-In the case of SMTP or LMTP delivery, specify one or more destinations -in the form of a domain name, hostname, hostname:port, [hostname]:port, -[hostaddress] or [hostaddress]:port, separated by comma or whitespace. -The form [hostname] turns off MX lookups. Multiple destinations are -supported in Postfix 3.5 and later. +In the case of SMTP delivery, specify one or more destinations in +the form of a domain name, hostname, hostname:service, [hostname]:service, +[hostaddress] or [hostaddress]:service, separated by comma or whitespace. +The form [hostname] turns off MX or SRV lookups. Multiple destinations +are supported in Postfix 3.5 and later. Each destination is tried +in the specified order.
diff --git a/postfix/html/postlogd.8.html b/postfix/html/postlogd.8.html index 3ddbf6621..e0a72af8d 100644 --- a/postfix/html/postlogd.8.html +++ b/postfix/html/postlogd.8.html @@ -36,9 +36,9 @@ POSTLOGD(8) POSTLOGD(8) postqueue(1) and (Postfix >= 3.7) postlog(1). CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as postlogd(8) pro- - cesses run for only a limited amount of time. Use the command "postfix - reload" to speed up a change. + Changes to main.cf are not picked up automatically, because postlogd(8) + terminates only after reaching the max_idle time limit. Use the com- + mand "postfix reload" to speed up a change. The text below provides only a parameter summary. See postconf(5) for more details including examples. diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 84e8b5cdb..996adc387 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -29,13 +29,9 @@ SMTP,(LMTP) SMTP,(LMTP) again at a later time. Delivery status reports are sent to the bounce(8), defer(8) or trace(8) daemon as appropriate. - The SMTP+LMTP client looks up a list of mail exchanger addresses for - the destination host, sorts the list by preference, and connects to - each listed address until it finds a server that responds. - - When a server is not reachable, or when mail delivery fails due to a - recoverable error condition, the SMTP+LMTP client will try to deliver - the mail to an alternate host. + The server lookup strategy is different for SMTP and LMTP. The details + are given below under in the sections "SMTP DESTINATION SYNTAX" and + "LMTP DESTINATION SYNTAX". After a successful mail transaction, a connection may be saved to the scache(8) connection cache server, so that it may be used by any @@ -46,83 +42,96 @@ SMTP,(LMTP) SMTP,(LMTP) can be enabled permanently for specific destinations. SMTP DESTINATION SYNTAX - The Postfix SMTP+LMTP client supports multiple destinations separated - by comma or whitespace (Postfix 3.5 and later). SMTP destinations have - the following form: + The Postfix SMTP client supports multiple destinations separated by + comma or whitespace (Postfix 3.5 and later). Each destination is tried + in the specified order. + + SMTP destinations have the following form: domainname - domainname:port + domainname:service Look up the mail exchangers for the specified domain, and con- - nect to the specified port (default: smtp). + nect to the specified service (default: smtp). Optionally, mail + exchangers may be looked up with SRV queries instead of MX; this + requires that service is given in symbolic form. [hostname] - [hostname]:port - Look up the address(es) of the specified host, and connect to - the specified port (default: smtp). + [hostname]:service + Look up the address(es) for the specified host, and connect to + the specified service (default: smtp). [address] - [address]:port + [address]:service Connect to the host at the specified address, and connect to the - specified port (default: smtp). An IPv6 address must be format- - ted as [ipv6:address]. + specified service (default: smtp). An IPv6 address must be for- + matted as [ipv6:address]. LMTP DESTINATION SYNTAX - The Postfix SMTP+LMTP client supports multiple destinations separated - by comma or whitespace (Postfix 3.5 and later). LMTP destinations have - the following form: + The Postfix LMTP client supports multiple destinations separated by + comma or whitespace (Postfix 3.5 and later). Each destination is tried + in the specified order. + + LMTP destinations have the following form: unix:pathname Connect to the local UNIX-domain server that is bound to the specified pathname. If the process runs chrooted, an absolute pathname is interpreted relative to the Postfix queue directory. + inet:domainname + + inet:domainname:service + Look up the LMTP servers for the specified domain and service + (default: lmtp). This form is supported when SRV lookups are + enabled, and requires that service is in symbolic form. + inet:hostname - inet:hostname:port + inet:hostname:service + Look up the address(es) for the specified host, and connect to + the specified service (default: lmtp). When SRV lookups are + enabled, use the form [hostname] to force address lookups. inet:[address] - inet:[address]:port - Connect to the specified TCP port on the specified local or - remote host. If no port is specified, connect to the port - defined as lmtp in services(4). If no such service is found, - the lmtp_tcp_port configuration parameter (default value of 24) - will be used. An IPv6 address must be formatted as + inet:[address]:service + Connect to the specified local or remote host and service + (default: lmtp). An IPv6 address must be formatted as [ipv6:address]. SINGLE-RECIPIENT DELIVERY - By default, the Postfix SMTP+LMTP client delivers mail to multiple - recipients per delivery request. This is undesirable when prepending a + By default, the Postfix SMTP+LMTP client delivers mail to multiple + recipients per delivery request. This is undesirable when prepending a Delivered-to: or X-Original-To: message header. To prevent Postfix from sending multiple recipients per delivery request, specify transport_destination_recipient_limit = 1 - in the Postfix main.cf file, where transport is the name in the first + in the Postfix main.cf file, where transport is the name in the first column of the Postfix master.cf entry for this mail delivery service. COMMAND ATTRIBUTE SYNTAX flags=DORX (optional) Optional message processing flags. - D Prepend a "Delivered-To: recipient" message header with - the envelope recipient address. Note: for this to work, - the transport_destination_recipient_limit must be 1 (see + D Prepend a "Delivered-To: recipient" message header with + the envelope recipient address. Note: for this to work, + the transport_destination_recipient_limit must be 1 (see SINGLE-RECIPIENT DELIVERY above for details). - The D flag also enforces loop detection: if a message - already contains a Delivered-To: header with the same - recipient address, then the message is returned as unde- + The D flag also enforces loop detection: if a message + already contains a Delivered-To: header with the same + recipient address, then the message is returned as unde- liverable. The address comparison is case insensitive. This feature is available as of Postfix 3.5. O Prepend an "X-Original-To: recipient" message header with the recipient address as given to Postfix. Note: for this - to work, the transport_destination_recipient_limit must + to work, the transport_destination_recipient_limit must be 1 (see SINGLE-RECIPIENT DELIVERY above for details). This feature is available as of Postfix 3.5. @@ -132,18 +141,17 @@ SMTP,(LMTP) SMTP,(LMTP) This feature is available as of Postfix 3.5. - X Indicates that the delivery is final. This flag affects - the status reported in "success" DSN (delivery status - notification) messages, and changes it from "relayed" + X Indicates that the delivery is final. This flag affects + the status reported in "success" DSN (delivery status + notification) messages, and changes it from "relayed" into "delivered". This feature is available as of Postfix 3.5. SECURITY - The SMTP+LMTP client is moderately security-sensitive. It - talks to SMTP or LMTP servers and to DNS servers on the - network. The SMTP+LMTP client can be run chrooted at fixed - low privilege. + The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP + or LMTP servers and to DNS servers on the network. The SMTP+LMTP client + can be run chrooted at fixed low privilege. STANDARDS RFC 821 (SMTP protocol) @@ -169,34 +177,34 @@ SMTP,(LMTP) SMTP,(LMTP) RFC 7672 (SMTP security via opportunistic DANE TLS) DIAGNOSTICS - Problems and transactions are logged to syslogd(8) or postlogd(8). - Corrupted message files are marked so that the queue manager can move + Problems and transactions are logged to syslogd(8) or postlogd(8). + Corrupted message files are marked so that the queue manager can move them to the corrupt queue for further inspection. - Depending on the setting of the notify_classes parameter, the postmas- + Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces, protocol problems, and of other trouble. BUGS - SMTP and LMTP connection reuse for TLS (without closing the SMTP or + SMTP and LMTP connection reuse for TLS (without closing the SMTP or LMTP connection) is not supported before Postfix 3.4. - SMTP and LMTP connection reuse assumes that SASL credentials are valid + SMTP and LMTP connection reuse assumes that SASL credentials are valid for all destinations that map onto the same IP address and TCP port. CONFIGURATION PARAMETERS - Postfix versions 2.3 and later implement the SMTP and LMTP client with - the same program, and choose the protocol and configuration parameters + Postfix versions 2.3 and later implement the SMTP and LMTP client with + the same program, and choose the protocol and configuration parameters based on the process name, smtp or lmtp. Most smtp_xxx configuration parameters have an lmtp_xxx "mirror" param- - eter for the equivalent LMTP feature. This document describes only + eter for the equivalent LMTP feature. This document describes only those LMTP-related parameters that aren't simply "mirror" parameters. - Changes to main.cf are picked up automatically, as smtp(8) processes + Changes to main.cf are picked up automatically, as smtp(8) processes run for only a limited amount of time. Use the command "postfix reload" to speed up a change. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. COMPATIBILITY CONTROLS @@ -217,8 +225,8 @@ SMTP,(LMTP) SMTP,(LMTP) will send via SMTP. smtp_pix_workaround_delay_time (10s) - How long the Postfix SMTP client pauses before sending - ".<CR><LF>" in order to work around the PIX firewall + How long the Postfix SMTP client pauses before sending + ".<CR><LF>" in order to work around the PIX firewall "<CR><LF>.<CR><LF>" bug. smtp_pix_workaround_threshold_time (500s) @@ -227,19 +235,19 @@ SMTP,(LMTP) SMTP,(LMTP) delivery through firewalls with "smtp fixup" mode turned on. smtp_pix_workarounds (disable_esmtp, delay_dotcrlf) - A list that specifies zero or more workarounds for CISCO PIX + A list that specifies zero or more workarounds for CISCO PIX firewall bugs. smtp_pix_workaround_maps (empty) - Lookup tables, indexed by the remote SMTP server address, with + Lookup tables, indexed by the remote SMTP server address, with per-destination workarounds for CISCO PIX firewall bugs. smtp_quote_rfc821_envelope (yes) - Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO + Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands as required by RFC 5321. smtp_reply_filter (empty) - A mechanism to transform replies from remote SMTP servers one + A mechanism to transform replies from remote SMTP servers one line at a time. smtp_skip_5xx_greeting (yes) @@ -251,68 +259,68 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.0 and earlier: smtp_skip_4xx_greeting (yes) - Skip SMTP servers that greet with a 4XX status code (go away, + Skip SMTP servers that greet with a 4XX status code (go away, try again later). Available in Postfix version 2.2 and later: smtp_discard_ehlo_keyword_address_maps (empty) - Lookup tables, indexed by the remote SMTP server address, with - case insensitive lists of EHLO keywords (pipelining, starttls, + Lookup tables, indexed by the remote SMTP server address, with + case insensitive lists of EHLO keywords (pipelining, starttls, auth, etc.) that the Postfix SMTP client will ignore in the EHLO response from a remote SMTP server. smtp_discard_ehlo_keywords (empty) - A case insensitive list of EHLO keywords (pipelining, starttls, + A case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that the Postfix SMTP client will ignore in the EHLO response from a remote SMTP server. smtp_generic_maps (empty) - Optional lookup tables that perform address rewriting in the - Postfix SMTP client, typically to transform a locally valid - address into a globally valid address when sending mail across + Optional lookup tables that perform address rewriting in the + Postfix SMTP client, typically to transform a locally valid + address into a globally valid address when sending mail across the Internet. Available in Postfix version 2.2.9 and later: smtp_cname_overrides_servername (version dependent) - When the remote SMTP servername is a DNS CNAME, replace the - servername with the result from CNAME expansion for the purpose - of logging, SASL password lookup, TLS policy decisions, or TLS + When the remote SMTP servername is a DNS CNAME, replace the + servername with the result from CNAME expansion for the purpose + of logging, SASL password lookup, TLS policy decisions, or TLS certificate verification. Available in Postfix version 2.3 and later: lmtp_discard_lhlo_keyword_address_maps (empty) - Lookup tables, indexed by the remote LMTP server address, with - case insensitive lists of LHLO keywords (pipelining, starttls, + Lookup tables, indexed by the remote LMTP server address, with + case insensitive lists of LHLO keywords (pipelining, starttls, auth, etc.) that the Postfix LMTP client will ignore in the LHLO response from a remote LMTP server. lmtp_discard_lhlo_keywords (empty) - A case insensitive list of LHLO keywords (pipelining, starttls, + A case insensitive list of LHLO keywords (pipelining, starttls, auth, etc.) that the Postfix LMTP client will ignore in the LHLO response from a remote LMTP server. Available in Postfix version 2.4.4 and later: send_cyrus_sasl_authzid (no) - When authenticating to a remote SMTP or LMTP server with the - default setting "no", send no SASL authoriZation ID (authzid); - send only the SASL authentiCation ID (authcid) plus the auth- + When authenticating to a remote SMTP or LMTP server with the + default setting "no", send no SASL authoriZation ID (authzid); + send only the SASL authentiCation ID (authcid) plus the auth- cid's password. Available in Postfix version 2.5 and later: smtp_header_checks (empty) - Restricted header_checks(5) tables for the Postfix SMTP client. + Restricted header_checks(5) tables for the Postfix SMTP client. smtp_mime_header_checks (empty) - Restricted mime_header_checks(5) tables for the Postfix SMTP + Restricted mime_header_checks(5) tables for the Postfix SMTP client. smtp_nested_header_checks (empty) - Restricted nested_header_checks(5) tables for the Postfix SMTP + Restricted nested_header_checks(5) tables for the Postfix SMTP client. smtp_body_checks (empty) @@ -321,7 +329,7 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.6 and later: tcp_windowsize (0) - An optional workaround for routers that break TCP window scal- + An optional workaround for routers that break TCP window scal- ing. Available in Postfix version 2.8 and later: @@ -332,16 +340,16 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.9 - 