mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 05:07:58 +00:00
Code Issues Releases Wiki Activity

postfix-2.7-20090418

Browse Source
This commit is contained in:
Wietse Venema 2009-04-18 00:00:00 -05:00 committed by Viktor Dukhovni
parent d41ba831a2
commit 06989449d8
133 changed files with 1362 additions and 809 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
postfix/.indent.pro vendored
View File

@ -271,7 +271,6 @@
-TVBUF
-TVSTREAM
-TVSTREAM_POPEN_ARGS
-TVSTREAN_POPEN_ARGS
-TVSTRING
-TWAIT_STATUS_T
-TWATCHDOG
@ -280,6 +279,7 @@
-TX509_NAME
-TX509_STORE_CTX
-TXSASL_CLIENT
-TXSASL_CLIENT_CREATE_ARGS
-TXSASL_CLIENT_IMPL
-TXSASL_CLIENT_IMPL_INFO
-TXSASL_CYRUS_CLIENT
@ -290,6 +290,7 @@
-TXSASL_DOVECOT_SERVER_IMPL
-TXSASL_DOVECOT_SERVER_MECHS
-TXSASL_SERVER
-TXSASL_SERVER_CREATE_ARGS
-TXSASL_SERVER_IMPL
-TXSASL_SERVER_IMPL_INFO
-Tcipher_probe_t

53
postfix/HISTORY
View File

@ -15080,3 +15080,56 @@ Apologies for any names omitted.
compatibility. Adding such headers to remote mail can break
DKIM signatures that cover headers that are not present.
File: cleanup/cleanup_message.c.
20090415
Workaround: to avoid unnecessary "fatal" delivery agent
exits, delivery agents retry getting a shared lock on a
queue file. This is necessary since the queue manager's
behavior was changed years ago to refill the in-memory
recipient list before it was completely empty. File:
global/deliver_request.c.
Documentation: updated STRESS_README.
20090416
Workaround: some AWK implementations have a limit of 10
output files and lack a working close() function. It is too
much trouble to find out what systems have this limitation,
and where, if any, such systems store their XPG4-compatible
AWK program. So instead we generate a stream of here
documents and let the shell split the stream into files.
File: postconf/extract.awk.
Documentation: clarification of certificate file usage.
Victor Duchovni. Files: proto/postconf.proto,
proto/TLS_README.html.
Feature: pass a "TLS is active" flag to the server-side
SASL support. Based on code by Timo Sirainen, except that
the implementation uses an extensible API so that it will
be less painful to add more attributes in future Postfix
versions. Files: xsasl/xsasl.h, xsasl/xsasl_*server.c,
smtpd/smtpd_sasl_glue.c.
20090417
Documentation: re-generate READMEs and manpages for updated
hyperlinks.
Documentation: missing hyperlinks and missing parameters
in manpages. File: mantools/postlink, mantools/check-postlink.
20090418
Cleanup: use the extensible API to pass SMTP client address
information to the dovecot SASL plugin, and prepare for
passing server address information. Files: xsasl/xsasl.h,
xsasl/xsasl_dovecot_server.c, smtpd/smtpd_sasl_glue.c.
Same extensible API transformation for the SASL client-side
code to make future extensions less painful. Files:
xsasl/xsasl.h, xsasl/xsasl*client.c, smtp/smtp_sasl_glue.c.
More postlink fixes. File: mantools/postlink.

1
postfix/README_FILES/AAAREADME
View File

@ -12,6 +12,7 @@ GGeenneerraall ccoonnffiigguurraattiioonn
* TLS_README: TLS Encryption and authentication
* TLS_LEGACY_README: Legacy TLS support
* IPV6_README: IP Version 6 Support
* MULTI_INSTANCE_README: Multiple-instance management
* INSTALL: Installation from source code
PPrroobblleemm ssoollvviinngg

6
postfix/README_FILES/SMTPD_POLICY_README
View File

@ -88,9 +88,9 @@ Notes:
attribute, sends the attribute with an empty value ("name="), or sends a
zero value ("name=0") in the case of a numerical attribute.
* The "recipient" attribute is available only in the "RCPT TO" stage, and in
the "DATA" and "END-OF-MESSAGE" stages when Postfix accepted only one
recipient for the current message.
* The "recipient" attribute is available in the "RCPT TO" stage. It is also
available in the "DATA" and "END-OF-MESSAGE" stages if Postfix accepted
only one recipient for the current message.
* The "recipient_count" attribute (Postfix 2.3 and later) is non-zero only in
the "DATA" and "END-OF-MESSAGE" stages. It specifies the number of

255
postfix/README_FILES/STRESS_README
View File

@ -4,12 +4,11 @@ PPoossttffiixx SSttrreessss--DDeeppeennddeenntt CCoonn
OOvveerrvviieeww
This document describes the symptoms of Postfix SMTP server overload, and how
to avoid the condition under normal conditions. When the condition is caused by
botnets or other malware, the document suggests configuration settings that
help to minimize the impact on legitimate mail. Finally, the document
introduces stress-adaptive behavior, introduced with Postfix 2.5, and how it
can be used to automatically switch configuration settings under overload.
This document describes the symptoms of Postfix SMTP server overload. It
presents permanent main.cf changes to avoid overload during normal operation,
and temporary main.cf changes to cope with an unexpected burst of mail. This
document makes specific suggestions for Postfix 2.5 and later which support
stress-adaptive behavior, and for earlier Postfix versions that don't.
Topics covered in this document:
@ -17,42 +16,46 @@ Topics covered in this document:
* Service more SMTP clients at the same time
* Spend less time per SMTP client
* Disconnect suspicious SMTP clients
* Take desperate measures
* Make Postfix behavior stress-adaptive
* Temporary measures for older Postfix releases
* Automatic stress-adaptive behavior
* Detecting support for stress-adaptive behavior
* Forcing stress-adaptive behavior on or off
* Other measures to off-load zombies
* Credits
SSyymmppttoommss ooff PPoossttffiixx SSMMTTPP sseerrvveerr oovveerrllooaadd
Under normal conditions, Postfix responds immediately when a remote SMTP client
connects. The time needed to deliver mail should be noticeable only with very
large messages. Performance degrades more dramatically when the number of
remote SMTP clients exceeds the number of Postfix SMTP server processes. When a
client connects while all server processes are busy, the client must wait until
a server process becomes available.
Under normal conditions, the Postfix SMTP server responds immediately when an
SMTP client connects to it; the time to deliver mail is noticeable only with
large messages. Performance degrades dramatically when the number of SMTP
clients exceeds the number of Postfix SMTP server processes. When an SMTP
client connects while all Postfix SMTP server processes are busy, the client
must wait until a server process becomes available.
Overload may be caused by a legitimate mail (example: a DNS registrar opens a
new zone for registrations), by mistake (mail explosion caused by a forwarding
loop) or by illegitimate mail (worm outbreak, botnet, or other malware
activity). Symptoms of Postfix SMTP mail server overload are:
SMTP server overload may be caused by a surge of legitimate mail (example: a
DNS registrar opens a new zone for registrations), by mistake (mail explosion
caused by a forwarding loop) or by malice (worm outbreak, botnet, or other
illegitimate activity).
Symptoms of Postfix SMTP server overload are:
* Remote SMTP clients experience a long delay before Postfix sends the "220
hostname.example.com ESMTP Postfix" greeting. If this affects end-user mail
clients, enable the "submission" service entry in master.cf (present since
Postfix 2.1), and tell users to connect to this instead of the public SMTP
service.
hostname.example.com ESMTP Postfix" greeting.
o NOTE: Broken DNS configurations also cause lengthy delays before
Postfix sends "220 hostname.example.com ...". In this case the delay
happens even when Postfix is not busy.
o NOTE: Broken DNS configurations can also cause lengthy delays before
Postfix sends "220 hostname.example.com ...". These delays also exist
when Postfix is NOT overloaded.
o NOTE: To avoid "overload" delays for end-user mail clients, enable the
"submission" service entry in master.cf (present since Postfix 2.1),
and tell users to connect to this instead of the public SMTP service.
* The Postfix SMTP server logs an increased number of "lost connection after
CONNECT" events. This happens because remote SMTP clients disconnect before
Postfix answers the connection.
o NOTE: A portscan for open SMTP ports also results in "lost connection
..." logfile messages.
o NOTE: A portscan for open SMTP ports can also result in "lost
connection ..." logfile messages.
* Postfix 2.3 and later logs a warning that all server ports are busy:
@ -63,15 +66,16 @@ activity). Symptoms of Postfix SMTP mail server overload are:
condition, increase the process count in master.cf or reduce the
service time per client
Legitimate mail that doesn't get through during an episode of overload is not
necessarily lost. It should still arrive once the situation returns to normal,
as long as the overload condition is temporary.
Legitimate mail that doesn't get through during an episode of Postfix SMTP
server overload is not necessarily lost. It should still arrive once the
situation returns to normal, as long as the overload condition is temporary.
SSeerrvviiccee mmoorree SSMMTTPP cclliieennttss aatt tthhee ssaammee ttiimmee
To service more SMTP clients simultaneously, you need to increase the number of
SMTP server processes. This will improve the responsiveness for remote SMTP
clients, as long as the server machine has enough hardware and software
One measure to avoid the "all server processes busy" condition is to service
more SMTP clients simultaneously. For this you need to increase the number of
Postfix SMTP server processes. This will improve the responsiveness for remote
SMTP clients, as long as the server machine has enough hardware and software
resources to run the additional processes, and as long as the file system can
keep up with the additional load.
@ -84,8 +88,9 @@ keep up with the additional load.
operating system that supports kernel-based event filters (BSD kqueue(2),
Linux epoll(4), or Solaris /dev/poll).
* You can reduce the Postfix memory footprint by using cdb: lookup tables
instead of Berkeley DB's hash: or btree: tables.
* More processes use more memory. You can reduce the Postfix memory footprint
by using cdb: lookup tables instead of Berkeley DB's hash: or btree:
tables.
1 /etc/postfix/main.cf:
2 # Raise the global process limit, 100 since Postfix 2.0.
@ -120,9 +125,9 @@ keep up with the additional load.
SSppeenndd lleessss ttiimmee ppeerr SSMMTTPP cclliieenntt
When increasing the number of SMTP server processes is not practical, you can
improve Postfix server responsiveness by eliminating unnecessary work. When
Postfix spends less time per SMTP session, the same number of SMTP server
processes can service more clients in the same amount of time.
improve Postfix server responsiveness by eliminating delays. When Postfix
spends less time per SMTP session, the same number of SMTP server processes can
service more clients in a given amount of time.
* Eliminate non-functional RBL lookups (blocklists that are no longer in
operation). These lookups can degrade performance. Postfix logs a warning
@ -137,18 +142,18 @@ processes can service more clients in the same amount of time.
BACKSCATTER_README for examples of the latter.
* Group your header_checks and body_checks patterns to avoid unnecessary
pattern matching operations.
pattern matching operations:
1 /etc/postfix/header_checks:
2 if /^Subject:/
3 /^Subject: virus found in mail from you/ reject
4 /^Subject: ..../ ....
4 /^Subject: ..other../ reject
5 endif
6
7 if /^Received:/
8 /^Received: from (postfix\.org) / reject forged client name in
received header: $1
9 /^Received: from .../ ....
9 /^Received: from ..other../ reject ....
10 endif
DDiissccoonnnneecctt ssuussppiicciioouuss SSMMTTPP cclliieennttss
@ -157,14 +162,16 @@ Under conditions of overload you can improve Postfix SMTP server responsiveness
by hanging up on suspicious clients, so that other clients get a chance to talk
to Postfix.
* Use "521" reply codes (Postfix 2.6 and later) for botnet-related RBLs or
for selected non-RBL restrictions. With Postfix 2.3-2.5 use "421" for a
similar result. The Postfix SMTP server will disconnect immediately without
* Use "521" SMTP reply codes (Postfix 2.6 and later) or "421" (Postfix 2.3-
2.5) to hang up on clients that that match botnet-related RBLs (see next
bullet) or that match selected non-RBL restrictions such as SMTP access
maps. The Postfix SMTP server will reject mail and disconnect without
waiting for the remote SMTP client to send a QUIT command.
You can set individual reject codes for RBLs, and for individual responses
from a specific RBL. We'll use zen.spamhaus.org as an example; by the time
you read this document, details may have changed. Right now, their
* To hang up connections from blacklisted zombies, you can set specific
Postfix SMTP server reject codes for specific RBLs, and for individual
responses from specific RBLs. We'll use zen.spamhaus.org as an example; by
the time you read this document, details may have changed. Right now, their
documents say that a response of 127.0.0.10 or 127.0.0.11 indicates a
dynamic client IP address, which means that the machine is probably running
a bot of some kind. To give a 521 response instead of the default 554
@ -180,37 +187,45 @@ to Postfix.
8 rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
9
10 /etc/postfix/rbl_reply_maps:
11 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
12 $rbl_class [$rbl_what] blocked using
13 $rbl_domain${rbl_reason?; $rbl_reason}
14
15 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
16 $rbl_class [$rbl_what] blocked using
17 $rbl_domain${rbl_reason?; $rbl_reason}
11 # With Postfix 2.3-2.5 use "421" to hang up connections.
12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
13 $rbl_class [$rbl_what] blocked using
14 $rbl_domain${rbl_reason?; $rbl_reason}
15
16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
17 $rbl_class [$rbl_what] blocked using
18 $rbl_domain${rbl_reason?; $rbl_reason}
Although the above shows three RBL lookups (lines 4-6), Postfix will still
only do a single DNS query, so the performance difference is negligible.
Although the above example shows three RBL lookups (lines 4-6), Postfix
will only do a single DNS query, so it does not affect the performance.
With Postfix 2.3-2.5, use 421 (reply code 521 will not cause Postfix to
disconnect). The down-side of sending 421 is that it works only for zombies
and other malware. If the client is running a real MTA, then it may connect
again several times until the mail expires in its queue. When this is a
problem, stick with the default 554 reply, and use "smtpd_hard_error_limit
= 1" as described below.
* With Postfix 2.3-2.5, use reply code 421 (521 will not cause Postfix to
disconnect). The down-side of replying with 421 is that it works only for
zombies and other malware. If the client is running a real MTA, then it may
connect again several times until the mail expires in its queue. When this
is a problem, stick with the default 554 reply, and use
"smtpd_hard_error_limit = 1" as described below.
With Postfix 2.5, or with earlier releases that contain the stress-adaptive
behavior patch, you can turn on the above under overload by replacing line
8 with:
* You can automatically turn on the above overload measure with Postfix 2.5
and later, or with earlier releases that contain the stress-adaptive
behavior source code patch from the mirrors listed at http://
www.postfix.org/download.html. Simply replace line above 8 with:
8 rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
More information about automatic stress-adaptive behavior is at the end of
this document.
More information about automatic stress-adaptive behavior is in section
"Automatic stress-adaptive behavior".
TTaakkee ddeessppeerraattee mmeeaassuurreess
TTeemmppoorraarryy mmeeaassuurreess ffoorr oollddeerr PPoossttffiixx rreelleeaasseess
The following measures will still allow mmoosstt legitimate clients to connect and
send mail, but may affect some legitimate clients.
See the next section, "Automatic stress-adaptive behavior", if you are running
Postfix version 2.5 or later, or if you have applied the source code patch for
stress-adaptive behavior from the mirrors listed at http://www.postfix.org/
download.html.
The following measures can be applied temporarily during overload. They still
allow mmoosstt legitimate clients to connect and send mail, but may affect some
legitimate clients.
* Reduce smtpd_timeout (default: 300s). Experience on the postfix-users list
from a variety of sysadmins shows that reducing the "normal" smtpd_timeout
@ -228,55 +243,75 @@ send mail, but may affect some legitimate clients.
longer-active user names that didn't bother to unsubscribe. No mail should
be lost, as long as this measure is used only temporarily.
* Disable remote SMTP client hostname lookups, so that all SMTP client
hostnames become "unknown" (line 5 below). This feature was introduced with
Postfix 2.3. Unfortunately, this measure is more problematic than the other
ones proposed sofar. First, this will result in loss of mail when you use
hostname-based access rules that reject mail from "unknown" SMTP clients
(examples: reject_unknown_client_hostname,
reject_unknown_reverse_client_hostname). Second, this may result in loss of
mail when you subject "unknown" SMTP clients to additional restrictions
such as reject_unverified_sender.
* Use an smtpd_junk_command_limit of 1 instead of the default 100. This
prevents clients from keeping idle connections open by repeatedly sending
NOOP or RSET commands.
1 /etc/postfix/main.cf:
2 smtpd_timeout = 10
3 smtpd_hard_error_limit = 1
4 # Caution: line 5 may trigger REJECTs by hostname-based access rules
4 smtpd_junk_command_limit = 1
5 smtpd_peername_lookup = no
With these measures, no mail should be lost, as long as these measures are used
only temporarily. The next section of this document introduces a way to
automate this process.
Except with the last measure, no mail should be lost, as long as these measures
are used only temporarily. The next section of this document introduces a way
to automate this process.
MMaakkee PPoossttffiixx bbeehhaavviioorr ssttrreessss--aaddaappttiivvee
AAuuttoommaattiicc ssttrreessss--aaddaappttiivvee bbeehhaavviioorr
Postfix version 2.5 introduces automatic stress-adaptive behavior. This is also
available as an add-on patch for Postfix versions 2.4 and 2.3 from the mirrors
listed at http://www.postfix.org/download.html.
available as a source code patch for Postfix versions 2.4 and 2.3 from the
mirrors listed at http://www.postfix.org/download.html.
It works as follows. When a "public" network service runs into an "all server
ports are busy" condition, the master(8) daemon logs a warning, restarts the
service (without interrupting existing network sessions), and runs the service
with "-o stress=yes" on the command line. Normally, it runs a stress-adaptive
service with "-o stress=" on the command line (i.e. with an empty parameter
value). Other services never have "-o stress" parameters on the command line,
including services that listen on a loopback interface only.
It works as follows. When a "public" network service such as the SMTP server
runs into an "all server ports are busy" condition, the Postfix master(8)
daemon logs a warning, restarts the service (without interrupting existing
network sessions), and runs the service with "-o stress=yes" on the server
process command line:
The stress pseudo-parameter value is the key to making main.cf parameter
settings stress adaptive:
80821 ?? S 0:00.24 smtpd -n smtp -t inet -u -c -o stress=yes
1 /etc/postfix/main.cf:
2 smtpd_timeout = ${stress?10}${stress:300}
3 smtpd_hard_error_limit = ${stress?1}${stress:20}
Normally, the Postfix master(8) daemon runs such a service with "-o stress=" on
the command line (i.e. with an empty parameter value):
83326 ?? S 0:00.28 smtpd -n smtp -t inet -u -c -o stress=
Services that have local access only never have "-o stress" parameters on the
command line. This includes services internal to Postfix such as the queue
manager, and services that listen on a loopback interface only, such as after-
filter SMTP services.
The "stress" parameter value is the key to making main.cf parameter settings
stress adaptive. The following settings are the default with Postfix 2.6 and
later. With earlier Postfix versions that have stress-adaptive support, append
the lines below to the main.cf file and issue a "postfix reload" command:
1 smtpd_timeout = ${stress?10}${stress:300}s
2 smtpd_hard_error_limit = ${stress?1}${stress:20}
3 smtpd_junk_command_limit = ${stress?1}${stress:100}
Translation:
* Line 2: under conditions of stress, use an smtpd_timeout value of 10
seconds instead of the default 300 seconds,
* Line 1: under conditions of stress, use an smtpd_timeout value of 10
seconds instead of the default 300 seconds. Experience on the postfix-users
list from a variety of sysadmins shows that reducing the "normal"
smtpd_timeout to 60s is unlikely to affect legitimate clients. However, it
is unlikely to become the Postfix default because it's not RFC compliant.
Setting smtpd_timeout to 10s (line 2 below) or even 5s under stress will
still allow most legitimate clients to connect and send mail, but may delay
mail from some clients. No mail should be lost, as long as this measure is
used only temporarily.
* Line 3: under conditions of stress, use an smtpd_hard_error_limit of 1
instead of the default 20.
* Line 2: under conditions of stress, use an smtpd_hard_error_limit of 1
instead of the default 20. This helps by disconnecting clients after a
single error, giving other clients a chance to connect. However, this may
cause significant delays with legitimate mail, such as a mailing list that
contains a few no-longer-active user names that didn't bother to
unsubscribe. No mail should be lost, as long as this measure is used only
temporarily.
* Line 3: under conditions of stress, use an smtpd_junk_command_limit of 1
instead of the default 100. This prevents clients from keeping idle
connections open by repeatedly sending NOOP or RSET commands.
The syntax of ${name?value} and ${name:value} is explained at the beginning of
the postconf(5) manual page.
@ -346,6 +381,18 @@ accept remote connections.
7 -o stress=
8 -o . . .
OOtthheerr mmeeaassuurreess ttoo ooffff--llooaadd zzoommbbiieess
OpenBSD spamd implements a daemon that handles all connections from "new"
clients. Only well-behaved mail clients are allowed to talk to the mail server.
Other clients are tarpitted, and will never get a chance to affect mail server
performance.
At some point in the future, Postfix may come with a simple front-end daemon
that does basic greylisting and pipelining detection to keep zombies and other
ratware away from Postfix itself. This would use the "pass" service type which
has been available in stable Postfix releases since Postfix 2.5.
CCrreeddiittss
* Thanks to the postfix-users mailing list members for sharing early

