mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 01:49:47 +00:00
Code Issues Releases Wiki Activity

postfix-3.9-20231210

Browse Source
This commit is contained in:
Wietse Venema 2023-12-10 00:00:00 -05:00 committed by Viktor Dukhovni
parent 17dbfb9b8b
commit 984278aadf
29 changed files with 774 additions and 601 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
postfix/HISTORY
View File

@ -27529,8 +27529,8 @@ Apologies for any names omitted.
Bugfix (defect introduced: Postfix 2.3, date 20051222): the
Dovecot auth client did not reset the 'reason' from a
previous Dovecot auth service response, before parsing the
next Dovecot auth server response. Reported by Stephan
Bosch, File: xsasl/xsasl_dovecot_server.c.
next Dovecot auth server response in the same SMTP session.
Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
20231105
@ -27553,3 +27553,53 @@ Apologies for any names omitted.
Robustness: don't loop on an 'unfinished' queue file that
still has its all-zero SIZE record. File: postcat/postcat.c.
20231126
Cleanup: implementation and documentation for the selection
of SMTP versus LMTP client protocol and parameters, based
on process name. Files: smtp/smtp.c, global/mail_proto.h,
proto/postconf.proto.
Cleanup: documented (in proxymap source code) the complexities
of determining the optimal proxywrite service process limit,
and make the 'invalid' proxymap service name error message
more similar to the error message for an invalid SMTP/LMTP
client process name. File: proxymap/proxymap.c.
20231127
Documentation: in the stock main.cf file, mailbox_command
uses $default_privs, not $default_user. Vijay Sarvepalli,
Cert/CC. File: conf/main.cf.
20231202
Bugfix: posttls-finger certificate match expectations for
opportunistic DANE incorrectly defaulted to ("nexthop",
"hostname") instead of ("nexthop", "dot-nexthop"), when no
TLSA records were found. Viktor Dukhovni. File: posttls-finger.c.
20231204
Documentation: updated comments on address validation in
smtpd_check.c, making them consistent with the implementation.
File: smtpd/smtpd_check.c.
20231208
Bugfix (defect introduced: Postfix 3.1, date: 20151128):
"postqueue -j" produced broken JSON when escaping a control
character as \uXXXX. Found during code maintenance. File:
postqueue/showq_json.c.
20231209
Feature: the local(8) delivery agent exports an ENVID
environment variable with the RFC 3461 envelope ID if
available. Files: local/command.c, local/local.c,
proto/postconf.proto.
Feature: the pipe(8) delivery agent supports an ${envid}
command-line attribute that expands to the RFC 3461 envelope
ID if available. File: pipe/pipe.c.

8
postfix/WISHLIST
View File

@ -8,10 +8,10 @@ Wish list:
postfix-install should mention makedefs.out.
Propagate information about parsed daemon command-line
options to service callback functions. With this, a proxywrite
server can enforce a process limit of 1 without duplicating
libmaster's command-line parsing code.
In documentation and configuration file examples, replace
IPv4 address prefixes from Cloud9 with 192.168.* from RFC
1918, and replace IPv6 address prefixes with unique local
IPv6 address prefixes fd00:* from RFC 4193.
Add a pre-release check for '.' instead of ','. Generalize
from grep '[a-zA-Z0-9]\. *[a-z]' proto/*|egrep -v

2
postfix/conf/main.cf
View File

@ -452,7 +452,7 @@ unknown_local_recipient_reject_code = 550
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
# Exception: delivery for root is done as $default_privs.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),