3.6: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.9 and later: smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to the MAIL FROM + Whether or not to append the "AUTH=<>" option to the MAIL FROM command in SASL-authenticated SMTP sessions. Available in Postfix version 2.11 and later: @@ -352,7 +360,7 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 3.0 and later: smtp_delivery_status_filter ($default_delivery_status_filter) - Optional filter for the smtp(8) delivery agent to change the + Optional filter for the smtp(8) delivery agent to change the delivery status code or explanatory text of successful or unsuc- cessful deliveries. @@ -362,38 +370,38 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 3.3 and later: smtp_balance_inet_protocols (yes) - When a remote destination resolves to a combination of IPv4 and + When a remote destination resolves to a combination of IPv4 and IPv6 addresses, ensure that the Postfix SMTP client can try both address types before it runs into the smtp_mx_address_limit. Available in Postfix 3.5 and later: info_log_address_format (external) - The email address form that will be used in non-debug logging + The email address form that will be used in non-debug logging (info, warning, etc.). Available in Postfix 3.6 and later: dnssec_probe (ns:.) - The DNS query type (default: "ns") and DNS query name (default: + The DNS query type (default: "ns") and DNS query name (default: ".") that Postfix may use to determine whether DNSSEC validation is available. - known_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submis- + known_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submis- sion=587) - Optional setting that avoids lookups in the services(5) data- + Optional setting that avoids lookups in the services(5) data- base. Available in Postfix version 3.7 and later: smtp_per_request_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per plaintext or TLS read or write call, to a com- - bined time limit for sending a complete SMTP request and for + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for receiving a complete SMTP response. smtp_min_data_rate (500) - The minimum plaintext data transfer rate in bytes/second for + The minimum plaintext data transfer rate in bytes/second for DATA requests, when deadlines are enabled with smtp_per_request_deadline. @@ -403,16 +411,16 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 3.8 and later: use_srv_lookup (empty) - Enables discovery for the specified service(s) using DNS SRV + Enables discovery for the specified service(s) using DNS SRV records. ignore_srv_lookup_error (no) - When SRV record lookup fails, fall back to MX or IP address + When SRV record lookup fails, fall back to MX or IP address lookup as if SRV record lookup was not enabled. allow_srv_lookup_fallback (no) - When SRV record lookup fails or no SRV record exists, fall back - to MX or IP address lookup as if SRV record lookup was not + When SRV record lookup fails or no SRV record exists, fall back + to MX or IP address lookup as if SRV record lookup was not enabled. MIME PROCESSING CONTROLS @@ -431,7 +439,7 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the Postfix SMTP + Send the non-standard XFORWARD command when the Postfix SMTP server EHLO response announces XFORWARD support. SASL AUTHENTICATION CONTROLS @@ -439,88 +447,88 @@ SMTP,(LMTP) SMTP,(LMTP) Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional Postfix SMTP client lookup tables with one user- - name:password entry per sender, remote hostname or next-hop + Optional Postfix SMTP client lookup tables with one user- + name:password entry per sender, remote hostname or next-hop domain. smtp_sasl_security_options (noplaintext, noanonymous) Postfix SMTP client SASL security options; as of Postfix 2.3 the - list of available features depends on the SASL client implemen- + list of available features depends on the SASL client implemen- tation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the remote SMTP + If non-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) Enable sender-dependent authentication in the Postfix SMTP - client; this is available only with SASL authentication, and - disables SMTP connection caching to ensure that mail from dif- + client; this is available only with SASL authentication, and + disables SMTP connection caching to ensure that mail from dif- ferent senders will use the appropriate credentials. smtp_sasl_path (empty) Implementation-specific information that the Postfix SMTP client - passes through to the SASL plug-in implementation that is + passes through to the SASL plug-in implementation that is selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client should use + The SASL plug-in type that the Postfix SMTP client should use for authentication. Available in Postfix version 2.5 and later: smtp_sasl_auth_cache_name (empty) - An optional table to prevent repeated SASL authentication fail- - ures with the same remote SMTP server hostname, username and + An optional table to prevent repeated SASL authentication fail- + ures with the same remote SMTP server hostname, username and password. smtp_sasl_auth_cache_time (90d) - The maximal age of an smtp_sasl_auth_cache_name entry before it + The maximal age of an smtp_sasl_auth_cache_name entry before it is removed. smtp_sasl_auth_soft_bounce (yes) - When a remote SMTP server rejects a SASL authentication request - with a 535 reply code, defer mail delivery instead of returning + When a remote SMTP server rejects a SASL authentication request + with a 535 reply code, defer mail delivery instead of returning mail as undeliverable. Available in Postfix version 2.9 and later: smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to the MAIL FROM + Whether or not to append the "AUTH=<>" option to the MAIL FROM command in SASL-authenticated SMTP sessions. Available in Postfix version 3.9 and later: smtp_sasl_password_result_delimiter (:) - The delimiter between username and password in sasl_passwd_maps + The delimiter between username and password in sasl_passwd_maps lookup results. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be found in the + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_tls_security_level (empty) The default SMTP TLS security level for the Postfix SMTP client. smtp_sasl_tls_security_options ($smtp_sasl_security_options) - The SASL authentication security options that the Postfix SMTP + The SASL authentication security options that the Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read operations + Time limit for Postfix SMTP client write and read operations during TLS startup and shutdown handshake procedures. smtp_tls_CAfile (empty) - A file containing CA certificates of root CAs trusted to sign - either remote SMTP server certificates or intermediate CA cer- + A file containing CA certificates of root CAs trusted to sign + either remote SMTP server certificates or intermediate CA cer- tificates. smtp_tls_CApath (empty) - Directory with PEM format Certification Authority certificates + Directory with PEM format Certification Authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. @@ -528,7 +536,7 @@ SMTP,(LMTP) SMTP,(LMTP) File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP client will + The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) @@ -536,8 +544,8 @@ SMTP,(LMTP) SMTP,(LMTP) client cipher list at all TLS security levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to exclude from the - Postfix SMTP client cipher list at mandatory TLS security lev- + Additional list of ciphers or cipher types to exclude from the + Postfix SMTP client cipher list at mandatory TLS security lev- els. smtp_tls_dcert_file (empty) @@ -553,7 +561,7 @@ SMTP,(LMTP) SMTP,(LMTP) Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that