4
postfix/README_FILES/TLS_LEGACY_README
View File

@ -375,7 +375,7 @@ is high.
Example:
/etc/postfix/main.cf:
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
As of version 2.5, Postfix will no longer maintain this file in a directory
with non-Postfix ownership. As a migration aid, attempts to open such files are
@ -631,7 +631,7 @@ client is allowed to negotiate per unit time.
Example:
/etc/postfix/main.cf:
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
As of version 2.5, Postfix will no longer maintain this file in a directory
with non-Postfix ownership. As a migration aid, attempts to open such files are

36
postfix/README_FILES/TLS_README
View File

@ -160,10 +160,10 @@ configure all three at the same time, in which case the cipher used determines
which certificate is presented. For Netscape and OpenSSL clients without
special cipher choices, the RSA certificate is preferred.
In order for remote SMTP clients to check the Postfix SMTP server certificates,
the CA certificate (in case of a certificate chain, all CA certificates) must
be available. You should add any intermediate CA certificates to the server
certificate: the server certificate first, then the intermediate CA(s).
To enable a remote SMTP client to verify the Postfix SMTP server certificate,
the issuing CA certificates must be made available to the client. You should
include the required certificates in the server certificate file, the server
certificate first, then the issuing CA(s) (bottom-up order).
Example: the certificate for "server.example.com" was issued by "intermediate
CA" which itself has a certificate issued by "root CA". Create the server.pem
@ -227,14 +227,14 @@ files in the directory when the information is needed. Thus, the
$smtpd_tls_CApath directory needs to be accessible inside the optional chroot
jail.
When you configure the Postfix SMTP server to request client certificates, any
CA certificates in $smtpd_tls_CAfile are sent to the client, in order to allow
it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile is
specified, no preferred CA list is sent, and the client is free to choose an
identity signed by any CA. Many clients use a fixed identity regardless of the
preferred CA list and you may be able to reduce TLS negotiation overhead by
installing client CA certificates mostly or only in $smtpd_tls_CApath. In the
latter case you need not specify a $smtpd_tls_CAfile.
When you configure the Postfix SMTP server to request client certificates, the
DNs of certificate authorities in $smtpd_tls_CAfile are sent to the client, in
order to allow it to choose an identity signed by a CA you trust. If no
$smtpd_tls_CAfile is specified, no preferred CA list is sent, and the client is
free to choose an identity signed by any CA. Many clients use a fixed identity
regardless of the preferred CA list and you may be able to reduce TLS
negotiation overhead by installing client CA certificates mostly or only in
$smtpd_tls_CApath. In the latter case you need not specify a $smtpd_tls_CAfile.
Note, that unless client certificates are used to allow greater access to TLS
authenticated clients, it is best to not ask for client certificates at all, as
@ -670,14 +670,14 @@ as the Postfix SMTP server. If a certificate is to be presented, it must be in
accessible without password. Both parts (certificate and private key) may be in
the same file.
In order for remote SMTP servers to verify the Postfix SMTP client
certificates, the CA certificate (in case of a certificate chain, all CA
certificates) must be available. You should add these certificates to the
client certificate, the client certificate first, then the issuing CA(s).
To enable remote SMTP servers to verify the Postfix SMTP client certificate,
the issuing CA certificates must be made available to the server. You should
include the required certificates in the client certificate file, the client
certificate first, then the issuing CA(s) (bottom-up order).
Example: the certificate for "client.example.com" was issued by "intermediate
CA" which itself has a certificate of "root CA". Create the client.pem file
with:
CA" which itself has a certificate issued by "root CA". Create the client.pem
file with:
% ccaatt cclliieenntt__cceerrtt..ppeemm iinntteerrmmeeddiiaattee__CCAA..ppeemm >> cclliieenntt..ppeemm

5
postfix/RELEASE_NOTES
View File

@ -20,8 +20,9 @@ only when clients match $local_header_rewrite_clients. Specify
Adding such headers can break DKIM signatures that cover headers
that are not present.
This changes the appearance of Postfix logging: some messages will
no longer log a message-id=<...text...> line.
This changes the appearance of Postfix logging: to preserve
compatibility with existing logfile processing software, Postfix
will log ``message-id=<>'' for messages without Message-Id header.
Major changes with snapshot 20090212
====================================

45
postfix/WISHLIST
View File

@ -1,5 +1,7 @@
Wish list:
Remove this file from the stable release.
"postconf -N" option to print user-defined parameter names
(these have no defaults, since they exist only when
specified in main.cf or with "-o name=value").
@ -7,27 +9,16 @@ Wish list:
Make the "unknown recipient" test configurable as
first|last|never, with "yes"=="last" for backwards
compatibility. The "first" setting is good for performance
(stress=yes) when all users are defined in local files.
Make the double-bounce address time-dependent (with 24-hour
grace period). Spammers appear to use this address to avoid
DATA command rejects. Avoiding DATA rejects means they can
pipeline the entire SMTP session without triggering huge
numbers of protocol errors. They can still trigger "improper
command pipelining after DATA" alarms, but that requires
non-default main.cf settings.
(stress=yes) when all users are defined in local files; but
it may perform worse when users are in networked tables.
Cleanup: make DNSBL query format configurable beyond the
client's reversed IP address.
With 'final delivery' in the LMTP client, need an option
to also add delivered-to and other pipe(8) features.
This requires making mail_copy() more generic.
To work around historical AWK's limit of 10 open files,
pipe all output into a shell and have the shell open files.
It's too much pain to find out whose AWK is old and where
if any they keep the XPG4 compliant version.
to also add delivered-to and other pipe(8) features. This
requires making mail_copy() functionality available in
non-mailbox context.
Cleanup: modernize the "add missing From: header" code, to
``phrase <addr>'' form. Most likely, quote the entire phrase
@ -40,13 +31,6 @@ Wish list:
Maybe change maps_rbl_reject_code default to 521, and
update wording in STRESS_README.
reject_unlisted_recipient = (yes | late | early | no) with
yes===late, for backwards compatibility. Ditto for
reject_unlisted_sender.
Set a flag when a remote SMTP client speaks before the
Postfix SMTP server sends the 220 greeting.
Encapsulate time_t comparisons so that they can be made
system dependent (use difftime() where available).
@ -65,13 +49,6 @@ Wish list:
is unlikely to break existing configurations. Or perhaps
it's just too ugly.
Make adding Date/From/Message-ID headers dependent on local
rewrite context.
Make adding date/from/etc. conditional. Perhaps on header
rewrite context? Do we need a more powerful concept than
local_header_rewrite_clients/remote_header_rewrite_domain?
Write delivery rate delay example (which _README?) and auth
failure cache example (SASL_README). Then include them in
SOHO_README.
@ -83,12 +60,16 @@ Wish list:
that it makes smtpd_mumble_restrictions available for local
and remote mail; the disadvantage is that it makes local
submissions more dependent on networking. One possibility
is to use "pickup -o content_filter=smtp:127.0.0.1:10025";
is to use "pickup -o content_filter=smtp:127.0.0.1:10025",
or a dedicated SMTP client/server on UNIX-domain sockets;
we could also decide to always suppress "mail loop" detection
for loopback connections. Another option is to have the
pickup or cleanup server drive an SMTP client directly;
this would require extension of the mail_stream() interface,
plus a way to handle bounced/deferred recipients intelligently.
plus a way to handle bounced/deferred recipients intelligently,
but it would be at odds with Postfix design where delivery
agents access queue files directly; exposing delivery agents
to raw queue files violates another Postfix design principle.
Consolidate duplicated code in *_server_accept_{pass,inet}().