363
postfix/html/lmtp.8.html
View File

@ -5,20 +5,24 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title>
</head> <body> <pre>
SMTP(8) SMTP(8)
SMTP,(LMTP) SMTP,(LMTP)
<b>NAME</b>
smtp - Postfix SMTP+LMTP client
smtp, lmtp - Postfix SMTP+LMTP client
<b>SYNOPSIS</b>
<b>smtp</b> [generic Postfix daemon options] [flags=DORX]
<b>lmtp</b> [generic Postfix daemon options] [flags=DORX]
<b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. The process name, <b>smtp</b> or
<b>lmtp</b>, controls the protocol, and the names of the configuration parame-
ters that will be used.
The SMTP+LMTP client updates the queue file and marks recipients as
finished, or it informs the queue manager that delivery should be tried
@ -180,20 +184,19 @@ SMTP(8) SMTP(8)
for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b>
Before Postfix version 2.3, the LMTP client is a separate program that
implements only a subset of the functionality available with SMTP:
there is no support for TLS, and connections are cached in-process,
making it ineffective when the client is used for multiple domains.
Postfix versions 2.3 and later implement the SMTP and LMTP client with
the same program, and choose the protocol and configuration parameters
based on the process name, <b>smtp</b> or <b>lmtp</b>.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
eter for the equivalent LMTP feature. This document describes only
eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
@ -214,8 +217,8 @@ SMTP(8) SMTP(8)
will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
How long the Postfix SMTP client pauses before sending
".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
How long the Postfix SMTP client pauses before sending
".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
"&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
@ -224,19 +227,19 @@ SMTP(8) SMTP(8)
delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
A list that specifies zero or more workarounds for CISCO PIX
A list that specifies zero or more workarounds for CISCO PIX
firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
Lookup tables, indexed by the remote SMTP server address, with
Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP servers one
A mechanism to transform replies from remote SMTP servers one
line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
@ -248,68 +251,68 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 4XX status code (go away,
Skip SMTP servers that greet with a 4XX status code (go away,
try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls,
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
A case insensitive list of EHLO keywords (pipelining, starttls,
A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
Optional lookup tables that perform address rewriting in the
Postfix SMTP client, typically to transform a locally valid
address into a globally valid address when sending mail across
Optional lookup tables that perform address rewriting in the
Postfix SMTP client, typically to transform a locally valid
address into a globally valid address when sending mail across
the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
When the remote SMTP servername is a DNS CNAME, replace the
servername with the result from CNAME expansion for the purpose
of logging, SASL password lookup, TLS policy decisions, or TLS
When the remote SMTP servername is a DNS CNAME, replace the
servername with the result from CNAME expansion for the purpose
of logging, SASL password lookup, TLS policy decisions, or TLS
certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
Lookup tables, indexed by the remote LMTP server address, with
case insensitive lists of LHLO keywords (pipelining, starttls,
Lookup tables, indexed by the remote LMTP server address, with
case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
A case insensitive list of LHLO keywords (pipelining, starttls,
A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid);
send only the SASL authentiCation ID (authcid) plus the auth-
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid);
send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
@ -318,7 +321,7 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
An optional workaround for routers that break TCP window scal-
An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
@ -329,16 +332,16 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
@ -349,7 +352,7 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
@ -359,38 +362,38 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
When a remote destination resolves to a combination of IPv4 and
When a remote destination resolves to a combination of IPv4 and
IPv6 addresses, ensure that the Postfix SMTP client can try both
address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
The email address form that will be used in non-debug logging
The email address form that will be used in non-debug logging
(info, warning, etc.).
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
The DNS query type (default: "ns") and DNS query name (default:
The DNS query type (default: "ns") and DNS query name (default:
".") that Postfix may use to determine whether DNSSEC validation
is available.
<b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b>sion=587)</b>
Optional setting that avoids lookups in the <b>services</b>(5) data-
Optional setting that avoids lookups in the <b>services</b>(5) data-
base.
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
The minimum plaintext data transfer rate in bytes/second for
The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
@ -400,16 +403,16 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
Enables discovery for the specified service(s) using DNS SRV
Enables discovery for the specified service(s) using DNS SRV
records.
<b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
When SRV record lookup fails, fall back to MX or IP address
When SRV record lookup fails, fall back to MX or IP address
lookup as if SRV record lookup was not enabled.
<b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
When SRV record lookup fails or no SRV record exists, fall back
to MX or IP address lookup as if SRV record lookup was not
When SRV record lookup fails or no SRV record exists, fall back
to MX or IP address lookup as if SRV record lookup was not
enabled.
<b>MIME PROCESSING CONTROLS</b>
@ -428,7 +431,7 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
Send the non-standard XFORWARD command when the Postfix SMTP
Send the non-standard XFORWARD command when the Postfix SMTP
server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
@ -436,88 +439,88 @@ SMTP(8) SMTP(8)
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
Optional Postfix SMTP client lookup tables with one user-
name:password entry per sender, remote hostname or next-hop
Optional Postfix SMTP client lookup tables with one user-
name:password entry per sender, remote hostname or next-hop
domain.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
list of available features depends on the SASL client implemen-
list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
If non-empty, a Postfix SMTP client filter for the remote SMTP
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
client; this is available only with SASL authentication, and
disables SMTP connection caching to ensure that mail from dif-
client; this is available only with SASL authentication, and
disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that the Postfix SMTP client
passes through to the SASL plug-in implementation that is
passes through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client should use
The SASL plug-in type that the Postfix SMTP client should use
for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
An optional table to prevent repeated SASL authentication fail-
ures with the same remote SMTP server hostname, username and
An optional table to prevent repeated SASL authentication fail-
ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
When a remote SMTP server rejects a SASL authentication request
with a 535 reply code, defer mail delivery instead of returning
When a remote SMTP server rejects a SASL authentication request
with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> (:)</b>
The delimiter between username and password in sasl_passwd_maps
The delimiter between username and password in sasl_passwd_maps
lookup results.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be found in the
Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
The SASL authentication security options that the Postfix SMTP
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read operations
Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA cer-
A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format Certification Authority certificates
Directory with PEM format Certification Authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate.
@ -525,7 +528,7 @@ SMTP(8) SMTP(8)
File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will
The minimum TLS cipher grade that the Postfix SMTP client will
use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -533,8 +536,8 @@ SMTP(8) SMTP(8)
client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to exclude from the
Postfix SMTP client cipher list at mandatory TLS security lev-
Additional list of ciphers or cipher types to exclude from the
Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
@ -550,7 +553,7 @@ SMTP(8) SMTP(8)
Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that offers STARTTLS,
Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
@ -559,14 +562,14 @@ SMTP(8) SMTP(8)
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
TLS protocols that the Postfix SMTP client will use with manda-
TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
How the Postfix SMTP client verifies the server certificate
How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
@ -574,16 +577,16 @@ SMTP(8) SMTP(8)
session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
The expiration time of Postfix SMTP client TLS session cache
The expiration time of Postfix SMTP client TLS session cache
information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
How the Postfix SMTP client verifies the server certificate
How the Postfix SMTP client verifies the server certificate
peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
internal pseudo random number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
@ -593,7 +596,7 @@ SMTP(8) SMTP(8)
The OpenSSL cipherlist for "medium" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
The OpenSSL cipherlist for "NULL" grade ciphers that provide
The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
Available in in Postfix version 2.3..3.7:
@ -608,45 +611,45 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified
server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
List of acceptable remote SMTP server certificate fingerprints
for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
List of acceptable remote SMTP server certificate fingerprints
for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
The message digest algorithm used to construct remote SMTP
The message digest algorithm used to construct remote SMTP
server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see 'postconf -d' output)</b>
TLS protocols that the Postfix SMTP client will use with oppor-
TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will
The minimum TLS cipher grade that the Postfix SMTP client will
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
File with the Postfix SMTP client ECDSA certificate in PEM for-
File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
File with the Postfix SMTP client ECDSA private key in PEM for-
File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends mali-
cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends mali-
cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
Available in Postfix version 2.8 and later:
@ -666,11 +669,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
Zero or more PEM-format files with trust-anchor certificates
Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
Lookup the associated DANE TLSA RRset even when a hostname is
Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
@ -679,14 +682,14 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
Request that the Postfix SMTP client connects using the SUBMIS-
Request that the Postfix SMTP client connects using the SUBMIS-
SIONS/SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
The TLS policy for MX hosts with "secure" TLSA records when the
nexthop destination security level is <b>dane</b>, but the MX record
The TLS policy for MX hosts with "secure" TLSA records when the
nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.2 and later:
@ -701,23 +704,23 @@ SMTP(8) SMTP(8)
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
List of one or more PEM files, each holding one or more private
List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
Optional name to send to the remote SMTP server in the TLS
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
A workaround for implementations that hang Postfix while shut-
A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
The prioritized list of finite-field Diffie-Hellman ephemeral
The prioritized list of finite-field Diffie-Hellman ephemeral
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
@ -727,50 +730,50 @@ SMTP(8) SMTP(8)
Optional configuration file with baseline OpenSSL settings.
<b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
The application name passed by Postfix to OpenSSL library ini-
The application name passed by Postfix to OpenSSL library ini-
tialization functions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> (no)</b>
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP server announces
Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers use TLS
Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server host-
Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The Postfix SMTP client time limit for completing a TCP connec-
The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The Postfix SMTP client time limit for sending the HELO or EHLO
command, and for receiving the initial remote SMTP server
The Postfix SMTP client time limit for sending the HELO or EHLO
command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
@ -782,19 +785,19 @@ SMTP(8) SMTP(8)
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The Postfix SMTP client time limit for sending the MAIL FROM
The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The Postfix SMTP client time limit for sending the SMTP RCPT TO
The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The Postfix SMTP client time limit for sending the SMTP DATA
The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The Postfix SMTP client time limit for sending the SMTP message
The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
@ -808,13 +811,13 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
The maximal number of MX (mail exchanger) IP addresses that can
result from Postfix SMTP client mail exchanger lookups, or zero
The maximal number of MX (mail exchanger) IP addresses that can
result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery request before
the Postfix SMTP client gives up or delivers to a fall-back
The maximal number of SMTP sessions per delivery request before
the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
@ -824,17 +827,17 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the specified
Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a destination
Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
@ -848,23 +851,23 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or receive opera-
Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
When SMTP connection caching is enabled, the number of times
that an SMTP session may be reused before it is closed, or zero
When SMTP connection caching is enabled, the number of times
that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
@ -875,13 +878,13 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
The minimum plaintext data transfer rate in bytes/second for
The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
@ -889,54 +892,54 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
<a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
<a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
Detect that a message requires SMTPUTF8 support for the speci-
Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
Enable 'transitional' compatibility between IDNA2003 and
IDNA2008, when converting UTF-8 domain names to/from the ASCII
Enable 'transitional' compatibility between IDNA2003 and
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a nexthop destina-
tion, remote client or server name or network address matches a
The increment in verbose logging level when a nexthop destina-
tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of nexthop destination, remote client or server
name or network address patterns that, if matched, cause the
verbose logging level to increase by the amount specified in
Optional list of nexthop destination, remote client or server
name or network address patterns that, if matched, cause the
verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about mail delivery
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are subject to
before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
What categories of Postfix-generated mail are subject to
before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
@ -944,46 +947,46 @@ SMTP(8) SMTP(8)
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail when it
Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to handle a
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
The local network interface addresses that this mail system
The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
The Internet protocols Postfix will attempt to use when making
The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information over an
The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
When a remote LMTP server announces no DSN support, assume that
the server performs final delivery, and send "delivered" deliv-
When a remote LMTP server announces no DSN support, assume that
the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix daemon process
The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
@ -997,21 +1000,21 @@ SMTP(8) SMTP(8)
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The remote network interface addresses that this mail system
receives mail on by way of a proxy or network address transla-
The remote network interface addresses that this mail system
receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
client will try first, when a destination has IPv6 and IPv4
client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the Postfix SMTP
An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the Postfix SMTP
An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
@ -1031,7 +1034,7 @@ SMTP(8) SMTP(8)
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
A prefix that is prepended to the process name in syslog
A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
@ -1043,14 +1046,14 @@ SMTP(8) SMTP(8)
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay destinations that will be used when an
SMTP destination is not found, or when delivery fails due to a
Optional list of relay destinations that will be used when an
SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
In the context of email address verification, the SMTP protocol
In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
@ -1072,7 +1075,7 @@ SMTP(8) SMTP(8)
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
Defer delivery when the Postfix SMTP client cannot apply the
Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b>SEE ALSO</b>
@ -1131,5 +1134,5 @@ SMTP(8) SMTP(8)
Victor Duchovni
Morgan Stanley
SMTP(8)
8 SMTP,(LMTP)
</pre> </body> </html>