offers STARTTLS, + Log the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) @@ -562,14 +570,14 @@ SMTP,(LMTP) SMTP,(LMTP) fied, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (see 'postconf -d' output) - TLS protocols that the Postfix SMTP client will use with manda- + TLS protocols that the Postfix SMTP client will use with manda- tory TLS encryption. smtp_tls_scert_verifydepth (9) The verification depth for remote SMTP server certificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) - How the Postfix SMTP client verifies the server certificate + How the Postfix SMTP client verifies the server certificate peername for the "secure" TLS security level. smtp_tls_session_cache_database (empty) @@ -577,16 +585,16 @@ SMTP,(LMTP) SMTP,(LMTP) session cache. smtp_tls_session_cache_timeout (3600s) - The expiration time of Postfix SMTP client TLS session cache + The expiration time of Postfix SMTP client TLS session cache information. smtp_tls_verify_cert_match (hostname) - How the Postfix SMTP client verifies the server certificate + How the Postfix SMTP client verifies the server certificate peername for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) or smtpd(8) - process requests from the tlsmgr(8) server in order to seed its + The number of pseudo-random bytes that an smtp(8) or smtpd(8) + process requests from the tlsmgr(8) server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist (see 'postconf -d' output) @@ -596,7 +604,7 @@ SMTP,(LMTP) SMTP,(LMTP) The OpenSSL cipherlist for "medium" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers that provide + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in in Postfix version 2.3..3.7: @@ -611,45 +619,45 @@ SMTP,(LMTP) SMTP,(LMTP) smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_secu- rity_options) - The SASL authentication security options that the Postfix SMTP - client uses for TLS encrypted SMTP sessions with a verified + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions with a verified server certificate. Available in Postfix version 2.5 and later: smtp_tls_fingerprint_cert_match (empty) - List of acceptable remote SMTP server certificate fingerprints - for the "fingerprint" TLS security level (smtp_tls_secu- + List of acceptable remote SMTP server certificate fingerprints + for the "fingerprint" TLS security level (smtp_tls_secu- rity_level = fingerprint). smtp_tls_fingerprint_digest (see 'postconf -d' output) - The message digest algorithm used to construct remote SMTP + The message digest algorithm used to construct remote SMTP server certificate fingerprints. Available in Postfix version 2.6 and later: smtp_tls_protocols (see 'postconf -d' output) - TLS protocols that the Postfix SMTP client will use with oppor- + TLS protocols that the Postfix SMTP client will use with oppor- tunistic TLS encryption. smtp_tls_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP client will + The minimum TLS cipher grade that the Postfix SMTP client will use with opportunistic TLS encryption. smtp_tls_eccert_file (empty) - File with the Postfix SMTP client ECDSA certificate in PEM for- + File with the Postfix SMTP client ECDSA certificate in PEM for- mat. smtp_tls_eckey_file ($smtp_tls_eccert_file) - File with the Postfix SMTP client ECDSA private key in PEM for- + File with the Postfix SMTP client ECDSA private key in PEM for- mat. Available in Postfix version 2.7 and later: smtp_tls_block_early_mail_reply (no) - Try to detect a mail hijacking attack based on a TLS protocol - vulnerability (CVE-2009-3555), where an attacker prepends mali- - cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client + Try to detect a mail hijacking attack based on a TLS protocol + vulnerability (CVE-2009-3555), where an attacker prepends mali- + cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. Available in Postfix version 2.8 and later: @@ -669,11 +677,11 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.11 and later: smtp_tls_trust_anchor_file (empty) - Zero or more PEM-format files with trust-anchor certificates + Zero or more PEM-format files with trust-anchor certificates and/or public keys. smtp_tls_force_insecure_host_tlsa_lookup (no) - Lookup the associated DANE TLSA RRset even when a hostname is + Lookup the associated DANE TLSA RRset even when a hostname is not an alias and its address records lie in an unsigned zone. tlsmgr_service_name (tlsmgr) @@ -682,14 +690,14 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 3.0 and later: smtp_tls_wrappermode (no) - Request that the Postfix SMTP client connects using the SUBMIS- + Request that the Postfix SMTP client connects using the SUBMIS- SIONS/SMTPS protocol instead of using the STARTTLS command. Available in Postfix version 3.1 and later: smtp_tls_dane_insecure_mx_policy (see 'postconf -d' output) - The TLS policy for MX hosts with "secure" TLSA records when the - nexthop destination security level is dane, but the MX record + The TLS policy for MX hosts with "secure" TLSA records when the + nexthop destination security level is dane, but the MX record was found via an "insecure" MX lookup. Available in Postfix version 3.2 and later: @@ -704,23 +712,23 @@ SMTP,(LMTP) SMTP,(LMTP) Try to make multiple deliveries per TLS-encrypted connection. smtp_tls_chain_files (empty) - List of one or more PEM files, each holding one or more private + List of one or more PEM files, each holding one or more private keys directly followed by a corresponding certificate chain. smtp_tls_servername (empty) - Optional name to send to the remote SMTP server in the TLS + Optional name to send to the remote SMTP server in the TLS Server Name Indication (SNI) extension. Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: tls_fast_shutdown_enable (yes) - A workaround for implementations that hang Postfix while shut- + A workaround for implementations that hang Postfix while shut- ting down a TLS session, until Postfix times out. Available in Postfix version 3.8 and later: tls_ffdhe_auto_groups (see 'postconf -d' output) - The prioritized list of finite-field Diffie-Hellman ephemeral + The prioritized list of finite-field Diffie-Hellman ephemeral (FFDHE) key exchange groups supported by the Postfix SMTP client and server. @@ -730,50 +738,50 @@ SMTP,(LMTP) SMTP,(LMTP) Optional configuration file with baseline OpenSSL settings. tls_config_name (empty) - The application name passed by Postfix to OpenSSL library ini- + The application name passed by Postfix to OpenSSL library ini- tialization functions. Available in Postfix version 3.9 and later: smtp_tls_enable_rpk (no) - Request that remote SMTP servers send an RFC7250 raw public key + Request that remote SMTP servers send an RFC7250 raw public key instead of an X.509 certificate. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP server announces + Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers use TLS + Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the remote SMTP - server hostname matches the information in the remote SMTP + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client TLS usage - policy by next-hop destination and by remote SMTP server host- + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. RESOURCE AND RATE CONTROLS smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a TCP connec- + The Postfix SMTP client time limit for completing a TCP connec- tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the HELO or EHLO - command, and for receiving the initial remote SMTP server + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server response. lmtp_lhlo_timeout (300s) @@ -785,19 +793,19 @@ SMTP,(LMTP) SMTP,(LMTP) mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the MAIL FROM + The Postfix SMTP client time limit for sending the MAIL FROM command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the SMTP RCPT TO + The Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the SMTP DATA + The Postfix SMTP client time limit for sending the SMTP DATA command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the SMTP message + The Postfix SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) @@ -811,13 +819,13 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP addresses that can - result from Postfix SMTP client mail exchanger lookups, or zero + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery request before - the Postfix SMTP client gives up or delivers to a fall-back + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back relay host, or zero (no limit). smtp_rset_timeout (20s) @@ -827,17 +835,17 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to $max_idle + Keep Postfix LMTP client connections open for up to $max_idle seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the specified + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a destination + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) @@ -851,23 +859,23 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or receive opera- + Time limit for connection cache connect, send or receive opera- tions. Available in Postfix version 2.9 - 3.6: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number of times - that an SMTP session may be reused before it is closed, or zero + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero (no limit). Available in Postfix version 3.4 and later: @@ -878,13 +886,13 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix version 3.7 and later: smtp_per_request_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per plaintext or TLS read or write call, to a com- - bined time limit for sending a complete SMTP request and for + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for receiving a complete SMTP response. smtp_min_data_rate (500) - The minimum plaintext data transfer rate in bytes/second for + The minimum plaintext data transfer rate in bytes/second for DATA requests, when deadlines are enabled with smtp_per_request_deadline. @@ -892,54 +900,54 @@ SMTP,(LMTP) SMTP,(LMTP) transport_destination_concurrency_limit ($default_destination_concur- rency_limit) - A transport-specific override for the default_destination_con- + A transport-specific override for the default_destination_con- currency_limit parameter value, where transport is the master.cf name of the message delivery transport. transport_destination_recipient_limit ($default_destination_recipi- ent_limit) A transport-specific override for the default_destination_recip- - ient_limit parameter value, where transport is the master.cf + ient_limit parameter value, where transport is the master.cf name of the message delivery transport. SMTPUTF8 CONTROLS Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable preliminary SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531, RFC 6532, and RFC 6533. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. Available in Postfix version 3.2 and later: enable_idna2003_compatibility (no) - Enable 'transitional' compatibility between IDNA2003 and - IDNA2008, when converting UTF-8 domain names to/from the ASCII + Enable 'transitional' compatibility between IDNA2003 and + IDNA2008, when converting UTF-8 domain names to/from the ASCII form that is used for DNS lookups. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a nexthop destina- - tion, remote client or server name or network address matches a + The increment in verbose logging level when a nexthop destina- + tion, remote client or server name or network address matches a pattern given with the debug_peer_list parameter. debug_peer_list (empty) - Optional list of nexthop destination, remote client or server - name or network address patterns that, if matched, cause the - verbose logging level to increase by the amount specified in + Optional list of nexthop destination, remote client or server + name or network address patterns that, if matched, cause the + verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to - before-queue content inspection by non_smtpd_milters, + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) @@ -947,46 +955,46 @@ SMTP,(LMTP) SMTP,(LMTP) MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail when it + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. disable_dns_lookups (no) Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The local network interface addresses that this mail system + The local network interface addresses that this mail system receives mail on. inet_protocols (see 'postconf -d' output) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, assume that - the server performs final delivery, and send "delivered" deliv- + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- ery status notifications instead of "relayed". lmtp_tcp_port (24) The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1000,21 +1008,21 @@ SMTP,(LMTP) SMTP,(LMTP) The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The remote network interface addresses that this mail system - receives mail on by way of a proxy or network address transla- + The remote network interface addresses that this mail system + receives mail on by way of a proxy or network address transla- tion unit. smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP - client will try first, when a destination has IPv6 and IPv4 + client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) @@ -1034,7 +1042,7 @@ SMTP,(LMTP) SMTP,(LMTP) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available with Postfix 2.2 and earlier: @@ -1046,14 +1054,14 @@ SMTP,(LMTP) SMTP,(LMTP) Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay destinations that will be used when an - SMTP destination is not found, or when delivery fails due to a + Optional list of relay destinations that will be used when an + SMTP destination is not found, or when delivery fails due to a non-permanent error. Available with Postfix 3.0 and later: smtp_address_verify_target (rcpt) - In the context of email address verification, the SMTP protocol + In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. Available with Postfix 3.1 and later: @@ -1075,7 +1083,7 @@ SMTP,(LMTP) SMTP,(LMTP) Available in Postfix 3.7 and later: smtp_bind_address_enforce (no) - Defer delivery when the Postfix SMTP client cannot apply the + Defer delivery when the Postfix SMTP client cannot apply the smtp_bind_address or smtp_bind_address6 setting. SEE ALSO diff --git a/postfix/man/man5/mysql_table.5 b/postfix/man/man5/mysql_table.5 index 40f5234e9..aebb949e2 100644 --- a/postfix/man/man5/mysql_table.5 +++ b/postfix/man/man5/mysql_table.5 @@ -97,6 +97,16 @@ This parameter is available with Postfix 3.9 and later. With earlier Postfix versions, the default was chosen by the MySQL implementation (\fButf8mb4\fR as of MySQL 8.0, \fBlatin1\fR historically). +.IP "\fBidle_interval (default: 60)\fR" +The number of seconds after which an idle database connection +will be closed. + +This feature is available in Postfix 3.9 and later. +.IP "\fBretry_interval (default: 60)\fR" +The number of seconds that a database connection will be +skipped after an error. + +This feature is available in Postfix 3.9 and later. .IP "\fBquery\fR" The SQL query template used to search the database, where \fB%s\fR is a substitute for the address Postfix is trying to resolve, diff --git a/postfix/man/man5/pgsql_table.5 b/postfix/man/man5/pgsql_table.5 index 00a2da3dc..869a63540 100644 --- a/postfix/man/man5/pgsql_table.5 +++ b/postfix/man/man5/pgsql_table.5 @@ -90,10 +90,21 @@ is: .nf encoding = UTF8 .fi + Historically, the database client was