 488 489<tr> <td align="center"> (Non-)<br> delivery<br> notice </td> <td 490valign="middle"> <tt> <- </tt> </td> <td align="center" 491bgcolor="#f0f0ff"> bounce(8)<br> defer(8)<br> trace(8) </td> <td 492valign="middle"> <tt> <- </tt> </td> <td align="center"> Queue 493id,<br> recipient,<br> status</td> </tr> 494 495<tr> <td colspan="2"> </td> <td align="center"> <table> <tr> <td 496align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt> 497|<br> v </tt> </td> </tr> </table> </td> </tr> 498 499<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 500Per- <br> message<br> logfiles </td> </tr> 501 502</table> 503 504<li> <p> The flush(8) servers maintain per-destination logs and 505implement both ETRN and "sendmail -qRdestination", as described 506in the ETRN_README document. This moves selected queue files from 507the deferred queue back to the incoming queue and requests their 508delivery. The flush(8) service is available with Postfix version 5091.0 and later. </p> 510 511<table> 512 513<tr> <td colspan="4"> </td> <td align="center" bgcolor="#f0f0ff"> 514<a href="QSHAPE_README.html#incoming_queue"> incoming </a><br>^ 515<br><a href="QSHAPE_README.html#deferred_queue"> deferred </a> 516</td> </tr> 517 518<tr> <td colspan="4"> </td> <td align="center"> ^<br> |</td> </tr> 519 520<tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8)<br> sendmail(1)<br> 521postqueue(1) </td> <td> <tt> - </tt> </td> <td align="center"> 522Destination<br> to flush</td> <td> <tt> -> </tt> </td> <td 523align="center" bgcolor="#f0f0ff"> flush(8) </td> <td> <tt> <- 524</tt> </td> <td align="center"> Deferred<br> destination,<br> queue 525id </td> <td> <tt> - </tt> </td> <td align="center" bgcolor="#f0f0ff"> 526Delivery<br> agents,<br> qmgr(8) </td> </tr> 527 528<tr> <td colspan="4"> </td> <td align="center"> <table> <tr> <td 529align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt> 530|<br> v </tt> </td> </tr> </table> </td> </tr> 531 532<tr> <td colspan="4"> </td> <td align="center"> Per-dest-<br> 533ination<br> logs </td> </tr> 534 535</table> 536 537<li> <p> The proxymap(8) servers provide read-only and read-write 538table lookup 539service to Postfix processes. This overcomes chroot restrictions, 540reduces the number of open lookup tables by sharing one open 541table among multiple processes, and implements single-updater 542tables. </p> 543 544<li> <p> The scache(8) server maintains the connection cache for 545the Postfix smtp(8) client. When connection caching is enabled for 546selected destinations, the smtp(8) client does not disconnect 547immediately after a mail transaction, but gives the connection to 548the connection cache server which keeps the connection open for a 549limited amount of time. The smtp(8) client continues with some 550other mail delivery request. Meanwhile, any smtp(8) process can 551ask the scache(8) server for that cached connection and reuse it 552for mail delivery. As a safety measure, Postfix limits the number 553of times that a connection may be reused. </p> 554 555<p> When delivering mail to a destination with multiple mail servers, 556connection caching can help to skip over a non-responding server, 557and thus dramatically speed up delivery. SMTP connection caching 558is available in Postfix version 2.2 and later. More information 559about this feature is in the CONNECTION_CACHE_README document. </p> 560 561<table> 562 563<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center" 564colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt> 565--> </tt> </td> <td> Internet </td> </tr> 566 567<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td> 568<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> 569</tr> 570 571<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center" 572colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> 573 </td> </tr> 574 575<tr> <td colspan="2"> </td> <td> </td> <td 576align="center"><tt>^<br>|</tt></td> </tr> 577 578<tr> <td colspan="2"> </td> <td align="center" colspan="3" 579bgcolor="#f0f0ff"> scache(8) </td> </tr> 580 581</table> 582 583<p> A Postfix smtp(8) client can reuse a TLS-encrypted connection 584(with "smtp_tls_connection_reuse = yes"). This can greatly reduce 585the overhead of connection setup and improves message delivery 586rates. After a Postfix smtp(8) client connects to a remote SMTP 587server and sends plaintext EHLO and STARTTLS commands, the smtp(8) 588client inserts a tlsproxy(8) process into the connection as shown 589below. </p> 590 591<p> After the mail transaction completes, the Postfix smtp(8) client 592gives the smtp(8)-to-tlsproxy(8) connection to the scache(8) 593server, which keeps the connection open for a limited amount of 594time. The smtp(8) client continues with some other mail delivery 595request. Meanwhile, any Postfix smtp(8) client can ask the scache(8) 596server for that cached connection and reuse it for mail delivery. 