62
postfix/html/BASIC_CONFIGURATION_README.html
View File

@ -20,7 +20,7 @@
<h2> Introduction </h2>
<p> Postfix has several hundred configuration parameters that are
controlled via the main.cf file. Fortunately, all parameters have
controlled via the <a href="postconf.5.html">main.cf</a> file. Fortunately, all parameters have
sensible default values. In many cases, you need to configure only
two or three parameters before you can start to play with the mail
system. Here's a quick introduction to the syntax: </p>
@ -121,12 +121,12 @@ look at the other parameters listed here as well: </p>
<h2> <a name="syntax">Postfix configuration files</a></h2>
<p> By default, Postfix configuration files are in /etc/postfix.
The two most important files are main.cf and master.cf; these files
The two most important files are <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>; these files
must be owned by root. Giving someone else write permission to
main.cf or master.cf (or to their parent directories) means giving
<a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> (or to their parent directories) means giving
root privileges to that person. </p>
<p> In /etc/postfix/main.cf you will have to set up a minimal number
<p> In /etc/postfix/<a href="postconf.5.html">main.cf</a> you will have to set up a minimal number
of configuration parameters. Postfix configuration parameters
resemble shell variables, with two important differences: the first
one is that Postfix does not know about quotes like the UNIX shell
@ -136,7 +136,7 @@ does.</p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
parameter = value
</pre>
</blockquote>
@ -145,7 +145,7 @@ does.</p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
other_parameter = $parameter
</pre>
</blockquote>
@ -162,12 +162,12 @@ Here is a common example of how Postfix invokes a database: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
</pre>
</blockquote>
<p> Whenever you make a change to the main.cf or master.cf file,
<p> Whenever you make a change to the <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> file,
execute the following command as root in order to refresh a running
mail system: </p>
@ -194,7 +194,7 @@ to an unqualified recipient address. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#myhostname">myhostname</a> (default: send mail as "user@$<a href="postconf.5.html#myhostname">myhostname</a>")
<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (probably desirable: "user@$<a href="postconf.5.html#mydomain">mydomain</a>")
</pre>
@ -223,7 +223,7 @@ domain, you must list $<a href="postconf.5.html#mydomain">mydomain</a> as well.
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost
</pre>
</blockquote>
@ -232,7 +232,7 @@ domain, you must list $<a href="postconf.5.html#mydomain">mydomain</a> as well.
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost $<a href="postconf.5.html#mydomain">mydomain</a>
</pre>
</blockquote>
@ -241,7 +241,7 @@ domain, you must list $<a href="postconf.5.html#mydomain">mydomain</a> as well.
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost
www.$<a href="postconf.5.html#mydomain">mydomain</a> ftp.$<a href="postconf.5.html#mydomain">mydomain</a>
</pre>
@ -265,7 +265,7 @@ then your default <a href="postconf.5.html#mynetworks">mynetworks</a> setting ma
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet (default: authorize subnetworks)
<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host (safe: authorize local machine only)
<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 (safe: authorize local machine only)
@ -273,7 +273,7 @@ then your default <a href="postconf.5.html#mynetworks">mynetworks</a> setting ma
</pre>
</blockquote>
<p> You can specify the trusted networks in the main.cf file, or
<p> You can specify the trusted networks in the <a href="postconf.5.html">main.cf</a> file, or
you can let Postfix do the work for you. The default is to let
Postfix do the work. The result depends on the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a>
parameter value.
@ -304,13 +304,13 @@ blocks in CIDR (network/mask) notation, for example: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mynetworks">mynetworks</a> = 168.100.189.0/28, 127.0.0.0/8
</pre>
</blockquote>
<p> You can also specify the absolute pathname of a pattern file instead
of listing the patterns in the main.cf file. </p>
of listing the patterns in the <a href="postconf.5.html">main.cf</a> file. </p>
<h2> <a name="relay_to"> What destinations to relay mail to </a> </h2>
@ -325,7 +325,7 @@ of the domains listed with the <a href="postconf.5.html#mydestination">mydestina
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydestination">mydestination</a> (default)
<a href="postconf.5.html#relay_domains">relay_domains</a> = (safe: never forward mail from strangers)
<a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (forward mail to my domain and subdomains)
@ -341,13 +341,13 @@ or desirable. For example, your system may be turned off outside
office hours, it may be behind a firewall, or it may be connected
via a provider who does not allow direct mail to the Internet. In
those cases you need to configure Postfix to deliver mail indirectly
via a relay host. </p>
via a <a href="postconf.5.html#relayhost">relay host</a>. </p>
<p> Examples (specify only one of the following): </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#relayhost">relayhost</a> = (default: direct delivery to Internet)
<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (deliver via local mailhub)
<a href="postconf.5.html#relayhost">relayhost</a> = [mail.$<a href="postconf.5.html#mydomain">mydomain</a>] (deliver via local mailhub)
@ -392,7 +392,7 @@ serious problems (resource, software) to postmaster: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#notify_classes">notify_classes</a> = resource, software
</pre>
</blockquote>
@ -477,7 +477,7 @@ mail delivery loops will happen when the primary MX host is down.
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 (the proxy/NAT external network address)
</pre>
</blockquote>
@ -539,7 +539,7 @@ Postfix logging. </p>
<h2> <a name="chroot_setup"> Running Postfix daemon processes
chrooted </a> </h2>
<p> Postfix daemon processes can be configured (via the master.cf
<p> Postfix daemon processes can be configured (via the <a href="master.5.html">master.cf</a>
file) to run in a chroot jail. The processes run at a fixed low
privilege and with file system access limited to the Postfix queue
directories (/var/spool/postfix). This provides a significant
@ -556,9 +556,9 @@ processes, and perhaps also the <a href="lmtp.8.html">lmtp(8)</a> client. The au
porcupine.org mail server runs all daemons chrooted that can be
chrooted. </p>
<p>The default /etc/postfix/master.cf file specifies that no Postfix
<p>The default /etc/postfix/<a href="master.5.html">master.cf</a> file specifies that no Postfix
daemon runs chrooted. In order to enable chroot operation, edit
the file /etc/postfix/master.cf, and follow instructions in the
the file /etc/postfix/<a href="master.5.html">master.cf</a>, and follow instructions in the
file. When you're finished, execute "postfix reload" to make the
change effective. </p>
@ -592,7 +592,7 @@ or if you run Postfix on a virtual interface, you will have to
specify the fully-qualified domain name that the mail system should
use. </p>
<p> Alternatively, if you specify <a href="postconf.5.html#mydomain">mydomain</a> in main.cf, then Postfix
<p> Alternatively, if you specify <a href="postconf.5.html#mydomain">mydomain</a> in <a href="postconf.5.html">main.cf</a>, then Postfix
will use its value to generate a fully-qualified default value
for the <a href="postconf.5.html#myhostname">myhostname</a> parameter. </p>
@ -600,7 +600,7 @@ for the <a href="postconf.5.html#myhostname">myhostname</a> parameter. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#myhostname">myhostname</a> = host.local.domain (machine name is not FQDN)
<a href="postconf.5.html#myhostname">myhostname</a> = host.virtual.domain (virtual interface)
<a href="postconf.5.html#myhostname">myhostname</a> = virtual.domain (virtual interface)
@ -614,7 +614,7 @@ $<a href="postconf.5.html#myhostname">myhostname</a>. By default, it is derived
by stripping off the first part (unless the result would be a
top-level domain). </p>
<p> Conversely, if you specify <a href="postconf.5.html#mydomain">mydomain</a> in main.cf, then Postfix
<p> Conversely, if you specify <a href="postconf.5.html#mydomain">mydomain</a> in <a href="postconf.5.html">main.cf</a>, then Postfix
will use its value to generate a fully-qualified default value
for the <a href="postconf.5.html#myhostname">myhostname</a> parameter. </p>
@ -622,7 +622,7 @@ for the <a href="postconf.5.html#myhostname">myhostname</a> parameter. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mydomain">mydomain</a> = local.domain
<a href="postconf.5.html#mydomain">mydomain</a> = virtual.domain (virtual interface)
</pre>
@ -636,7 +636,7 @@ to "user@[network address]" will be delivered locally,
as if it is addressed to a domain listed in $<a href="postconf.5.html#mydestination">mydestination</a>.</p>
<p> You can override the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> setting in the Postfix
master.cf file by prepending an IP address to a server name. </p>
<a href="master.5.html">master.cf</a> file by prepending an IP address to a server name. </p>
<p> The default is to listen on all active interfaces. If you run
mailers on virtual interfaces, you will have to specify what
@ -652,7 +652,7 @@ MTA is down. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all
</pre>
</blockquote>
@ -662,7 +662,7 @@ each Postfix instance, specify only one of the following. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = virtual.host.tld (virtual Postfix)
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost... (non-virtual Postfix)
</pre>

2
postfix/html/DSN_README.html
View File

@ -21,7 +21,7 @@ DSN Support </h1>
<h2>Introduction</h2>
<p> Postfix version 2.3 introduces support for Delivery Status
Notifications as described in <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a>. This gives senders control
Notifications as described in <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a>. This gives senders control
over successful and failed delivery notifications. </p>
<p> Specifically, DSN support gives an email sender the ability to

2
postfix/html/IPV6_README.html
View File

@ -254,7 +254,7 @@ to the LMTP client. </p>
<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
commands are specified as [ipv6:<i>ipv6address</i>], as
described in <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a>. </p>
described in <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
<li> <p> The IPv6 network address matching code was rewritten from
the ground up, and is expected to be closer to the specification.

2
postfix/html/MAILDROP_README.html
View File

@ -85,7 +85,7 @@ becoming clogged with undeliverable messages. Specify an empty
value ("<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> =") to disable this feature. </p>
<li> <p> Lines 6 and 13-15 redirect mail for postmaster to the
local postmaster. <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> requires that every domain has a postmaster
local postmaster. <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> requires that every domain has a postmaster
address. </p>
</ul>

2
postfix/html/SCHEDULER_README.html
View File

@ -640,7 +640,7 @@ feedback amount, per delivery that does not fail with connection
or handshake failure </td> </tr>
<tr> <td> <a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a><br>
<a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> </td>
<a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> </td>
<td align="center"> 2.5<br> 2.5 </td> <td> Per-destination negative
feedback amount, per delivery that fails with connection or handshake
failure </td> </tr>

8
postfix/html/SMTPD_POLICY_README.html
View File

@ -126,10 +126,10 @@ stress=
an empty value ("name="), or sends a zero value ("name=0") in
the case of a numerical attribute. </p>
<li> <p> The "recipient" attribute is available only in the
"RCPT TO" stage, and in the "DATA" and "END-OF-MESSAGE" stages
when Postfix accepted only one recipient for the current message.
</p>
<li> <p> The "recipient" attribute is available in the "RCPT
TO" stage. It is also available in the "DATA" and "END-OF-MESSAGE"
stages if Postfix accepted only one recipient for the current
message. </p>
<li> <p> The "recipient_count" attribute (Postfix 2.3 and later)
is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It

