1 #ifndef _MAIL_PARAMS_H_INCLUDED_
2 #define _MAIL_PARAMS_H_INCLUDED_
3 
4 /*++
5 /* NAME
6 /*	mail_params 3h
7 /* SUMMARY
8 /*	globally configurable parameters
9 /* SYNOPSIS
10 /*	#include <mail_params.h>
11 /* DESCRIPTION
12 /* .nf
13 
14  /*
15   * This is to make it easier to auto-generate tables.
16   */
17 typedef int bool;
18 
19 #ifdef USE_TLS
20 #include <openssl/opensslv.h>		/* OPENSSL_VERSION_NUMBER */
21 #include <openssl/objects.h>		/* SN_* and NID_* macros */
22 #if OPENSSL_VERSION_NUMBER < 0x1010100fUL
23 #error "OpenSSL releases prior to 1.1.1 are no longer supported"
24 #endif
25 #endif
26 
27  /*
28   * Name used when this mail system announces itself.
29   */
30 #define VAR_MAIL_NAME		"mail_name"
31 #define DEF_MAIL_NAME		"Postfix"
32 extern char *var_mail_name;
33 
34  /*
35   * You want to be helped or not.
36   */
37 #define VAR_HELPFUL_WARNINGS	"helpful_warnings"
38 #define DEF_HELPFUL_WARNINGS	1
39 extern bool var_helpful_warnings;
40 
41  /*
42   * You want to be helped or not.
43   */
44 #define VAR_SHOW_UNK_RCPT_TABLE	"show_user_unknown_table_name"
45 #define DEF_SHOW_UNK_RCPT_TABLE	1
46 extern bool var_show_unk_rcpt_table;
47 
48  /*
49   * Compatibility level and migration support. Update postconf(5),
50   * COMPATIBILITY_README, global/mail_params.[hc] and conf/main.cf when
51   * updating the current compatibility level.
52   */
53 #define COMPAT_LEVEL_0		"0"
54 #define COMPAT_LEVEL_1		"1"
55 #define COMPAT_LEVEL_2		"2"
56 #define COMPAT_LEVEL_3_6	"3.6"
57 #define LAST_COMPAT_LEVEL	COMPAT_LEVEL_3_6
58 
59 #define VAR_COMPAT_LEVEL	"compatibility_level"
60 #define DEF_COMPAT_LEVEL	COMPAT_LEVEL_0
61 extern char *var_compatibility_level;
62 
63 extern int warn_compat_break_app_dot_mydomain;
64 extern int warn_compat_break_smtputf8_enable;
65 extern int warn_compat_break_chroot;
66 extern int warn_compat_break_relay_restrictions;	/* Postfix 2.10. */
67 
68 extern int warn_compat_break_relay_domains;
69 extern int warn_compat_break_flush_domains;
70 extern int warn_compat_break_mynetworks_style;
71 
72 extern int warn_compat_break_smtpd_tls_fpt_dgst;
73 extern int warn_compat_break_smtp_tls_fpt_dgst;
74 extern int warn_compat_break_lmtp_tls_fpt_dgst;
75 extern int warn_compat_relay_before_rcpt_checks;
76 extern int warn_compat_respectful_logging;
77 
78 extern long compat_level;
79 
80  /*
81   * What problem classes should be reported to the postmaster via email.
82   * Default is bad problems only. See mail_error(3). Even when mail notices
83   * are disabled, problems are still logged to the syslog daemon.
84   *
85   * Do not add "protocol" to the default setting. It gives Postfix a bad
86   * reputation: people get mail whenever spam software makes a mistake.
87   */
88 #define VAR_NOTIFY_CLASSES	"notify_classes"
89 #define DEF_NOTIFY_CLASSES	"resource, software"	/* Not: "protocol" */
90 extern char *var_notify_classes;
91 
92  /*
93   * What do I turn <> into? Sendmail defaults to mailer-daemon.
94   */
95 #define VAR_EMPTY_ADDR         "empty_address_recipient"
96 #define DEF_EMPTY_ADDR         MAIL_ADDR_MAIL_DAEMON
97 extern char *var_empty_addr;
98 
99  /*
100   * Privileges used by the mail system: the owner of files and commands, and
101   * the rights to be used when running external commands.