597</p> 598 599<table> 600 601<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center" 602colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt> 603--> </tt> </td> <td align="center"bgcolor="#f0f0ff"> tlsproxy(8) 604</td> <td> <tt> --> </tt> </td> <td> Internet </td> </tr> 605 606<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td> 607<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> 608</tr> 609 610<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center" 611colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> 612 </td> </tr> 613 614<tr> <td colspan="2"> </td> <td> </td> <td 615align="center"><tt>^<br>|</tt></td> </tr> 616 617<tr> <td colspan="2"> </td> <td align="center" colspan="3" 618bgcolor="#f0f0ff"> scache(8) </td> </tr> 619 620</table> 621 622<li> <p> The showq(8) servers list the Postfix queue status. This 623is the queue listing service that does the work for the mailq(1) 624and postqueue(1) commands. </p> 625 626<table> 627 628<tr> <td> Output </td> <td> <tt> <- </tt> </td> <td align="center" 629bgcolor="#f0f0ff"> mailq(1)<br> 630 631<a href="postqueue.1.html"> post-<br>queue(1) </a> <br> </td> <td> 632<tt> <- </tt> </td> <td align="center" valign="middle" 633bgcolor="#f0f0ff"> showq(8) </td> <td> <tt> <- </tt></td> <td 634align="center" valign="middle" bgcolor="#f0f0ff"> Postfix<br> queue 635</td> </tr> 636 637</table> 638 639<li> <p> The spawn(8) servers run non-Postfix commands on request, 640with the client connected via socket or FIFO to the command's 641standard input, output and error streams. You can find examples of 642its use in the SMTPD_POLICY_README document. </p> 643 644<li> <p> The tlsmgr(8) server runs when TLS (Transport Layer 645Security, formerly known as SSL) is turned on in the Postfix smtp(8) 646client or smtpd(8) server. This process has two duties: </p> 647 648<ul> 649 650<li> <p> Maintain the pseudo-random number generator (PRNG) that 651is used to seed the TLS engines in Postfix smtp(8) client or smtpd(8) 652server processes. The state of this PRNG is periodically saved to 653a file, and is read when tlsmgr(8) starts up. </p> 654 655<li> <p> Maintain the optional Postfix smtp(8) client or smtpd(8) 656server caches with TLS session keys. Saved keys can improve 657performance by reducing the amount of computation at the start of 658a TLS session. </p> 659 660</ul> 661 662<p> TLS support is available in Postfix version 2.2 and later. 663Information about the Postfix TLS implementation is in the TLS_README 664document. </p> 665 666<table> 667 668<tr> <td>Network<tt>-> </tt> </td> <td align="center" 669bgcolor="#f0f0ff"> <br> smtpd(8) <br> </td> <td colspan="2"> 670<tt> <---seed---<br><br><-session-> </tt> </td> <td 671align="center" bgcolor="#f0f0ff"> <br> tlsmgr(8) <br> </td> 672<td colspan="3"> <tt> ---seed---><br> <br><-session-> 673</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br> 674 </td> <td> <tt> -></tt>Network </td> </tr> 675 676<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td> 677</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table> 678</td> <td align="center"> |<br> |</td> <td align="left"> <table> 679<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td> 680</tr> </table> </td> <td colspan="3"> </td> </tr> 681 682<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 683smtpd<br> session<br> cache </td> <td> </td> <td align="center" 684bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td 685align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td> 686<td colspan="2"> </td> </tr> 687 688</table> 689 690 691<li> <p> The verify(8) server verifies that a sender or recipient 692address is deliverable before the smtpd(8) server accepts it. The 693verify(8) server queries a cache with address verification results. 