297
postfix/html/STRESS_README.html
View File

@ -21,13 +21,11 @@ Stress-Dependent Configuration</h1>
<h2>Overview </h2>
<p> This document describes the symptoms of Postfix SMTP server
overload, and how to avoid the condition under normal conditions.
When the condition is caused by botnets or other malware, the
document suggests configuration settings that help to minimize the
impact on legitimate mail. Finally, the document introduces
stress-adaptive behavior, introduced with Postfix 2.5, and how it
can be used to automatically switch configuration settings under
overload. </p>
overload. It presents permanent <a href="postconf.5.html">main.cf</a> changes to avoid overload
during normal operation, and temporary <a href="postconf.5.html">main.cf</a> changes to cope with
an unexpected burst of mail. This document makes specific suggestions
for Postfix 2.5 and later which support stress-adaptive behavior,
and for earlier Postfix versions that don't. </p>
<p> Topics covered in this document: </p>
@ -41,47 +39,52 @@ overload. </p>
<li><a href="#hangup"> Disconnect suspicious SMTP clients </a>
<li><a href="#desperate"> Take desperate measures </a>
<li><a href="#legacy"> Temporary measures for older Postfix releases </a>
<li><a href="#adapt"> Make Postfix behavior stress-adaptive </a>
<li><a href="#adapt"> Automatic stress-adaptive behavior </a>
<li><a href="#feature"> Detecting support for stress-adaptive behavior </a>
<li><a href="#forcing"> Forcing stress-adaptive behavior on or off </a>
<li><a href="#other"> Other measures to off-load zombies </a>
<li><a href="#credits"> Credits </a>
</ul>
<h2><a name="overload"> Symptoms of Postfix SMTP server overload </a></h2>
<p> Under normal conditions, Postfix responds immediately when a
remote SMTP client connects. The time needed to deliver mail should
be noticeable only with very large messages. Performance degrades
more dramatically when the number of remote SMTP clients exceeds
the number of Postfix SMTP server processes. When a client connects
while all server processes are busy, the client must wait until a
server process becomes available. </p>
<p> Under normal conditions, the Postfix SMTP server responds
immediately when an SMTP client connects to it; the time to deliver
mail is noticeable only with large messages. Performance degrades
dramatically when the number of SMTP clients exceeds the number of
Postfix SMTP server processes. When an SMTP client connects while
all Postfix SMTP server processes are busy, the client must wait
until a server process becomes available. </p>
<p> Overload may be caused by a legitimate mail (example: a DNS
registrar opens a new zone for registrations), by mistake (mail
explosion caused by a forwarding loop) or by illegitimate mail (worm
outbreak, botnet, or other malware activity). Symptoms of Postfix
SMTP mail server overload are: </p>
<p> SMTP server overload may be caused by a surge of legitimate
mail (example: a DNS registrar opens a new zone for registrations),
by mistake (mail explosion caused by a forwarding loop) or by malice
(worm outbreak, botnet, or other illegitimate activity). </p>
<p> Symptoms of Postfix SMTP server overload are: </p>
<ul>
<li> <p> Remote SMTP clients experience a long delay before Postfix
sends the "220 hostname.example.com ESMTP Postfix" greeting. If
this affects end-user mail clients, enable the "submission" service
entry in <a href="master.5.html">master.cf</a> (present since Postfix 2.1), and tell users to
connect to this instead of the public SMTP service. </p>
sends the "220 hostname.example.com ESMTP Postfix" greeting. </p>
<ul>
<li> <p> NOTE: Broken DNS configurations also cause lengthy delays
before Postfix sends "220 hostname.example.com ...". In this case
the delay happens even when Postfix is not busy. </p>
<li> <p> NOTE: Broken DNS configurations can also cause lengthy
delays before Postfix sends "220 hostname.example.com ...". These
delays also exist when Postfix is NOT overloaded. </p>
<li> <p> NOTE: To avoid "overload" delays for end-user mail
clients, enable the "submission" service entry in <a href="master.5.html">master.cf</a> (present
since Postfix 2.1), and tell users to connect to this instead of
the public SMTP service. </p>
</ul>
@ -91,8 +94,8 @@ clients disconnect before Postfix answers the connection. </p>
<ul>
<li> <p> NOTE: A portscan for open SMTP ports also results in "lost
connection ..." logfile messages. </p>
<li> <p> NOTE: A portscan for open SMTP ports can also result in
"lost connection ..." logfile messages. </p>
</ul>
@ -111,14 +114,16 @@ Oct 3 20:39:27 spike postfix/master[28905]: warning: to avoid this
</ul>
<p> Legitimate mail that doesn't get through during an episode of
overload is not necessarily lost. It should still arrive once the
situation returns to normal, as long as the overload condition is
temporary. </p>
Postfix SMTP server overload is not necessarily lost. It should
still arrive once the situation returns to normal, as long as the
overload condition is temporary. </p>
<h2><a name="concurrency"> Service more SMTP clients at the same time </a> </h2>
<p> To service more SMTP clients simultaneously, you need to increase
the number of SMTP server processes. This will improve the
<p> One measure to avoid the "all server processes busy" condition
is to service more SMTP clients simultaneously. For this you need
to increase the number of Postfix SMTP server processes. This will
improve the
responsiveness for remote SMTP clients, as long as the server machine
has enough hardware and software resources to run the additional
processes, and as long as the file system can keep up with the
@ -137,7 +142,8 @@ later, and an operating system that supports kernel-based event
filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll).
</p>
<li> <p> You can reduce the Postfix memory footprint by using <a href="CDB_README.html">cdb</a>:
<li> <p> More processes use more memory. You can reduce the Postfix
memory footprint by using <a href="CDB_README.html">cdb</a>:
lookup tables instead of Berkeley DB's hash: or btree: tables. </p>
<pre>
@ -181,9 +187,9 @@ Issue a "postfix reload" command to make the change effective. </p>
<p> When increasing the number of SMTP server processes is not
practical, you can improve Postfix server responsiveness by eliminating
unnecessary work. When Postfix spends less time per SMTP session, the
same number of SMTP server processes can service more clients in the
same amount of time. </p>
delays. When Postfix spends less time per SMTP session, the same
number of SMTP server processes can service more clients in a given
amount of time. </p>
<ul>
@ -201,18 +207,18 @@ emergency patterns to block the latest worm explosion or backscatter
mail. See <a href="BACKSCATTER_README.html">BACKSCATTER_README</a> for examples of the latter.
<li> <p> Group your <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> patterns to avoid
unnecessary pattern matching operations.
unnecessary pattern matching operations:
<pre>
1 /etc/postfix/header_checks:
2 if /^Subject:/
3 /^Subject: virus found in mail from you/ reject
4 /^Subject: ..../ ....
4 /^Subject: ..other../ reject
5 endif
6
7 if /^Received:/
8 /^Received: from (postfix\.org) / reject forged client name in received header: $1
9 /^Received: from .../ ....
9 /^Received: from ..other../ reject ....
10 endif
</pre>
@ -226,20 +232,22 @@ clients get a chance to talk to Postfix. </p>
<ul>
<li> <p> Use "521" reply codes (Postfix 2.6 and later) for
botnet-related RBLs or for selected non-RBL restrictions. With
Postfix 2.3-2.5 use "421" for a similar result. The Postfix SMTP
server will disconnect immediately without waiting for the remote
SMTP client to send a QUIT command. </p>
<li> <p> Use "521" SMTP reply codes (Postfix 2.6 and later) or "421"
(Postfix 2.3-2.5) to hang up on clients that that match botnet-related
RBLs (see next bullet) or that match selected non-RBL restrictions
such as SMTP access maps. The Postfix SMTP server will reject mail
and disconnect without waiting for the remote SMTP client to send
a QUIT command. </p>
<p> You can set individual reject codes for RBLs, and for individual
responses from a specific RBL. We'll use zen.spamhaus.org as an
example; by the time you read this document, details may have
changed. Right now, their documents say that a response of 127.0.0.10
or 127.0.0.11 indicates a dynamic client IP address, which means
that the machine is probably running a bot of some kind. To give
a 521 response instead of the default 554 response, use something
like: </p>
<li> <p> To hang up connections from blacklisted zombies, you can
set specific Postfix SMTP server reject codes for specific RBLs,
and for individual responses from specific RBLs. We'll use
zen.spamhaus.org as an example; by the time you read this document,
details may have changed. Right now, their documents say that a
response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP
address, which means that the machine is probably running a bot of
some kind. To give a 521 response instead of the default 554
response, use something like: </p>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -252,45 +260,55 @@ like: </p>
8 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = hash:/etc/postfix/rbl_reply_maps
9
10 /etc/postfix/rbl_reply_maps:
11 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
12 $rbl_class [$rbl_what] blocked using
13 $rbl_domain${rbl_reason?; $rbl_reason}
14
15 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
16 $rbl_class [$rbl_what] blocked using
17 $rbl_domain${rbl_reason?; $rbl_reason}
11 # With Postfix 2.3-2.5 use "421" to hang up connections.
12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
13 $rbl_class [$rbl_what] blocked using
14 $rbl_domain${rbl_reason?; $rbl_reason}
15
16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
17 $rbl_class [$rbl_what] blocked using
18 $rbl_domain${rbl_reason?; $rbl_reason}
</pre>
<p> Although the above shows three RBL lookups (lines 4-6), Postfix
will still only do a single DNS query, so the performance difference
is negligible. </p>
<p> Although the above example shows three RBL lookups (lines 4-6),
Postfix will only do a single DNS query, so it does not affect the
performance. </p>
<p> With Postfix 2.3-2.5, use 421 (reply code 521 will not cause
Postfix to disconnect). The down-side of sending 421 is that
it works only for zombies and other malware. If the client is running
a real MTA, then it may connect again several times until the mail
expires in its queue. When this is a problem, stick with the default
554 reply, and use "<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = 1" as described below.
</p>
<li> <p> With Postfix 2.3-2.5, use reply code 421 (521 will not
cause Postfix to disconnect). The down-side of replying with 421
is that it works only for zombies and other malware. If the client
is running a real MTA, then it may connect again several times until
the mail expires in its queue. When this is a problem, stick with
the default 554 reply, and use "<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = 1" as
described below. </p>
<p> With Postfix 2.5, or with earlier releases that contain the
stress-adaptive behavior patch, you can turn on the above under
overload by replacing line 8 with: </p>
<li> <p> You can automatically turn on the above overload measure
with Postfix 2.5 and later, or with earlier releases that contain
the stress-adaptive behavior source code patch from the mirrors
listed at <a href="http://www.postfix.org/download.html">http://www.postfix.org/download.html</a>. Simply replace line
above 8 with: </p>
<pre>
8 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = ${stress?hash:/etc/postfix/rbl_reply_maps}
</pre>
<p> More information about automatic stress-adaptive behavior is
at the end of this document. </p>
</ul>
<h2><a name="desperate"> Take desperate measures </a></h2>
<p> More information about automatic stress-adaptive behavior is
in section "<a href="#adapt">Automatic stress-adaptive behavior</a>".
</p>
<p> The following measures will still allow <b>most</b> legitimate
clients to connect and send mail, but may affect some legitimate
clients. </p>
<h2><a name="legacy"> Temporary measures for older Postfix releases </a></h2>
<p> See the next section, "<a href="#adapt">Automatic stress-adaptive
behavior</a>", if you are running Postfix version 2.5 or later, or
if you have applied the source code patch for stress-adaptive
behavior from the mirrors listed at <a href="http://www.postfix.org/download.html">http://www.postfix.org/download.html</a>.
</p>
<p> The following measures can be applied temporarily during overload.
They still allow <b>most</b> legitimate clients to connect and send
mail, but may affect some legitimate clients. </p>
<ul>
@ -312,16 +330,9 @@ such as a mailing list that contains a few no-longer-active user
names that didn't bother to unsubscribe. No mail should be lost,
as long as this measure is used only temporarily. </p>
<li> <p> Disable remote SMTP client hostname lookups, so that all
SMTP client hostnames become "unknown" (line 5 below). This feature
was introduced with Postfix 2.3. Unfortunately, this measure is
more problematic than the other ones proposed sofar. First, this
will result in loss of mail when you use hostname-based access rules
that reject mail from "unknown" SMTP clients (examples:
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a>, <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a>).
Second, this may result in loss of mail when you subject "unknown"
SMTP clients to additional restrictions such as <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
</p>
<li> <p> Use an <a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> of 1 instead of the default
100. This prevents clients from keeping idle connections open by
repeatedly sending NOOP or RSET commands. </p>
</ul>
@ -330,40 +341,60 @@ SMTP clients to additional restrictions such as <a href="postconf.5.html#reject_
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = 10
3 <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = 1
4 # Caution: line 5 may trigger REJECTs by hostname-based access rules
5 <a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> = no
4 <a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> = 1
</pre>
</blockquote>
<p> Except with the last measure, no mail should be lost, as long
<p> With these measures, no mail should be lost, as long
as these measures are used only temporarily. The next section of
this document introduces a way to automate this process. </p>
<h2><a name="adapt"> Make Postfix behavior stress-adaptive </a></h2>
<h2><a name="adapt"> Automatic stress-adaptive behavior </a></h2>
<p> Postfix version 2.5 introduces automatic stress-adaptive behavior.
This is also available as an add-on patch for Postfix versions 2.4
and 2.3 from the mirrors listed at <a href="http://www.postfix.org/download.html">http://www.postfix.org/download.html</a>.
</p>
This is also available as a source code patch for Postfix versions
2.4 and 2.3 from the mirrors listed at
<a href="http://www.postfix.org/download.html">http://www.postfix.org/download.html</a>. </p>
<p> It works as follows. When a "public" network service runs into
an "all server ports are busy" condition, the <a href="master.8.html">master(8)</a> daemon logs
a warning, restarts the service (without interrupting existing
network sessions), and runs the service with "-o stress=yes" on the
command line. Normally, it runs a stress-adaptive service with "-o
stress=" on the command line (i.e. with an empty parameter value).
Other services never have "-o stress" parameters on the command
line, including services that listen on a loopback interface only.
<p> It works as follows. When a "public" network service such as
the SMTP server runs into an "all server ports are busy" condition,
the Postfix <a href="master.8.html">master(8)</a> daemon logs a warning, restarts the service
(without interrupting existing network sessions), and runs the
service with "-o stress=yes" on the server process command line:
</p>
<p> The stress pseudo-parameter value is the key to making <a href="postconf.5.html">main.cf</a>
parameter settings stress adaptive: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = ${stress?10}${stress:300}
3 <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = ${stress?1}${stress:20}
80821 ?? S 0:00.24 smtpd -n smtp -t inet -u -c -o stress=yes
</pre>
</blockquote>
<p> Normally, the Postfix <a href="master.8.html">master(8)</a> daemon runs such a service with
"-o stress=" on the command line (i.e. with an empty parameter
value): </p>
<blockquote>
<pre>
83326 ?? S 0:00.28 smtpd -n smtp -t inet -u -c -o stress=
</pre>
</blockquote>
<p> Services that have local access only never have "-o stress"
parameters on the command line. This includes services internal to
Postfix such as the queue manager, and services that listen on a
loopback interface only, such as after-filter SMTP services. </p>
<p> The "stress" parameter value is the key to making <a href="postconf.5.html">main.cf</a>
parameter settings stress adaptive. The following settings are the
default with Postfix 2.6 and later. With earlier Postfix versions
that have stress-adaptive support, append the lines below to the
<a href="postconf.5.html">main.cf</a> file and issue a "postfix reload" command: </p>
<blockquote>
<pre>
1 <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = ${stress?10}${stress:300}s
2 <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = ${stress?1}${stress:20}
3 <a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> = ${stress?1}${stress:100}
</pre>
</blockquote>
@ -371,11 +402,29 @@ parameter settings stress adaptive: </p>
<ul>
<li> <p> Line 2: under conditions of stress, use an <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>
value of 10 seconds instead of the default 300 seconds,
<li> <p> Line 1: under conditions of stress, use an <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>
value of 10 seconds instead of the default 300 seconds. Experience
on the postfix-users list from a variety of sysadmins shows that
reducing the "normal" <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to 60s is unlikely to affect
legitimate clients. However, it is unlikely to become the Postfix
default because it's not RFC compliant. Setting <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to
10s (line 2 below) or even 5s under stress will still allow most
legitimate clients to connect and send mail, but may delay mail
from some clients. No mail should be lost, as long as this measure
is used only temporarily. </p>
<li> <p> Line 3: under conditions of stress, use an <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>
of 1 instead of the default 20. </p>
<li> <p> Line 2: under conditions of stress, use an <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>
of 1 instead of the default 20. This helps by disconnecting clients
after a single error, giving other clients a chance to connect.
However, this may cause significant delays with legitimate mail,
such as a mailing list that contains a few no-longer-active user
names that didn't bother to unsubscribe. No mail should be lost,
as long as this measure is used only temporarily. </p>
<li> <p> Line 3: under conditions of stress, use an
<a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> of 1 instead of the default 100. This
prevents clients from keeping idle connections open by repeatedly
sending NOOP or RSET commands. </p>
</ul>
@ -463,6 +512,20 @@ services that accept remote connections. </p>
</pre>
</blockquote>
<h2><a name="other"> Other measures to off-load zombies </h2>
<p> OpenBSD <a href="http://www.openbsd.org/spamd/">spamd</a>
implements a daemon that handles all connections from "new" clients.
Only well-behaved mail clients are allowed to talk to the mail
server. Other clients are tarpitted, and will never get a chance
to affect mail server performance. </p>
<p> At some point in the future, Postfix may come with a simple
front-end daemon that does basic greylisting and pipelining detection
to keep zombies and other ratware away from Postfix itself. This
would use the "pass" service type which has been available in
stable Postfix releases since Postfix 2.5. </p>
<h2><a name="credits"> Credits </a></h2>
<ul>

4
postfix/html/TLS_LEGACY_README.html
View File

@ -564,7 +564,7 @@ the cost of repeatedly negotiating TLS session keys is high.</p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = btree:/var/lib/postfix/smtpd_scache
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = btree:/etc/postfix/smtpd_scache
</pre>
</blockquote>
@ -938,7 +938,7 @@ is allowed to negotiate per unit time.</p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = btree:/var/lib/postfix/smtp_scache
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = btree:/etc/postfix/smtp_scache
</pre>
</blockquote>

28
postfix/html/TLS_README.html
View File

@ -266,11 +266,11 @@ determines which certificate is presented. For Netscape and OpenSSL
clients without special cipher choices, the RSA certificate is
preferred. </p>
<p> In order for remote SMTP clients to check the Postfix SMTP
server certificates, the CA certificate (in case of a certificate
chain, all CA certificates) must be available. You should add any
intermediate CA certificates to the server certificate: the server
certificate first, then the intermediate CA(s). </p>
<p> To enable a remote SMTP client to verify the Postfix SMTP server
certificate, the issuing CA certificates must be made available to the
client. You should include the required certificates in the server
certificate file, the server certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root
@ -363,9 +363,9 @@ is needed. Thus, the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApat
accessible inside the optional chroot jail. </p>
<p> When you configure the Postfix SMTP server to request <a
href="#server_vrfy_client">client certificates</a>, any CA certificates
in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the client, in order to allow it to
choose an identity signed by a CA you trust. If no $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>
href="#server_vrfy_client">client certificates</a>, the DNs of certificate
authorities in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the client, in order to allow
it to choose an identity signed by a CA you trust. If no $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>
is specified, no preferred CA list is sent, and the client is free to
choose an identity signed by any CA. Many clients use a fixed identity
regardless of the preferred CA list and you may be able to reduce TLS
@ -970,14 +970,14 @@ must not be encrypted, meaning: it must be accessible without
password. Both parts (certificate and private key) may be in the
same file. </p>
<p> In order for remote SMTP servers to verify the Postfix SMTP
client certificates, the CA certificate (in case of a certificate
chain, all CA certificates) must be available. You should add
these certificates to the client certificate, the client certificate
first, then the issuing CA(s). </p>
<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
certificate file, the client certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate of "root CA".
"intermediate CA" which itself has a certificate issued by "root CA".
Create the client.pem file with: </p>
<blockquote>

12
postfix/html/UUCP_README.html
View File

@ -89,7 +89,7 @@ directory. </p>
via UUCP: </p>
<pre>
/etc/postfix/master.cf:
/etc/postfix/<a href="master.5.html">master.cf</a>:
uucp unix - n n - - pipe
flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
</pre>
@ -118,7 +118,7 @@ whenever you change the <b>transport</b> file. </p>
<li> <p> Enable <b>transport</b> table lookups: </p>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
</pre>
@ -130,7 +130,7 @@ types Postfix supports, use the command "<b>postconf -m</b>". </p>
is willing to relay mail for. </p>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#relay_domains">relay_domains</a> = example.com ...<i>other <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a></i>...
</pre>
@ -162,7 +162,7 @@ directory. </p>
mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>: </p>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#relayhost">relayhost</a> = uucp-gateway
<a href="postconf.5.html#default_transport">default_transport</a> = uucp
</pre>
@ -170,7 +170,7 @@ mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>: </p>
<p> Postfix 2.0 and later also allows the following more succinct form: </p>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#default_transport">default_transport</a> = uucp:uucp-gateway
</pre>
@ -178,7 +178,7 @@ mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>: </p>
delivery via UUCP: </p>
<pre>
/etc/postfix/master.cf:
/etc/postfix/<a href="master.5.html">master.cf</a>:
uucp unix - n n - - pipe
flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
</pre>