102   */
103 #define VAR_MAIL_OWNER		"mail_owner"
104 #define DEF_MAIL_OWNER		"postfix"
105 extern char *var_mail_owner;
106 extern uid_t var_owner_uid;
107 extern gid_t var_owner_gid;
108 
109 #define VAR_SGID_GROUP		"setgid_group"
110 #define DEF_SGID_GROUP		"maildrop"
111 extern char *var_sgid_group;
112 extern gid_t var_sgid_gid;
113 
114 #define VAR_DEFAULT_PRIVS	"default_privs"
115 #define DEF_DEFAULT_PRIVS	"nobody"
116 extern char *var_default_privs;
117 extern uid_t var_default_uid;
118 extern gid_t var_default_gid;
119 
120  /*
121   * Access control for local privileged operations:
122   */
123 #define STATIC_ANYONE_ACL	"static:anyone"
124 
125 #define VAR_FLUSH_ACL		"authorized_flush_users"
126 #define DEF_FLUSH_ACL		STATIC_ANYONE_ACL
127 extern char *var_flush_acl;
128 
129 #define VAR_SHOWQ_ACL		"authorized_mailq_users"
130 #define DEF_SHOWQ_ACL		STATIC_ANYONE_ACL
131 extern char *var_showq_acl;
132 
133 #define VAR_SUBMIT_ACL		"authorized_submit_users"
134 #define DEF_SUBMIT_ACL		STATIC_ANYONE_ACL
135 extern char *var_submit_acl;
136 
137  /*
138   * Local submission, envelope sender ownership.
139   */
140 #define VAR_LOCAL_LOGIN_SND_MAPS	"local_login_sender_maps"
141 #define DEF_LOCAL_LOGIN_SND_MAPS	"static:*"
142 extern char *var_local_login_snd__maps;
143 
144 #define VAR_NULL_LOCAL_LOGIN_SND_MAPS_KEY "empty_address_local_login_sender_maps_lookup_key"
145 #define DEF_NULL_LOCAL_LOGIN_SND_MAPS_KEY "<>"
146 extern char *var_null_local_login_snd_maps_key;
147 
148  /*
149   * What goes on the right-hand side of addresses of mail sent from this
150   * machine.
151   */
152 #define VAR_MYORIGIN		"myorigin"
153 #define DEF_MYORIGIN		"$myhostname"
154 extern char *var_myorigin;
155 
156  /*
157   * What domains I will receive mail for. Not to be confused with transit
158   * mail to other destinations.
159   */
160 #define VAR_MYDEST		"mydestination"
161 #define DEF_MYDEST		"$myhostname, localhost.$mydomain, localhost"
162 extern char *var_mydest;
163 
164  /*
165   * These are by default taken from the name service.
166   */
167 #define VAR_MYHOSTNAME		"myhostname"	/* my hostname (fqdn) */
168 extern char *var_myhostname;
169 
170 #define VAR_MYDOMAIN		"mydomain"	/* my domain name */
171 #define DEF_MYDOMAIN		"localdomain"
172 extern char *var_mydomain;
173 
174  /*
175   * The default local delivery transport.
176   */
177 #define VAR_LOCAL_TRANSPORT	"local_transport"
178 #define DEF_LOCAL_TRANSPORT	MAIL_SERVICE_LOCAL ":$myhostname"
179 extern char *var_local_transport;
180 
181  /*
182   * Where to send postmaster copies of bounced mail, and other notices.
183   */
184 #define VAR_BOUNCE_RCPT		"bounce_notice_recipient"
185 #define DEF_BOUNCE_RCPT		"postmaster"
186 extern char *var_bounce_rcpt;
187 
188 #define VAR_2BOUNCE_RCPT	"2bounce_notice_recipient"
189 #define DEF_2BOUNCE_RCPT	"postmaster"
190 extern char *var_2bounce_rcpt;
191 
192 #define VAR_DELAY_RCPT		"delay_notice_recipient"
193 #define DEF_DELAY_RCPT		"postmaster"
194 extern char *var_delay_rcpt;
195 
196 #define VAR_ERROR_RCPT		"error_notice_recipient"
197 #define DEF_ERROR_RCPT		"postmaster"
198 extern char *var_error_rcpt;
199 
200  /*
201   * Virtual host support. Default is to listen on all machine interfaces.
