The reason for adding Milter support to Postfix is that there exists a large collection of applications, not only to block unwanted mail, but also to verify authenticity (examples: OpenDKIM, DomainKeys Identified Mail (DKIM), SenderID+SPF and DomainKeys) or to digitally sign mail (examples: OpenDKIM, DomainKeys Identified Mail (DKIM), DomainKeys). @@ -212,10 +214,22 @@ other systems, libmilter may be provided by a package (called "sendmail-devel" on some Linux systems).
Once libmilter is installed, applications such as OpenDKIM, dkim-milter and sid-milter build out of the box without requiring any tinkering:
++++$ gzcat opendkim-x.y.z.tar.gz | tar xf - +$ cd opendkim-x.y.z +$ ./configure ...options... +$ make +[...lots of output omitted...] +$ make install ++
$ gzcat dkim-milter-x.y.z.tar.gz | tar xf - diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html index 2850fb8dd..3b4c2a616 100644 --- a/postfix/html/POSTSCREEN_README.html +++ b/postfix/html/POSTSCREEN_README.html @@ -432,13 +432,14 @@ logging more informative. as:- COMMAND PIPELINING after time from [address]:port + COMMAND PIPELINING from [address]:port after command: text-Translation: the SMTP client at [address]:port sent multiple -SMTP commands, instead of sending one command and then waiting for -the server to reply. This happened time seconds after the -"220 " server greeting was sent.
+Translation: the SMTP client at [address]:port sent +multiple SMTP commands, instead of sending one command and then +waiting for the server to reply. This happened after the client +sent command. The text shows part of the input that +was sent too early; it is not logged with Postfix 2.8.
The postscreen_pipelining_action parameter specifies the action that is taken next. See "When tests fail diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index c61339475..93fe29cc3 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -295,11 +295,21 @@ SMTP(8) SMTP(8) smtp_dns_resolver_options (empty) DNS Resolver options for the Postfix SMTP client. + Available in Postfix version 2.9 and later: + + smtp_per_record_deadline (no) + Change the behavior of the smtp_*_timeout time lim- + its, from a time limit per read or write system + call, to a time limit to read or write a complete + record (an SMTP command line, SMTP response line, + SMTP message content line, or TLS protocol mes- + sage). + MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: disable_mime_output_conversion (no) - Disable the conversion of 8BITMIME format to 7BIT + Disable the conversion of 8BITMIME format to 7BIT format. mime_boundary_length_limit (2048) @@ -314,108 +324,108 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the - Postfix SMTP server EHLO response announces XFOR- + Send the non-standard XFORWARD command when the + Postfix SMTP server EHLO response announces XFOR- WARD support. SASL AUTHENTICATION CONTROLS smtp_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP + Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, + Optional SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender address when sender-dependent authentica- tion is enabled. smtp_sasl_security_options (noplaintext, noanonymous) - Postfix SMTP client SASL security options; as of - Postfix 2.3 the list of available features depends - on the SASL client implementation that is selected + Postfix SMTP client SASL security options; as of + Postfix 2.3 the list of available features depends + on the SASL client implementation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the - remote SMTP server's list of offered SASL mecha- + If non-empty, a Postfix SMTP client filter for the + remote SMTP server's list of offered SASL mecha- nisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) Enable sender-dependent authentication in the Post- - fix SMTP client; this is available only with SASL - authentication, and disables SMTP connection - caching to ensure that mail from different senders + fix SMTP client; this is available only with SASL + authentication, and disables SMTP connection + caching to ensure that mail from different senders will use the appropriate credentials. smtp_sasl_path (empty) - Implementation-specific information that the Post- - fix SMTP client passes through to the SASL plug-in - implementation that is selected with + Implementation-specific information that the Post- + fix SMTP client passes through to the SASL plug-in + implementation that is selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client + The SASL plug-in type that the Postfix SMTP client should use for authentication. Available in Postfix version 2.5 and later: smtp_sasl_auth_cache_name (empty) - An optional table to prevent repeated SASL authen- - tication failures with the same remote SMTP server + An optional table to prevent repeated SASL authen- + tication failures with the same remote SMTP server hostname, username and password. smtp_sasl_auth_cache_time (90d) - The maximal age of an smtp_sasl_auth_cache_name + The maximal age of an smtp_sasl_auth_cache_name entry before it is removed. smtp_sasl_auth_soft_bounce (yes) - When a remote SMTP server rejects a SASL authenti- - cation request with a 535 reply code, defer mail - delivery instead of returning mail as undeliver- + When a remote SMTP server rejects a SASL authenti- + cation request with a 535 reply code, defer mail + delivery instead of returning mail as undeliver- able. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_tls_security_level (empty) The default SMTP TLS security level for the Postfix - SMTP client; when a non-empty value is specified, - this overrides the obsolete parameters + SMTP client; when a non-empty value is specified, + this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. smtp_sasl_tls_security_options ($smtp_sasl_secu- rity_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read - operations during TLS startup and shutdown hand- + Time limit for Postfix SMTP client write and read + operations during TLS startup and shutdown hand- shake procedures. smtp_tls_CAfile (empty) - A file containing CA certificates of root CAs - trusted to sign either remote SMTP server certifi- + A file containing CA certificates of root CAs + trusted to sign either remote SMTP server certifi- cates or intermediate CA certificates. smtp_tls_CApath (empty) - Directory with PEM format certificate authority - certificates that the Postfix SMTP client uses to + Directory with PEM format certificate authority + certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. smtp_tls_cert_file (empty) - File with the Postfix SMTP client RSA certificate + File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP + The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) @@ -424,43 +434,43 @@ SMTP(8) SMTP(8) levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the SMTP client cipher list at manda- + Additional list of ciphers or cipher types to + exclude from the SMTP client cipher list at manda- tory TLS security levels. smtp_tls_dcert_file (empty) - File with the Postfix SMTP client DSA certificate + File with the Postfix SMTP client DSA certificate in PEM format. smtp_tls_dkey_file ($smtp_tls_dcert_file) - File with the Postfix SMTP client DSA private key + File with the Postfix SMTP client DSA private key in PEM format. smtp_tls_key_file ($smtp_tls_cert_file) - File with the Postfix SMTP client RSA private key + File with the Postfix SMTP client RSA private key in PEM format. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that - offers STARTTLS, when TLS is not already enabled + Log the hostname of a remote SMTP server that + offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) Optional lookup tables with the Postfix SMTP client TLS security policy by next-hop destination; when a - non-empty value is specified, this overrides the + non-empty value is specified, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (SSLv3, TLSv1) - List of SSL/TLS protocols that the Postfix SMTP + List of SSL/TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_scert_verifydepth (9) - The verification depth for remote SMTP server cer- + The verification depth for remote SMTP server cer- tificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) @@ -468,7 +478,7 @@ SMTP(8) SMTP(8) for the "secure" TLS security level. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix + Name of the file containing the optional Postfix SMTP client TLS session cache. smtp_tls_session_cache_timeout (3600s) @@ -480,9 +490,9 @@ SMTP(8) SMTP(8) for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random + The number of pseudo-random bytes that an smtp(8) + or smtpd(8) process requests from the tlsmgr(8) + server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist @@ -494,7 +504,7 @@ SMTP(8) SMTP(8) ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) @@ -502,38 +512,38 @@ SMTP(8) SMTP(8) ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in Postfix version 2.4 and later: smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions with a verified server certificate. Available in Postfix version 2.5 and later: smtp_tls_fingerprint_cert_match (empty) - List of acceptable remote SMTP server certificate - fingerprints for the "fingerprint" TLS security + List of acceptable remote SMTP server certificate + fingerprints for the "fingerprint" TLS security level (smtp_tls_security_level = fingerprint). smtp_tls_fingerprint_digest (md5) - The message digest algorithm used to construct + The message digest algorithm used to construct remote SMTP server certificate fingerprints. Available in Postfix version 2.6 and later: smtp_tls_protocols (!SSLv2) - List of TLS protocols that the Postfix SMTP client - will exclude or include with opportunistic TLS + List of TLS protocols that the Postfix SMTP client + will exclude or include with opportunistic TLS encryption. smtp_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP - client will use with opportunistic TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP + client will use with opportunistic TLS encryption. smtp_tls_eccert_file (empty) File with the Postfix SMTP client ECDSA certificate @@ -546,40 +556,40 @@ SMTP(8) SMTP(8) Available in Postfix version 2.7 and later: smtp_tls_block_early_mail_reply (no) - Try to detect a mail hijacking attack based on a - TLS protocol vulnerability (CVE-2009-3555), where - an attacker prepends malicious HELO, MAIL, RCPT, + Try to detect a mail hijacking attack based on a + TLS protocol vulnerability (CVE-2009-3555), where + an attacker prepends malicious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. Available in Postfix version 2.8 and later: tls_disable_workarounds (see 'postconf -d' output) - List or bit-mask of OpenSSL bug work-arounds to + List or bit-mask of OpenSSL bug work-arounds to disable. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- + The following configuration parameters exist for compati- bility with Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP - server announces STARTTLS support, otherwise send + Opportunistic mode: use TLS when a remote SMTP + server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers - use TLS encryption, and never send mail in the + Enforcement mode: require that remote SMTP servers + use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the + With mandatory TLS encryption, require that the remote SMTP server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) Optional lookup tables with the Postfix SMTP client - TLS usage policy by next-hop destination and by + TLS usage policy by next-hop destination and by remote SMTP server hostname. smtp_tls_cipherlist (empty) @@ -589,27 +599,27 @@ SMTP(8) SMTP(8) RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destina- tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery + The maximal number of parallel deliveries to the + same destination via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per message for + The maximal number of recipients per message for the smtp message delivery transport. smtp_connect_timeout (30s) - The SMTP client time limit for completing a TCP + The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The SMTP client time limit for sending the HELO or - EHLO command, and for receiving the initial server + The SMTP client time limit for sending the HELO or + EHLO command, and for receiving the initial server response. lmtp_lhlo_timeout (300s) - The LMTP client time limit for sending the LHLO + The LMTP client time limit for sending the LHLO command, and for receiving the initial server response. @@ -618,30 +628,30 @@ SMTP(8) SMTP(8) command, and for receiving the server response. smtp_mail_timeout (300s) - The SMTP client time limit for sending the MAIL - FROM command, and for receiving the server + The SMTP client time limit for sending the MAIL + FROM command, and for receiving the server response. smtp_rcpt_timeout (300s) - The SMTP client time limit for sending the SMTP - RCPT TO command, and for receiving the server + The SMTP client time limit for sending the SMTP + RCPT TO command, and for receiving the server response. smtp_data_init_timeout (120s) - The SMTP client time limit for sending the SMTP - DATA command, and for receiving the server + The SMTP client time limit for sending the SMTP + DATA command, and for receiving the server response. smtp_data_xfer_timeout (180s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP ".", and for receiving the server response. smtp_quit_timeout (300s) - The SMTP client time limit for sending the QUIT + The SMTP client time limit for sending the QUIT command, and for receiving the server response. Available in Postfix version 2.1 and later: @@ -652,12 +662,12 @@ SMTP(8) SMTP(8) lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before giving up or delivering to a fall- + The maximal number of SMTP sessions per delivery + request before giving up or delivering to a fall- back relay host, or zero (no limit). smtp_rset_timeout (20s) - The SMTP client time limit for sending the RSET + The SMTP client time limit for sending the RSET command, and for receiving the server response. Available in Postfix version 2.2 and earlier: @@ -669,11 +679,11 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. @@ -683,15 +693,25 @@ SMTP(8) SMTP(8) smtp_connection_cache_time_limit (2s) When SMTP connection caching is enabled, the amount - of time that an unused SMTP client socket is kept + of time that an unused SMTP client socket is kept open before it is closed. Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or + Time limit for connection cache connect, send or receive operations. + Available in Postfix version 2.9 and later: + + smtp_per_record_deadline (no) + Change the behavior of the smtp_*_timeout time lim- + its, from a time limit per read or write system + call, to a time limit to read or write a complete + record (an SMTP command line, SMTP response line, + SMTP message content line, or TLS protocol mes- + sage). + TROUBLE SHOOTING CONTROLS debug_peer_level (2) The increment in verbose logging level when a diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 4bfcf456b..16469b44d 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4034,6 +4034,17 @@ configuration parameter. See there for details.
This feature is available in Postfix 2.5 and later.
+ + +lmtp_per_record_deadline +(default: no) + + The LMTP-specific version of the smtp_per_record_deadline +configuration parameter. See there for details.
+ +This feature is available in Postfix 2.8 and later.
+ +lmtp_pix_workaround_delay_time @@ -9545,6 +9556,29 @@ available. smtp_always_send_ehlo parameter. + + + smtp_per_record_deadline +(default: no) + + Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). This +limits the impact from hostile peers that trickle data one byte at +a time.
+ +Note: when per-record deadlines are enabled, a short timeout +may cause problems with TLS over very slow network connections. +The reasons are that a TLS protocol message can be up to 16 kbytes +long (with TLSv1), and that an entire TLS protocol message must be +sent or received within the per-record deadline.
+ +This feature is available in Postfix 2.9 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"no".
+ +smtp_pix_workaround_delay_time @@ -12697,6 +12731,29 @@ DNS lookup and increases the maximal inbound delivery rate. This feature is available in Postfix 2.3 and later.
+ + +smtpd_per_record_deadline +(default: normal: no, overload: yes) + + Change the behavior of the smtpd_timeout time limit, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). This +limits the impact from hostile peers that trickle data one byte at +a time.
+ +Note: when per-record deadlines are enabled, a short timeout +may cause problems with TLS over very slow network connections. +The reasons are that a TLS protocol message can be up to 16 kbytes +long (with TLSv1), and that an entire TLS protocol message must be +sent or received within the per-record deadline.
+ +This feature is available in Postfix 2.9 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"no".
+ +smtpd_policy_service_max_idle diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index b2b5367bb..7a656ac26 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -76,64 +76,65 @@ POSTSCREEN(8) POSTSCREEN(8) Support for AUTH may be added in the future. In the mean time, if you need to make these services available on port 25, then do not enable the optional "after 220 server - greeting" tests. + greeting" tests, and do not use DNSBLs that reject traffic + from dial-up and residential networks. - The optional "after 220 server greeting" tests involve - postscreen(8)'s built-in SMTP protocol engine. When these + The optional "after 220 server greeting" tests involve + postscreen(8)'s built-in SMTP protocol engine. When these tests succeed, postscreen(8) adds the client to the tempo- - rary whitelist but it cannot not hand off the "live" con- - nection to a Postfix SMTP server process in the middle of - a session. Instead, postscreen(8) defers attempts to - deliver mail with a 4XX status, and waits for the client - to disconnect. The next time a good client connects, it - will be allowed to talk to a Postfix SMTP server process - to deliver mail. postscreen(8) mitigates the impact of - this limitation by giving such tests a long expiration + rary whitelist but it cannot not hand off the "live" con- + nection to a Postfix SMTP server process in the middle of + a session. Instead, postscreen(8) defers attempts to + deliver mail with a 4XX status, and waits for the client + to disconnect. The next time a good client connects, it + will be allowed to talk to a Postfix SMTP server process + to deliver mail. postscreen(8) mitigates the impact of + this limitation by giving such tests a long expiration time. CONFIGURATION PARAMETERS - Changes to main.cf are not picked up automatically, as - postscreen(8) processes may run for several hours. Use + Changes to main.cf are not picked up automatically, as + postscreen(8) processes may run for several hours. Use the command "postfix reload" after a configuration change. - The text below provides only a parameter summary. See + The text below provides only a parameter summary. See postconf(5) for more details including examples. NOTE: Some postscreen(8) parameters implement stress- - dependent behavior. This is supported only when the - default parameter value is stress-dependent (that is, it - looks like ${stress?X}${stress:Y}, or it is the $name of + dependent behavior. This is supported only when the + default parameter value is stress-dependent (that is, it + looks like ${stress?X}${stress:Y}, or it is the $name of an smtpd parameter with a stress-dependent default). - Other parameters always evaluate as if the stress parame- + Other parameters always evaluate as if the stress parame- ter value is the empty string. COMPATIBILITY CONTROLS postscreen_command_filter ($smtpd_command_filter) - A mechanism to transform commands from remote SMTP + A mechanism to transform commands from remote SMTP clients. postscreen_discard_ehlo_keyword_address_maps ($smtpd_dis- card_ehlo_keyword_address_maps) - Lookup tables, indexed by the remote SMTP client - address, with case insensitive lists of EHLO key- - words (pipelining, starttls, auth, etc.) that the - postscreen(8) server will not send in the EHLO + Lookup tables, indexed by the remote SMTP client + address, with case insensitive