8
postfix/html/VERP_README.html
View File

@ -132,7 +132,7 @@ you of the new syntax): </p>
</pre>
</blockquote>
<p> The first form uses the default main.cf VERP delimiter characters.
<p> The first form uses the default <a href="postconf.5.html">main.cf</a> VERP delimiter characters.
The second form allows you to explicitly specify the VERP delimiter
characters. The example shows the recommended values. </p>
@ -156,7 +156,7 @@ are to be discarded when doing alias expansions: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +
<a href="postconf.5.html#forward_path">forward_path</a> = $home/.forward${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>}${extension},
$home/.forward
@ -213,7 +213,7 @@ MAIL FROM:&lt;sender@domain&gt; XVERP=+=
</pre>
</blockquote>
<p> The first form uses the default main.cf VERP delimiters, the
<p> The first form uses the default <a href="postconf.5.html">main.cf</a> VERP delimiters, the
second form overrides them explicitly. The values shown are the
recommended ones. </p>
@ -243,7 +243,7 @@ you of the new syntax): </p>
</pre>
</blockquote>
<p> The first form uses the default main.cf VERP delimiters, the
<p> The first form uses the default <a href="postconf.5.html">main.cf</a> VERP delimiters, the
second form overrides them explicitly. The values shown are the
recommended ones. </p>

2
postfix/html/anvil.8.html
View File

@ -201,7 +201,7 @@ ANVIL(8) ANVIL(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/bounce.8.html
View File

@ -148,7 +148,7 @@ BOUNCE(8) BOUNCE(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/cleanup.8.html
View File

@ -99,7 +99,7 @@ CLEANUP(8) CLEANUP(8)
<b><a href="postconf.5.html#always_add_missing_headers">always_add_missing_headers</a> (no)</b>
Always add (Resent-) From:, To:, Date: or Message-
ID headers when not present.
ID: headers when not present.
<b>BUILT-IN CONTENT FILTERING CONTROLS</b>
Postfix built-in content filtering is meant to stop a

2
postfix/html/defer.8.html
View File

@ -148,7 +148,7 @@ BOUNCE(8) BOUNCE(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/discard.8.html
View File

@ -100,7 +100,7 @@ DISCARD(8) DISCARD(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/error.8.html
View File

@ -114,7 +114,7 @@ ERROR(8) ERROR(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/flush.8.html
View File

@ -149,7 +149,7 @@ FLUSH(8) FLUSH(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/index.html
View File

@ -46,6 +46,8 @@ configuration examples </a>
<li> <a href="IPV6_README.html"> IP Version 6 Support </a>
<li> <a href="MULTI_INSTANCE_README.html"> Multiple-instance management </a>
<li> <a href="INSTALL.html"> Installation from source code </a>
</ul>

8
postfix/html/lmtp.8.html
View File

@ -392,9 +392,9 @@ SMTP(8) SMTP(8)
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
A file containing CA certificates of root CAs
trusted to sign either remote SMTP server certifi-
cates or intermediate CA certificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
@ -777,7 +777,7 @@ SMTP(8) SMTP(8)
The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>

2
postfix/html/local.8.html
View File

@ -617,7 +617,7 @@ LOCAL(8) LOCAL(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/master.8.html
View File

@ -168,7 +168,7 @@ MASTER(8) MASTER(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

4
postfix/html/oqmgr.8.html
View File

@ -248,7 +248,7 @@ OQMGR(8) OQMGR(8)
negative feedback, after a delivery completes with
a connection or handshake failure.
<b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
<b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
@ -353,7 +353,7 @@ OQMGR(8) OQMGR(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/pickup.8.html
View File

@ -99,7 +99,7 @@ PICKUP(8) PICKUP(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/pipe.8.html
View File

@ -486,7 +486,7 @@ PIPE(8) PIPE(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/postalias.1.html
View File

@ -209,7 +209,7 @@ POSTALIAS(1) POSTALIAS(1)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

102
postfix/html/postconf.5.html
View File

@ -1595,7 +1595,7 @@ Examples:
<pre>
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = some.domain
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = example.com
</pre>
@ -1844,7 +1844,7 @@ is decremented by 1 after each failed pseudo-cohort. </dd>
<p> A pseudo-cohort is the number of deliveries equal to a destination's
delivery concurrency. </p>
<p> Use <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a>
<p> Use <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a>
to specify a transport-specific override, where <i>transport</i>
is the <a href="master.5.html">master.cf</a>
name of the message delivery transport. </p>
@ -3489,6 +3489,11 @@ seconds. When the LMTP client receives a request for the same
connection the connection is reused.
</p>
<p> This parameter is available in Postfix version 2.2 and earlier.
With Postfix version 2.3 and later, see <a href="postconf.5.html#lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>,
<a href="postconf.5.html#lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>, or <a href="postconf.5.html#lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>.
</p>
<p>
The effectiveness of cached connections will be determined by the
number of LMTP servers in use, and the concurrency limit specified
@ -3782,7 +3787,7 @@ client, for example:
<blockquote>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a>=foo.bar.com
mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a>=foo.bar.com
</pre>
</blockquote>
@ -6027,7 +6032,7 @@ Example:
</p>
<pre>
<a href="postconf.5.html#myhostname">myhostname</a> = host.domain.tld
<a href="postconf.5.html#myhostname">myhostname</a> = host.example.com
</pre>
@ -7272,7 +7277,7 @@ Examples:
<pre>
<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.my.domain]
<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.example.com]
<a href="postconf.5.html#relayhost">relayhost</a> = uucphost
<a href="postconf.5.html#relayhost">relayhost</a> = [an.ip.add.ress]
</pre>
@ -8870,10 +8875,15 @@ during TLS startup and shutdown handshake procedures. </p>
<DT><b><a name="smtp_tls_CAfile">smtp_tls_CAfile</a>
(default: empty)</b></DT><DD>
<p> The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP client certificate. This is
needed only when the CA certificate is not already present in the
client certificate file. </p>
<p> A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA certificates.
These are loaded into memory before the <a href="smtp.8.html">smtp(8)</a> client enters the
chroot jail. If the number of trusted roots is large, consider using
<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> instead, but note that the latter directory must be
present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
<p> Example: </p>
@ -8936,13 +8946,14 @@ well without them. The recommended setting is to let the defaults stand: </p>
<p> The best way to use the default settings is to comment out the above
parameters in <a href="postconf.5.html">main.cf</a> if present. </p>
<p> In order to verify certificates, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
You should add these certificates to the client certificate, the
client certificate first, then the issuing CA(s). </p>
<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
certificate file, the client certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "client.dom.ain" was issued by
"intermediate CA" which itself has a certificate of "root CA".
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem &gt; client.pem". </p>
@ -12148,12 +12159,25 @@ The default time unit is s (seconds).
<DT><b><a name="smtpd_tls_CAfile">smtpd_tls_CAfile</a>
(default: empty)</b></DT><DD>
<p> The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP server certificate. This is
needed only when the CA certificate is not already present in the
server certificate file. This file may also contain the CA
certificates of other trusted CAs. You must use this file for the
list of trusted CAs if you want to use chroot-mode. </p>
<p> A file containing (PEM format) CA certificates of root CAs trusted
to sign either remote SMTP client certificates or intermediate CA
certificates. These are loaded into memory before the <a href="smtpd.8.html">smtpd(8)</a> server
enters the chroot jail. If the number of trusted roots is large, consider
using <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> instead, but note that the latter directory must
be present in the chroot jail if the <a href="smtpd.8.html">smtpd(8)</a> server is chrooted. This
file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file. </p>
<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are not
requested, and <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> should remain empty. If you do make use
of client certificates, the distinguished names (DNs) of the certificate
authorities listed in <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the remote SMTP client
in the client certificate request message. MUAs with multiple client
certificates may use the list of preferred certificate authorities
to select the correct client certificate. You may want to put your
"preferred" CA or CAs in this file, and install other trusted CAs in
$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p>
<p> Example: </p>
@ -12169,17 +12193,22 @@ list of trusted CAs if you want to use chroot-mode. </p>
<DT><b><a name="smtpd_tls_CApath">smtpd_tls_CApath</a>
(default: empty)</b></DT><DD>
<p> Directory with PEM format certificate authority certificates
that the Postfix SMTP server offers to remote SMTP clients for the
purpose of client certificate verification. Do not forget to create
the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash
/etc/postfix/certs". </p>
<p> A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate CA
certificates. Do not forget to create the necessary "hash" links with,
for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>
<p> To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. Please note that in this case the
CA certificates are not offered to the client, so that e.g. Netscape
clients might not offer certificates issued by them. Use of this
feature is therefore not recommended. </p>
<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are
not requested, and <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> should remain empty. In contrast
to <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, DNs of certificate authorities installed
in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> are not included in the client certificate
request message. MUAs with multiple client certificates may use the
list of preferred certificate authorities to select the correct
client certificate. You may want to put your "preferred" CA or
CAs in $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, and install the remaining trusted CAs in
$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p>
<p> Example: </p>
@ -12299,12 +12328,13 @@ are present, the cipher used determines which certificate will be
presented to the client. For Netscape and OpenSSL clients without
special cipher choices the RSA certificate is preferred. </p>
<p> In order to verify a certificate, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
You should add these certificates to the server certificate, the
server certificate first, then the issuing CA(s). </p>
<p> To enable a remote SMTP client to verify the Postfix SMTP server
certificate, the issuing CA certificates must be made available to the
client. You should include the required certificates in the server
certificate file, the server certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "server.dom.ain" was issued by
<p> Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem &gt; server.pem". </p>

2
postfix/html/postdrop.1.html
View File

@ -87,7 +87,7 @@ POSTDROP(1) POSTDROP(1)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/postlog.1.html
View File

@ -66,7 +66,7 @@ POSTLOG(1) POSTLOG(1)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/postmap.1.html
View File

@ -262,7 +262,7 @@ POSTMAP(1) POSTMAP(1)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

4
postfix/html/postmulti.1.html
View File

@ -179,8 +179,8 @@ POSTMULTI(1) POSTMULTI(1)
<b>New or existing instance name assignment</b>
<b>-I</b> <i>name</i>
Assign the specified instance <i>name</i> to an existing
instance or to a newly created or imported
instance. Instance names other than "-" (which
instance, newly-created instance, or imported
instance. Instance names other than "-" (which
makes the instance "nameless") must start with
"postfix-". This restriction reduces the likeli-
hood of name collisions with system files.

2
postfix/html/postqueue.1.html
View File

@ -147,7 +147,7 @@ POSTQUEUE(1) POSTQUEUE(1)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/postsuper.1.html
View File

@ -236,7 +236,7 @@ POSTSUPER(1) POSTSUPER(1)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

4
postfix/html/qmgr.8.html
View File

@ -286,7 +286,7 @@ QMGR(8) QMGR(8)
negative feedback, after a delivery completes with
a connection or handshake failure.
<b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
<b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
@ -425,7 +425,7 @@ QMGR(8) QMGR(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

22
postfix/html/qmqpd.8.html
View File

@ -134,27 +134,29 @@ QMQPD(8) QMQPD(8)
What clients are allowed to connect to the QMQP
server port.
<b>qmqpd_client_port_logging (no)</b>
Enable logging of the remote QMQP client port in
addition to the hostname and IP address.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
and in SMTP commands.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#qmqpd_client_port_logging">qmqpd_client_port_logging</a> (no)</b>
Enable logging of the remote QMQP client port in
addition to the hostname and IP address.
<b>SEE ALSO</b>
<a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization

2
postfix/html/scache.8.html
View File

@ -134,7 +134,7 @@ SCACHE(8) SCACHE(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/showq.8.html
View File

@ -90,7 +90,7 @@ SHOWQ(8) SHOWQ(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

8
postfix/html/smtp.8.html
View File

@ -392,9 +392,9 @@ SMTP(8) SMTP(8)
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
A file containing CA certificates of root CAs
trusted to sign either remote SMTP server certifi-
cates or intermediate CA certificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
@ -777,7 +777,7 @@ SMTP(8) SMTP(8)
The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>

12
postfix/html/smtpd.8.html
View File

@ -382,14 +382,14 @@ SMTPD(8) SMTPD(8)
handshake procedures.
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP server
certificate.
A file containing (PEM format) CA certificates of
root CAs trusted to sign either remote SMTP client
certificates or intermediate CA certificates.
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP server
certificate.
A file containing (PEM format) CA certificates of
root CAs trusted to sign either remote SMTP client
certificates or intermediate CA certificates.
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
Force the Postfix SMTP server to issue a TLS ses-

2
postfix/html/spawn.8.html
View File

@ -133,7 +133,7 @@ SPAWN(8) SPAWN(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/tlsmgr.8.html
View File

@ -158,7 +158,7 @@ TLSMGR(8) TLSMGR(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/trace.8.html
View File

@ -148,7 +148,7 @@ BOUNCE(8) BOUNCE(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/trivial-rewrite.8.html
View File

@ -297,7 +297,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/html/virtual.8.html
View File

@ -282,7 +282,7 @@ VIRTUAL(8) VIRTUAL(8)
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".

2
postfix/man/man1/postalias.1
View File

@ -186,7 +186,7 @@ The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
and \fBpostmap\fR(1) commands.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "STANDARDS"

2
postfix/man/man1/postdrop.1
View File

@ -82,7 +82,7 @@ import from a non-Postfix parent process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.IP "\fBtrigger_timeout (10s)\fR"

2
postfix/man/man1/postlog.1
View File

@ -64,7 +64,7 @@ The default location of the Postfix main.cf and master.cf
configuration files.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man1/postmap.1
View File

@ -243,7 +243,7 @@ The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
and \fBpostmap\fR(1) commands.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

5
postfix/man/man1/postmulti.1
View File

@ -176,8 +176,9 @@ primary Postfix instance.
.SH "New or existing instance name assignment"
.IP "\fB-I \fIname\fR"
Assign the specified instance \fIname\fR to an existing
instance or to a newly created or imported instance. Instance
names other than "-" (which makes the instance "nameless")
instance, newly-created instance, or imported instance.
Instance
names other than "-" (which makes the instance "nameless")
must start with "postfix-". This restriction reduces the
likelihood of name collisions with system files.
.IP "\fB-G \fIgroup\fR"

2
postfix/man/man1/postqueue.1
View File

@ -135,7 +135,7 @@ import from a non-Postfix parent process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.IP "\fBtrigger_timeout (10s)\fR"

2
postfix/man/man1/postsuper.1
View File

@ -222,7 +222,7 @@ subdirectory levels.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