202   */
203 #define VAR_INET_INTERFACES	"inet_interfaces"	/* listen addresses */
204 #define INET_INTERFACES_ALL	"all"
205 #define INET_INTERFACES_LOCAL	"loopback-only"
206 #define DEF_INET_INTERFACES	INET_INTERFACES_ALL
207 extern char *var_inet_interfaces;
208 
209 #define VAR_PROXY_INTERFACES	"proxy_interfaces"	/* proxies, NATs */
210 #define DEF_PROXY_INTERFACES	""
211 extern char *var_proxy_interfaces;
212 
213  /*
214   * Masquerading (i.e. subdomain stripping).
215   */
216 #define VAR_MASQ_DOMAINS	"masquerade_domains"
217 #define DEF_MASQ_DOMAINS	""
218 extern char *var_masq_domains;
219 
220 #define VAR_MASQ_EXCEPTIONS	"masquerade_exceptions"
221 #define DEF_MASQ_EXCEPTIONS	""
222 extern char *var_masq_exceptions;
223 
224 #define MASQ_CLASS_ENV_FROM	"envelope_sender"
225 #define MASQ_CLASS_ENV_RCPT	"envelope_recipient"
226 #define MASQ_CLASS_HDR_FROM	"header_sender"
227 #define MASQ_CLASS_HDR_RCPT	"header_recipient"
228 
229 #define VAR_MASQ_CLASSES	"masquerade_classes"
230 #define DEF_MASQ_CLASSES	MASQ_CLASS_ENV_FROM ", " \
231 				MASQ_CLASS_HDR_FROM ", " \
232 				MASQ_CLASS_HDR_RCPT
233 extern char *var_masq_classes;
234 
235  /*
236   * Intranet versus internet.
237   */
238 #define VAR_RELAYHOST		"relayhost"
239 #define DEF_RELAYHOST		""
240 extern char *var_relayhost;
241 
242 #define VAR_SND_RELAY_MAPS	"sender_dependent_relayhost_maps"
243 #define DEF_SND_RELAY_MAPS	""
244 extern char *var_snd_relay_maps;
245 
246 #define VAR_NULL_RELAY_MAPS_KEY	"empty_address_relayhost_maps_lookup_key"
247 #define DEF_NULL_RELAY_MAPS_KEY	"<>"
248 extern char *var_null_relay_maps_key;
249 
250 #define VAR_SMTP_FALLBACK	"smtp_fallback_relay"
251 #define DEF_SMTP_FALLBACK	"$fallback_relay"
252 #define VAR_LMTP_FALLBACK	"lmtp_fallback_relay"
253 #define DEF_LMTP_FALLBACK	""
254 #define DEF_FALLBACK_RELAY	""
255 extern char *var_fallback_relay;
256 
257 #define VAR_DISABLE_DNS		"disable_dns_lookups"
258 #define DEF_DISABLE_DNS		0
259 extern bool var_disable_dns;
260 
261 #define SMTP_DNS_SUPPORT_DISABLED	"disabled"
262 #define SMTP_DNS_SUPPORT_ENABLED	"enabled"
263 #define SMTP_DNS_SUPPORT_DNSSEC		"dnssec"
264 
265 #define VAR_SMTP_DNS_SUPPORT	"smtp_dns_support_level"
266 #define DEF_SMTP_DNS_SUPPORT	""
267 #define VAR_LMTP_DNS_SUPPORT	"lmtp_dns_support_level"
268 #define DEF_LMTP_DNS_SUPPORT	""
269 extern char *var_smtp_dns_support;
270 
271 #define SMTP_HOST_LOOKUP_DNS	"dns"
272 #define SMTP_HOST_LOOKUP_NATIVE	"native"
273 
274 #define VAR_SMTP_HOST_LOOKUP	"smtp_host_lookup"
275 #define DEF_SMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS
276 #define VAR_LMTP_HOST_LOOKUP	"lmtp_host_lookup"
277 #define DEF_LMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS
278 extern char *var_smtp_host_lookup;
279 
280 #define SMTP_DNS_RES_OPT_DEFNAMES "res_defnames"