234
postfix/html/local.8.html
View File

@ -178,40 +178,42 @@ LOCAL(8) LOCAL(8)
replaced with underscores. The list of acceptable characters is speci-
fied with the <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a></b> configuration parameter.
<b>SHELL</b> The recipient user's login shell.
<b>SHELL</b> The envelope recipient user's login shell.
<b>HOME</b> The recipient user's home directory.
<b>HOME</b> The envelope recipient user's home directory.
<b>USER</b> The bare recipient name.
<b>USER</b> The bare envelope recipient name.
<b>EXTENSION</b>
The optional recipient address extension.
The optional envelope recipient address extension.
<b>DOMAIN</b> The recipient address domain part.
<b>DOMAIN</b> The envelope recipient address domain part.
<b>LOGNAME</b>
The bare recipient name.
The bare envelope recipient name.
<b>LOCAL</b> The entire recipient address localpart (text to the left of the
rightmost @ character).
<b>LOCAL</b> The entire envelope recipient address localpart (text to the
left of the rightmost @ character).
<b>ORIGINAL_RECIPIENT</b>
The entire recipient address, before any address rewriting or
aliasing (Postfix 2.5 and later).
The entire envelope recipient address, before any address
rewriting or aliasing (Postfix 2.5 and later).
<b>RECIPIENT</b>
The entire recipient address.
The entire envelope recipient address.
<b>SENDER</b> The entire sender address.
<b>SENDER</b> The entire envelope sender address.
Additional remote client information is made available via the follow-
<b>ENVID</b> The optional <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID. Available as of Postfix 3.9.
Additional remote client information is made available via the follow-
ing environment variables:
<b>CLIENT_ADDRESS</b>
Remote client network address. Available as of Postfix 2.2.
<b>CLIENT_HELO</b>
Remote client EHLO command parameter. Available as of Postfix
Remote client EHLO command parameter. Available as of Postfix
2.2.
<b>CLIENT_HOSTNAME</b>
@ -221,69 +223,69 @@ LOCAL(8) LOCAL(8)
Remote client protocol. Available as of Postfix 2.2.
<b>SASL_METHOD</b>
SASL authentication method specified in the remote client AUTH
SASL authentication method specified in the remote client AUTH
command. Available as of Postfix 2.2.
<b>SASL_SENDER</b>
SASL sender address specified in the remote client MAIL FROM
SASL sender address specified in the remote client MAIL FROM
command. Available as of Postfix 2.2.
<b>SASL_USERNAME</b>
SASL username specified in the remote client AUTH command.
SASL username specified in the remote client AUTH command.
Available as of Postfix 2.2.
The <b>PATH</b> environment variable is always reset to a system-dependent
default path, and environment variables whose names are blessed by the
The <b>PATH</b> environment variable is always reset to a system-dependent
default path, and environment variables whose names are blessed by the
<b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration parameter are exported unchanged.
The current working directory is the mail queue directory.
The <a href="local.8.html"><b>local</b>(8)</a> daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header
to each message, prepends an <b>X-Original-To:</b> header with the recipient
address as given to Postfix, prepends an optional <b>Delivered-To:</b> header
with the final recipient envelope address, prepends a <b>Return-Path:</b>
to each message, prepends an <b>X-Original-To:</b> header with the recipient
address as given to Postfix, prepends an optional <b>Delivered-To:</b> header
with the final recipient envelope address, prepends a <b>Return-Path:</b>
header with the sender envelope address, and appends no empty line.
<b>EXTERNAL FILE DELIVERY</b>
The delivery format depends on the destination filename syntax. The
default is to use UNIX-style mailbox format. Specify a name ending in
The delivery format depends on the destination filename syntax. The
default is to use UNIX-style mailbox format. Specify a name ending in
<b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts delivery to
external files. The default setting (<b>alias, forward</b>) forbids file des-
The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts delivery to
external files. The default setting (<b>alias, forward</b>) forbids file des-
tinations in <b>:include:</b> files.
In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
prepends an <b>X-Original-To:</b> header with the recipient address as given
to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
recipient envelope address, prepends a &gt; character to lines beginning
with "<b>From</b> ", and appends an empty line. The envelope sender address
is available in the <b>Return-Path:</b> header. When the destination is a
regular file, it is locked for exclusive access while delivery is in
In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
prepends an <b>X-Original-To:</b> header with the recipient address as given
to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
recipient envelope address, prepends a &gt; character to lines beginning
with "<b>From</b> ", and appends an empty line. The envelope sender address
is available in the <b>Return-Path:</b> header. When the destination is a
regular file, it is locked for exclusive access while delivery is in
progress. In case of problems, an attempt is made to truncate a regular
file to its original length.
In the case of <b>maildir</b> delivery, the local daemon prepends an optional
<b>Delivered-To:</b> header with the final envelope recipient address, and
prepends an <b>X-Original-To:</b> header with the recipient address as given
to Postfix. The envelope sender address is available in the
In the case of <b>maildir</b> delivery, the local daemon prepends an optional
<b>Delivered-To:</b> header with the final envelope recipient address, and
prepends an <b>X-Original-To:</b> header with the recipient address as given
to Postfix. The envelope sender address is available in the
<b>Return-Path:</b> header.
<b>ADDRESS EXTENSION</b>
The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
to separate address extensions from local recipient names.
For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for <i>name</i>+<i>foo</i> is
delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina-
For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for <i>name</i>+<i>foo</i> is
delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina-
tions listed in ~<i>name</i>/.<b>forward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox
owned by the user <i>name</i>, or it is sent back as undeliverable.
<b>DELIVERY RIGHTS</b>
Deliveries to external files and external commands are made with the
rights of the receiving user on whose behalf the delivery is made. In
the absence of a user context, the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
rights of the <b>:include:</b> file or alias database. When those files are
Deliveries to external files and external commands are made with the
rights of the receiving user on whose behalf the delivery is made. In
the absence of a user context, the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
rights of the <b>:include:</b> file or alias database. When those files are
owned by the superuser, delivery is made with the rights specified with
the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
@ -292,43 +294,43 @@ LOCAL(8) LOCAL(8)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Corrupted message files are marked so that the queue manager can move
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Corrupted message files are marked so that the queue manager can move
them to the <b>corrupt</b> queue afterwards.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b>SECURITY</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
ent and deliver to recipient-specified files or commands. It is there-
ent and deliver to recipient-specified files or commands. It is there-
fore security sensitive.
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
<a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
<a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
terminate with a fatal error.
<b>BUGS</b>
For security reasons, the message delivery status of external commands
or of external files is never checkpointed to file. As a result, the
program may occasionally deliver more than once to a command or exter-
For security reasons, the message delivery status of external commands
or of external files is never checkpointed to file. As a result, the
program may occasionally deliver more than once to a command or exter-
nal file. Better safe than sorry.
Mutually-recursive aliases or ~/.<b>forward</b> files are not detected early.
The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
Mutually-recursive aliases or ~/.<b>forward</b> files are not detected early.
The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
<b>ered-To:</b> message header.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
@ -336,14 +338,14 @@ LOCAL(8) LOCAL(8)
Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service.
<b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a> (no)</b>
When delivering to an alias "<i>aliasname</i>" that has an
When delivering to an alias "<i>aliasname</i>" that has an
"owner-<i>aliasname</i>" companion alias, set the envelope sender
address to the expansion of the "owner-<i>aliasname</i>" alias.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
Enable special treatment for owner-<i>listname</i> entries in the
Enable special treatment for owner-<i>listname</i> entries in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
<i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
<i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
set to "-".
<b><a href="postconf.5.html#sun_mailtool_compatibility">sun_mailtool_compatibility</a> (no)</b>
@ -352,64 +354,64 @@ LOCAL(8) LOCAL(8)
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#frozen_delivered_to">frozen_delivered_to</a> (yes)</b>
Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the Delivered-To:
address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start
of a delivery attempt; do not update the Delivered-To: address
Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the Delivered-To:
address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start
of a delivery attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by its recipi-
Defer delivery when a mailbox file is not owned by its recipi-
ent.
<b><a href="postconf.5.html#reset_owner_alias">reset_owner_alias</a> (no)</b>
Reset the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the owner-alias
attribute, when delivering mail to a child alias that does not
Reset the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the owner-alias
attribute, when delivering mail to a child alias that does not
have its own owner alias.
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#local_delivery_status_filter">local_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
Optional filter for the <a href="local.8.html"><b>local</b>(8)</a> delivery agent to change the
status code or explanatory text of successful or unsuccessful
Optional filter for the <a href="local.8.html"><b>local</b>(8)</a> delivery agent to change the
status code or explanatory text of successful or unsuccessful
deliveries.
<b>DELIVERY METHOD CONTROLS</b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
<a href="postconf.5.html#mail_spool_directory">tory</a>, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
Optional lookup tables with aliases that apply only to <a href="local.8.html"><b>local</b>(8)</a>
recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
Optional lookup tables with aliases that apply only to <a href="local.8.html"><b>local</b>(8)</a>
recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding a .forward
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding a .forward
file with user-specified delivery methods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message delivery
transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery, whether or not
transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery, whether or not
the recipients are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent should use for mailbox delivery to all local recipients,
Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent should use for mailbox delivery to all local recipients,
whether or not they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
Optional lookup tables with per-recipient external commands to
Optional lookup tables with per-recipient external commands to
use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent
should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
Optional pathname of a mailbox file relative to a <a href="local.8.html"><b>local</b>(8)</a>
Optional pathname of a mailbox file relative to a <a href="local.8.html"><b>local</b>(8)</a>
user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
@ -421,17 +423,17 @@ LOCAL(8) LOCAL(8)
not find in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent should use for names that are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a>
Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent should use for names that are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a>
or UNIX password database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
Optional catch-all destination for unknown <a href="local.8.html"><b>local</b>(8)</a> recipients.
Optional catch-all destination for unknown <a href="local.8.html"><b>local</b>(8)</a> recipients.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for delivery to
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for delivery to
external commands.
<b>MAILBOX LOCKING CONTROLS</b>
@ -440,15 +442,15 @@ LOCAL(8) LOCAL(8)
mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive lock on a
The time between attempts to acquire an exclusive lock on a
mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox lockfile is
The time after which a stale exclusive mailbox lockfile is
removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
delivery.
<b>RESOURCE AND RATE CONTROLS</b>
@ -461,20 +463,20 @@ LOCAL(8) LOCAL(8)
<a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
<b><a href="postconf.5.html#mailbox_size_limit">mailbox_size_limit</a> (51200000)</b>
The maximal size of any <a href="local.8.html"><b>local</b>(8)</a> individual mailbox or maildir
The maximal size of any <a href="local.8.html"><b>local</b>(8)</a> individual mailbox or maildir
file, or zero (no limit).
Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
The maximal number of parallel deliveries via the local mail
delivery transport to the same recipient (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
<a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> = 1") or the maximal number of parallel
The maximal number of parallel deliveries via the local mail
delivery transport to the same recipient (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
<a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> = 1") or the maximal number of parallel
deliveries to the same local domain (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
<a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> &gt; 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
The maximal number of recipients per message delivery via the
The maximal number of recipients per message delivery via the
local mail delivery transport.
<b>SECURITY CONTROLS</b>
@ -485,49 +487,49 @@ LOCAL(8) LOCAL(8)
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent for
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent for
delivery to an external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by its recipi-
Defer delivery when a mailbox file is not owned by its recipi-
ent.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to handle a
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
The list of environment variables that a Postfix process will
The list of environment variables that a Postfix process will
export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information over an
The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#local_command_shell">local_command_shell</a> (empty)</b>
@ -535,7 +537,7 @@ LOCAL(8) LOCAL(8)
mands.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix daemon process
The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
@ -543,8 +545,8 @@ LOCAL(8) LOCAL(8)
process will service before terminating voluntarily.
<b><a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> (command, file, forward)</b>
The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent prepends a Delivered-To: message header with the
The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent prepends a Delivered-To: message header with the
address that the mail was delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
@ -554,14 +556,14 @@ LOCAL(8) LOCAL(8)
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
What address lookup tables copy an address extension from the
What address lookup tables copy an address extension from the
lookup key to the lookup result.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
The set of characters that can separate an email address local-
The set of characters that can separate an email address local-
part, user name, or a .forward file name from its extension.
<b><a href="postconf.5.html#require_home_directory">require_home_directory</a> (no)</b>
@ -572,14 +574,14 @@ LOCAL(8) LOCAL(8)
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
A prefix that is prepended to the process name in syslog
A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
Enable support for the original recipient address after an
address is rewritten to a different address (for example with
Enable support for the original recipient address after an
address is rewritten to a different address (for example with
aliasing or with canonical mapping).
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
@ -588,7 +590,7 @@ LOCAL(8) LOCAL(8)
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
The email address form that will be used in non-debug logging
The email address form that will be used in non-debug logging
(info, warning, etc.).
<b>FILES</b>
@ -612,10 +614,10 @@ LOCAL(8) LOCAL(8)
The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
Bernstein.
The <i>maildir</i> structure appears in the <b>qmail</b> system by Daniel Bernstein.
The <i>maildir</i> structure appears in the <b>qmail</b> system by Daniel Bernstein.
<b>AUTHOR(S)</b>
Wietse Venema