694If a result is not found, the verify(8) server injects a probe 695message into the Postfix queue and processes the status update from 696a delivery agent or queue manager. 697This process is described in the ADDRESS_VERIFICATION_README 698document. The verify(8) service is available with Postfix version 6992.1 and later. </p> 700 701<table> 702 703<tr> 704 705 <td rowspan="2" colspan="5" align="center" valign="middle"> 706 </td> <td rowspan="3" align="center" valign="bottom"> 707 <tt> -> </tt> </td> <td rowspan="3" align="center" 708 valign="middle"> probe<br> message </td> <td rowspan="3" 709 align="center" valign="middle"> <tt> -> </tt> </td> <td 710 rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle"> 711 Postfix<br> mail<br> queue </td> 712 713</tr> 714 715<tr> <td> </td> </tr> 716 717<tr> 718 719 <td rowspan="3" align="center" valign="middle"> Network </td> 720 <td rowspan="3" align="center" valign="middle"> <tt> -> </tt> 721 </td> <td rowspan="3" bgcolor="#f0f0ff" align="center" 722 valign="middle"> smtpd(8) </td> <td rowspan="3" align="center" 723 valign="middle"> <tt> <-> </tt> </td> <td rowspan="3" 724 bgcolor="#f0f0ff" align="center" valign="middle"> verify(8) 725 </td> 726 727</tr> 728 729<tr> 730 731 <td rowspan="1" colspan="3"> </td> <td rowspan="1" align="center" 732 valign="middle"> <tt> |</tt><br> <tt> v</tt> </td> 733 734</tr> 735 736<tr> 737 738 <td rowspan="3" align="center" valign="top"> <tt> <- </tt> 739 </td> <td rowspan="3" align="center" valign="middle"> probe<br> 740 status </td> <td rowspan="3" align="center" valign="middle"> 741 <tt> <- </tt> </td> <td rowspan="3" bgcolor="#f0f0ff" 742 align="center" valign="middle"> Postfix<br> delivery<br> agents 743 </td> <td rowspan="3" align="left" valign="middle"> <tt>-></tt> 744 Local<br> <tt>-></tt> Network</td> 745 746</tr> 747 748<tr> 749 750 <td rowspan="3" colspan="4" align="center" valign="middle"> 751 </td> <td rowspan="3" align="center" valign="middle"> 752 <tt> ^</tt><br> <tt> |</tt><br> <tt> v</tt> </td> 753 754</tr> 755 756<tr> <td> </td> </tr> 757 758<tr> <td colspan="4"> </td> </tr> 759 760<tr> 761 762 <td colspan="4" align="center" valign="middle"> </td> 763 <td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br> 764 verification<br> cache </td> 765 766</tr> 767 768</table> 769 770<li> <p> The postscreen(8) server can be put "in front" of Postfix 771smtpd(8) processes. Its purpose is to accept connections from the 772network and to decide what SMTP clients are allowed to talk to 773Postfix. According to the 2008 MessageLabs annual report, 81% of 774all email was spam, and 90% of that was sent by botnets; by 2010, 775those numbers were 92% and 95%, respectively. While postscreen(8) 776keeps the zombies away, more smtpd(8) processes remain available 777for legitimate clients. </p> 778 779<p> postscreen(8) maintains a temporary allowlist for clients that 780pass its tests; by allowing allowlisted clients to skip tests, 781postscreen(8) minimizes its impact on legitimate email traffic. 782</p> 783 784<p> The postscreen(8) server is available with Postfix 2.8 and 785later. To keep the implementation simple, postscreen(8) delegates 786DNS allow/denylist lookups to dnsblog(8) server processes, and 787delegates TLS encryption/decryption to tlsproxy(8) server processes. 788This delegation is invisible to the remote SMTP client. </p> 789 790<table> 791 792<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr> 793 794<tr> <td colspan="3"> </td> <td align="left"> <tt> \ </tt> </td> </tr> 795 796<tr> <td> zombie </td> <td> <tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> tlsproxy(8) </td> <td align="left"> <tt> - </tt> </td> <td> 797</td> <td> </td> <td> </td> <td align="right"> <tt> - </tt> </td> 798<td bgcolor="#f0f0ff" align="center"> smtpd(8) </td> </tr> 799 800<tr> <td colspan="3"> </td> <td align="right"> <tt> \ </tt> </td> <td> </td> 801<td align="left"> <tt> / </tt> </td> </tr> 802 803<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt> 804--- </tt> </td> <td bgcolor="#f0f0ff" align="center" valign="middle"> 805postscreen(8) </td> </tr> 806 807<tr> <td colspan="3"> </td> <td align="right"> <tt> / </tt> </td> <td> </td> 808<td align="right"> <tt> \ </tt> </td> </tr> 809 810<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left"> 811<tt> - </tt> </td> <td> </td> <td> </td> <td> </td> <td align="right"> 812<tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> smtpd(8) 813</td> </tr> 814 815<tr> <td colspan="3"> </td> <td align="left"> <tt> / </tt> </td> </tr> 816 817<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr> 818 819</table> 820 821<li> <p>The postlogd(8) server provides an alternative to syslog 822logging, which remains the default. This feature is available with 823Postfix version 3.4 or later, and supports the following modes: 824</p> 825 826 827<ul> 828 829<li> <p>Logging to file, which addresses a usability problem with 830MacOS, and eliminates information loss caused by systemd rate limits. 