281 #define SMTP_DNS_RES_OPT_DNSRCH	"res_dnsrch"
282 
283 #define VAR_SMTP_DNS_RES_OPT	"smtp_dns_resolver_options"
284 #define DEF_SMTP_DNS_RES_OPT	""
285 #define VAR_LMTP_DNS_RES_OPT	"lmtp_dns_resolver_options"
286 #define DEF_LMTP_DNS_RES_OPT	""
287 extern char *var_smtp_dns_res_opt;
288 
289 #define VAR_SMTP_MXADDR_LIMIT	"smtp_mx_address_limit"
290 #define DEF_SMTP_MXADDR_LIMIT	5
291 #define VAR_LMTP_MXADDR_LIMIT	"lmtp_mx_address_limit"
292 #define DEF_LMTP_MXADDR_LIMIT	5
293 extern int var_smtp_mxaddr_limit;
294 
295 #define VAR_SMTP_MXSESS_LIMIT	"smtp_mx_session_limit"
296 #define DEF_SMTP_MXSESS_LIMIT	2
297 #define VAR_LMTP_MXSESS_LIMIT	"lmtp_mx_session_limit"
298 #define DEF_LMTP_MXSESS_LIMIT	2
299 extern int var_smtp_mxsess_limit;
300 
301  /*
302   * Location of the mail queue directory tree.
303   */
304 #define VAR_QUEUE_DIR	"queue_directory"
305 #ifndef DEF_QUEUE_DIR
306 #define DEF_QUEUE_DIR	"/var/spool/postfix"
307 #endif
308 extern char *var_queue_dir;
309 
310  /*
311   * Location of command and daemon programs.
312   */
313 #define VAR_DAEMON_DIR		"daemon_directory"
314 #ifndef DEF_DAEMON_DIR
315 #define DEF_DAEMON_DIR		"/usr/libexec/postfix"
316 #endif
317 extern char *var_daemon_dir;
318 
319 #define VAR_COMMAND_DIR		"command_directory"
320 #ifndef DEF_COMMAND_DIR
321 #define DEF_COMMAND_DIR		"/usr/sbin"
322 #endif
323 extern char *var_command_dir;
324 
325  /*
326   * Location of PID files.
327   */
328 #define VAR_PID_DIR		"process_id_directory"
329 #ifndef DEF_PID_DIR
330 #define DEF_PID_DIR		"pid"
331 #endif
332 extern char *var_pid_dir;
333 
334  /*
335   * Location of writable data files.
336   */
337 #define VAR_DATA_DIR		"data_directory"
338 #ifndef DEF_DATA_DIR
339 #define DEF_DATA_DIR		"/var/lib/postfix"
340 #endif
341 extern char *var_data_dir;
342 
343  /*
344   * Program startup time.
345   */
346 extern time_t var_starttime;
347 
348  /*
349   * Location of configuration files.
350   */
351 #define VAR_CONFIG_DIR		"config_directory"
352 #ifndef DEF_CONFIG_DIR
353 #define DEF_CONFIG_DIR		"/etc/postfix"
354 #endif
355 extern char *var_config_dir;
356 
357 #define VAR_CONFIG_DIRS		"alternate_config_directories"
358 #define DEF_CONFIG_DIRS		""
359 extern char *var_config_dirs;
360 
361 #define MAIN_CONF_FILE		"main.cf"
362 #define MASTER_CONF_FILE	"master.cf"
363 
364  /*
365   * Preferred type of indexed files. The DEF_DB_TYPE macro value is system
366   * dependent. It is defined in <sys_defs.h>.
367   */
368 #define VAR_DB_TYPE		"default_database_type"
369 extern char *var_db_type;
370 
371  /*
372   * What syslog facility to use. Unfortunately, something may have to be
373   * logged before parameters are read from the main.cf file. This logging
374   * will go the LOG_FACILITY facility specified below.