106
postfix/html/pipe.8.html
View File

@ -242,13 +242,19 @@ PIPE(8) PIPE(8)
This feature is available as of Postfix 2.5.
<b>${envid}</b>
This macro expands to the <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID if avail-
able, otherwise the empty string.
This feature is available as of Postfix 3.9.
<b>${extension}</b>
This macro expands to the extension part of a recipient
address. For example, with an address <i>user+foo@domain</i>
This macro expands to the extension part of a recipient
address. For example, with an address <i>user+foo@domain</i>
the extension is <i>foo</i>.
A command-line argument that contains <b>${extension}</b>
expands into as many command-line arguments as there are
A command-line argument that contains <b>${extension}</b>
expands into as many command-line arguments as there are
recipients.
This information is modified by the <b>u</b> flag for case fold-
@ -256,11 +262,11 @@ PIPE(8) PIPE(8)
<b>${mailbox}</b>
This macro expands to the complete local part of a recip-
ient address. For example, with an address
ient address. For example, with an address
<i>user+foo@domain</i> the mailbox is <i>user+foo</i>.
A command-line argument that contains <b>${mailbox}</b> expands
to as many command-line arguments as there are recipi-
A command-line argument that contains <b>${mailbox}</b> expands
to as many command-line arguments as there are recipi-
ents.
This information is modified by the <b>u</b> flag for case fold-
@ -273,11 +279,11 @@ PIPE(8) PIPE(8)
ing.
<b>${original_recipient}</b>
This macro expands to the complete recipient address
This macro expands to the complete recipient address
before any address rewriting or aliasing.
A command-line argument that contains <b>${original_recipi-</b>
<b>ent}</b> expands to as many command-line arguments as there
A command-line argument that contains <b>${original_recipi-</b>
<b>ent}</b> expands to as many command-line arguments as there
are recipients.
This information is modified by the <b>hqu</b> flags for quoting
@ -293,8 +299,8 @@ PIPE(8) PIPE(8)
<b>${recipient}</b>
This macro expands to the complete recipient address.
A command-line argument that contains <b>${recipient}</b>
expands to as many command-line arguments as there are
A command-line argument that contains <b>${recipient}</b>
expands to as many command-line arguments as there are
recipients.
This information is modified by the <b>hqu</b> flags for quoting
@ -302,13 +308,13 @@ PIPE(8) PIPE(8)
<b>${sasl_method}</b>
This macro expands to the name of the SASL authentication
mechanism in the AUTH command when the Postfix SMTP
mechanism in the AUTH command when the Postfix SMTP
server received the message.
This feature is available as of Postfix 2.2.
<b>${sasl_sender}</b>
This macro expands to the SASL sender name (i.e. the
This macro expands to the SASL sender name (i.e. the
original submitter as per <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) in the MAIL FROM com-
mand when the Postfix SMTP server received the message.
@ -321,25 +327,25 @@ PIPE(8) PIPE(8)
This feature is available as of Postfix 2.2.
<b>${sender}</b>
This macro expands to the envelope sender address. By
default, the null sender address expands to MAILER-DAE-
MON; this can be changed with the <b>null_sender</b> attribute,
This macro expands to the envelope sender address. By
default, the null sender address expands to MAILER-DAE-
MON; this can be changed with the <b>null_sender</b> attribute,
as described above.
This information is modified by the <b>q</b> flag for quoting.
<b>${size}</b>
This macro expands to Postfix's idea of the message size,
which is an approximation of the size of the message as
which is an approximation of the size of the message as
delivered.
<b>${user}</b>
This macro expands to the username part of a recipient
address. For example, with an address <i>user+foo@domain</i>
This macro expands to the username part of a recipient
address. For example, with an address <i>user+foo@domain</i>
the username part is <i>user</i>.
A command-line argument that contains <b>${user}</b> expands
into as many command-line arguments as there are recipi-
A command-line argument that contains <b>${user}</b> expands
into as many command-line arguments as there are recipi-
ents.
This information is modified by the <b>u</b> flag for case fold-
@ -349,36 +355,36 @@ PIPE(8) PIPE(8)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Command exit status codes are expected to follow the conventions
Command exit status codes are expected to follow the conventions
defined in &lt;<b>sysexits.h</b>&gt;. Exit status 0 means normal successful comple-
tion.
In the case of a non-zero exit status, a limited amount of command out-
put is logged, and reported in a delivery status notification. When
the output begins with a 4.X.X or 5.X.X enhanced status code, the sta-
tus code takes precedence over the non-zero exit status (Postfix ver-
put is logged, and reported in a delivery status notification. When
the output begins with a 4.X.X or 5.X.X enhanced status code, the sta-
tus code takes precedence over the non-zero exit status (Postfix ver-
sion 2.3 and later).
After successful delivery (zero exit status) a limited amount of com-
mand output is logged, and reported in "success" delivery status noti-
After successful delivery (zero exit status) a limited amount of com-
mand output is logged, and reported in "success" delivery status noti-
fications (Postfix 3.0 and later). This command output is not examined
for the presence of an enhanced status code.
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Corrupted message files are marked so that the queue manager can move
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Corrupted message files are marked so that the queue manager can move
them to the <b>corrupt</b> queue for further inspection.
<b>SECURITY</b>
This program needs a dual personality 1) to access the private Postfix
queue and IPC mechanisms, and 2) to execute external commands as the
This program needs a dual personality 1) to access the private Postfix
queue and IPC mechanisms, and 2) to execute external commands as the
specified user. It is therefore security sensitive.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="pipe.8.html"><b>pipe</b>(8)</a> processes run
for only a limited amount of time. Use the command "<b>postfix reload</b>" to
for only a limited amount of time. Use the command "<b>postfix reload</b>" to
speed up a change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>RESOURCE AND RATE CONTROLS</b>
@ -386,50 +392,50 @@ PIPE(8) PIPE(8)
<b><a href="postconf.5.html#transport_time_limit">transport_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parame-
ter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
ter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
delivery transport.
Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
<a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
<a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to handle a
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
The list of environment variables that a Postfix process will
The list of environment variables that a Postfix process will
export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information over an
The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
The UNIX system account that owns the Postfix queue and most
The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix daemon process
The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
@ -446,28 +452,28 @@ PIPE(8) PIPE(8)
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
The set of characters that can separate an email address local-
The set of characters that can separate an email address local-
part, user name, or a .forward file name from its extension.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
A prefix that is prepended to the process name in syslog
A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#pipe_delivery_status_filter">pipe_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
Optional filter for the <a href="pipe.8.html"><b>pipe</b>(8)</a> delivery agent to change the
Optional filter for the <a href="pipe.8.html"><b>pipe</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
Enable support for the original recipient address after an
address is rewritten to a different address (for example with
Enable support for the original recipient address after an
address is rewritten to a different address (for example with
aliasing or with canonical mapping).
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
@ -476,7 +482,7 @@ PIPE(8) PIPE(8)
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
The email address form that will be used in non-debug logging
The email address form that will be used in non-debug logging
(info, warning, etc.).
<b>SEE ALSO</b>