hard coded to use LATIN1 in an attempt to disable multibyte character support. This feature is available in Postfix 3.8 and later. +.IP "\fBidle_interval (default: 60)\fR" +The number of seconds after which an idle database connection +will be closed. + +This feature is available in Postfix 3.9 and later. +.IP "\fBretry_interval (default: 60)\fR" +The number of seconds that a database connection will be +skipped after an error. + +This feature is available in Postfix 3.9 and later. .IP "\fBquery\fR" The SQL query template used to search the database, where \fB%s\fR is a substitute for the address Postfix is trying to resolve, diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 32e4a8ee7..631514704 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -6531,11 +6531,12 @@ On an intranet, specify the organizational domain name. If your internal DNS uses no MX records, specify the name of the intranet gateway host instead. .PP -In the case of SMTP or LMTP delivery, specify one or more destinations -in the form of a domain name, hostname, hostname:port, [hostname]:port, -[hostaddress] or [hostaddress]:port, separated by comma or whitespace. -The form [hostname] turns off MX lookups. Multiple destinations are -supported in Postfix 3.5 and later. +In the case of SMTP delivery, specify one or more destinations in +the form of a domain name, hostname, hostname:service, [hostname]:service, +[hostaddress] or [hostaddress]:service, separated by comma or whitespace. +The form [hostname] turns off MX or SRV lookups. Multiple destinations +are supported in Postfix 3.5 and later. Each destination is tried +in the specified order. .PP If you're connected via UUCP, see the UUCP_README file for useful information. diff --git a/postfix/man/man8/postlogd.8 b/postfix/man/man8/postlogd.8 index df2f5c04d..aeb95c7d8 100644 --- a/postfix/man/man8/postlogd.8 +++ b/postfix/man/man8/postlogd.8 @@ -41,10 +41,10 @@ set this permission on programs other than \fBpostdrop\fR(1), .nf .ad .fi -Changes to \fBmain.cf\fR are picked up automatically, as -\fBpostlogd\fR(8) processes run for only a limited amount -of time. Use the command "\fBpostfix reload\fR" to speed -up a change. +Changes to \fBmain.cf\fR are not picked up automatically, +because \fBpostlogd\fR(8) terminates only after reaching +the \fBmax_idle\fR time limit. +Use the command "\fBpostfix reload\fR" to speed up a change. The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 95fff4d23..952eb5f98 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -29,13 +29,9 @@ be tried again at a later time. Delivery status reports are sent to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as appropriate. -The SMTP+LMTP client looks up a list of mail exchanger addresses for -the destination host, sorts the list by preference, and connects -to each listed address until it finds a server that responds. - -When a server is not reachable, or when mail delivery fails due -to a recoverable error condition, the SMTP+LMTP client will try to -deliver the mail to an alternate host. +The server lookup strategy is different for SMTP and LMTP. +The details are given below under in the sections "SMTP +DESTINATION SYNTAX" and "LMTP DESTINATION SYNTAX". After a successful mail transaction, a connection may be saved to the \fBscache\fR(8) connection cache server, so that it @@ -50,43 +46,57 @@ specific destinations. .nf .ad .fi -The Postfix SMTP+LMTP client supports multiple destinations +The Postfix SMTP client supports multiple destinations separated by comma or whitespace (Postfix 3.5 and later). +Each destination is tried in the specified order. + SMTP destinations have the following form: .IP \fIdomainname\fR -.IP \fIdomainname\fR:\fIport\fR +.IP \fIdomainname\fR:\fIservice\fR Look up the mail exchangers for the specified domain, and -connect to the specified port (default: \fBsmtp\fR). +connect to the specified service (default: \fBsmtp\fR). +Optionally, mail exchangers may be looked up with SRV queries +instead of MX; this requires that \fIservice\fR is given +in symbolic form. .IP [\fIhostname\fR] -.IP [\fIhostname\fR]:\fIport\fR -Look up the address(es) of the specified host, and connect to -the specified port (default: \fBsmtp\fR). +.IP [\fIhostname\fR]:\fIservice\fR +Look up the address(es) for the specified host, and connect to +the specified service (default: \fBsmtp\fR). .IP [\fIaddress\fR] -.IP [\fIaddress\fR]:\fIport\fR +.IP [\fIaddress\fR]:\fIservice\fR Connect to the host at the specified address, and connect -to the specified port (default: \fBsmtp\fR). An IPv6 address +to the specified service (default: \fBsmtp\fR). An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. .SH "LMTP DESTINATION SYNTAX" .na .nf .ad .fi -The Postfix SMTP+LMTP client supports multiple destinations +The Postfix LMTP client supports multiple destinations separated by comma or whitespace (Postfix 3.5 and later). +Each destination is tried in the specified order. + LMTP destinations have the following form: .IP \fBunix\fR:\fIpathname\fR Connect to the local UNIX\-domain server that is bound to the specified \fIpathname\fR. If the process runs chrooted, an absolute pathname is interpreted relative to the Postfix queue directory. +.IP \fBinet\fR:\fIdomainname\fR +.IP \fBinet\fR:\fIdomainname\fR:\fIservice\fR +Look up the LMTP servers for the specified domain and service +(default: \fBlmtp\fR). +This form is supported when SRV lookups are enabled, and +requires that \fIservice\fR is in symbolic form. .IP \fBinet\fR:\fIhostname\fR -.IP \fBinet\fR:\fIhostname\fR:\fIport\fR +.IP \fBinet\fR:\fIhostname\fR:\fIservice\fR +Look up the address(es) for the specified host, and connect to +the specified service (default: \fBlmtp\fR). When SRV lookups +are enabled, use the form \fB[\fIhostname\fB]\fR to force +address lookups. .IP \fBinet\fR:[\fIaddress\fR] -.IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR -Connect to the specified TCP port on the specified local or -remote host. If no port is specified, connect to the port defined as -\fBlmtp\fR in \fBservices\fR(4). -If no such service is found, the \fBlmtp_tcp_port\fR configuration -parameter (default value of 24) will be used. +.IP \fBinet\fR:[\fIaddress\fR]:\fIservice\fR +Connect to the specified local or remote host and service +(default: \fBlmtp\fR). An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. .SH "SINGLE-RECIPIENT DELIVERY" .na @@ -150,6 +160,8 @@ This feature is available as of Postfix 3.5. .SH "SECURITY" .na .nf +.ad +.fi The SMTP+LMTP client is moderately security\-sensitive. It talks to SMTP or LMTP servers and to DNS servers on the network. The SMTP+LMTP client can be run chrooted at fixed diff --git a/postfix/proto/mysql_table b/postfix/proto/mysql_table index 94e8ac65d..31e626fb2 100644 --- a/postfix/proto/mysql_table +++ b/postfix/proto/mysql_table @@ -87,6 +87,16 @@ # With earlier Postfix versions, the default was chosen by # the MySQL implementation (\fButf8mb4\fR as of MySQL 8.0, # \fBlatin1\fR historically). +# .IP "\fBidle_interval (default: 60)\fR" +# The number of seconds after which an idle database connection +# will be closed. +# +# This feature is available in Postfix 3.9 and later. +# .IP "\fBretry_interval (default: 60)\fR" +# The number of seconds that a database connection will be +# skipped after an error. +# +# This feature is available in Postfix 3.9 and later. # .IP "\fBquery\fR" # The SQL query template used to search the database, where \fB%s\fR # is a substitute for the address Postfix is trying to resolve, diff --git a/postfix/proto/pgsql_table b/postfix/proto/pgsql_table index 0a2897a1b..b4364fb70 100644 --- a/postfix/proto/pgsql_table +++ b/postfix/proto/pgsql_table @@ -80,10 +80,21 @@ # .nf # encoding = UTF8 # .fi +# # Historically, the database client was hard coded to use # LATIN1 in an attempt to disable multibyte character support. # # This feature is available in Postfix 3.8 and later. +# .IP "\fBidle_interval (default: 60)\fR" +# The number of seconds after which an idle database connection +# will be closed. +# +# This feature is available in Postfix 3.9 and later. +# .IP "\fBretry_interval (default: 60)\fR" +# The number of seconds that a database connection will be +# skipped after an error. +# +# This feature is available in Postfix 3.9 and later. # .IP "\fBquery\fR" # The SQL query template used to search the database, where \fB%s\fR # is a substitute for the address Postfix is trying to resolve, diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index b4219e1a1..2139347b4 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -3930,11 +3930,12 @@ gateway host instead.