375   */
376 #define VAR_SYSLOG_FACILITY	"syslog_facility"
377 extern char *var_syslog_facility;
378 
379 #ifndef DEF_SYSLOG_FACILITY
380 #define DEF_SYSLOG_FACILITY	"mail"
381 #endif
382 
383 #ifndef LOG_FACILITY
384 #define LOG_FACILITY	LOG_MAIL
385 #endif
386 
387  /*
388   * Big brother: who receives a blank-carbon copy of all mail that enters
389   * this mail system.
390   */
391 #define VAR_ALWAYS_BCC		"always_bcc"
392 #define DEF_ALWAYS_BCC		""
393 extern char *var_always_bcc;
394 
395  /*
396   * What to put in the To: header when no recipients were disclosed.
397   *
398   * XXX 2822: When no recipient headers remain, a system should insert a Bcc:
399   * header without additional information. That is not so great given that
400   * MTAs routinely strip Bcc: headers from message headers.
401   */
402 #define VAR_RCPT_WITHELD	"undisclosed_recipients_header"
403 #define DEF_RCPT_WITHELD	""
404 extern char *var_rcpt_witheld;
405 
406  /*
407   * Add missing headers. Postfix 2.6 no longer adds headers to remote mail by
408   * default.
409   */
410 #define VAR_ALWAYS_ADD_HDRS	"always_add_missing_headers"
411 #define DEF_ALWAYS_ADD_HDRS	0
412 extern bool var_always_add_hdrs;
413 
414  /*
415   * Dropping message headers.
416   */
417 #define VAR_DROP_HDRS		"message_drop_headers"
418 #define DEF_DROP_HDRS		"bcc, content-length, resent-bcc, return-path"
419 extern char *var_drop_hdrs;
420 
421  /*
422   * From: header format: we provide canned versions only, no Sendmail-style
423   * macro expansions.
424   */
425 #define HFROM_FORMAT_NAME_STD	"standard"	/* From: name <address> */
426 #define HFROM_FORMAT_NAME_OBS	"obsolete"	/* From: address (name) */
427 #define VAR_HFROM_FORMAT	"header_from_format"
428 #define DEF_HFROM_FORMAT	HFROM_FORMAT_NAME_STD
429 extern char *var_hfrom_format;
430 
431  /*
432   * Standards violation: allow/permit RFC 822-style addresses in SMTP
433   * commands.
434   */
435 #define VAR_STRICT_RFC821_ENV	"strict_rfc821_envelopes"
436 #define DEF_STRICT_RFC821_ENV	0
437 extern bool var_strict_rfc821_env;
438 
439  /*
440   * Standards violation: send "250 AUTH=list" in order to accommodate clients
441   * that implement an old version of the protocol.
442   */
443 #define VAR_BROKEN_AUTH_CLNTS	"broken_sasl_auth_clients"
444 #define DEF_BROKEN_AUTH_CLNTS	0
445 extern bool var_broken_auth_clients;
446 
447  /*
448   * Standards violation: disable VRFY.
449   */
450 #define VAR_DISABLE_VRFY_CMD	"disable_vrfy_command"
451 #define DEF_DISABLE_VRFY_CMD	0
452 extern bool var_disable_vrfy_cmd;
453 
454  /*
455   * trivial rewrite/resolve service: mapping tables.