97
postfix/man/man5/postconf.5
View File

@ -876,7 +876,7 @@ Examples:
.na
.ft C
debug_peer_list = 127.0.0.1
debug_peer_list = some.domain
debug_peer_list = example.com
.fi
.ad
.ft R
@ -1933,6 +1933,10 @@ Keep Postfix LMTP client connections open for up to $max_idle
seconds. When the LMTP client receives a request for the same
connection the connection is reused.
.PP
This parameter is available in Postfix version 2.2 and earlier.
With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand,
lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit.
.PP
The effectiveness of cached connections will be determined by the
number of LMTP servers in use, and the concurrency limit specified
for the LMTP client. Cached connections are closed under any of
@ -3357,7 +3361,7 @@ Example:
.nf
.na
.ft C
myhostname = host.domain.tld
myhostname = host.example.com
.fi
.ad
.ft R
@ -4079,7 +4083,7 @@ Examples:
.na
.ft C
relayhost = $mydomain
relayhost = [gateway.my.domain]
relayhost = [gateway.example.com]
relayhost = uucphost
relayhost = [an.ip.add.ress]
.fi
@ -5026,10 +5030,15 @@ during TLS startup and shutdown handshake procedures.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_CAfile (default: empty)
The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP client certificate. This is
needed only when the CA certificate is not already present in the
client certificate file.
A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA certificates.
These are loaded into memory before the \fBsmtp\fR(8) client enters the
chroot jail. If the number of trusted roots is large, consider using
smtp_tls_CApath instead, but note that the latter directory must be
present in the chroot jail if the \fBsmtp\fR(8) client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$smtp_tls_cert_file.
.PP
Example:
.PP
@ -5091,13 +5100,14 @@ smtp_tls_eckey_file =
The best way to use the default settings is to comment out the above
parameters in main.cf if present.
.PP
In order to verify certificates, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
You should add these certificates to the client certificate, the
client certificate first, then the issuing CA(s).
To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
certificate file, the client certificate first, then the issuing
CA(s) (bottom-up order).
.PP
Example: the certificate for "client.dom.ain" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem > client.pem".
.PP
@ -7474,12 +7484,25 @@ to update the global ipc_timeout parameter.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH smtpd_tls_CAfile (default: empty)
The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP server certificate. This is
needed only when the CA certificate is not already present in the
server certificate file. This file may also contain the CA
certificates of other trusted CAs. You must use this file for the
list of trusted CAs if you want to use chroot-mode.
A file containing (PEM format) CA certificates of root CAs trusted
to sign either remote SMTP client certificates or intermediate CA
certificates. These are loaded into memory before the \fBsmtpd\fR(8) server
enters the chroot jail. If the number of trusted roots is large, consider
using smtpd_tls_CApath instead, but note that the latter directory must
be present in the chroot jail if the \fBsmtpd\fR(8) server is chrooted. This
file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file.
.PP
By default (see smtpd_tls_ask_ccert), client certificates are not
requested, and smtpd_tls_CAfile should remain empty. If you do make use
of client certificates, the distinguished names (DNs) of the certificate
authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client
in the client certificate request message. MUAs with multiple client
certificates may use the list of preferred certificate authorities
to select the correct client certificate. You may want to put your
"preferred" CA or CAs in this file, and install other trusted CAs in
$smtpd_tls_CApath.
.PP
Example:
.PP
@ -7493,17 +7516,22 @@ smtpd_tls_CAfile = /etc/postfix/CAcert.pem
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_CApath (default: empty)
Directory with PEM format certificate authority certificates
that the Postfix SMTP server offers to remote SMTP clients for the
purpose of client certificate verification. Do not forget to create
the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash
/etc/postfix/certs".
A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate CA
certificates. Do not forget to create the necessary "hash" links with,
for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
inside the chroot jail.
.PP
To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. Please note that in this case the
CA certificates are not offered to the client, so that e.g. Netscape
clients might not offer certificates issued by them. Use of this
feature is therefore not recommended.
By default (see smtpd_tls_ask_ccert), client certificates are
not requested, and smtpd_tls_CApath should remain empty. In contrast
to smtp_tls_CAfile, DNs of certificate authorities installed
in $smtpd_tls_CApath are not included in the client certificate
request message. MUAs with multiple client certificates may use the
list of preferred certificate authorities to select the correct
client certificate. You may want to put your "preferred" CA or
CAs in $smtp_tls_CAfile, and install the remaining trusted CAs in
$smtpd_tls_CApath.
.PP
Example:
.PP
@ -7601,12 +7629,13 @@ are present, the cipher used determines which certificate will be
presented to the client. For Netscape and OpenSSL clients without
special cipher choices the RSA certificate is preferred.
.PP
In order to verify a certificate, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
You should add these certificates to the server certificate, the
server certificate first, then the issuing CA(s).
To enable a remote SMTP client to verify the Postfix SMTP server
certificate, the issuing CA certificates must be made available to the
client. You should include the required certificates in the server
certificate file, the server certificate first, then the issuing
CA(s) (bottom-up order).
.PP
Example: the certificate for "server.dom.ain" was issued by
Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem > server.pem".

2
postfix/man/man8/anvil.8
View File

@ -231,7 +231,7 @@ The process ID of a Postfix command or daemon process.
The process name of a Postfix command or daemon process.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/bounce.8
View File

@ -119,7 +119,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "FILES"

2
postfix/man/man8/cleanup.8
View File

@ -96,7 +96,7 @@ with older Postfix versions).
.PP
Available in Postfix version 2.6 and later:
.IP "\fBalways_add_missing_headers (no)\fR"
Always add (Resent-) From:, To:, Date: or Message-ID headers
Always add (Resent-) From:, To:, Date: or Message-ID: headers
when not present.
.SH "BUILT-IN CONTENT FILTERING CONTROLS"
.na

2
postfix/man/man8/discard.8
View File

@ -87,7 +87,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/error.8
View File

@ -97,7 +97,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/flush.8
View File

@ -126,7 +126,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "FILES"

2
postfix/man/man8/local.8
View File

@ -581,7 +581,7 @@ Whether or not a \fBlocal\fR(8) recipient's home directory must exist
before mail delivery is attempted.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "FILES"

2
postfix/man/man8/master.8
View File

@ -147,7 +147,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "FILES"

2
postfix/man/man8/oqmgr.8
View File

@ -307,7 +307,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "FILES"

2
postfix/man/man8/pickup.8
View File

@ -97,7 +97,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/pipe.8
View File

@ -415,7 +415,7 @@ The location of the Postfix top-level queue directory.
The separator between user names and address extensions (user+foo).
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/qmgr.8
View File

@ -357,7 +357,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "FILES"

10
postfix/man/man8/qmqpd.8
View File

@ -130,19 +130,21 @@ The process ID of a Postfix command or daemon process.
The process name of a Postfix command or daemon process.
.IP "\fBqmqpd_authorized_clients (empty)\fR"
What clients are allowed to connect to the QMQP server port.
.IP "\fBqmqpd_client_port_logging (no)\fR"
Enable logging of the remote QMQP client port in addition to
the hostname and IP address.
.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.IP "\fBverp_delimiter_filter (-=+)\fR"
The characters Postfix accepts as VERP delimiter characters on the
Postfix \fBsendmail\fR(1) command line and in SMTP commands.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBqmqpd_client_port_logging (no)\fR"
Enable logging of the remote QMQP client port in addition to
the hostname and IP address.
.SH "SEE ALSO"
.na
.nf

2
postfix/man/man8/scache.8
View File

@ -128,7 +128,7 @@ The process ID of a Postfix command or daemon process.
The process name of a Postfix command or daemon process.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/showq.8
View File

@ -78,7 +78,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "FILES"

4
postfix/man/man8/smtp.8
View File

@ -337,8 +337,8 @@ client uses for TLS encrypted SMTP sessions.
Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures.
.IP "\fBsmtp_tls_CAfile (empty)\fR"
The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP client certificate.
A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA certificates.
.IP "\fBsmtp_tls_CApath (empty)\fR"
Directory with PEM format certificate authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server

10
postfix/man/man8/smtpd.8
View File

@ -337,11 +337,13 @@ server uses for TLS encrypted SMTP sessions.
The time limit for Postfix SMTP server write and read operations
during TLS startup and shutdown handshake procedures.
.IP "\fBsmtpd_tls_CAfile (empty)\fR"
The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP server certificate.
A file containing (PEM format) CA certificates of root CAs trusted
to sign either remote SMTP client certificates or intermediate CA
certificates.
.IP "\fBsmtpd_tls_CAfile (empty)\fR"
The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP server certificate.
A file containing (PEM format) CA certificates of root CAs trusted
to sign either remote SMTP client certificates or intermediate CA
certificates.
.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
Force the Postfix SMTP server to issue a TLS session id, even
when TLS session caching is turned off (smtpd_tls_session_cache_database

2
postfix/man/man8/spawn.8
View File

@ -125,7 +125,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/tlsmgr.8
View File

@ -149,7 +149,7 @@ The process ID of a Postfix command or daemon process.
The process name of a Postfix command or daemon process.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

2
postfix/man/man8/trivial-rewrite.8
View File

@ -253,7 +253,7 @@ Display the name of the recipient table in the "User unknown"
responses.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.PP

2
postfix/man/man8/virtual.8
View File

@ -278,7 +278,7 @@ The process name of a Postfix command or daemon process.
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"
The syslog facility of Postfix logging.
.IP "\fBsyslog_name (postfix)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
.SH "SEE ALSO"

57
postfix/mantools/check-postlink Executable file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Look for missing parameter names in postlink
trap 'rm -f postlink.tmp postconf.tmp check-postlink.tmp 2>/dev/null' 0 1 2 3 15
# Extract parameters from postconf.5.html hyperlinks.
sed -n '/[ ].*href="postconf\.5\.html#/{
s/^[^#]*#//
s/".*//
p
}' mantools/postlink | sort > postlink.tmp
#
# Extract parameters from postlink script. This also produces names
# of obsolete parameters, and non-parameter names such as SMTPD
# access restrictions and mask names.
postconf -d | sed 's/ =.*//' | sort >postconf.tmp
# Filter the output through a whitelist.
cat >check-postlink.tmp <<'EOF'
lmtp_body_checks
lmtp_cname_overrides_servername
lmtp_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback
lmtp_destination_rate_delay
lmtp_header_checks
lmtp_initial_destination_concurrency
lmtp_mime_header_checks
lmtp_nested_header_checks
local_destination_concurrency_failed_cohort_limit
local_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback
local_destination_rate_delay
local_initial_destination_concurrency
relay_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback
relay_destination_rate_delay
relay_initial_destination_concurrency
smtp_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback
smtp_destination_rate_delay
smtp_initial_destination_concurrency
stress
virtual_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback
virtual_destination_rate_delay
virtual_initial_destination_concurrency
EOF
comm -23 postconf.tmp postlink.tmp | fgrep -vx -f check-postlink.tmp

8
postfix/mantools/postlink
View File

@ -205,6 +205,7 @@ while (<>) {
s;\bline_length_limit\b;<a href="postconf.5.html#line_length_limit">$&</a>;g;
s;\blmtp_bind_address\b;<a href="postconf.5.html#lmtp_bind_address">$&</a>;g;
s;\blmtp_bind_address6\b;<a href="postconf.5.html#lmtp_bind_address6">$&</a>;g;
s;\blmtp_assume_final\b;<a href="postconf.5.html#lmtp_assume_final">$&</a>;g;
s;\blmtp_cache_connection\b;<a href="postconf.5.html#lmtp_cache_connection">$&</a>;g;
s;\blmtp_discard_lhlo_keyword_address_maps\b;<a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">$&</a>;g;
s;\blmtp_discard_lhlo_keywords\b;<a href="postconf.5.html#lmtp_discard_lhlo_keywords">$&</a>;g;
@ -260,7 +261,7 @@ while (<>) {
s;\blmtp_tls_note_starttls_offer\b;<a href="postconf.5.html#lmtp_tls_note_starttls_offer">$&</a>;g;
s;\blmtp_sender_dependent_authentication\b;<a href="postconf.5.html#lmtp_sender_dependent_authentication">$&</a>;g;
s;\blmtp_sasl_path\b;<a href="postconf.5.html#lmtp_sasl_path">$&</a>;g;
s;\blmtp_lhlo_name\b;<a href="postconf.5.html#lmtp_lhloname">$&</a>;g;
s;\blmtp_lhlo_name\b;<a href="postconf.5.html#lmtp_lhlo_name">$&</a>;g;
s;\blmtp_connect_timeout\b;<a href="postconf.5.html#lmtp_connect_timeout">$&</a>;g;
s;\blmtp_data_done_timeout\b;<a href="postconf.5.html#lmtp_data_done_timeout">$&</a>;g;
s;\blmtp_data_init_timeout\b;<a href="postconf.5.html#lmtp_data_init_timeout">$&</a>;g;
@ -360,6 +361,7 @@ while (<>) {
s;\bdestination_concurrency_feedback_debug\b;<a href="postconf.5.html#destination_concurrency_feedback_debug">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_rate_delay\b;<a href="postconf.5.html#default_destination_rate_delay">$&</a>;g;
s;\bqmqpd_client_port_logging\b;<a href="postconf.5.html#qmqpd_client_port_logging">$&</a>;g;
s;\bqmqpd_error_delay\b;<a href="postconf.5.html#qmqpd_error_delay">$&</a>;g;
s;\bqmqpd_timeout\b;<a href="postconf.5.html#qmqpd_timeout">$&</a>;g;
s;\bqueue_directory\b;<a href="postconf.5.html#queue_directory">$&</a>;g;
@ -403,7 +405,7 @@ while (<>) {
s;\bservice_throttle_time\b;<a href="postconf.5.html#service_throttle_time">$&</a>;g;
s;\bsetgid_group\b;<a href="postconf.5.html#setgid_group">$&</a>;g;
s;\bconnection_cache_service\b;<a href="postconf.5.html#connection_cache_service">$&</a>;g;
s;\bconnection_cache_service_name\b;<a href="postconf.5.html#connection_cache_service_name">$&</a>;g;
s;\bconnection_cache_status_update_time\b;<a href="postconf.5.html#connection_cache_status_update_time">$&</a>;g;
s;\bconnection_cache_protocol_timeout\b;<a href="postconf.5.html#connection_cache_protocol_timeout">$&</a>;g;
s;\bconnection_cache_ttl_limit\b;<a href="postconf.5.html#connection_cache_ttl_limit">$&</a>;g;
@ -669,7 +671,7 @@ while (<>) {
# Transport-dependent magical parameters.
s;(<i>transport</i>)(<b>)?(_destination_concurrency_failed_cohort_limit)\b;$2<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_concurrency_negative_feedback)\b;$2<a href="postconf.5.html#transport_destination_concurrency_positive_feedback">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_concurrency_negative_feedback)\b;$2<a href="postconf.5.html#transport_destination_concurrency_negative_feedback">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_concurrency_positive_feedback)\b;$2<a href="postconf.5.html#transport_destination_concurrency_positive_feedback">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_delivery_slot_cost)\b;$2<a href="postconf.5.html#transport_delivery_slot_cost">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_delivery_slot_discount)\b;$2<a href="postconf.5.html#transport_delivery_slot_discount">$1$3</a>;g;

8
postfix/proto/SMTPD_POLICY_README.html
View File

@ -126,10 +126,10 @@ stress=
an empty value ("name="), or sends a zero value ("name=0") in
the case of a numerical attribute. </p>
<li> <p> The "recipient" attribute is available only in the
"RCPT TO" stage, and in the "DATA" and "END-OF-MESSAGE" stages
when Postfix accepted only one recipient for the current message.
</p>
<li> <p> The "recipient" attribute is available in the "RCPT
TO" stage. It is also available in the "DATA" and "END-OF-MESSAGE"
stages if Postfix accepted only one recipient for the current
message. </p>
<li> <p> The "recipient_count" attribute (Postfix 2.3 and later)
is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It