831</p> 832 833<table> 834 835<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center"> 836commands<br>or daemons</td> <td colspan="4"> </td> </tr> 837 838<tr> <td colspan="2"> <td> <tt> -> </tt> </td> <td bgcolor="#f0f0ff"> 839postlogd(8) </td> <td> <tt> -> </tt> </td> <td> /path/to/file 840</td> </tr> 841 842<tr> <td colspan=6> </td> </tr> 843 844</table> 845 846<li> <p>Logging to stdout, which eliminates a syslog dependency 847when Postfix runs inside a container. </p> 848 849<table> 850 851<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center"> 852commands<br>or daemons</td> <td colspan="4"> </td> <td 853rowspan="3" align="center"> stdout inherited<br>from "postfix 854start-fg" </td> </tr> 855 856<tr> <td colspan="2"> <tt> -> </tt> </td> <td bgcolor="#f0f0ff"> 857postlogd(8) </td> <td> <tt> -> </tt> </td> </tr> 858 859<tr> <td colspan=5> </td> </tr> 860 861</table> 862 863</ul> 864 865<p> See MAILLOG_README for details and limitations. </p> 866 867</ul> 868 869<h2> <a name="commands"> Postfix support commands </a> </h2> 870 871<p> The Postfix architecture overview ends with a summary of 872command-line utilities for day-to-day use of the Postfix mail 873system. Besides the Sendmail-compatible sendmail(1), mailq(1), and 874newaliases(1) commands, the Postfix system comes with it own 875collection of command-line utilities. For consistency, these are 876all named post<i>something</i>. </p> 877 878<ul> 879 880<li> <p> The postfix(1) command controls the operation of the mail 881system. It is the interface for starting, stopping, and restarting 882the mail system, as well as for some other administrative operations. 883This command is reserved to the super-user. </p> 884 885<li> <p> The postalias(1) command maintains Postfix aliases(5) type 886databases. This is the program that does the work for the 887newaliases(1) command. </p> 888 889<li> <p> The postcat(1) command displays the contents of Postfix 890queue files. This is a limited, preliminary utility. This program 891is likely to be superseded by something more powerful that can also 892edit Postfix queue files. </p> 893 894<li> <p> The postconf(1) command displays or updates Postfix main.cf 895parameters and displays system dependent information about the 896supported file locking methods, and the supported types of lookup 897tables. </p> 898 899<li> <p> The postdrop(1) command is the mail posting utility that 900is run by the Postfix sendmail(1) command in order to deposit mail 901into the maildrop queue directory. </p> 902 903<li> <p> The postkick(1) command makes some Postfix internal 904communication channels available for use in, for example, shell 905scripts. </p> 906 907<li> <p> The postlock(1) command provides Postfix-compatible mailbox 908locking for use in, for example, shell scripts. </p> 909 910<li> <p> The postlog(1) command provides Postfix-compatible logging 911for shell scripts. </p> 912 913<li> <p> The postmap(1) command maintains Postfix lookup tables 914such as canonical(5), virtual(5) and others. It is a cousin of the 915UNIX makemap command. </p> 916 917<li> <p> The postmulti(1) command repeats the "postfix start" etc. 918command for each Postfix instance, and supports creation, deletion 919etc. of Postfix instances. For a tutorial, see MULTI_INSTANCE_README. 920</p> 921 922<li> <p> The postqueue(1) command is the privileged command that 923is run by Postfix sendmail(1) and mailq(1) in order to flush or 924list the 925mail queue. </p> 926 927<li> <p> The postsuper(1) command maintains the Postfix queue. It 928removes old temporary files, and moves queue files into the right 929directory after a change in the hashing depth of queue directories. 930This command is run at mail system startup time and when Postfix 931is restarted. </p> 932 933</ul> 934 935</body> 936 937</html> 938