456   */
457 #define VAR_VIRT_ALIAS_MAPS	"virtual_alias_maps"
458 #define DEF_VIRT_ALIAS_MAPS	"$virtual_maps"	/* Compatibility! */
459 extern char *var_virt_alias_maps;
460 
461 #define VAR_VIRT_ALIAS_DOMS	"virtual_alias_domains"
462 #define DEF_VIRT_ALIAS_DOMS	"$virtual_alias_maps"
463 extern char *var_virt_alias_doms;
464 
465 #define VAR_VIRT_ALIAS_CODE	"unknown_virtual_alias_reject_code"
466 #define DEF_VIRT_ALIAS_CODE	550
467 extern int var_virt_alias_code;
468 
469 #define VAR_CANONICAL_MAPS	"canonical_maps"
470 #define DEF_CANONICAL_MAPS	""
471 extern char *var_canonical_maps;
472 
473 #define VAR_SEND_CANON_MAPS	"sender_canonical_maps"
474 #define DEF_SEND_CANON_MAPS	""
475 extern char *var_send_canon_maps;
476 
477 #define VAR_RCPT_CANON_MAPS	"recipient_canonical_maps"
478 #define DEF_RCPT_CANON_MAPS	""
479 extern char *var_rcpt_canon_maps;
480 
481 #define CANON_CLASS_ENV_FROM	"envelope_sender"
482 #define CANON_CLASS_ENV_RCPT	"envelope_recipient"
483 #define CANON_CLASS_HDR_FROM	"header_sender"
484 #define CANON_CLASS_HDR_RCPT	"header_recipient"
485 
486 #define VAR_CANON_CLASSES	"canonical_classes"
487 #define DEF_CANON_CLASSES	CANON_CLASS_ENV_FROM ", " \
488 				CANON_CLASS_ENV_RCPT ", " \
489 				CANON_CLASS_HDR_FROM ", " \
490 				CANON_CLASS_HDR_RCPT
491 extern char *var_canon_classes;
492 
493 #define VAR_SEND_CANON_CLASSES	"sender_canonical_classes"
494 #define DEF_SEND_CANON_CLASSES	CANON_CLASS_ENV_FROM ", " \
495 				CANON_CLASS_HDR_FROM
496 extern char *var_send_canon_classes;
497 
498 #define VAR_RCPT_CANON_CLASSES	"recipient_canonical_classes"
499 #define DEF_RCPT_CANON_CLASSES	CANON_CLASS_ENV_RCPT ", " \
500 				CANON_CLASS_HDR_RCPT
501 extern char *var_rcpt_canon_classes;
502 
503 #define VAR_SEND_BCC_MAPS	"sender_bcc_maps"
504 #define DEF_SEND_BCC_MAPS	""
505 extern char *var_send_bcc_maps;
506 
507 #define VAR_RCPT_BCC_MAPS	"recipient_bcc_maps"
508 #define DEF_RCPT_BCC_MAPS	""
509 extern char *var_rcpt_bcc_maps;
510 
511 #define VAR_TRANSPORT_MAPS	"transport_maps"
512 #define DEF_TRANSPORT_MAPS	""
513 extern char *var_transport_maps;
514 
515 #define VAR_DEF_TRANSPORT	"default_transport"
516 #define DEF_DEF_TRANSPORT	MAIL_SERVICE_SMTP
517 extern char *var_def_transport;
518 
519 #define VAR_SND_DEF_XPORT_MAPS	"sender_dependent_" VAR_DEF_TRANSPORT "_maps"
520 #define DEF_SND_DEF_XPORT_MAPS	""
521 extern char *var_snd_def_xport_maps;
522 
523 #define VAR_NULL_DEF_XPORT_MAPS_KEY	"empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
524 #define DEF_NULL_DEF_XPORT_MAPS_KEY	"<>"
525 extern char *var_null_def_xport_maps_key;
526 
527  /*
528   * trivial rewrite/resolve service: rewriting controls.
529   */
530 #define VAR_SWAP_BANGPATH	"swap_bangpath"
531 #define DEF_SWAP_BANGPATH	1
532 extern bool var_swap_bangpath;
533 
534 #define VAR_APP_AT_MYORIGIN	"append_at_myorigin"
535 #define DEF_APP_AT_MYORIGIN	1
536 extern bool var_append_at_myorigin;
537 
538 #define VAR_APP_DOT_MYDOMAIN	"append_dot_mydomain"
539 #define DEF_APP_DOT_MYDOMAIN	"${{$compatibility_level} <level {1} ? " \
540 				"{yes} : {no}}"
541 extern bool var_append_dot_mydomain;
542 
543 #define VAR_PERCENT_HACK	"allow_percent_hack"
544 #define DEF_PERCENT_HACK	1
545 extern bool var_percent_hack;
546 
547  /*
548   * Local delivery: alias databases.