297
postfix/proto/STRESS_README.html
View File

@ -21,13 +21,11 @@ Stress-Dependent Configuration</h1>
<h2>Overview </h2>
<p> This document describes the symptoms of Postfix SMTP server
overload, and how to avoid the condition under normal conditions.
When the condition is caused by botnets or other malware, the
document suggests configuration settings that help to minimize the
impact on legitimate mail. Finally, the document introduces
stress-adaptive behavior, introduced with Postfix 2.5, and how it
can be used to automatically switch configuration settings under
overload. </p>
overload. It presents permanent main.cf changes to avoid overload
during normal operation, and temporary main.cf changes to cope with
an unexpected burst of mail. This document makes specific suggestions
for Postfix 2.5 and later which support stress-adaptive behavior,
and for earlier Postfix versions that don't. </p>
<p> Topics covered in this document: </p>
@ -41,47 +39,52 @@ overload. </p>
<li><a href="#hangup"> Disconnect suspicious SMTP clients </a>
<li><a href="#desperate"> Take desperate measures </a>
<li><a href="#legacy"> Temporary measures for older Postfix releases </a>
<li><a href="#adapt"> Make Postfix behavior stress-adaptive </a>
<li><a href="#adapt"> Automatic stress-adaptive behavior </a>
<li><a href="#feature"> Detecting support for stress-adaptive behavior </a>
<li><a href="#forcing"> Forcing stress-adaptive behavior on or off </a>
<li><a href="#other"> Other measures to off-load zombies </a>
<li><a href="#credits"> Credits </a>
</ul>
<h2><a name="overload"> Symptoms of Postfix SMTP server overload </a></h2>
<p> Under normal conditions, Postfix responds immediately when a
remote SMTP client connects. The time needed to deliver mail should
be noticeable only with very large messages. Performance degrades
more dramatically when the number of remote SMTP clients exceeds
the number of Postfix SMTP server processes. When a client connects
while all server processes are busy, the client must wait until a
server process becomes available. </p>
<p> Under normal conditions, the Postfix SMTP server responds
immediately when an SMTP client connects to it; the time to deliver
mail is noticeable only with large messages. Performance degrades
dramatically when the number of SMTP clients exceeds the number of
Postfix SMTP server processes. When an SMTP client connects while
all Postfix SMTP server processes are busy, the client must wait
until a server process becomes available. </p>
<p> Overload may be caused by a legitimate mail (example: a DNS
registrar opens a new zone for registrations), by mistake (mail
explosion caused by a forwarding loop) or by illegitimate mail (worm
outbreak, botnet, or other malware activity). Symptoms of Postfix
SMTP mail server overload are: </p>
<p> SMTP server overload may be caused by a surge of legitimate
mail (example: a DNS registrar opens a new zone for registrations),
by mistake (mail explosion caused by a forwarding loop) or by malice
(worm outbreak, botnet, or other illegitimate activity). </p>
<p> Symptoms of Postfix SMTP server overload are: </p>
<ul>
<li> <p> Remote SMTP clients experience a long delay before Postfix
sends the "220 hostname.example.com ESMTP Postfix" greeting. If
this affects end-user mail clients, enable the "submission" service
entry in master.cf (present since Postfix 2.1), and tell users to
connect to this instead of the public SMTP service. </p>
sends the "220 hostname.example.com ESMTP Postfix" greeting. </p>
<ul>
<li> <p> NOTE: Broken DNS configurations also cause lengthy delays
before Postfix sends "220 hostname.example.com ...". In this case
the delay happens even when Postfix is not busy. </p>
<li> <p> NOTE: Broken DNS configurations can also cause lengthy
delays before Postfix sends "220 hostname.example.com ...". These
delays also exist when Postfix is NOT overloaded. </p>
<li> <p> NOTE: To avoid "overload" delays for end-user mail
clients, enable the "submission" service entry in master.cf (present
since Postfix 2.1), and tell users to connect to this instead of
the public SMTP service. </p>
</ul>
@ -91,8 +94,8 @@ clients disconnect before Postfix answers the connection. </p>
<ul>
<li> <p> NOTE: A portscan for open SMTP ports also results in "lost
connection ..." logfile messages. </p>
<li> <p> NOTE: A portscan for open SMTP ports can also result in
"lost connection ..." logfile messages. </p>
</ul>
@ -111,14 +114,16 @@ Oct 3 20:39:27 spike postfix/master[28905]: warning: to avoid this
</ul>
<p> Legitimate mail that doesn't get through during an episode of
overload is not necessarily lost. It should still arrive once the
situation returns to normal, as long as the overload condition is
temporary. </p>
Postfix SMTP server overload is not necessarily lost. It should
still arrive once the situation returns to normal, as long as the
overload condition is temporary. </p>
<h2><a name="concurrency"> Service more SMTP clients at the same time </a> </h2>
<p> To service more SMTP clients simultaneously, you need to increase
the number of SMTP server processes. This will improve the
<p> One measure to avoid the "all server processes busy" condition
is to service more SMTP clients simultaneously. For this you need
to increase the number of Postfix SMTP server processes. This will
improve the
responsiveness for remote SMTP clients, as long as the server machine
has enough hardware and software resources to run the additional
processes, and as long as the file system can keep up with the
@ -137,7 +142,8 @@ later, and an operating system that supports kernel-based event
filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll).
</p>
<li> <p> You can reduce the Postfix memory footprint by using cdb:
<li> <p> More processes use more memory. You can reduce the Postfix
memory footprint by using cdb:
lookup tables instead of Berkeley DB's hash: or btree: tables. </p>
<pre>
@ -181,9 +187,9 @@ Issue a "postfix reload" command to make the change effective. </p>
<p> When increasing the number of SMTP server processes is not
practical, you can improve Postfix server responsiveness by eliminating
unnecessary work. When Postfix spends less time per SMTP session, the
same number of SMTP server processes can service more clients in the
same amount of time. </p>
delays. When Postfix spends less time per SMTP session, the same
number of SMTP server processes can service more clients in a given
amount of time. </p>
<ul>
@ -201,18 +207,18 @@ emergency patterns to block the latest worm explosion or backscatter
mail. See BACKSCATTER_README for examples of the latter.
<li> <p> Group your header_checks and body_checks patterns to avoid
unnecessary pattern matching operations.
unnecessary pattern matching operations:
<pre>
1 /etc/postfix/header_checks:
2 if /^Subject:/
3 /^Subject: virus found in mail from you/ reject
4 /^Subject: ..../ ....
4 /^Subject: ..other../ reject
5 endif
6
7 if /^Received:/
8 /^Received: from (postfix\.org) / reject forged client name in received header: $1
9 /^Received: from .../ ....
9 /^Received: from ..other../ reject ....
10 endif
</pre>
@ -226,20 +232,22 @@ clients get a chance to talk to Postfix. </p>
<ul>
<li> <p> Use "521" reply codes (Postfix 2.6 and later) for
botnet-related RBLs or for selected non-RBL restrictions. With
Postfix 2.3-2.5 use "421" for a similar result. The Postfix SMTP
server will disconnect immediately without waiting for the remote
SMTP client to send a QUIT command. </p>
<li> <p> Use "521" SMTP reply codes (Postfix 2.6 and later) or "421"
(Postfix 2.3-2.5) to hang up on clients that that match botnet-related
RBLs (see next bullet) or that match selected non-RBL restrictions
such as SMTP access maps. The Postfix SMTP server will reject mail
and disconnect without waiting for the remote SMTP client to send
a QUIT command. </p>
<p> You can set individual reject codes for RBLs, and for individual
responses from a specific RBL. We'll use zen.spamhaus.org as an
example; by the time you read this document, details may have
changed. Right now, their documents say that a response of 127.0.0.10
or 127.0.0.11 indicates a dynamic client IP address, which means
that the machine is probably running a bot of some kind. To give
a 521 response instead of the default 554 response, use something
like: </p>
<li> <p> To hang up connections from blacklisted zombies, you can
set specific Postfix SMTP server reject codes for specific RBLs,
and for individual responses from specific RBLs. We'll use
zen.spamhaus.org as an example; by the time you read this document,
details may have changed. Right now, their documents say that a
response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP
address, which means that the machine is probably running a bot of
some kind. To give a 521 response instead of the default 554
response, use something like: </p>
<pre>
1 /etc/postfix/main.cf:
@ -252,45 +260,55 @@ like: </p>
8 rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
9
10 /etc/postfix/rbl_reply_maps:
11 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
12 $rbl_class [$rbl_what] blocked using
13 $rbl_domain${rbl_reason?; $rbl_reason}
14
15 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
16 $rbl_class [$rbl_what] blocked using
17 $rbl_domain${rbl_reason?; $rbl_reason}
11 # With Postfix 2.3-2.5 use "421" to hang up connections.
12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
13 $rbl_class [$rbl_what] blocked using
14 $rbl_domain${rbl_reason?; $rbl_reason}
15
16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
17 $rbl_class [$rbl_what] blocked using
18 $rbl_domain${rbl_reason?; $rbl_reason}
</pre>
<p> Although the above shows three RBL lookups (lines 4-6), Postfix
will still only do a single DNS query, so the performance difference
is negligible. </p>
<p> Although the above example shows three RBL lookups (lines 4-6),
Postfix will only do a single DNS query, so it does not affect the
performance. </p>
<p> With Postfix 2.3-2.5, use 421 (reply code 521 will not cause
Postfix to disconnect). The down-side of sending 421 is that
it works only for zombies and other malware. If the client is running
a real MTA, then it may connect again several times until the mail
expires in its queue. When this is a problem, stick with the default
554 reply, and use "smtpd_hard_error_limit = 1" as described below.
</p>
<li> <p> With Postfix 2.3-2.5, use reply code 421 (521 will not
cause Postfix to disconnect). The down-side of replying with 421
is that it works only for zombies and other malware. If the client
is running a real MTA, then it may connect again several times until
the mail expires in its queue. When this is a problem, stick with
the default 554 reply, and use "smtpd_hard_error_limit = 1" as
described below. </p>
<p> With Postfix 2.5, or with earlier releases that contain the
stress-adaptive behavior patch, you can turn on the above under
overload by replacing line 8 with: </p>
<li> <p> You can automatically turn on the above overload measure
with Postfix 2.5 and later, or with earlier releases that contain
the stress-adaptive behavior source code patch from the mirrors
listed at http://www.postfix.org/download.html. Simply replace line
above 8 with: </p>
<pre>
8 rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
</pre>
<p> More information about automatic stress-adaptive behavior is
at the end of this document. </p>
</ul>
<h2><a name="desperate"> Take desperate measures </a></h2>
<p> More information about automatic stress-adaptive behavior is
in section "<a href="#adapt">Automatic stress-adaptive behavior</a>".
</p>
<p> The following measures will still allow <b>most</b> legitimate
clients to connect and send mail, but may affect some legitimate
clients. </p>
<h2><a name="legacy"> Temporary measures for older Postfix releases </a></h2>
<p> See the next section, "<a href="#adapt">Automatic stress-adaptive
behavior</a>", if you are running Postfix version 2.5 or later, or
if you have applied the source code patch for stress-adaptive
behavior from the mirrors listed at http://www.postfix.org/download.html.
</p>
<p> The following measures can be applied temporarily during overload.
They still allow <b>most</b> legitimate clients to connect and send
mail, but may affect some legitimate clients. </p>
<ul>
@ -312,16 +330,9 @@ such as a mailing list that contains a few no-longer-active user
names that didn't bother to unsubscribe. No mail should be lost,
as long as this measure is used only temporarily. </p>
<li> <p> Disable remote SMTP client hostname lookups, so that all
SMTP client hostnames become "unknown" (line 5 below). This feature
was introduced with Postfix 2.3. Unfortunately, this measure is
more problematic than the other ones proposed sofar. First, this
will result in loss of mail when you use hostname-based access rules
that reject mail from "unknown" SMTP clients (examples:
reject_unknown_client_hostname, reject_unknown_reverse_client_hostname).
Second, this may result in loss of mail when you subject "unknown"
SMTP clients to additional restrictions such as reject_unverified_sender.
</p>
<li> <p> Use an smtpd_junk_command_limit of 1 instead of the default
100. This prevents clients from keeping idle connections open by
repeatedly sending NOOP or RSET commands. </p>
</ul>
@ -330,40 +341,60 @@ SMTP clients to additional restrictions such as reject_unverified_sender.
1 /etc/postfix/main.cf:
2 smtpd_timeout = 10
3 smtpd_hard_error_limit = 1
4 # Caution: line 5 may trigger REJECTs by hostname-based access rules
5 smtpd_peername_lookup = no
4 smtpd_junk_command_limit = 1
</pre>
</blockquote>
<p> Except with the last measure, no mail should be lost, as long
<p> With these measures, no mail should be lost, as long
as these measures are used only temporarily. The next section of
this document introduces a way to automate this process. </p>
<h2><a name="adapt"> Make Postfix behavior stress-adaptive </a></h2>
<h2><a name="adapt"> Automatic stress-adaptive behavior </a></h2>
<p> Postfix version 2.5 introduces automatic stress-adaptive behavior.
This is also available as an add-on patch for Postfix versions 2.4
and 2.3 from the mirrors listed at http://www.postfix.org/download.html.
</p>
This is also available as a source code patch for Postfix versions
2.4 and 2.3 from the mirrors listed at
http://www.postfix.org/download.html. </p>
<p> It works as follows. When a "public" network service runs into
an "all server ports are busy" condition, the master(8) daemon logs
a warning, restarts the service (without interrupting existing
network sessions), and runs the service with "-o stress=yes" on the
command line. Normally, it runs a stress-adaptive service with "-o
stress=" on the command line (i.e. with an empty parameter value).
Other services never have "-o stress" parameters on the command
line, including services that listen on a loopback interface only.
<p> It works as follows. When a "public" network service such as
the SMTP server runs into an "all server ports are busy" condition,
the Postfix master(8) daemon logs a warning, restarts the service
(without interrupting existing network sessions), and runs the
service with "-o stress=yes" on the server process command line:
</p>
<p> The stress pseudo-parameter value is the key to making main.cf
parameter settings stress adaptive: </p>
<blockquote>
<pre>
1 /etc/postfix/main.cf:
2 smtpd_timeout = ${stress?10}${stress:300}
3 smtpd_hard_error_limit = ${stress?1}${stress:20}
80821 ?? S 0:00.24 smtpd -n smtp -t inet -u -c -o stress=yes
</pre>
</blockquote>
<p> Normally, the Postfix master(8) daemon runs such a service with
"-o stress=" on the command line (i.e. with an empty parameter
value): </p>
<blockquote>
<pre>
83326 ?? S 0:00.28 smtpd -n smtp -t inet -u -c -o stress=
</pre>
</blockquote>
<p> Services that have local access only never have "-o stress"
parameters on the command line. This includes services internal to
Postfix such as the queue manager, and services that listen on a
loopback interface only, such as after-filter SMTP services. </p>
<p> The "stress" parameter value is the key to making main.cf
parameter settings stress adaptive. The following settings are the
default with Postfix 2.6 and later. With earlier Postfix versions
that have stress-adaptive support, append the lines below to the
main.cf file and issue a "postfix reload" command: </p>
<blockquote>
<pre>
1 smtpd_timeout = ${stress?10}${stress:300}s
2 smtpd_hard_error_limit = ${stress?1}${stress:20}
3 smtpd_junk_command_limit = ${stress?1}${stress:100}
</pre>
</blockquote>
@ -371,11 +402,29 @@ parameter settings stress adaptive: </p>
<ul>
<li> <p> Line 2: under conditions of stress, use an smtpd_timeout
value of 10 seconds instead of the default 300 seconds,
<li> <p> Line 1: under conditions of stress, use an smtpd_timeout
value of 10 seconds instead of the default 300 seconds. Experience
on the postfix-users list from a variety of sysadmins shows that
reducing the "normal" smtpd_timeout to 60s is unlikely to affect
legitimate clients. However, it is unlikely to become the Postfix
default because it's not RFC compliant. Setting smtpd_timeout to
10s (line 2 below) or even 5s under stress will still allow most
legitimate clients to connect and send mail, but may delay mail
from some clients. No mail should be lost, as long as this measure
is used only temporarily. </p>
<li> <p> Line 3: under conditions of stress, use an smtpd_hard_error_limit
of 1 instead of the default 20. </p>
<li> <p> Line 2: under conditions of stress, use an smtpd_hard_error_limit
of 1 instead of the default 20. This helps by disconnecting clients
after a single error, giving other clients a chance to connect.
However, this may cause significant delays with legitimate mail,
such as a mailing list that contains a few no-longer-active user
names that didn't bother to unsubscribe. No mail should be lost,
as long as this measure is used only temporarily. </p>
<li> <p> Line 3: under conditions of stress, use an
smtpd_junk_command_limit of 1 instead of the default 100. This
prevents clients from keeping idle connections open by repeatedly
sending NOOP or RSET commands. </p>
</ul>
@ -463,6 +512,20 @@ services that accept remote connections. </p>
</pre>
</blockquote>
<h2><a name="other"> Other measures to off-load zombies </h2>
<p> OpenBSD <a href="http://www.openbsd.org/spamd/">spamd</a>
implements a daemon that handles all connections from "new" clients.
Only well-behaved mail clients are allowed to talk to the mail
server. Other clients are tarpitted, and will never get a chance
to affect mail server performance. </p>
<p> At some point in the future, Postfix may come with a simple
front-end daemon that does basic greylisting and pipelining detection
to keep zombies and other ratware away from Postfix itself. This
would use the "pass" service type which has been available in
stable Postfix releases since Postfix 2.5. </p>
<h2><a name="credits"> Credits </a></h2>
<ul>