lists of EHLO key- + words (pipelining, starttls, auth, etc.) that the + postscreen(8) server will not send in the EHLO response to a remote SMTP client. postscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_key- words) - A case insensitive list of EHLO keywords (pipelin- - ing, starttls, auth, etc.) that the postscreen(8) - server will not send in the EHLO response to a + A case insensitive list of EHLO keywords (pipelin- + ing, starttls, auth, etc.) that the postscreen(8) + server will not send in the EHLO response to a remote SMTP client. TROUBLE SHOOTING CONTROLS postscreen_expansion_filter (see 'postconf -d' output) - List of characters that are permitted in + List of characters that are permitted in postscreen_reject_footer attribute expansions. postscreen_reject_footer ($smtpd_reject_footer) - Optional information that is appended after a 4XX + Optional information that is appended after a 4XX or 5XX server response. soft_bounce (no) @@ -141,9 +142,9 @@ POSTSCREEN(8) POSTSCREEN(8) be returned to the sender. PERMANENT WHITE/BLACKLIST TEST - This test is executed immediately after a remote SMTP - client connects. If a client is permanently whitelisted, - the client will be handed off immediately to a Postfix + This test is executed immediately after a remote SMTP + client connects. If a client is permanently whitelisted, + the client will be handed off immediately to a Postfix SMTP server process. postscreen_access_list (permit_mynetworks) @@ -151,45 +152,45 @@ POSTSCREEN(8) POSTSCREEN(8) addresses. postscreen_blacklist_action (ignore) - The action that postscreen(8) takes when an SMTP - client is permanently blacklisted with the + The action that postscreen(8) takes when an SMTP + client is permanently blacklisted with the postscreen_access_list parameter. BEFORE-GREETING TESTS - These tests are executed before the remote SMTP client + These tests are executed before the remote SMTP client receives the "220 servername" greeting. If no tests remain - after the successful completion of this phase, the client - will be handed off immediately to a Postfix SMTP server + after the successful completion of this phase, the client + will be handed off immediately to a Postfix SMTP server process. dnsblog_service_name (dnsblog) - The name of the dnsblog(8) service entry in mas- + The name of the dnsblog(8) service entry in mas- ter.cf. postscreen_dnsbl_action (ignore) - The action that postscreen(8) takes when an SMTP + The action that postscreen(8) takes when an SMTP client's combined DNSBL score is equal to or - greater than a threshold (as defined with the + greater than a threshold (as defined with the postscreen_dnsbl_sites and postscreen_dnsbl_thresh- old parameters). postscreen_dnsbl_reply_map (empty) - A mapping from actual DNSBL domain name which - includes a secret password, to the DNSBL domain + A mapping from actual DNSBL domain name which + includes a secret password, to the DNSBL domain name that postscreen will reply with when it rejects mail. postscreen_dnsbl_sites (empty) - Optional list of DNS white/blacklist domains, fil- + Optional list of DNS white/blacklist domains, fil- ters and weight factors. postscreen_dnsbl_threshold (1) - The inclusive lower bound for blocking an SMTP + The inclusive lower bound for blocking an SMTP client, based on its combined DNSBL score as - defined with the postscreen_dnsbl_sites parameter. + defined with the postscreen_dnsbl_sites parameter. postscreen_greet_action (ignore) - The action that postscreen(8) takes when an SMTP + The action that postscreen(8) takes when an SMTP client speaks before its turn within the time spec- ified with the postscreen_greet_wait parameter. @@ -197,39 +198,39 @@ POSTSCREEN(8) POSTSCREEN(8) The text in the optional "220-text..." server response that postscreen(8) sends ahead of the real Postfix SMTP server's "220 text..." response, in an - attempt to confuse bad SMTP clients so that they + attempt to confuse bad SMTP clients so that they speak before their turn (pre-greet). postscreen_greet_wait (${stress?2}${stress:6}s) The amount of time that postscreen(8) will wait for - an SMTP client to send a command before its turn, - and for DNS blocklist lookup results to arrive - (default: up to 2 seconds under stress, up to 6 + an SMTP client to send a command before its turn, + and for DNS blocklist lookup results to arrive + (default: up to 2 seconds under stress, up to 6 seconds otherwise). smtpd_service_name (smtpd) - The internal service that postscreen(8) forwards + The internal service that postscreen(8) forwards allowed connections to. AFTER-GREETING TESTS - These tests are executed after the remote SMTP client + These tests are executed after the remote SMTP client receives the "220 servername" greeting. If a client passes - all tests during this phase, it will receive a 4XX - response to RCPT TO commands until the client hangs up. + all tests during this phase, it will receive a 4XX + response to RCPT TO commands until the client hangs up. After this, the client will be allowed to talk directly to a Postfix SMTP server process. postscreen_bare_newline_action (ignore) - The action that postscreen(8) takes when an SMTP - client sends a bare newline character, that is, a + The action that postscreen(8) takes when an SMTP + client sends a bare newline character, that is, a newline not preceded by carriage return. postscreen_bare_newline_enable (no) - Enable "bare newline" SMTP protocol tests in the + Enable "bare newline" SMTP protocol tests in the postscreen(8) server. postscreen_disable_vrfy_command ($disable_vrfy_command) - Disable the SMTP VRFY command in the postscreen(8) + Disable the SMTP VRFY command in the postscreen(8) daemon. postscreen_forbidden_commands ($smtpd_forbidden_commands) @@ -237,157 +238,157 @@ POSTSCREEN(8) POSTSCREEN(8) siders in violation of the SMTP protocol. postscreen_helo_required ($smtpd_helo_required) - Require that a remote SMTP client sends HELO or + Require that a remote SMTP client sends HELO or EHLO before commencing a MAIL transaction. postscreen_non_smtp_command_action (drop) - The action that postscreen(8) takes when an SMTP - client sends non-SMTP commands as specified with + The action that postscreen(8) takes when an SMTP + client sends non-SMTP commands as specified with the postscreen_forbidden_commands parameter. postscreen_non_smtp_command_enable (no) - Enable "non-SMTP command" tests in the + Enable "non-SMTP command" tests in the postscreen(8) server. postscreen_pipelining_action (enforce) - The action that postscreen(8) takes when an SMTP - client sends multiple commands instead of sending - one command and waiting for the server to respond. + The action that postscreen(8) takes when an SMTP + client sends multiple commands instead of sending + one command and waiting for the server to respond. postscreen_pipelining_enable (no) - Enable "pipelining" SMTP protocol tests in the + Enable "pipelining" SMTP protocol tests in the postscreen(8) server. CACHE CONTROLS postscreen_cache_cleanup_interval (12h) - The amount of time between postscreen(8) cache + The amount of time between postscreen(8) cache cleanup runs. postscreen_cache_map (btree:$data_direc- tory/postscreen_cache) - Persistent storage for the postscreen(8) server + Persistent storage for the postscreen(8) server decisions. postscreen_cache_retention_time (7d) The amount of time that postscreen(8) will cache an - expired temporary whitelist entry before it is + expired temporary whitelist entry before it is removed. postscreen_bare_newline_ttl (30d) - The amount of time that postscreen(8) will use the + The amount of time that postscreen(8) will use the result from a successful "bare newline" SMTP proto- col test. postscreen_dnsbl_ttl (1h) - The amount of time that postscreen(8) will use the + The amount of time that postscreen(8) will use the result from a successful DNS blocklist test. postscreen_greet_ttl (1d) - The amount of time that postscreen(8) will use the + The amount of time that postscreen(8) will use the result from a successful PREGREET test. postscreen_non_smtp_command_ttl (30d) - The amount of time that postscreen(8) will use the - result from a successful "non_smtp_command" SMTP + The amount of time that postscreen(8) will use the + result from a successful "non_smtp_command" SMTP protocol test. postscreen_pipelining_ttl (30d) - The amount of time that postscreen(8) will use the + The amount of time that postscreen(8) will use the result from a successful "pipelining" SMTP protocol test. RESOURCE CONTROLS line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines + Upon input, long lines are chopped up into pieces + of at most this length; upon delivery, long lines are reconstructed. postscreen_client_connection_count_limit ($smtpd_client_connection_count_limit) - How many simultaneous connections any client is + How many simultaneous connections any client is allowed to have with the postscreen(8) daemon. postscreen_command_count_limit (20) - The limit on the total number of commands per SMTP - session for postscreen(8)'s built-in SMTP protocol + The limit on the total number of commands per SMTP + session for postscreen(8)'s built-in SMTP protocol engine. postscreen_command_time_limit (${stress?10}${stress:300}s) - The time limit to read an entire command line with + The time limit to read an entire command line with postscreen(8)'s built-in SMTP protocol engine. postscreen_post_queue_limit ($default_process_limit) - The number of clients that can be waiting for ser- + The number of clients that can be waiting for ser- vice from a real SMTP server process. postscreen_pre_queue_limit ($default_process_limit) - The number of non-whitelisted clients that can be - waiting for a decision whether they will receive + The number of non-whitelisted clients that can be + waiting for a decision whether they will receive service from a real SMTP server process. postscreen_watchdog_timeout (10s) - How much time a postscreen(8) process may take to - respond to an SMTP client command or to perform a + How much time a postscreen(8) process may take to + respond to an SMTP client command or to perform a cache operation before it is terminated by a built- in watchdog timer. STARTTLS CONTROLS postscreen_tls_security_level ($smtpd_tls_security_level) - The SMTP TLS security level for the postscreen(8) - server; when a non-empty value is specified, this + The SMTP TLS security level for the postscreen(8) + server; when a non-empty value is specified, this overrides the obsolete parameters postscreen_use_tls and postscreen_enforce_tls. tlsproxy_service_name (tlsproxy) - The name of the tlsproxy(8) service entry in mas- + The name of the tlsproxy(8) service entry in mas- ter.cf. OBSOLETE STARTTLS SUPPORT CONTROLS - These parameters are supported for compatibility with + These parameters are supported for compatibility with smtpd(8) legacy parameters. postscreen_use_tls ($smtpd_use_tls) - Opportunistic TLS: announce STARTTLS support to - SMTP clients, but do not require that clients use + Opportunistic TLS: announce STARTTLS support to + SMTP clients, but do not require that clients use TLS encryption. postscreen_enforce_tls ($smtpd_enforce_tls) - Mandatory TLS: announce STARTTLS support to SMTP - clients, and require that clients use TLS encryp- + Mandatory TLS: announce STARTTLS support to SMTP + clients, and require that clients use TLS encryp- tion. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal + The maximal number of digits after the decimal point when logging sub-second delay values. command_directory (see 'postconf -d' output) - The location of all postfix administrative com- + The location of all postfix administrative com- mands. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". SEE ALSO @@ -400,14 +401,14 @@ POSTSCREEN(8) POSTSCREEN(8) POSTSCREEN_README, Postfix Postscreen Howto LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.8. - Many ideas in postscreen(8) were explored in earlier work - by Michael Tokarev, in OpenBSD spamd, and in MailChannels + Many ideas in postscreen(8) were explored in earlier work + by Michael Tokarev, in OpenBSD spamd, and in MailChannels Traffic Control. AUTHOR(S) diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index c61339475..93fe29cc3 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -295,11 +295,21 @@ SMTP(8) SMTP(8) smtp_dns_resolver_options (empty) DNS Resolver options for the Postfix SMTP client. + Available in Postfix version 2.9 and later: + + smtp_per_record_deadline (no) + Change the behavior of the smtp_*_timeout time lim- + its, from a time limit per read or write system + call, to a time limit to read or write a complete + record (an SMTP command line, SMTP response line, + SMTP message content line, or TLS protocol mes- + sage). + MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: disable_mime_output_conversion (no) - Disable the conversion of 8BITMIME format to 7BIT + Disable the conversion of 8BITMIME format to 7BIT format. mime_boundary_length_limit (2048) @@ -314,108 +324,108 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the - Postfix SMTP server EHLO response announces XFOR- + Send the non-standard XFORWARD command when the + Postfix SMTP server EHLO response announces XFOR- WARD support. SASL AUTHENTICATION CONTROLS smtp_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP + Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, + Optional SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender address when sender-dependent authentica- tion is enabled. smtp_sasl_security_options (noplaintext, noanonymous) - Postfix SMTP client SASL security options; as of - Postfix 2.3 the list of available features depends - on the SASL client implementation that is selected + Postfix SMTP client SASL security options; as of + Postfix 2.3 the list of available features depends + on the SASL client implementation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the - remote SMTP server's list of offered SASL mecha- + If non-empty, a Postfix SMTP client filter for the + remote SMTP server's list of offered SASL mecha- nisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) Enable sender-dependent authentication in the Post- - fix SMTP client; this is available only with SASL - authentication, and disables SMTP connection - caching to ensure that mail from different senders + fix SMTP client; this is available only with SASL + authentication, and disables SMTP connection + caching to ensure that mail from different senders will use the appropriate credentials. smtp_sasl_path (empty) - Implementation-specific information that the Post- - fix SMTP client passes through to the SASL plug-in - implementation that is selected with + Implementation-specific information that the Post- + fix SMTP client passes through to the SASL plug-in + implementation that is selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client + The SASL plug-in type that the Postfix SMTP client should use for authentication. Available in Postfix version 2.5 and later: smtp_sasl_auth_cache_name (empty) - An optional table to prevent repeated SASL authen- - tication failures with the same remote SMTP server + An optional table to prevent repeated SASL authen- + tication failures with the same remote SMTP server hostname, username and password. smtp_sasl_auth_cache_time (90d) - The maximal age of an smtp_sasl_auth_cache_name + The maximal age of an smtp_sasl_auth_cache_name entry before it is removed. smtp_sasl_auth_soft_bounce (yes) - When a remote SMTP server rejects a SASL authenti- - cation request with a 535 reply code, defer mail - delivery instead of returning mail as undeliver- + When a remote SMTP server rejects a SASL authenti- + cation request with a 535 reply code, defer mail + delivery instead of returning mail as undeliver- able. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_tls_security_level (empty) The default SMTP TLS security level for the Postfix - SMTP client; when a non-empty value is specified, - this overrides the obsolete parameters + SMTP client; when a non-empty value is specified, + this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. smtp_sasl_tls_security_options ($smtp_sasl_secu- rity_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read - operations during TLS startup and shutdown hand- + Time limit for Postfix SMTP client write and read + operations during TLS startup and shutdown hand- shake procedures. smtp_tls_CAfile (empty) - A file containing CA certificates of root CAs - trusted to sign either remote SMTP server certifi- + A file containing CA certificates of root CAs + trusted to sign either remote SMTP server certifi- cates or intermediate CA certificates. smtp_tls_CApath (empty) - Directory with PEM format certificate authority - certificates that the Postfix SMTP client uses to + Directory with PEM format certificate authority + certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. smtp_tls_cert_file (empty) - File with the Postfix SMTP client RSA certificate + File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP + The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) @@ -424,43 +434,43 @@ SMTP(8) SMTP(8) levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the SMTP client cipher list at manda- + Additional list of ciphers or cipher types to + exclude from the SMTP client cipher list at manda- tory TLS security levels. smtp_tls_dcert_file (empty) - File with the Postfix SMTP client DSA certificate + File with the Postfix SMTP client DSA certificate in PEM format. smtp_tls_dkey_file ($smtp_tls_dcert_file) - File with the Postfix SMTP client DSA private key + File with the Postfix SMTP client DSA private key in PEM format. smtp_tls_key_file ($smtp_tls_cert_file) - File with the Postfix SMTP client RSA private key + File with the Postfix SMTP client RSA private key in PEM format. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that - offers STARTTLS, when TLS is not already enabled + Log the hostname of a remote SMTP server that + offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) Optional lookup tables with the Postfix SMTP client TLS security policy by next-hop destination; when a - non-empty value is specified, this overrides the + non-empty value is specified, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (SSLv3, TLSv1) - List of SSL/TLS protocols that the Postfix SMTP + List of SSL/TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_scert_verifydepth (9) - The verification depth for remote SMTP server cer- + The verification depth for remote SMTP server cer- tificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) @@ -468,7 +478,7 @@ SMTP(8) SMTP(8) for the "secure" TLS security level. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix + Name of the file containing the optional Postfix SMTP client TLS session cache. smtp_tls_session_cache_timeout (3600s) @@ -480,9 +490,9 @@ SMTP(8) SMTP(8) for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random + The number of pseudo-random bytes that an smtp(8) + or smtpd(8) process requests from the tlsmgr(8) + server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist @@ -494,7 +504,7 @@ SMTP(8) SMTP(8) ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) @@ -502,38 +512,38 @@ SMTP(8) SMTP(8) ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in Postfix version 2.4 and later: smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions with a verified server certificate. Available in Postfix version 2.5 and later: smtp_tls_fingerprint_cert_match (empty) - List of acceptable remote SMTP server certificate - fingerprints for the "fingerprint" TLS security + List of acceptable remote SMTP server certificate + fingerprints for the "fingerprint" TLS security level (smtp_tls_security_level = fingerprint). smtp_tls_fingerprint_digest (md5) - The message digest algorithm used to construct + The message digest algorithm used to construct remote SMTP server certificate fingerprints. Available in Postfix version 2.6 and later: smtp_tls_protocols (!SSLv2) - List of TLS protocols that the Postfix SMTP client - will exclude or include with opportunistic TLS + List of TLS protocols that the Postfix SMTP client + will exclude or include with opportunistic TLS encryption. smtp_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP - client will use with opportunistic TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP + client will use with opportunistic TLS encryption. smtp_tls_eccert_file (empty) File with the Postfix SMTP client ECDSA certificate @@ -546,40 +556,40 @@ SMTP(8) SMTP(8) Available in Postfix version 2.7 and later: smtp_tls_block_early_mail_reply (no) - Try to detect a mail hijacking attack based on a - TLS protocol vulnerability (CVE-2009-3555), where - an attacker prepends malicious HELO, MAIL, RCPT, + Try to detect a mail hijacking attack based on a + TLS protocol vulnerability (CVE-2009-3555), where + an attacker prepends malicious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. Available in Postfix version 2.8 and later: tls_disable_workarounds (see 'postconf -d' output) - List or bit-mask of OpenSSL bug work-arounds to + List or bit-mask of OpenSSL bug work-arounds to disable. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- + The following configuration parameters exist for compati- bility with Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP - server announces STARTTLS support, otherwise send + Opportunistic mode: use TLS when a remote SMTP + server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers - use TLS encryption, and never send mail in the + Enforcement mode: require that remote SMTP servers + use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the + With mandatory TLS encryption, require that the remote SMTP server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) Optional lookup tables with the Postfix SMTP client - TLS usage policy by next-hop destination and by + TLS usage policy by next-hop destination and by remote SMTP server hostname. smtp_tls_cipherlist (empty) @@ -589,27 +599,27 @@ SMTP(8) SMTP(8) RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destina- tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery + The maximal number of parallel deliveries to the + same destination via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per message for + The maximal number of recipients per message for the smtp message delivery transport. smtp_connect_timeout (30s) - The SMTP client time limit for completing a TCP + The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The SMTP client time limit for sending the HELO or - EHLO command, and for receiving the initial server + The SMTP client time limit for sending the HELO or + EHLO command, and for receiving the initial server response. lmtp_lhlo_timeout (300s) - The LMTP client time limit for sending the LHLO + The LMTP client time limit for sending the LHLO command, and for receiving the initial server response. @@ -618,30 +628,30 @@ SMTP(8) SMTP(8) command, and for receiving the server response. smtp_mail_timeout (300s) - The SMTP client time limit for sending the MAIL - FROM command, and for receiving the server + The SMTP client time limit for sending the MAIL + FROM command, and for receiving the server response. smtp_rcpt_timeout (300s) - The SMTP client time limit for sending the SMTP - RCPT TO command, and for receiving the server + The SMTP client time limit for sending the SMTP + RCPT TO command, and for receiving the server response. smtp_data_init_timeout (120s) - The SMTP client time limit for sending the SMTP - DATA command, and for receiving the server + The SMTP client time limit for sending the SMTP + DATA command, and for receiving the server response. smtp_data_xfer_timeout (180s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP ".", and for receiving the server response. smtp_quit_timeout (300s) - The SMTP client time limit for sending the QUIT + The SMTP client time limit for sending the QUIT command, and for receiving the server response. Available in Postfix version 2.1 and later: @@ -652,12 +662,12 @@ SMTP(8) SMTP(8) lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before giving up or delivering to a fall- + The maximal number of SMTP sessions per delivery + request before giving up or delivering to a fall- back relay host, or zero (no limit). smtp_rset_timeout (20s) - The SMTP client time limit for sending the RSET + The SMTP client time limit for sending the RSET command, and for receiving the server response. Available in Postfix version 2.2 and earlier: @@ -669,11 +679,11 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. @@ -683,15 +693,25 @@ SMTP(8) SMTP(8) smtp_connection_cache_time_limit (2s) When SMTP connection caching is enabled, the amount - of time that an unused SMTP client socket is kept + of time that an unused SMTP client socket is kept open before it is closed. Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or + Time limit for connection cache connect, send or receive operations. + Available in Postfix version 2.9 and later: + + smtp_per_record_deadline (no) + Change the behavior of the smtp_*_timeout time lim- + its, from a time limit per read or write system + call, to a time limit to read or write a complete + record (an SMTP command line, SMTP response line, + SMTP message content line, or TLS protocol mes- + sage). + TROUBLE SHOOTING CONTROLS debug_peer_level (2) The increment in verbose logging level when a diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 500c79d11..9c7f4021e 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -153,46 +153,56 @@ SMTPD(8) SMTPD(8) A mechanism to transform commands from remote SMTP clients. + Available in Postfix version 2.9 and later: + + smtpd_per_record_deadline (normal: no, overload: yes) + Change the behavior of the smtpd_timeout time + limit, from a time limit per read or write system + call, to a time limit to read or write a complete + record (an SMTP command line, SMTP response line, + SMTP message content line, or TLS protocol mes- + sage). + ADDRESS REWRITING CONTROLS - See the ADDRESS_REWRITING_README document for a detailed + See the ADDRESS_REWRITING_README document for a detailed discussion of Postfix address rewriting. receive_override_options (empty) - Enable or disable recipient validation, built-in + Enable or disable recipient validation, built-in content filtering, or address mapping. Available in Postfix version 2.2 and later: local_header_rewrite_clients (permit_inet_interfaces) Rewrite message header addresses in mail from these - clients and update incomplete addresses with the + clients and update incomplete addresses with the domain name in $myorigin or $mydomain; either don't - rewrite message headers from other clients at all, - or rewrite message headers and update incomplete - addresses with the domain specified in the + rewrite message headers from other clients at all, + or rewrite message headers and update incomplete + addresses with the domain specified in the remote_header_rewrite_domain parameter. AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS - As of version 1.0, Postfix can be configured to send new - mail to an external content filter AFTER the mail is - queued. This content filter is expected to inject mail - back into a (Postfix or other) MTA for further delivery. + As of version 1.0, Postfix can be configured to send new + mail to an external content filter AFTER the mail is + queued. This content filter is expected to inject mail + back into a (Postfix or other) MTA for further delivery. See the FILTER_README document for details. content_filter (empty) - After the message is queued, send the entire mes- + After the message is queued, send the entire mes- sage to the specified transport:destination. BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS - As of version 2.1, the Postfix SMTP server can be config- - ured to send incoming mail to a real-time SMTP-based con- + As of version 2.1, the Postfix SMTP server can be config- + ured to send incoming mail to a real-time SMTP-based con- tent filter BEFORE mail is queued. This content filter is - expected to inject mail back into Postfix. See the - SMTPD_PROXY_README document for details on how to config- + expected to inject mail back into Postfix. See the + SMTPD_PROXY_README document for details on how to config- ure and operate this feature. smtpd_proxy_filter (empty) - The hostname and TCP port of the mail filtering + The hostname and TCP port of the mail filtering proxy server. smtpd_proxy_ehlo ($myhostname) @@ -200,8 +210,8 @@ SMTPD(8) SMTPD(8) proxy filter. smtpd_proxy_options (empty) - List of options that control how the Postfix SMTP - server communicates with a before-queue content + List of options that control how the Postfix SMTP + server communicates with a before-queue content filter. smtpd_proxy_timeout (100s) @@ -210,24 +220,24 @@ SMTPD(8) SMTPD(8) BEFORE QUEUE MILTER CONTROLS As of version 2.3, Postfix supports the Sendmail version 8 - Milter (mail filter) protocol. These content filters run - outside Postfix. They can inspect the SMTP command stream - and the message content, and can request modifications - before mail is queued. For details see the MILTER_README + Milter (mail filter) protocol. These content filters run + outside Postfix. They can inspect the SMTP command stream + and the message content, and can request modifications + before mail is queued. For details see the MILTER_README document. smtpd_milters (empty) A list of Milter (mail filter) applications for new - mail that arrives via the Postfix smtpd(8) server. + mail that arrives via the Postfix smtpd(8) server. milter_protocol (6) - The mail filter protocol version and optional pro- - tocol extensions for communication with a Milter - application; prior to Postfix 2.6 the default pro- + The mail filter protocol version and optional pro- + tocol extensions for communication with a Milter + application; prior to Postfix 2.6 the default pro- tocol is 2. milter_default_action (tempfail) - The default action when a Milter (mail filter) + The default action when a Milter (mail filter) application is unavailable or mis-configured. milter_macro_daemon_name ($myhostname) @@ -239,190 +249,190 @@ SMTPD(8) SMTPD(8) cations. milter_connect_timeout (30s) - The time limit for connecting to a Milter (mail - filter) application, and for negotiating protocol + The time limit for connecting to a Milter (mail + filter) application, and for negotiating protocol options. milter_command_timeout (30s) - The time limit for sending an SMTP command to a + The time limit