549   */
550 #define VAR_ALIAS_MAPS		"alias_maps"
551 #ifdef HAS_NIS
552 #define DEF_ALIAS_MAPS		ALIAS_DB_MAP ", nis:mail.aliases"
553 #else
554 #define DEF_ALIAS_MAPS		ALIAS_DB_MAP
555 #endif
556 extern char *var_alias_maps;
557 
558  /*
559   * Local delivery: to BIFF or not to BIFF.
560   */
561 #define VAR_BIFF		"biff"
562 #define DEF_BIFF		1
563 extern bool var_biff;
564 
565  /*
566   * Local delivery: mail to files/commands.
567   */
568 #define VAR_ALLOW_COMMANDS	"allow_mail_to_commands"
569 #define DEF_ALLOW_COMMANDS	"alias, forward"
570 extern char *var_allow_commands;
571 
572 #define VAR_COMMAND_MAXTIME	"command_time_limit"
573 #define _MAXTIME		"_time_limit"
574 #define DEF_COMMAND_MAXTIME	"1000s"
575 extern int var_command_maxtime;
576 
577 #define VAR_ALLOW_FILES		"allow_mail_to_files"
578 #define DEF_ALLOW_FILES		"alias, forward"
579 extern char *var_allow_files;
580 
581 #define VAR_LOCAL_CMD_SHELL	"local_command_shell"
582 #define DEF_LOCAL_CMD_SHELL	""
583 extern char *var_local_cmd_shell;
584 
585 #define VAR_ALIAS_DB_MAP	"alias_database"
586 #define DEF_ALIAS_DB_MAP	ALIAS_DB_MAP	/* sys_defs.h */
587 extern char *var_alias_db_map;
588 
589 #define VAR_LUSER_RELAY		"luser_relay"
590 #define DEF_LUSER_RELAY		""
591 extern char *var_luser_relay;
592 
593  /*
594   * Local delivery: mailbox delivery.
595   */
596 #define VAR_MAIL_SPOOL_DIR	"mail_spool_directory"
597 #ifndef DEF_MAIL_SPOOL_DIR
598 #define DEF_MAIL_SPOOL_DIR	_PATH_MAILDIR
599 #endif
600 extern char *var_mail_spool_dir;
601 
602 #define VAR_HOME_MAILBOX	"home_mailbox"
603 #define DEF_HOME_MAILBOX	""
604 extern char *var_home_mailbox;
605 
606 #define VAR_MAILBOX_COMMAND	"mailbox_command"
607 #define DEF_MAILBOX_COMMAND	""
608 extern char *var_mailbox_command;
609 
610 #define VAR_MAILBOX_CMD_MAPS	"mailbox_command_maps"
611 #define DEF_MAILBOX_CMD_MAPS	""
612 extern char *var_mailbox_cmd_maps;
613 
614 #define VAR_MAILBOX_TRANSP	"mailbox_transport"
615 #define DEF_MAILBOX_TRANSP	""
616 extern char *var_mailbox_transport;
617 
618 #define VAR_MBOX_TRANSP_MAPS	"mailbox_transport_maps"
619 #define DEF_MBOX_TRANSP_MAPS	""
620 extern char *var_mbox_transp_maps;
621 
622 #define VAR_FALLBACK_TRANSP	"fallback_transport"
623 #define DEF_FALLBACK_TRANSP	""
624 extern char *var_fallback_transport;
625 
626 #define VAR_FBCK_TRANSP_MAPS	"fallback_transport_maps"
627 #define DEF_FBCK_TRANSP_MAPS	""
628 extern char *var_fbck_transp_maps;
629 
630  /*
631   * Local delivery: path to per-user forwarding file.
632   */
633 #define VAR_FORWARD_PATH	"forward_path"
634 #define DEF_FORWARD_PATH	"$home/.forward${recipient_delimiter}${extension}, $home/.forward"
635 extern char *var_forward_path;
636 
637  /*
638   * Local delivery: external command execution directory.