10
postfix/proto/TLS_LEGACY_README.html
View File

@ -568,6 +568,11 @@ the cost of repeatedly negotiating TLS session keys is high.</p>
</pre>
</blockquote>
<p> As of version 2.5, Postfix will no longer maintain this file
in a directory with non-Postfix ownership. As a migration aid,
attempts to open such files are redirected to the Postfix-owned
$data_directory, and a warning is logged. </p>
<p> Cached Postfix SMTP server session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600sec (=1 hour). RFC 2246
@ -937,6 +942,11 @@ is allowed to negotiate per unit time.</p>
</pre>
</blockquote>
<p> As of version 2.5, Postfix will no longer maintain this file
in a directory with non-Postfix ownership. As a migration aid,
attempts to open such files are redirected to the Postfix-owned
$data_directory, and a warning is logged. </p>
<p> Cached Postfix SMTP client session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600s (=1 hour). RFC 2246

28
postfix/proto/TLS_README.html
View File

@ -266,11 +266,11 @@ determines which certificate is presented. For Netscape and OpenSSL
clients without special cipher choices, the RSA certificate is
preferred. </p>
<p> In order for remote SMTP clients to check the Postfix SMTP
server certificates, the CA certificate (in case of a certificate
chain, all CA certificates) must be available. You should add any
intermediate CA certificates to the server certificate: the server
certificate first, then the intermediate CA(s). </p>
<p> To enable a remote SMTP client to verify the Postfix SMTP server
certificate, the issuing CA certificates must be made available to the
client. You should include the required certificates in the server
certificate file, the server certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root
@ -363,9 +363,9 @@ is needed. Thus, the $smtpd_tls_CApath directory needs to be
accessible inside the optional chroot jail. </p>
<p> When you configure the Postfix SMTP server to request <a
href="#server_vrfy_client">client certificates</a>, any CA certificates
in $smtpd_tls_CAfile are sent to the client, in order to allow it to
choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile
href="#server_vrfy_client">client certificates</a>, the DNs of certificate
authorities in $smtpd_tls_CAfile are sent to the client, in order to allow
it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile
is specified, no preferred CA list is sent, and the client is free to
choose an identity signed by any CA. Many clients use a fixed identity
regardless of the preferred CA list and you may be able to reduce TLS
@ -970,14 +970,14 @@ must not be encrypted, meaning: it must be accessible without
password. Both parts (certificate and private key) may be in the
same file. </p>
<p> In order for remote SMTP servers to verify the Postfix SMTP
client certificates, the CA certificate (in case of a certificate
chain, all CA certificates) must be available. You should add
these certificates to the client certificate, the client certificate
first, then the issuing CA(s). </p>
<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
certificate file, the client certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate of "root CA".
"intermediate CA" which itself has a certificate issued by "root CA".
Create the client.pem file with: </p>
<blockquote>

98
postfix/proto/postconf.proto
View File

@ -890,7 +890,7 @@ Examples:
<pre>
debug_peer_list = 127.0.0.1
debug_peer_list = some.domain
debug_peer_list = example.com
</pre>
%PARAM default_database_type see "postconf -d" output
@ -2876,7 +2876,7 @@ Example:
</p>
<pre>
myhostname = host.domain.tld
myhostname = host.example.com
</pre>
%PARAM mynetworks see "postconf -d" output
@ -3508,7 +3508,7 @@ Examples:
<pre>
relayhost = $mydomain
relayhost = [gateway.my.domain]
relayhost = [gateway.example.com]
relayhost = uucphost
relayhost = [an.ip.add.ress]
</pre>
@ -7050,6 +7050,11 @@ seconds. When the LMTP client receives a request for the same
connection the connection is reused.
</p>
<p> This parameter is available in Postfix version 2.2 and earlier.
With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand,
lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit.
</p>
<p>
The effectiveness of cached connections will be determined by the
number of LMTP servers in use, and the concurrency limit specified
@ -8430,12 +8435,13 @@ are present, the cipher used determines which certificate will be
presented to the client. For Netscape and OpenSSL clients without
special cipher choices the RSA certificate is preferred. </p>
<p> In order to verify a certificate, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
You should add these certificates to the server certificate, the
server certificate first, then the issuing CA(s). </p>
<p> To enable a remote SMTP client to verify the Postfix SMTP server
certificate, the issuing CA certificates must be made available to the
client. You should include the required certificates in the server
certificate file, the server certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "server.dom.ain" was issued by
<p> Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem &gt; server.pem". </p>
@ -8498,12 +8504,25 @@ to anyone else. </p>
%PARAM smtpd_tls_CAfile
<p> The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP server certificate. This is
needed only when the CA certificate is not already present in the
server certificate file. This file may also contain the CA
certificates of other trusted CAs. You must use this file for the
list of trusted CAs if you want to use chroot-mode. </p>
<p> A file containing (PEM format) CA certificates of root CAs trusted
to sign either remote SMTP client certificates or intermediate CA
certificates. These are loaded into memory before the smtpd(8) server
enters the chroot jail. If the number of trusted roots is large, consider
using smtpd_tls_CApath instead, but note that the latter directory must
be present in the chroot jail if the smtpd(8) server is chrooted. This
file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file. </p>
<p> By default (see smtpd_tls_ask_ccert), client certificates are not
requested, and smtpd_tls_CAfile should remain empty. If you do make use
of client certificates, the distinguished names (DNs) of the certificate
authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client
in the client certificate request message. MUAs with multiple client
certificates may use the list of preferred certificate authorities
to select the correct client certificate. You may want to put your
"preferred" CA or CAs in this file, and install other trusted CAs in
$smtpd_tls_CApath. </p>
<p> Example: </p>
@ -8515,17 +8534,22 @@ smtpd_tls_CAfile = /etc/postfix/CAcert.pem
%PARAM smtpd_tls_CApath
<p> Directory with PEM format certificate authority certificates
that the Postfix SMTP server offers to remote SMTP clients for the
purpose of client certificate verification. Do not forget to create
the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash
/etc/postfix/certs". </p>
<p> A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate CA
certificates. Do not forget to create the necessary "hash" links with,
for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>
<p> To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. Please note that in this case the
CA certificates are not offered to the client, so that e.g. Netscape
clients might not offer certificates issued by them. Use of this
feature is therefore not recommended. </p>
<p> By default (see smtpd_tls_ask_ccert), client certificates are
not requested, and smtpd_tls_CApath should remain empty. In contrast
to smtp_tls_CAfile, DNs of certificate authorities installed
in $smtpd_tls_CApath are not included in the client certificate
request message. MUAs with multiple client certificates may use the
list of preferred certificate authorities to select the correct
client certificate. You may want to put your "preferred" CA or
CAs in $smtp_tls_CAfile, and install the remaining trusted CAs in
$smtpd_tls_CApath. </p>
<p> Example: </p>
@ -8827,13 +8851,14 @@ smtp_tls_eckey_file =
<p> The best way to use the default settings is to comment out the above
parameters in main.cf if present. </p>
<p> In order to verify certificates, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
You should add these certificates to the client certificate, the
client certificate first, then the issuing CA(s). </p>
<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
certificate file, the client certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "client.dom.ain" was issued by
"intermediate CA" which itself has a certificate of "root CA".
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem &gt; client.pem". </p>
@ -8874,10 +8899,15 @@ smtp_tls_key_file = $smtp_tls_cert_file
%PARAM smtp_tls_CAfile
<p> The file with the certificate of the certification authority
(CA) that issued the Postfix SMTP client certificate. This is
needed only when the CA certificate is not already present in the
client certificate file. </p>
<p> A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA certificates.
These are loaded into memory before the smtp(8) client enters the
chroot jail. If the number of trusted roots is large, consider using
smtp_tls_CApath instead, but note that the latter directory must be
present in the chroot jail if the smtp(8) client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$smtp_tls_cert_file. </p>
<p> Example: </p>

2
postfix/src/anvil/anvil.c
View File

@ -209,7 +209,7 @@
/* The process name of a Postfix command or daemon process.
/* .IP "\fBsyslog_facility (mail)\fR"
/* The syslog facility of Postfix logging.
/* .IP "\fBsyslog_name (postfix)\fR"
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
/* SEE ALSO

2
postfix/src/bounce/bounce.c
View File

@ -107,7 +107,7 @@
/* The location of the Postfix top-level queue directory.
/* .IP "\fBsyslog_facility (mail)\fR"
/* The syslog facility of Postfix logging.
/* .IP "\fBsyslog_name (postfix)\fR"
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
/* FILES

2
postfix/src/cleanup/cleanup.c
View File

@ -80,7 +80,7 @@
/* .PP
/* Available in Postfix version 2.6 and later:
/* .IP "\fBalways_add_missing_headers (no)\fR"
/* Always add (Resent-) From:, To:, Date: or Message-ID headers
/* Always add (Resent-) From:, To:, Date: or Message-ID: headers
/* when not present.
/* BUILT-IN CONTENT FILTERING CONTROLS
/* .ad

8
postfix/src/cleanup/cleanup_message.c
View File

@ -624,6 +624,10 @@ static void cleanup_header_done_callback(void *context)
* ID uniqueness only within a second, we must ensure that the time in
* the message ID matches the queue ID creation time, as long as we use
* the queue ID in the message ID.
*
* XXX We log a dummy name=value record so that we (hopefully) don't break
* compatibility with existing logfile analyzers, and so that we don't
* complicate future code that wants to log more name=value attributes.
*/
if ((state->hdr_rewrite_context || var_always_add_hdrs)
&& (state->headers_seen & (1 << (state->resent[0] ?
@ -636,7 +640,11 @@ static void cleanup_header_done_callback(void *context)
msg_info("%s: %smessage-id=<%s.%s@%s>",
state->queue_id, *state->resent ? "resent-" : "",
time_stamp, state->queue_id, var_myhostname);
state->headers_seen |= (1 << (state->resent[0] ?
HDR_RESENT_MESSAGE_ID : HDR_MESSAGE_ID));
}
if ((state->headers_seen & (1 << HDR_MESSAGE_ID)) == 0)
msg_info("%s: message-id=<>", state->queue_id);
/*
* Add a missing (Resent-)Date: header. The date is in local time units,

2
postfix/src/discard/discard.c
View File

@ -73,7 +73,7 @@
/* The location of the Postfix top-level queue directory.
/* .IP "\fBsyslog_facility (mail)\fR"
/* The syslog facility of Postfix logging.
/* .IP "\fBsyslog_name (postfix)\fR"
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
/* SEE ALSO

2
postfix/src/error/error.c
View File

@ -83,7 +83,7 @@
/* The location of the Postfix top-level queue directory.
/* .IP "\fBsyslog_facility (mail)\fR"
/* The syslog facility of Postfix logging.
/* .IP "\fBsyslog_name (postfix)\fR"
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
/* SEE ALSO

2
postfix/src/flush/flush.c
View File

@ -112,7 +112,7 @@
/* The location of the Postfix top-level queue directory.
/* .IP "\fBsyslog_facility (mail)\fR"
/* The syslog facility of Postfix logging.
/* .IP "\fBsyslog_name (postfix)\fR"
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
/* FILES

18
postfix/src/global/deliver_request.c
View File

@ -207,6 +207,7 @@ static int deliver_request_get(VSTREAM *stream, DELIVER_REQUEST *request)
static RCPT_BUF *rcpt_buf;
int rcpt_count;
int dsn_ret;
int lock_tries;
/*
* Initialize. For some reason I wanted to allow for multiple instances
@ -335,8 +336,21 @@ static int deliver_request_get(VSTREAM *stream, DELIVER_REQUEST *request)
}
if (msg_verbose)
msg_info("%s: file %s", myname, VSTREAM_PATH(request->fp));
if (myflock(vstream_fileno(request->fp), INTERNAL_LOCK, DELIVER_LOCK_MODE) < 0)
msg_fatal("shared lock %s: %m", VSTREAM_PATH(request->fp));
/*
* XXX Originally, the queue manager would read new recipients AFTER all
* the in-memory recipients were processed. either the queue manager held
* an exclusive lock or delivery agents held a shared lock. Now we try a
* few times.
*/
for (lock_tries = 0; /* see below */; lock_tries++) {
if (myflock(vstream_fileno(request->fp), INTERNAL_LOCK, DELIVER_LOCK_MODE) == 0)
break;
if (lock_tries < 5)
sleep(1);
else
msg_fatal("shared lock %s: %m", VSTREAM_PATH(request->fp));
}
close_on_exec(vstream_fileno(request->fp), CLOSE_ON_EXEC);
return (0);

4
postfix/src/global/mail_params.h
View File

@ -1003,8 +1003,8 @@ extern bool var_smtp_skip_5xx_greeting;
#define DEF_IGN_MX_LOOKUP_ERR 0
extern bool var_ign_mx_lookup_err;
#define VAR_SKIP_QUIT_RESP "smtp_skip_quit_response"
#define DEF_SKIP_QUIT_RESP 1
#define VAR_SMTP_SKIP_QUIT_RESP "smtp_skip_quit_response"
#define DEF_SMTP_SKIP_QUIT_RESP 1
extern bool var_skip_quit_resp;
#define VAR_SMTP_ALWAYS_EHLO "smtp_always_send_ehlo"

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20090404"
#define MAIL_VERSION_NUMBER "2.6"
#define MAIL_RELEASE_DATE "20090418"
#define MAIL_VERSION_NUMBER "2.7"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

2
postfix/src/local/local.c
View File

@ -537,7 +537,7 @@
/* before mail delivery is attempted.
/* .IP "\fBsyslog_facility (mail)\fR"
/* The syslog facility of Postfix logging.
/* .IP "\fBsyslog_name (postfix)\fR"
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
/* FILES

Some files were not shown because too many files have changed in this diff Show More