5
postfix/html/postconf.5.html
View File

@ -6498,6 +6498,11 @@ and later.</dd>
<dd>The domain part of the recipient address. </dd>
<dt><b>ENVID</b></dt>
<dd>The optional <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID. Available in Postfix version
3.9 and later</dd>
<dt><b>EXTENSION</b></dt>
<dd>The optional address extension. </dd>

2
postfix/html/proxymap.8.html
View File

@ -41,7 +41,7 @@ PROXYMAP(8) PROXYMAP(8)
<b>o</b> To provide single-updater functionality for lookup tables that
do not reliably support multiple writers (i.e. all file-based
tables).
tables that are not based on <b>lmdb</b>).
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:

363
postfix/html/smtp.8.html
View File

@ -5,20 +5,24 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title>
</head> <body> <pre>
SMTP(8) SMTP(8)
SMTP,(LMTP) SMTP,(LMTP)
<b>NAME</b>
smtp - Postfix SMTP+LMTP client
smtp, lmtp - Postfix SMTP+LMTP client
<b>SYNOPSIS</b>
<b>smtp</b> [generic Postfix daemon options] [flags=DORX]
<b>lmtp</b> [generic Postfix daemon options] [flags=DORX]
<b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. The process name, <b>smtp</b> or
<b>lmtp</b>, controls the protocol, and the names of the configuration parame-
ters that will be used.
The SMTP+LMTP client updates the queue file and marks recipients as
finished, or it informs the queue manager that delivery should be tried
@ -180,20 +184,19 @@ SMTP(8) SMTP(8)
for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b>
Before Postfix version 2.3, the LMTP client is a separate program that
implements only a subset of the functionality available with SMTP:
there is no support for TLS, and connections are cached in-process,
making it ineffective when the client is used for multiple domains.
Postfix versions 2.3 and later implement the SMTP and LMTP client with
the same program, and choose the protocol and configuration parameters
based on the process name, <b>smtp</b> or <b>lmtp</b>.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
eter for the equivalent LMTP feature. This document describes only
eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
@ -214,8 +217,8 @@ SMTP(8) SMTP(8)
will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
How long the Postfix SMTP client pauses before sending
".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
How long the Postfix SMTP client pauses before sending
".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
"&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
@ -224,19 +227,19 @@ SMTP(8) SMTP(8)
delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
A list that specifies zero or more workarounds for CISCO PIX
A list that specifies zero or more workarounds for CISCO PIX
firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
Lookup tables, indexed by the remote SMTP server address, with
Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP servers one
A mechanism to transform replies from remote SMTP servers one
line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
@ -248,68 +251,68 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 4XX status code (go away,
Skip SMTP servers that greet with a 4XX status code (go away,
try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls,
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
A case insensitive list of EHLO keywords (pipelining, starttls,
A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
Optional lookup tables that perform address rewriting in the
Postfix SMTP client, typically to transform a locally valid
address into a globally valid address when sending mail across
Optional lookup tables that perform address rewriting in the
Postfix SMTP client, typically to transform a locally valid
address into a globally valid address when sending mail across
the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
When the remote SMTP servername is a DNS CNAME, replace the
servername with the result from CNAME expansion for the purpose
of logging, SASL password lookup, TLS policy decisions, or TLS
When the remote SMTP servername is a DNS CNAME, replace the
servername with the result from CNAME expansion for the purpose
of logging, SASL password lookup, TLS policy decisions, or TLS
certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
Lookup tables, indexed by the remote LMTP server address, with
case insensitive lists of LHLO keywords (pipelining, starttls,
Lookup tables, indexed by the remote LMTP server address, with
case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
A case insensitive list of LHLO keywords (pipelining, starttls,
A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid);
send only the SASL authentiCation ID (authcid) plus the auth-
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid);
send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
@ -318,7 +321,7 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
An optional workaround for routers that break TCP window scal-
An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
@ -329,16 +332,16 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
@ -349,7 +352,7 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
@ -359,38 +362,38 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
When a remote destination resolves to a combination of IPv4 and
When a remote destination resolves to a combination of IPv4 and
IPv6 addresses, ensure that the Postfix SMTP client can try both
address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
The email address form that will be used in non-debug logging
The email address form that will be used in non-debug logging
(info, warning, etc.).
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
The DNS query type (default: "ns") and DNS query name (default:
The DNS query type (default: "ns") and DNS query name (default:
".") that Postfix may use to determine whether DNSSEC validation
is available.
<b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b>sion=587)</b>
Optional setting that avoids lookups in the <b>services</b>(5) data-
Optional setting that avoids lookups in the <b>services</b>(5) data-
base.
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
The minimum plaintext data transfer rate in bytes/second for
The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
@ -400,16 +403,16 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
Enables discovery for the specified service(s) using DNS SRV
Enables discovery for the specified service(s) using DNS SRV
records.
<b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
When SRV record lookup fails, fall back to MX or IP address
When SRV record lookup fails, fall back to MX or IP address
lookup as if SRV record lookup was not enabled.
<b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
When SRV record lookup fails or no SRV record exists, fall back
to MX or IP address lookup as if SRV record lookup was not
When SRV record lookup fails or no SRV record exists, fall back
to MX or IP address lookup as if SRV record lookup was not
enabled.
<b>MIME PROCESSING CONTROLS</b>
@ -428,7 +431,7 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
Send the non-standard XFORWARD command when the Postfix SMTP
Send the non-standard XFORWARD command when the Postfix SMTP
server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
@ -436,88 +439,88 @@ SMTP(8) SMTP(8)
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
Optional Postfix SMTP client lookup tables with one user-
name:password entry per sender, remote hostname or next-hop
Optional Postfix SMTP client lookup tables with one user-
name:password entry per sender, remote hostname or next-hop
domain.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
list of available features depends on the SASL client implemen-
list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
If non-empty, a Postfix SMTP client filter for the remote SMTP
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
client; this is available only with SASL authentication, and
disables SMTP connection caching to ensure that mail from dif-
client; this is available only with SASL authentication, and
disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that the Postfix SMTP client
passes through to the SASL plug-in implementation that is
passes through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client should use
The SASL plug-in type that the Postfix SMTP client should use
for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
An optional table to prevent repeated SASL authentication fail-
ures with the same remote SMTP server hostname, username and
An optional table to prevent repeated SASL authentication fail-
ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
When a remote SMTP server rejects a SASL authentication request
with a 535 reply code, defer mail delivery instead of returning
When a remote SMTP server rejects a SASL authentication request
with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> (:)</b>
The delimiter between username and password in sasl_passwd_maps
The delimiter between username and password in sasl_passwd_maps
lookup results.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be found in the
Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
The SASL authentication security options that the Postfix SMTP
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read operations
Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA cer-
A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format Certification Authority certificates
Directory with PEM format Certification Authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate.
@ -525,7 +528,7 @@ SMTP(8) SMTP(8)
File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will
The minimum TLS cipher grade that the Postfix SMTP client will
use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -533,8 +536,8 @@ SMTP(8) SMTP(8)
client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to exclude from the
Postfix SMTP client cipher list at mandatory TLS security lev-
Additional list of ciphers or cipher types to exclude from the
Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
@ -550,7 +553,7 @@ SMTP(8) SMTP(8)
Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that offers STARTTLS,
Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
@ -559,14 +562,14 @@ SMTP(8) SMTP(8)
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
TLS protocols that the Postfix SMTP client will use with manda-
TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
How the Postfix SMTP client verifies the server certificate
How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
@ -574,16 +577,16 @@ SMTP(8) SMTP(8)
session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
The expiration time of Postfix SMTP client TLS session cache
The expiration time of Postfix SMTP client TLS session cache
information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
How the Postfix SMTP client verifies the server certificate
How the Postfix SMTP client verifies the server certificate
peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
internal pseudo random number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
@ -593,7 +596,7 @@ SMTP(8) SMTP(8)
The OpenSSL cipherlist for "medium" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
The OpenSSL cipherlist for "NULL" grade ciphers that provide
The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
Available in in Postfix version 2.3..3.7:
@ -608,45 +611,45 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified
server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
List of acceptable remote SMTP server certificate fingerprints
for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
List of acceptable remote SMTP server certificate fingerprints
for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
The message digest algorithm used to construct remote SMTP
The message digest algorithm used to construct remote SMTP
server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see 'postconf -d' output)</b>
TLS protocols that the Postfix SMTP client will use with oppor-
TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will
The minimum TLS cipher grade that the Postfix SMTP client will
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
File with the Postfix SMTP client ECDSA certificate in PEM for-
File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
File with the Postfix SMTP client ECDSA private key in PEM for-
File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends mali-
cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends mali-
cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
Available in Postfix version 2.8 and later:
@ -666,11 +669,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
Zero or more PEM-format files with trust-anchor certificates
Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
Lookup the associated DANE TLSA RRset even when a hostname is
Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
@ -679,14 +682,14 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
Request that the Postfix SMTP client connects using the SUBMIS-
Request that the Postfix SMTP client connects using the SUBMIS-
SIONS/SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
The TLS policy for MX hosts with "secure" TLSA records when the
nexthop destination security level is <b>dane</b>, but the MX record
The TLS policy for MX hosts with "secure" TLSA records when the
nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.2 and later:
@ -701,23 +704,23 @@ SMTP(8) SMTP(8)
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
List of one or more PEM files, each holding one or more private
List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
Optional name to send to the remote SMTP server in the TLS
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
A workaround for implementations that hang Postfix while shut-
A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
The prioritized list of finite-field Diffie-Hellman ephemeral
The prioritized list of finite-field Diffie-Hellman ephemeral
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
@ -727,50 +730,50 @@ SMTP(8) SMTP(8)
Optional configuration file with baseline OpenSSL settings.
<b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
The application name passed by Postfix to OpenSSL library ini-
The application name passed by Postfix to OpenSSL library ini-
tialization functions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> (no)</b>
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP server announces
Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers use TLS
Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server host-
Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The Postfix SMTP client time limit for completing a TCP connec-
The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The Postfix SMTP client time limit for sending the HELO or EHLO
command, and for receiving the initial remote SMTP server
The Postfix SMTP client time limit for sending the HELO or EHLO
command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
@ -782,19 +785,19 @@ SMTP(8) SMTP(8)
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The Postfix SMTP client time limit for sending the MAIL FROM
The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The Postfix SMTP client time limit for sending the SMTP RCPT TO
The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The Postfix SMTP client time limit for sending the SMTP DATA
The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The Postfix SMTP client time limit for sending the SMTP message
The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
@ -808,13 +811,13 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
The maximal number of MX (mail exchanger) IP addresses that can
result from Postfix SMTP client mail exchanger lookups, or zero
The maximal number of MX (mail exchanger) IP addresses that can
result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery request before
the Postfix SMTP client gives up or delivers to a fall-back
The maximal number of SMTP sessions per delivery request before
the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
@ -824,17 +827,17 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the specified
Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a destination
Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
@ -848,23 +851,23 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or receive opera-
Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
When SMTP connection caching is enabled, the number of times
that an SMTP session may be reused before it is closed, or zero
When SMTP connection caching is enabled, the number of times
that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
@ -875,13 +878,13 @@ SMTP(8) SMTP(8)
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
Change the behavior of the smtp_*_timeout time limits, from a
time limit per plaintext or TLS read or write call, to a com-
bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
The minimum plaintext data transfer rate in bytes/second for
The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
@ -889,54 +892,54 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
<a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
<a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
Detect that a message requires SMTPUTF8 support for the speci-
Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
Enable 'transitional' compatibility between IDNA2003 and
IDNA2008, when converting UTF-8 domain names to/from the ASCII
Enable 'transitional' compatibility between IDNA2003 and
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a nexthop destina-
tion, remote client or server name or network address matches a
The increment in verbose logging level when a nexthop destina-
tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of nexthop destination, remote client or server
name or network address patterns that, if matched, cause the
verbose logging level to increase by the amount specified in
Optional list of nexthop destination, remote client or server
name or network address patterns that, if matched, cause the
verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about mail delivery
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are subject to
before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
What categories of Postfix-generated mail are subject to
before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
@ -944,46 +947,46 @@ SMTP(8) SMTP(8)
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail when it
Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to handle a
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
The local network interface addresses that this mail system
The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
The Internet protocols Postfix will attempt to use when making
The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information over an
The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
When a remote LMTP server announces no DSN support, assume that
the server performs final delivery, and send "delivered" deliv-
When a remote LMTP server announces no DSN support, assume that
the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix daemon process
The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
@ -997,21 +1000,21 @@ SMTP(8) SMTP(8)
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The remote network interface addresses that this mail system
receives mail on by way of a proxy or network address transla-
The remote network interface addresses that this mail system
receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
client will try first, when a destination has IPv6 and IPv4
client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the Postfix SMTP
An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the Postfix SMTP
An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
@ -1031,7 +1034,7 @@ SMTP(8) SMTP(8)
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
A prefix that is prepended to the process name in syslog
A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
@ -1043,14 +1046,14 @@ SMTP(8) SMTP(8)
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay destinations that will be used when an
SMTP destination is not found, or when delivery fails due to a
Optional list of relay destinations that will be used when an
SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
In the context of email address verification, the SMTP protocol
In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
@ -1072,7 +1075,7 @@ SMTP(8) SMTP(8)
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
Defer delivery when the Postfix SMTP client cannot apply the
Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b>SEE ALSO</b>
@ -1131,5 +1134,5 @@ SMTP(8) SMTP(8)
Victor Duchovni
Morgan Stanley
SMTP(8)
8 SMTP,(LMTP)
</pre> </body> </html>

4
postfix/man/man5/postconf.5
View File

@ -4023,6 +4023,10 @@ Remote client protocol. Available in Postfix version 2.2 and later.
.IP "\fBDOMAIN\fR"
The domain part of the recipient address.
.br
.IP "\fBENVID\fR"
The optional RFC 3461 envelope ID. Available in Postfix version
3.9 and later
.br
.IP "\fBEXTENSION\fR"
The optional address extension.
.br

27
postfix/man/man8/local.8
View File

@ -223,27 +223,30 @@ are replaced with underscores. The list of acceptable characters
is specified with the \fBcommand_expansion_filter\fR configuration
parameter.
.IP \fBSHELL\fR
The recipient user's login shell.
The envelope recipient user's login shell.
.IP \fBHOME\fR
The recipient user's home directory.
The envelope recipient user's home directory.
.IP \fBUSER\fR
The bare recipient name.
The bare envelope recipient name.
.IP \fBEXTENSION\fR
The optional recipient address extension.
The optional envelope recipient address extension.
.IP \fBDOMAIN\fR
The recipient address domain part.
The envelope recipient address domain part.
.IP \fBLOGNAME\fR
The bare recipient name.
The bare envelope recipient name.
.IP \fBLOCAL\fR
The entire recipient address localpart (text to the left of the
rightmost @ character).
The entire envelope recipient address localpart (text to
the left of the rightmost @ character).
.IP \fBORIGINAL_RECIPIENT\fR
The entire recipient address, before any address rewriting
or aliasing (Postfix 2.5 and later).
The entire envelope recipient address, before any address
rewriting or aliasing (Postfix 2.5 and later).
.IP \fBRECIPIENT\fR
The entire recipient address.
The entire envelope recipient address.
.IP \fBSENDER\fR
The entire sender address.
The entire envelope sender address.
.IP \fBENVID\fR
The optional RFC 3461 envelope ID. Available as of Postfix
3.9.
.PP
Additional remote client information is made available via
the following environment variables:

5
postfix/man/man8/pipe.8
View File

@ -240,6 +240,11 @@ the domain is \fIdomain\fR.
This information is modified by the \fBh\fR flag for case folding.
.sp
This feature is available as of Postfix 2.5.
.IP \fB${envid}\fR
This macro expands to the RFC 3461 envelope ID if available,
otherwise the empty string.
.sp
This feature is available as of Postfix 3.9.
.IP \fB${extension}\fR
This macro expands to the extension part of a recipient address.
For example, with an address \fIuser+foo@domain\fR the extension is

2
postfix/man/man8/proxymap.8
View File

@ -43,7 +43,7 @@ proxymap server processes.
.IP \(bu
To provide single\-updater functionality for lookup tables
that do not reliably support multiple writers (i.e. all
file\-based tables).
file\-based tables that are not based on \fBlmdb\fR).
.PP
The \fBproxymap\fR(8) server implements the following requests:
.IP "\fBopen\fR \fImaptype:mapname flags\fR"

19
postfix/man/man8/smtp.8
View File

@ -1,14 +1,16 @@
.TH SMTP 8
.TH SMTP, LMTP 8
.ad
.fi
.SH NAME
smtp
smtp, lmtp
\-
Postfix SMTP+LMTP client
.SH "SYNOPSIS"
.na
.nf
\fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
\fBlmtp\fR [generic Postfix daemon options] [flags=DORX]
.SH DESCRIPTION
.ad
.fi
@ -17,7 +19,9 @@ delivery protocols. It processes message delivery requests from
the queue manager. Each request specifies a queue file, a sender
address, a domain or host to deliver to, and recipient information.
This program expects to be run from the \fBmaster\fR(8) process
manager.
manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls
the protocol, and the names of the configuration parameters
that will be used.
The SMTP+LMTP client updates the queue file and marks recipients
as finished, or it informs the queue manager that delivery should
@ -199,11 +203,10 @@ address and TCP port.
.nf
.ad
.fi
Before Postfix version 2.3, the LMTP client is a separate
program that implements only a subset of the functionality
available with SMTP: there is no support for TLS, and
connections are cached in\-process, making it ineffective
when the client is used for multiple domains.
Postfix versions 2.3 and later implement the SMTP and LMTP
client with the same program, and choose the protocol and
configuration parameters based on the process name, \fBsmtp\fR
or \fBlmtp\fR.
Most smtp_\fIxxx\fR configuration parameters have an
lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP

5
postfix/proto/postconf.proto
View File

@ -2733,6 +2733,11 @@ and later.</dd>
<dd>The domain part of the recipient address. </dd>
<dt><b>ENVID</b></dt>
<dd>The optional RFC 3461 envelope ID. Available in Postfix version
3.9 and later</dd>
<dt><b>EXTENSION</b></dt>
<dd>The optional address extension. </dd>

1
postfix/proto/stop
View File

@ -1587,3 +1587,4 @@ rpk
sni
Amawalk
resychronization
ENVID

9
postfix/proto/stop.double-history
View File

@ -72,3 +72,12 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
src postalias postalias c src postmap postmap c
src postalias postalias c src postmap postmap c
src smtpd smtpd c src smtpd smtpd_check c
not proxymap or proxywrite File proxymap proxymap c
still has its all zero SIZE record File postcat postcat c
manpage text File smtp smtp c
manpage text Files smtp smtp c global mail_proto h
File proxymap proxymap c
on process name Files smtp smtp c global mail_proto h
client process name File proxymap proxymap c
available Files local command c local local c
ID if available File pipe pipe c

2
postfix/proto/stop.spell-cc
View File

@ -1812,3 +1812,5 @@ rpk
ep
inlined
stringz
Sarvepalli
uXXXX

3
postfix/proto/stop.spell-history
View File

@ -63,3 +63,6 @@ Serg
Kinzler
smtpstone
spammy
Birta
Levente
MariaDB

7
postfix/src/global/mail_proto.h
View File

@ -62,6 +62,13 @@
#define MAIL_SERVICE_TLSPROXY "tlsproxy"
#define MAIL_SERVICE_POSTLOG "postlog"
/*
* Process names: convention is to use the basename of an executable file,
* but there is nothing to enforce that.
*/
#define MAIL_PROC_NAME_SMTP "smtp"
#define MAIL_PROC_NAME_LMTP "lmtp"
/*
* Mail source classes. Used to specify policy decisions for content
* inspection and SMTPUTF8 detection.

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20231112"
#define MAIL_RELEASE_DATE "20231210"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT

5
postfix/src/local/command.c
View File

@ -17,7 +17,8 @@
/* Duplicate commands for the same recipient are suppressed.
/* A limited amount of information is exported via the environment:
/* HOME, SHELL, LOGNAME, USER, EXTENSION, DOMAIN, RECIPIENT (entire
/* address) LOCAL (just the local part) and SENDER. The exported
/* address) LOCAL (just the local part), SENDER, and ENVID
/* (see RFC 3461). The exported
/* information is censored with var_cmd_filter.
/*
/* Arguments:
@ -169,6 +170,8 @@ int deliver_command(LOCAL_STATE state, USER_ATTR usr_attr, const char *comma
if (state.msg_attr.rcpt.orig_addr && state.msg_attr.rcpt.orig_addr[0])
argv_add(env, "ORIGINAL_RECIPIENT", state.msg_attr.rcpt.orig_addr,
ARGV_END);
if (state.request->dsn_envid[0])
argv_add(env, "ENVID", state.request->dsn_envid, ARGV_END);
#define EXPORT_REQUEST(name, value) \
if ((value)[0]) argv_add(env, (name), (value), ARGV_END);

27
postfix/src/local/local.c
View File

@ -207,27 +207,30 @@
/* is specified with the \fBcommand_expansion_filter\fR configuration
/* parameter.
/* .IP \fBSHELL\fR
/* The recipient user's login shell.
/* The envelope recipient user's login shell.
/* .IP \fBHOME\fR
/* The recipient user's home directory.
/* The envelope recipient user's home directory.
/* .IP \fBUSER\fR
/* The bare recipient name.
/* The bare envelope recipient name.
/* .IP \fBEXTENSION\fR
/* The optional recipient address extension.
/* The optional envelope recipient address extension.
/* .IP \fBDOMAIN\fR
/* The recipient address domain part.
/* The envelope recipient address domain part.
/* .IP \fBLOGNAME\fR
/* The bare recipient name.
/* The bare envelope recipient name.
/* .IP \fBLOCAL\fR
/* The entire recipient address localpart (text to the left of the
/* rightmost @ character).
/* The entire envelope recipient address localpart (text to
/* the left of the rightmost @ character).
/* .IP \fBORIGINAL_RECIPIENT\fR
/* The entire recipient address, before any address rewriting
/* or aliasing (Postfix 2.5 and later).
/* The entire envelope recipient address, before any address
/* rewriting or aliasing (Postfix 2.5 and later).
/* .IP \fBRECIPIENT\fR
/* The entire recipient address.
/* The entire envelope recipient address.
/* .IP \fBSENDER\fR
/* The entire sender address.
/* The entire envelope sender address.
/* .IP \fBENVID\fR
/* The optional RFC 3461 envelope ID. Available as of Postfix
/* 3.9.
/* .PP
/* Additional remote client information is made available via
/* the following environment variables:

9
postfix/src/pipe/pipe.c
View File

@ -230,6 +230,11 @@
/* This information is modified by the \fBh\fR flag for case folding.
/* .sp
/* This feature is available as of Postfix 2.5.
/* .IP \fB${envid}\fR
/* This macro expands to the RFC 3461 envelope ID if available,
/* otherwise the empty string.
/* .sp
/* This feature is available as of Postfix 3.9.
/* .IP \fB${extension}\fR
/* This macro expands to the extension part of a recipient address.
/* For example, with an address \fIuser+foo@domain\fR the extension is
@ -544,6 +549,7 @@
#define PIPE_DICT_SASL_USERNAME "sasl_username" /* key */
#define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */
#define PIPE_DICT_QUEUE_ID "queue_id" /* key */
#define PIPE_DICT_ENVID "envid" /* key */
/*
* Flags used to pass back the type of special parameter found by
@ -649,6 +655,7 @@ static int parse_callback(int type, VSTRING *buf, void *context)
PIPE_DICT_SASL_USERNAME, 0,
PIPE_DICT_SASL_SENDER, 0,
PIPE_DICT_QUEUE_ID, 0,
PIPE_DICT_ENVID, 0,
0, 0,
};
struct cmd_flags *p;
@ -1278,6 +1285,8 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
request->sasl_sender);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_QUEUE_ID,
request->queue_id);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_ENVID,
request->dsn_envid);
vstring_free(buf);
if ((expanded_argv = expand_argv(service, attr.command,