-In the case of SMTP or LMTP delivery, specify one or more destinations -in the form of a domain name, hostname, hostname:port, [hostname]:port, -[hostaddress] or [hostaddress]:port, separated by comma or whitespace. -The form [hostname] turns off MX lookups. Multiple destinations are -supported in Postfix 3.5 and later. +In the case of SMTP delivery, specify one or more destinations in +the form of a domain name, hostname, hostname:service, [hostname]:service, +[hostaddress] or [hostaddress]:service, separated by comma or whitespace. +The form [hostname] turns off MX or SRV lookups. Multiple destinations +are supported in Postfix 3.5 and later. Each destination is tried +in the specified order.
diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 8260b740e..de654f7d7 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -100,3 +100,10 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html names Files smtpd smtpd hc or access control limitations Files smtpd smtpd hc spam the log with a warning message File tlsmgr tlsmgr c + Cleanup tlsmgr c fix 20240124 File tlsmgr tlsmgr c + MX or SRV records File smtp smtp c + a list of comma separated names Files smtpd smtpd hc + dnsblog dnsblog c postkick postkick c postlock postlock c + postdrop postdrop c postsuper postsuper c sendmail sendmail c + postlogd postlogd c + qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c diff --git a/postfix/proto/stop.double-proto-html b/postfix/proto/stop.double-proto-html index e49fb4da2..e1df531f7 100644 --- a/postfix/proto/stop.double-proto-html +++ b/postfix/proto/stop.double-proto-html @@ -353,3 +353,5 @@ standard lt CR gt lt LF gt br br This maintains compatibility br br This will also reject email from services that use BDAT RFC 2045 Sections 2 7 and 2 8 br br Such clients can be to become a list of comma separated names br br This feature +the form of a domain name hostname hostname service hostname service +expected to become a list of comma separated names br br This diff --git a/postfix/src/global/dict_mysql.c b/postfix/src/global/dict_mysql.c index 40836f47b..133cc0d44 100644 --- a/postfix/src/global/dict_mysql.c +++ b/postfix/src/global/dict_mysql.c @@ -152,6 +152,8 @@ typedef struct { char *password; char *dbname; char *charset; + int retry_interval; + int idle_interval; ARGV *hosts; PLMYSQL *pldb; HOST *active_host; @@ -174,15 +176,15 @@ typedef struct { #define TYPEINET (1<<1) #define RETRY_CONN_MAX 100 -#define RETRY_CONN_INTV 60 /* 1 minute */ -#define IDLE_CONN_INTV 60 /* 1 minute */ +#define DEF_RETRY_INTV 60 /* 1 minute */ +#define DEF_IDLE_INTV 60 /* 1 minute */ /* internal function declarations */ static PLMYSQL *plmysql_init(ARGV *); static int plmysql_query(DICT_MYSQL *, const char *, VSTRING *, MYSQL_RES **); static void plmysql_dealloc(PLMYSQL *); static void plmysql_close_host(HOST *); -static void plmysql_down_host(HOST *); +static void plmysql_down_host(HOST *, int); static void plmysql_connect_single(DICT_MYSQL *, HOST *); static const char *dict_mysql_lookup(DICT *, const char *); DICT *dict_mysql_open(const char *, int, int); @@ -476,7 +478,7 @@ static int plmysql_query(DICT_MYSQL *dict_mysql, name, 0, query, dict_mysql_quote); /* Check for potential dict_mysql_quote() failure. */ if (host->stat == STATFAIL) { - plmysql_down_host(host); + plmysql_down_host(host, dict_mysql->retry_interval); continue; } if (msg_verbose) @@ -561,7 +563,7 @@ static int plmysql_query(DICT_MYSQL *dict_mysql, * See what we got. */ if (query_error) { - plmysql_down_host(host); + plmysql_down_host(host, dict_mysql->retry_interval); if (errno == 0) errno = ENOTSUP; if (first_result) { @@ -574,7 +576,7 @@ static int plmysql_query(DICT_MYSQL *dict_mysql, dict_mysql->dict.type, dict_mysql->dict.name, host->hostname); event_request_timer(dict_mysql_event, (void *) host, - IDLE_CONN_INTV); + dict_mysql->idle_interval); break; } } @@ -618,7 +620,7 @@ static void plmysql_connect_single(DICT_MYSQL *dict_mysql, HOST *host) if (mysql_set_character_set(host->db, dict_mysql->charset) != 0) { msg_warn("dict_mysql: mysql_set_character_set '%s' failed: %s", dict_mysql->charset, mysql_error(host->db)); - plmysql_down_host(host); + plmysql_down_host(host, dict_mysql->retry_interval); return; } if (msg_verbose) @@ -628,7 +630,7 @@ static void plmysql_connect_single(DICT_MYSQL *dict_mysql, HOST *host) } else { msg_warn("connect to mysql server %s: %s", host->hostname, mysql_error(host->db)); - plmysql_down_host(host); + plmysql_down_host(host, dict_mysql->retry_interval); } } @@ -644,11 +646,11 @@ static void plmysql_close_host(HOST *host) * plmysql_down_host - close a failed connection AND set a "stay away from * this host" timer */ -static void plmysql_down_host(HOST *host) +static void plmysql_down_host(HOST *host, int retry_interval) { mysql_close(host->db); host->db = 0; - host->ts = time((time_t *) 0) + RETRY_CONN_INTV; + host->ts = time((time_t *) 0) + retry_interval; host->stat = STATFAIL; event_cancel_timer(dict_mysql_event, (void *) host); } @@ -666,6 +668,10 @@ static void mysql_parse_config(DICT_MYSQL *dict_mysql, const char *mysqlcf) dict_mysql->password = cfg_get_str(p, "password", "", 0, 0); dict_mysql->dbname = cfg_get_str(p, "dbname", "", 1, 0); dict_mysql->charset = cfg_get_str(p, "charset", "utf8mb4", 1, 0); + dict_mysql->retry_interval = cfg_get_int(p, "retry_interval", + DEF_RETRY_INTV, 1, 0); + dict_mysql->idle_interval = cfg_get_int(p, "idle_interval", + DEF_IDLE_INTV, 1, 0); dict_mysql->result_format = cfg_get_str(p, "result_format", "%s", 1, 0); dict_mysql->option_file = cfg_get_str(p, "option_file", NULL, 0, 0); dict_mysql->option_group = cfg_get_str(p, "option_group", "client", 0, 0); diff --git a/postfix/src/global/dict_pgsql.c b/postfix/src/global/dict_pgsql.c index 787c410c2..c62685451 100644 --- a/postfix/src/global/dict_pgsql.c +++ b/postfix/src/global/dict_pgsql.c @@ -111,8 +111,8 @@ #define TYPECONNSTR (1<<2) #define RETRY_CONN_MAX 100 -#define RETRY_CONN_INTV 60 /* 1 minute */ -#define IDLE_CONN_INTV 60 /* 1 minute */ +#define DEF_RETRY_INTV 60 /* 1 minute */ +#define DEF_IDLE_INTV 60 /* 1 minute */ typedef struct { PGconn *db; @@ -140,6 +140,8 @@ typedef struct { char *password; char *dbname; char *encoding; + int retry_interval; + int idle_interval; char *table; ARGV *hosts; PLPGSQL *pldb; @@ -155,7 +157,7 @@ static PLPGSQL *plpgsql_init(ARGV *); static PGSQL_RES *plpgsql_query(DICT_PGSQL *, const char *, VSTRING *); static void plpgsql_dealloc(PLPGSQL *); static void plpgsql_close_host(HOST *); -static void plpgsql_down_host(HOST *); +static void plpgsql_down_host(HOST *, int); static void plpgsql_connect_single(DICT_PGSQL *, HOST *); static const char *dict_pgsql_lookup(DICT *, const char *); DICT *dict_pgsql_open(const char *, int, int); @@ -480,7 +482,7 @@ static PGSQL_RES *plpgsql_query(DICT_PGSQL *dict_pgsql, /* Check for potential dict_pgsql_quote() failure. */ if (host->stat == STATFAIL) { - plpgsql_down_host(host); + plpgsql_down_host(host, dict_pgsql->retry_interval); continue; } @@ -518,7 +520,7 @@ static PGSQL_RES *plpgsql_query(DICT_PGSQL *dict_pgsql, msg_info("dict_pgsql: successful query from host %s", host->hostname); event_request_timer(dict_pgsql_event, (void *) host, - IDLE_CONN_INTV); + dict_pgsql->idle_interval); return (res); case PGRES_FATAL_ERROR: msg_warn("pgsql query failed: fatal error from host %s: %s", @@ -549,7 +551,7 @@ static PGSQL_RES *plpgsql_query(DICT_PGSQL *dict_pgsql, */ if (res != 0) PQclear(res); - plpgsql_down_host(host); + plpgsql_down_host(host, dict_pgsql->retry_interval); } return (0); @@ -572,13 +574,13 @@ static void plpgsql_connect_single(DICT_PGSQL *dict_pgsql, HOST *host) if (host->db == NULL || PQstatus(host->db) != CONNECTION_OK) { msg_warn("connect to pgsql server %s: %s", host->hostname, PQerrorMessage(host->db)); - plpgsql_down_host(host); + plpgsql_down_host(host, dict_pgsql->retry_interval); return; } if (PQsetClientEncoding(host->db, dict_pgsql->encoding) != 0) { msg_warn("dict_pgsql: cannot set the encoding to %s, skipping %s", dict_pgsql->encoding, host->hostname); - plpgsql_down_host(host); + plpgsql_down_host(host, dict_pgsql->retry_interval); return; } if (msg_verbose) @@ -602,12 +604,12 @@ static void plpgsql_close_host(HOST *host) * plpgsql_down_host - close a failed connection AND set a "stay away from * this host" timer. */ -static void plpgsql_down_host(HOST *host) +static void plpgsql_down_host(HOST *host, int retry_interval) { if (host->db) PQfinish(host->db); host->db = 0; - host->ts = time((time_t *) 0) + RETRY_CONN_INTV; + host->ts = time((time_t *) 0) + retry_interval; host->stat = STATFAIL; event_cancel_timer(dict_pgsql_event, (void *) host); } @@ -626,6 +628,10 @@ static void pgsql_parse_config(DICT_PGSQL *dict_pgsql, const char *pgsqlcf) dict_pgsql->password = cfg_get_str(p, "password", "", 0, 0); dict_pgsql->dbname = cfg_get_str(p, "dbname", "", 1, 0); dict_pgsql->encoding = cfg_get_str(p, "encoding", "UTF8", 1, 0); + dict_pgsql->retry_interval = cfg_get_int(p, "retry_interval", + DEF_RETRY_INTV, 1, 0); + dict_pgsql->idle_interval = cfg_get_int(p, "idle_interval", + DEF_IDLE_INTV, 1, 0); dict_pgsql->result_format = cfg_get_str(p, "result_format", "%s", 1, 0); /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 63d89a723..454c98f9f 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20240125" +#define MAIL_RELEASE_DATE "20240129" #define MAIL_VERSION_NUMBER "3.9" #ifdef SNAPSHOT diff --git a/postfix/src/postlogd/postlogd.c b/postfix/src/postlogd/postlogd.c index 33d7c8b41..13f996f00 100644 --- a/postfix/src/postlogd/postlogd.c +++ b/postfix/src/postlogd/postlogd.c @@ -31,10 +31,10 @@ /* CONFIGURATION PARAMETERS /* .ad /* .fi -/* Changes to \fBmain.cf\fR are picked up automatically, as -/* \fBpostlogd\fR(8) processes run for only a limited amount -/* of time. Use the command "\fBpostfix reload\fR" to speed -/* up a change. +/* Changes to \fBmain.cf\fR are not picked up automatically, +/* because \fBpostlogd\fR(8) terminates only after reaching +/* the \fBmax_idle\fR time limit. +/* Use the command "\fBpostfix reload\fR" to speed up a change. /* /* The text below provides only a parameter summary. See /* \fBpostconf\fR(5) for more details including examples. diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index f3eade0ce..9dd6ec20c 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -23,13 +23,9 @@ /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as /* appropriate. /* -/* The SMTP+LMTP client looks up a list of mail exchanger addresses for -/* the destination host, sorts the list by preference, and connects -/* to each listed address until it finds a server that responds. -/* -/* When a server is not reachable, or when mail delivery fails due -/* to a recoverable error condition, the SMTP+LMTP client will try to -/* deliver the mail to an alternate host. +/* The server lookup strategy is different for SMTP and LMTP. +/* The details are given below under in the sections "SMTP +/* DESTINATION SYNTAX" and "LMTP DESTINATION SYNTAX". /* /* After a successful mail transaction, a connection may be saved /* to the \fBscache\fR(8) connection cache server, so that it @@ -42,41 +38,55 @@ /* SMTP DESTINATION SYNTAX /* .ad /* .fi -/* The Postfix SMTP+LMTP client supports multiple destinations +/* The Postfix SMTP client supports multiple destinations /* separated by comma or whitespace (Postfix 3.5 and later). +/* Each destination is tried in the specified order. +/* /* SMTP destinations have the following form: /* .IP \fIdomainname\fR -/* .IP \fIdomainname\fR:\fIport\fR +/* .IP \fIdomainname\fR:\fIservice\fR /* Look up the mail exchangers for the specified domain, and -/* connect to the specified port (default: \fBsmtp\fR). +/* connect to the specified service (default: \fBsmtp\fR). +/* Optionally, mail exchangers may be looked up with SRV queries +/* instead of MX; this requires that \fIservice\fR is given +/* in symbolic form. /* .IP [\fIhostname\fR] -/* .IP [\fIhostname\fR]:\fIport\fR -/* Look up the address(es) of the specified host, and connect to -/* the specified port (default: \fBsmtp\fR). +/* .IP [\fIhostname\fR]:\fIservice\fR +/* Look up the address(es) for the specified host, and connect to +/* the specified service (default: \fBsmtp\fR). /* .IP [\fIaddress\fR] -/* .IP [\fIaddress\fR]:\fIport\fR +/* .IP [\fIaddress\fR]:\fIservice\fR /* Connect to the host at the specified address, and connect -/* to the specified port (default: \fBsmtp\fR). An IPv6 address +/* to the specified service (default: \fBsmtp\fR). An IPv6 address /* must be formatted as [\fBipv6\fR:\fIaddress\fR]. /* LMTP DESTINATION SYNTAX /* .ad /* .fi -/* The Postfix SMTP+LMTP client supports multiple destinations +/* The Postfix LMTP client supports multiple destinations /* separated by comma or whitespace (Postfix 3.5 and later). +/* Each destination is tried in the specified order. +/* /* LMTP destinations have the following form: /* .IP \fBunix\fR:\fIpathname\fR /* Connect to the local UNIX-domain server that is bound to the specified /* \fIpathname\fR. If the process runs chrooted, an absolute pathname /* is interpreted relative to the Postfix queue directory. +/* .IP \fBinet\fR:\fIdomainname\fR +/* .IP \fBinet\fR:\fIdomainname\fR:\fIservice\fR +/* Look up the LMTP servers for the specified domain and service +/* (default: \fBlmtp\fR). +/* This form is supported when SRV lookups are enabled, and +/* requires that \fIservice\fR is in symbolic form. /* .IP \fBinet\fR:\fIhostname\fR -/* .IP \fBinet\fR:\fIhostname\fR:\fIport\fR +/* .IP \fBinet\fR:\fIhostname\fR:\fIservice\fR +/* Look up the address(es) for the specified host, and connect to +/* the specified service (default: \fBlmtp\fR). When SRV lookups +/* are enabled, use the form \fB[\fIhostname\fB]\fR to force +/* address lookups. /* .IP \fBinet\fR:[\fIaddress\fR] -/* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR -/* Connect to the specified TCP port on the specified local or -/* remote host. If no port is specified, connect to the port defined as -/* \fBlmtp\fR in \fBservices\fR(4). -/* If no such service is found, the \fBlmtp_tcp_port\fR configuration -/* parameter (default value of 24) will be used. +/* .IP \fBinet\fR:[\fIaddress\fR]:\fIservice\fR +/* Connect to the specified local or remote host and service +/* (default: \fBlmtp\fR). /* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. /* SINGLE-RECIPIENT DELIVERY /* .ad @@ -134,6 +144,8 @@ /* This feature is available as of Postfix 3.5. /* .RE /* SECURITY +/* .ad +/* .fi /* The SMTP+LMTP client is moderately security-sensitive. It /* talks to SMTP or LMTP servers and to DNS servers on the /* network. The SMTP+LMTP client can be run chrooted at fixed