for sending an SMTP command to a Milter (mail filter) application, and for receiving the response. milter_content_timeout (300s) - The time limit for sending message content to a + The time limit for sending message content to a Milter (mail filter) application, and for receiving the response. milter_connect_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after completion of an SMTP connec- + The macros that are sent to Milter (mail filter) + applications after completion of an SMTP connec- tion. milter_helo_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) + The macros that are sent to Milter (mail filter) applications after the SMTP HELO or EHLO command. milter_mail_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) + The macros that are sent to Milter (mail filter) applications after the SMTP MAIL FROM command. milter_rcpt_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) + The macros that are sent to Milter (mail filter) applications after the SMTP RCPT TO command. milter_data_macros (see 'postconf -d' output) - The macros that are sent to version 4 or higher - Milter (mail filter) applications after the SMTP + The macros that are sent to version 4 or higher + Milter (mail filter) applications after the SMTP DATA command. milter_unknown_command_macros (see 'postconf -d' output) - The macros that are sent to version 3 or higher - Milter (mail filter) applications after an unknown + The macros that are sent to version 3 or higher + Milter (mail filter) applications after an unknown SMTP command. milter_end_of_header_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) + The macros that are sent to Milter (mail filter) applications after the end of the message header. milter_end_of_data_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) + The macros that are sent to Milter (mail filter) applications after the message end-of-data. GENERAL CONTENT INSPECTION CONTROLS - The following parameters are applicable for both built-in + The following parameters are applicable for both built-in and external content filters. Available in Postfix version 2.1 and later: receive_override_options (empty) - Enable or disable recipient validation, built-in + Enable or disable recipient validation, built-in content filtering, or address mapping. EXTERNAL CONTENT INSPECTION CONTROLS - The following parameters are applicable for both before- + The following parameters are applicable for both before- queue and after-queue content filtering. Available in Postfix version 2.1 and later: smtpd_authorized_xforward_hosts (empty) - What SMTP clients are allowed to use the XFORWARD + What SMTP clients are allowed to use the XFORWARD feature. SASL AUTHENTICATION CONTROLS - Postfix SASL support (RFC 4954) can be used to authenti- - cate remote SMTP clients to the Postfix SMTP server, and - to authenticate the Postfix SMTP client to a remote SMTP + Postfix SASL support (RFC 4954) can be used to authenti- + cate remote SMTP clients to the Postfix SMTP server, and + to authenticate the Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. broken_sasl_auth_clients (no) - Enable inter-operability with SMTP clients that - implement an obsolete version of the AUTH command + Enable inter-operability with SMTP clients that + implement an obsolete version of the AUTH command (RFC 4954). smtpd_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP + Enable SASL authentication in the Postfix SMTP server. smtpd_sasl_local_domain (empty) - The name of the Postfix SMTP server's local SASL + The name of the Postfix SMTP server's local SASL authentication realm. smtpd_sasl_security_options (noanonymous) - Postfix SMTP server SASL security options; as of - Postfix 2.3 the list of available features depends - on the SASL server implementation that is selected + Postfix SMTP server SASL security options; as of + Postfix 2.3 the list of available features depends + on the SASL server implementation that is selected with smtpd_sasl_type. smtpd_sender_login_maps (empty) - Optional lookup table with the SASL login names + Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses. Available in Postfix version 2.1 and later: smtpd_sasl_exceptions_networks (empty) - What remote SMTP clients the Postfix SMTP server + What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. Available in Postfix version 2.1 and 2.2: smtpd_sasl_application_name (smtpd) - The application name that the Postfix SMTP server + The application name that the Postfix SMTP server uses for SASL server initialization. Available in Postfix version 2.3 and later: smtpd_sasl_authenticated_header (no) - Report the SASL authenticated user name in the + Report the SASL authenticated user name in the smtpd(8) Received message header. smtpd_sasl_path (smtpd) - Implementation-specific information that the Post- - fix SMTP server passes through to the SASL plug-in - implementation that is selected with + Implementation-specific information that the Post- + fix SMTP server passes through to the SASL plug-in + implementation that is selected with smtpd_sasl_type. smtpd_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP server + The SASL plug-in type that the Postfix SMTP server should use for authentication. Available in Postfix version 2.5 and later: cyrus_sasl_config_path (empty) - Search path for Cyrus SASL application configura- - tion files, currently used only to locate the + Search path for Cyrus SASL application configura- + tion files, currently used only to locate the $smtpd_sasl_path.conf file. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtpd_tls_security_level (empty) - The SMTP TLS security level for the Postfix SMTP - server; when a non-empty value is specified, this + The SMTP TLS security level for the Postfix SMTP + server; when a non-empty value is specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. smtpd_sasl_tls_security_options ($smtpd_sasl_secu- rity_options) - The SASL authentication security options that the - Postfix SMTP server uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP server uses for TLS encrypted SMTP sessions. smtpd_starttls_timeout (see 'postconf -d' output) - The time limit for Postfix SMTP server write and - read operations during TLS startup and shutdown + The time limit for Postfix SMTP server write and + read operations during TLS startup and shutdown handshake procedures. smtpd_tls_CAfile (empty) - A file containing (PEM format) CA certificates of - root CAs trusted to sign either remote SMTP client + A file containing (PEM format) CA certificates of + root CAs trusted to sign either remote SMTP client certificates or intermediate CA certificates. smtpd_tls_CApath (empty) A directory containing (PEM format) CA certificates - of root CAs trusted to sign either remote SMTP - client certificates or intermediate CA certifi- + of root CAs trusted to sign either remote SMTP + client certificates or intermediate CA certifi- cates. smtpd_tls_always_issue_session_ids (yes) - Force the Postfix SMTP server to issue a TLS ses- - sion id, even when TLS session caching is turned + Force the Postfix SMTP server to issue a TLS ses- + sion id, even when TLS session caching is turned off (smtpd_tls_session_cache_database is empty). smtpd_tls_ask_ccert (no) - Ask a remote SMTP client for a client certificate. + Ask a remote SMTP client for a client certificate. smtpd_tls_auth_only (no) When TLS encryption is optional in the Postfix SMTP - server, do not announce or accept SASL authentica- + server, do not announce or accept SASL authentica- tion over unencrypted connections. smtpd_tls_ccert_verifydepth (9) - The verification depth for remote SMTP client cer- + The verification depth for remote SMTP client cer- tificates. smtpd_tls_cert_file (empty) - File with the Postfix SMTP server RSA certificate + File with the Postfix SMTP server RSA certificate in PEM format. smtpd_tls_exclude_ciphers (empty) @@ -430,56 +440,56 @@ SMTPD(8) SMTPD(8) SMTP server cipher list at all TLS security levels. smtpd_tls_dcert_file (empty) - File with the Postfix SMTP server DSA certificate + File with the Postfix SMTP server DSA certificate in PEM format. smtpd_tls_dh1024_param_file (empty) - File with DH parameters that the Postfix SMTP - server should use with EDH ciphers. - - smtpd_tls_dh512_param_file (empty) File with DH parameters that the Postfix SMTP server should use with EDH ciphers. + smtpd_tls_dh512_param_file (empty) + File with DH parameters that the Postfix SMTP + server should use with EDH ciphers. + smtpd_tls_dkey_file ($smtpd_tls_dcert_file) - File with the Postfix SMTP server DSA private key + File with the Postfix SMTP server DSA private key in PEM format. smtpd_tls_key_file ($smtpd_tls_cert_file) - File with the Postfix SMTP server RSA private key + File with the Postfix SMTP server RSA private key in PEM format. smtpd_tls_loglevel (0) - Enable additional Postfix SMTP server logging of + Enable additional Postfix SMTP server logging of TLS activity. smtpd_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP + The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory TLS encryption. smtpd_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the SMTP server cipher list at manda- + Additional list of ciphers or cipher types to + exclude from the SMTP server cipher list at manda- tory TLS security levels. smtpd_tls_mandatory_protocols (SSLv3, TLSv1) - The SSL/TLS protocols accepted by the Postfix SMTP + The SSL/TLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption. smtpd_tls_received_header (no) Request that the Postfix SMTP server produces Received: message headers that include information - about the protocol and cipher used, as well as the - client CommonName and client certificate issuer + about the protocol and cipher used, as well as the + client CommonName and client certificate issuer CommonName. smtpd_tls_req_ccert (no) - With mandatory TLS encryption, require a trusted - remote SMTP client certificate in order to allow + With mandatory TLS encryption, require a trusted + remote SMTP client certificate in order to allow TLS connections to proceed. smtpd_tls_session_cache_database (empty) - Name of the file containing the optional Postfix + Name of the file containing the optional Postfix SMTP server TLS session cache. smtpd_tls_session_cache_timeout (3600s) @@ -487,14 +497,14 @@ SMTPD(8) SMTPD(8) sion cache information. smtpd_tls_wrappermode (no) - Run the Postfix SMTP server in the non-standard - "wrapper" mode, instead of using the STARTTLS com- + Run the Postfix SMTP server in the non-standard + "wrapper" mode, instead of using the STARTTLS com- mand. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random + The number of pseudo-random bytes that an smtp(8) + or smtpd(8) process requests from the tlsmgr(8) + server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist @@ -506,7 +516,7 @@ SMTPD(8) SMTPD(8) ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) @@ -514,26 +524,26 @@ SMTPD(8) SMTPD(8) ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in Postfix version 2.5 and later: smtpd_tls_fingerprint_digest (md5) - The message digest algorithm used to construct + The message digest algorithm used to construct client-certificate fingerprints for check_ccert_access and permit_tls_clientcerts. Available in Postfix version 2.6 and later: smtpd_tls_protocols (empty) - List of TLS protocols that the Postfix SMTP server - will exclude or include with opportunistic TLS + List of TLS protocols that the Postfix SMTP server + will exclude or include with opportunistic TLS encryption. smtpd_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP - server will use with opportunistic TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP + server will use with opportunistic TLS encryption. smtpd_tls_eccert_file (empty) File with the Postfix SMTP server ECDSA certificate @@ -544,7 +554,7 @@ SMTPD(8) SMTPD(8) in PEM format. smtpd_tls_eecdh_grade (see 'postconf -d' output) - The Postfix SMTP server security grade for + The Postfix SMTP server security grade for ephemeral elliptic-curve Diffie-Hellman (EECDH) key exchange. @@ -564,22 +574,22 @@ SMTPD(8) SMTPD(8) ence order. tls_disable_workarounds (see 'postconf -d' output) - List or bit-mask of OpenSSL bug work-arounds to + List or bit-mask of OpenSSL bug work-arounds to disable. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- + The following configuration parameters exist for compati- bility with Postfix versions before 2.3. Support for these will be removed in a future release. smtpd_use_tls (no) - Opportunistic TLS: announce STARTTLS support to - SMTP clients, but do not require that clients use + Opportunistic TLS: announce STARTTLS support to + SMTP clients, but do not require that clients use TLS encryption. smtpd_enforce_tls (no) - Mandatory TLS: announce STARTTLS support to SMTP - clients, and require that clients use TLS encryp- + Mandatory TLS: announce STARTTLS support to SMTP + clients, and require that clients use TLS encryp- tion. smtpd_tls_cipherlist (empty) @@ -587,68 +597,68 @@ SMTPD(8) SMTPD(8) server TLS cipher list. VERP SUPPORT CONTROLS - With VERP style delivery, each recipient of a message + With VERP style delivery, each recipient of a message receives a customized copy of the message with his/her own - recipient address encoded in the envelope sender address. + recipient address encoded in the envelope sender address. The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return + details of Postfix support for variable envelope return path addresses. VERP style delivery is requested with the - SMTP XVERP command or with the "sendmail -V" command-line - option and is available in Postfix version 1.1 and later. + SMTP XVERP command or with the "sendmail -V" command-line + option and is available in Postfix version 1.1 and later. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line + The characters Postfix accepts as VERP delimiter + characters on the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 1.1 and 2.0: authorized_verp_clients ($mynetworks) - What SMTP clients are allowed to specify the XVERP + What SMTP clients are allowed to specify the XVERP command. Available in Postfix version 2.1 and later: smtpd_authorized_verp_clients ($authorized_verp_clients) - What SMTP clients are allowed to specify the XVERP + What SMTP clients are allowed to specify the XVERP command. TROUBLE SHOOTING CONTROLS - The DEBUG_README document describes how to debug parts of - the Postfix mail system. The methods vary from making the - software log a lot of detail, to running some daemon pro- + The DEBUG_README document describes how to debug parts of + the Postfix mail system. The methods vary from making the + software log a lot of detail, to running some daemon pro- cesses under control of a call tracer or debugger. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, + The recipient of postmaster notifications about + mail delivery problems that are caused by policy, resource, software or protocol errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by + What categories of Postfix-generated mail are sub- + ject to before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) - The list of error classes that are reported to the + The list of error classes that are reported to the postmaster. smtpd_reject_footer (empty) - Optional information that is appended after each + Optional information that is appended after each SMTP server 4XX or 5XX response. soft_bounce (no) @@ -658,22 +668,22 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.1 and later: smtpd_authorized_xclient_hosts (empty) - What SMTP clients are allowed to use the XCLIENT + What SMTP clients are allowed to use the XCLIENT feature. KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS - As of Postfix version 2.0, the SMTP server rejects mail - for unknown recipients. This prevents the mail queue from - clogging up with undeliverable MAILER-DAEMON messages. - Additional information on this topic is in the + As of Postfix version 2.0, the SMTP server rejects mail + for unknown recipients. This prevents the mail queue from + clogging up with undeliverable MAILER-DAEMON messages. + Additional information on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. show_user_unknown_table_name (yes) - Display the name of the recipient table in the + Display the name of the recipient table in the "User unknown" responses. canonical_maps (empty) - Optional address mapping lookup tables for message + Optional address mapping lookup tables for message headers and envelopes. recipient_canonical_maps (empty) @@ -684,7 +694,7 @@ SMTPD(8) SMTPD(8) mydestination ($myhostname, localhost.$mydomain, local- host) - The list of domains that are delivered via the + The list of domains that are delivered via the $local_transport mail delivery transport. inet_interfaces (all) @@ -693,146 +703,146 @@ SMTPD(8) SMTPD(8) proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. inet_protocols (ipv4) - The Internet protocols Postfix will attempt to use + The Internet protocols Postfix will attempt to use when making or accepting connections. local_recipient_maps (proxy:unix:passwd.byname $alias_maps) - Lookup tables with all names or addresses of local - recipients: a recipient address is local when its - domain matches $mydestination, $inet_interfaces or + Lookup tables with all names or addresses of local + recipients: a recipient address is local when its + domain matches $mydestination, $inet_interfaces or $proxy_interfaces. unknown_local_recipient_reject_code (550) - The numerical Postfix SMTP server response code - when a recipient address is local, and - $local_recipient_maps specifies a list of lookup + The numerical Postfix SMTP server response code + when a recipient address is local, and + $local_recipient_maps specifies a list of lookup tables that does not match the recipient. - Parameters concerning known/unknown recipients of relay + Parameters concerning known/unknown recipients of relay destinations: relay_domains ($mydestination) - What destination domains (and subdomains thereof) + What destination domains (and subdomains thereof) this system will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $relay_domains. unknown_relay_recipient_reject_code (550) The numerical Postfix SMTP server reply code when a - recipient address matches $relay_domains, and - relay_recipient_maps specifies a list of lookup + recipient address matches $relay_domains, and + relay_recipient_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual alias domains: virtual_alias_domains ($virtual_alias_maps) Postfix is final destination for the specified list - of virtual alias domains, that is, domains for - which all addresses are aliased to addresses in + of virtual alias domains, that is, domains for + which all addresses are aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail - addresses or domains to other local or remote + Optional lookup tables that alias specific mail + addresses or domains to other local or remote address. unknown_virtual_alias_reject_code (550) The SMTP server reply code when a recipient address - matches $virtual_alias_domains, and $vir- - tual_alias_maps specifies a list of lookup tables + matches $virtual_alias_domains, and $vir- + tual_alias_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual mailbox domains: virtual_mailbox_domains ($virtual_mailbox_maps) Postfix is final destination for the specified list - of domains; mail is delivered via the $vir- + of domains; mail is delivered via the $vir- tual_transport mail delivery transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) The SMTP server reply code when a recipient address - matches $virtual_mailbox_domains, and $vir- + matches $virtual_mailbox_domains, and $vir- tual_mailbox_maps specifies a list of lookup tables that does not match the recipient address. RESOURCE AND RATE CONTROLS - The following parameters limit resource usage by the SMTP + The following parameters limit resource usage by the SMTP server and/or control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines + Upon input, long lines are chopped up into pieces + of at most this length; upon delivery, long lines are reconstructed. queue_minfree (0) - The minimal amount of free space in bytes in the + The minimal amount of free space in bytes in the queue file system that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including + The maximal size in bytes of a message, including envelope information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix + The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. smtpd_timeout (normal: 300s, overload: 10s) - The time limit for sending a Postfix SMTP server - response and for receiving a remote SMTP client + The time limit for sending a Postfix SMTP server + response and for receiving a remote SMTP client request. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP - server command history before it is flushed upon + The maximal number of lines in the Postfix SMTP + server command history before it is flushed upon receipt of EHLO, RSET, or end of DATA. Available in Postfix version 2.3 and later: smtpd_peername_lookup (yes) Attempt to look up the remote SMTP client hostname, - and verify that the name matches the client IP + and verify that the name matches the client IP address. The per SMTP client connection count and request rate lim- its are implemented in co-operation with the anvil(8) ser- - vice, and are available in Postfix version 2.2 and later. + vice, and are available in Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is + How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_rate_limit (0) The maximal number of connection attempts any - client is allowed to make to this service per time + client is allowed to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests - that any client is allowed to make to this service + The maximal number of message delivery requests + that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any - client is allowed to send to this service per time + The maximal number of recipient addresses that any + client is allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from + Clients that are excluded from smtpd_client_*_count/rate_limit restrictions. Available in Postfix version 2.3 and later: @@ -842,6 +852,16 @@ SMTPD(8) SMTPD(8) sions that a remote SMTP client is allowed to nego- tiate with this service per time unit. + Available in Postfix version 2.9 and later: + + smtpd_per_record_deadline (normal: no, overload: yes) + Change the behavior of the smtpd_timeout time + limit, from a time limit per read or write system + call, to a time limit to read or write a complete + record (an SMTP command line, SMTP response line, + SMTP message content line, or TLS protocol mes- + sage). + TARPIT CONTROLS When a remote SMTP client makes errors, the Postfix SMTP server can insert delays before responding. This can help diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 24616c234..600f530f1 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2236,6 +2236,11 @@ The LMTP-specific version of the smtp_nested_header_checks configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. +.SH lmtp_per_record_deadline (default: no) +The LMTP-specific version of the smtp_per_record_deadline +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.8 and later. .SH lmtp_pix_workaround_delay_time (default: 10s) The LMTP-specific version of the smtp_pix_workaround_delay_time configuration parameter. See there for details. @@ -5499,6 +5504,23 @@ This feature is available in Postfix 2.5 and later. .SH smtp_never_send_ehlo (default: no) Never send EHLO at the start of an SMTP session. See also the smtp_always_send_ehlo parameter. +.SH smtp_per_record_deadline (default: no) +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). This +limits the impact from hostile peers that trickle data one byte at +a time. +.PP +Note: when per-record deadlines are enabled, a short timeout +may cause problems with TLS over very slow network connections. +The reasons are that a TLS protocol message can be up to 16 kbytes +long (with TLSv1), and that an entire TLS protocol message must be +sent or received within the per-record deadline. +.PP +This feature is available in Postfix 2.9 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"no". .SH smtp_pix_workaround_delay_time (default: 10s) How long the Postfix SMTP client pauses before sending ". " in order to work around the PIX firewall @@ -7912,6 +7934,23 @@ lookup is disabled. Turning off name lookup reduces delays due to DNS lookup and increases the maximal inbound delivery rate. .PP This feature is available in Postfix 2.3 and later. +.SH smtpd_per_record_deadline (default: normal: no, overload: yes) +Change the behavior of the smtpd_timeout time limit, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). This +limits the impact from hostile peers that trickle data one byte at +a time. +.PP +Note: when per-record deadlines are enabled, a short timeout +may cause problems with TLS over very slow network connections. +The reasons are that a TLS protocol message can be up to 16 kbytes +long (with TLSv1), and that an entire TLS protocol message must be +sent or received within the per-record deadline. +.PP +This feature is available in Postfix 2.9 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"no". .SH smtpd_policy_service_max_idle (default: 300s) The time after which an idle SMTPD policy service connection is closed. diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index 93062d888..97ee76847 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -82,7 +82,8 @@ XFORWARD. Support for AUTH may be added in the future. In the mean time, if you need to make these services available on port 25, then do not enable the optional "after 220 -server greeting" tests. +server greeting" tests, and do not use DNSBLs that reject +traffic from dial-up and residential networks. The optional "after 220 server greeting" tests involve \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 524edb3d5..af15614df 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -256,6 +256,13 @@ An optional workaround for routers that break TCP window scaling. Available in Postfix version 2.8 and later: .IP "\fBsmtp_dns_resolver_options (empty)\fR" DNS Resolver options for the Postfix SMTP client. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtp_per_record_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to read +or write a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). .SH "MIME PROCESSING CONTROLS" .na .nf @@ -547,6 +554,13 @@ Available in Postfix version 2.3 and later: .IP "\fBconnection_cache_protocol_timeout (5s)\fR" Time limit for connection cache connect, send or receive operations. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtp_per_record_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to read +or write a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). .SH "TROUBLE SHOOTING CONTROLS" .na .nf diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index cad1acf5d..0040a5329 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -143,6 +143,13 @@ An optional workaround for routers that break TCP window scaling. Available in Postfix version 2.7 and later: .IP "\fBsmtpd_command_filter (empty)\fR" A mechanism to transform commands from remote SMTP clients. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout time limit, from a +time limit per read or write system call, to a time limit to read +or write a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). .SH "ADDRESS REWRITING CONTROLS" .na .nf @@ -673,6 +680,13 @@ Available in Postfix version 2.3 and later: The maximal number of new (i.e., uncached) TLS sessions that a remote SMTP client is allowed to negotiate with this service per time unit. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout time limit, from a +time limit per read or write system call, to a time limit to read +or write a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). .SH "TARPIT CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index b7110bf6f..416dd95d7 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -631,6 +631,7 @@ while (<>) { s;\bsmtp_body_checks\b;$&;g; s;\bsmtp_reply_filter\b;$&;g; s;\bsmtp_address_preference\b;$&;g; + s;\bsmtp_per_record_deadline\b;$&;g; s;\bsmtpd_enforce_tls\b;$&;g; s;\bsmtpd_sasl_tls_security_options\b;$&;g; s;\bsmtpd_sasl_type\b;$&;g; @@ -667,6 +668,7 @@ while (<>) { s;\bsmtpd_tls_wrappermode\b;$&;g; s;\bsmtpd_use_tls\b;$&;g; s;\bsmtpd_reject_footer\b;$&;g; + s;\bsmtpd_per_record_deadline\b;$&;g; s;\btls_daemon_random_bytes\b;$&;g; s;\btls_daemon_random_source\b;$&;g; s;\btls_ran[-]*\n* *[ ]*dom_bytes\b;$&;g; diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index 5e3a50857..3c8d95418 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -28,11 +28,13 @@ SMTP commands (HELO, MAIL FROM, etc.) as well as mail content The reason for adding Milter support to Postfix is that there exists a large collection of applications, not only to block unwanted mail, but also to verify authenticity (examples: OpenDKIM, DomainKeys Identified Mail (DKIM), SenderID+SPF and DomainKeys) or to digitally sign mail (examples: OpenDKIM, DomainKeys Identified Mail (DKIM), DomainKeys). @@ -212,10 +214,22 @@ other systems, libmilter may be provided by a package (called "sendmail-devel" on some Linux systems).
Once libmilter is installed, applications such as OpenDKIM, dkim-milter and sid-milter build out of the box without requiring any tinkering:
++++$ gzcat opendkim-x.y.z.tar.gz | tar xf - +$ cd opendkim-x.y.z +$ ./configure ...options... +$ make +[...lots of output omitted...] +$ make install ++$ gzcat dkim-milter-x.y.z.tar.gz | tar xf - diff --git a/postfix/proto/POSTSCREEN_README.html b/postfix/proto/POSTSCREEN_README.html index 85e675559..287da6439 100644 --- a/postfix/proto/POSTSCREEN_README.html +++ b/postfix/proto/POSTSCREEN_README.html @@ -432,13 +432,14 @@ logging more informative. as:- COMMAND PIPELINING after time from [address]:port + COMMAND PIPELINING from [address]:port after command: text-Translation: the SMTP client at [address]:port sent multiple -SMTP commands, instead of sending one command and then waiting for -the server to reply. This happened time seconds after the -"220 " server greeting was sent.
+Translation: the SMTP client at [address]:port sent +multiple SMTP commands, instead of sending one command and then +waiting for the server to reply. This happened after the client +sent command. The text shows part of the input that +was sent too early; it is not logged with Postfix 2.8.