2
postfix/src/postqueue/showq_json.c
View File

@ -96,7 +96,7 @@ static char *json_quote(VSTRING *result, const char *text)
VSTRING_ADDCH(result, 't');
break;
default:
vstring_sprintf(result, "\\u%04X", ch);
vstring_sprintf_append(result, "\\u%04X", ch);
break;
}
} else {

13
postfix/src/posttls-finger/posttls-finger.c
View File

@ -2138,7 +2138,15 @@ static void parse_match(STATE *state, int argc, char *argv[])
#ifdef USE_TLS
int smtp_mode = 1;
/*
* DANE match names are configured late, once the TLSA records are in hand.
* For now, prepare to fall back to "secure".
*/
switch (state->level) {
default:
state->match = 0;
break;
case TLS_LEV_DANE:
case TLS_LEV_SECURE:
state->match = argv_alloc(2);
while (*argv)
@ -2159,11 +2167,6 @@ static void parse_match(STATE *state, int argc, char *argv[])
tls_dane_add_fpt_digests(state->dane, state->options.enable_rpk,
*argv++, "", smtp_mode);
break;
case TLS_LEV_DANE:
case TLS_LEV_DANE_ONLY:
state->match = argv_alloc(2);
argv_add(state->match, "nexthop", "hostname", ARGV_END);
break;
}
#endif
}

38
postfix/src/proxymap/proxymap.c
View File

@ -37,7 +37,7 @@
/* .IP \(bu
/* To provide single-updater functionality for lookup tables
/* that do not reliably support multiple writers (i.e. all
/* file-based tables).
/* file-based tables that are not based on \fBlmdb\fR).
/* .PP
/* The \fBproxymap\fR(8) server implements the following requests:
/* .IP "\fBopen\fR \fImaptype:mapname flags\fR"
@ -752,8 +752,10 @@ static void post_jail_init(char *service_name, char **unused_argv)
if (strcmp(service_name, MAIL_SERVICE_PROXYWRITE) == 0)
proxy_writer = 1;
else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0)
msg_fatal("service name must be one of %s or %s",
MAIL_SERVICE_PROXYWRITE, MAIL_SERVICE_PROXYMAP);
msg_fatal("invalid service name: \"%s\" - "
"service name must be \"%s\" or \"%s\"",
service_name, MAIL_SERVICE_PROXYWRITE,
MAIL_SERVICE_PROXYMAP);
/*
* Pre-allocate buffers.
@ -841,6 +843,36 @@ int main(int argc, char **argv)
*/
MAIL_VERSION_STAMP_ALLOCATE;
/*
* XXX When invoked with the master.cf service name "proxywrite", the
* proxymap daemon will allow update requests. To update a table that is
* not multi-writer safe (for example, some versions of Berkeley DB), the
* "proxywrite" service should run as a single updater (i.e. a process
* limit of 1, which could be enforced below by requesting
* CA_MAIL_SERVER_SOLITARY).
*
* In the default master.cf file, the "proxywrite" service has a process
* limit of 1. Assuming that updates will be rare, this process limit
* will suffice. Latency-sensitive services such as postscreen must not
* use the proxywrite service (in fact, postscreen has a latency check
* built-in).
*
* Optimizing for multi-writer operation would suffer from all kinds of
* complexity that would make it hard to use:
*
* - The master daemon specifies the "proxywrite" service name with the -n
* command-line option. This information is not known here, before the
* multi_server_main() call. The multi_server_main() function could
* reveal process limit information to its call-back functions, and leave
* single-updater enforcement to its call-back functions.
*
* - If we really want multi-writer update support, the "proxywrite" service
* would have to parse the $proxy_write_maps value, and permit
* multi-writer operation only if all tables are multi-writer safe. That
* would require a new dict(3) method, to query each lookup table
* implementation if it is multi-writer safe, without instantiating a
* lookup table client.
*/
multi_server_main(argc, argv, proxymap_service,
CA_MAIL_SERVER_STR_TABLE(str_table),
CA_MAIL_SERVER_POST_INIT(post_jail_init),

48
postfix/src/smtp/smtp.c
View File

@ -1,17 +1,21 @@
/*++
/* NAME
/* smtp 8
/* smtp, lmtp 8
/* SUMMARY
/* Postfix SMTP+LMTP client
/* SYNOPSIS
/* \fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
/*
/* \fBlmtp\fR [generic Postfix daemon options] [flags=DORX]
/* DESCRIPTION
/* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail
/* delivery protocols. It processes message delivery requests from
/* the queue manager. Each request specifies a queue file, a sender
/* address, a domain or host to deliver to, and recipient information.
/* This program expects to be run from the \fBmaster\fR(8) process
/* manager.
/* manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls
/* the protocol, and the names of the configuration parameters
/* that will be used.
/*
/* The SMTP+LMTP client updates the queue file and marks recipients
/* as finished, or it informs the queue manager that delivery should
@ -175,11 +179,10 @@
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* Before Postfix version 2.3, the LMTP client is a separate
/* program that implements only a subset of the functionality
/* available with SMTP: there is no support for TLS, and
/* connections are cached in-process, making it ineffective
/* when the client is used for multiple domains.
/* Postfix versions 2.3 and later implement the SMTP and LMTP
/* client with the same program, and choose the protocol and
/* configuration parameters based on the process name, \fBsmtp\fR
/* or \fBlmtp\fR.
/*
/* Most smtp_\fIxxx\fR configuration parameters have an
/* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
@ -1470,6 +1473,19 @@ static void pre_init(char *unused_name, char **unused_argv)
0, -1,
};
/*
* The process name, "smtp" or "lmtp", determines the configuration
* parameters to use, protocol, DSN server reply type, SASL service
* information lookup, and more. We peeked at the name in the main()
* function before logging was initialized. Here, we detect and report an
* invalid process name.
*/
if (strcmp(var_procname, MAIL_PROC_NAME_SMTP) != 0
&& strcmp(var_procname, MAIL_PROC_NAME_LMTP) != 0)
msg_fatal("unexpected process name \"%s\" - "
"specify \"%s\" or \"%s\"", var_procname,
MAIL_PROC_NAME_SMTP, MAIL_PROC_NAME_LMTP);
/*
* Turn on per-peer debugging.
*/
@ -1661,21 +1677,15 @@ int main(int argc, char **argv)
MAIL_VERSION_STAMP_ALLOCATE;
/*
* XXX At this point, var_procname etc. are not initialized.
*
* The process name, "smtp" or "lmtp", determines the protocol, the DSN
* server reply type, SASL service information lookup, and more. Prepare
* for the possibility there may be another personality.
* XXX The process name, "smtp" or "lmtp", determines what configuration
* parameter settings to use, and more. However, at this point, logging
* and var_procname are not initialized. Here, we peek at the process
* name to determine what configuration parameter settings to use. Later,
* we detect and report an invalid process name.
*/
sane_procname = sane_basename((VSTRING *) 0, argv[0]);
if (strcmp(sane_procname, "smtp") == 0)
if (strcmp(sane_procname, MAIL_PROC_NAME_SMTP) == 0)
smtp_mode = 1;
else if (strcmp(sane_procname, "lmtp") == 0)
smtp_mode = 0;
else
/* TODO: logging is not initialized. */
msg_fatal("unexpected process name \"%s\" - "
"specify \"smtp\" or \"lmtp\"", var_procname);
/*
* Initialize with the LMTP or SMTP parameter name space.

10
postfix/src/smtpd/smtpd_check.c
View File

@ -5274,8 +5274,9 @@ static int check_recipient_rcpt_maps(SMTPD_STATE *state, const char *recipient)
{
/*
* Duplicate suppression. There's an implicit check_recipient_maps
* restriction at the end of all recipient restrictions.
* Duplicate suppression. With "smtpd_reject_unlisted_recipient = yes",
* there's an implicit reject_unlisted_recipient restriction at the end
* of all recipient restrictions.
*/
if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT)
return (0);
@ -5294,8 +5295,9 @@ static int check_sender_rcpt_maps(SMTPD_STATE *state, const char *sender)
{
/*
* Duplicate suppression. There's an implicit check_sender_maps
* restriction at the end of all sender restrictions.
* Duplicate suppression. With "smtpd_reject_unlisted_sender = yes",
* there's an implicit reject_unlisted_sender restriction at the end of
* all sender restrictions.
*/
if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT)
return (0);