639   */
640 #define VAR_EXEC_DIRECTORY	"command_execution_directory"
641 #define DEF_EXEC_DIRECTORY	""
642 extern char *var_exec_directory;
643 
644 #define VAR_EXEC_EXP_FILTER	"execution_directory_expansion_filter"
645 #define DEF_EXEC_EXP_FILTER	"1234567890!@%-_=+:,./\
646 abcdefghijklmnopqrstuvwxyz\
647 ABCDEFGHIJKLMNOPQRSTUVWXYZ"
648 extern char *var_exec_exp_filter;
649 
650  /*
651   * Mailbox locking. DEF_MAILBOX_LOCK is defined in sys_defs.h.
652   */
653 #define VAR_MAILBOX_LOCK	"mailbox_delivery_lock"
654 extern char *var_mailbox_lock;
655 
656  /*
657   * Mailbox size limit. This used to be enforced as a side effect of the way
658   * the message size limit is implemented, but that is not clean.
659   */
660 #define VAR_MAILBOX_LIMIT	"mailbox_size_limit"
661 #define DEF_MAILBOX_LIMIT	(DEF_MESSAGE_LIMIT * 5)
662 extern long var_mailbox_limit;
663 
664  /*
665   * Miscellaneous.
666   */
667 #define VAR_PROP_EXTENSION	"propagate_unmatched_extensions"
668 #define DEF_PROP_EXTENSION	"canonical, virtual"
669 extern char *var_prop_extension;
670 
671 #define VAR_RCPT_DELIM		"recipient_delimiter"
672 #define DEF_RCPT_DELIM		""
673 extern char *var_rcpt_delim;
674 
675 #define VAR_CMD_EXP_FILTER	"command_expansion_filter"
676 #define DEF_CMD_EXP_FILTER	"1234567890!@%-_=+:,./\
677 abcdefghijklmnopqrstuvwxyz\
678 ABCDEFGHIJKLMNOPQRSTUVWXYZ"
679 extern char *var_cmd_exp_filter;
680 
681 #define VAR_FWD_EXP_FILTER	"forward_expansion_filter"
682 #define DEF_FWD_EXP_FILTER	"1234567890!@%-_=+:,./\
683 abcdefghijklmnopqrstuvwxyz\
684 ABCDEFGHIJKLMNOPQRSTUVWXYZ"
685 extern char *var_fwd_exp_filter;
686 
687 #define VAR_DELIVER_HDR		"prepend_delivered_header"
688 #define DEF_DELIVER_HDR		"command, file, forward"
689 extern char *var_deliver_hdr;
690 
691  /*
692   * Cleanup: enable support for X-Original-To message headers, which are
693   * needed for multi-recipient mailboxes. When this is turned on, perform
694   * duplicate elimination on (original rcpt, rewritten rcpt) pairs, and
695   * generating non-empty original recipient records in the queue file.
696   */
697 #define VAR_ENABLE_ORCPT	"enable_original_recipient"
698 #define DEF_ENABLE_ORCPT	1
699 extern bool var_enable_orcpt;
700 
701 #define VAR_EXP_OWN_ALIAS	"expand_owner_alias"
702 #define DEF_EXP_OWN_ALIAS	0
703 extern bool var_exp_own_alias;
704 
705 #define VAR_STAT_HOME_DIR	"require_home_directory"
706 #define DEF_STAT_HOME_DIR	0
707 extern bool var_stat_home_dir;
708 
709  /*
710   * Cleanup server: maximal size of the duplicate expansion filter. By
711   * default, we do graceful degradation with huge mailing lists.
712   */
713 #define VAR_DUP_FILTER_LIMIT	"duplicate_filter_limit"
714 #define DEF_DUP_FILTER_LIMIT	1000
715 extern int var_dup_filter_limit;
716 
717  /*
718   * Transport Layer Security (TLS) protocol support.
719   */
720 #define VAR_TLS_MGR_SERVICE	"tlsmgr_service_name"
721 #define DEF_TLS_MGR_SERVICE	"tlsmgr"
722 extern char *var_tls_mgr_service;
723 
724 #define VAR_TLS_APPEND_DEF_CA	"tls_append_default_CA"
725 #define DEF_TLS_APPEND_DEF_CA	0	/* Postfix < 2.8 BC break */
726 extern bool var_tls_append_def_CA;
727 
728 #define VAR_TLS_RAND_EXCH_NAME	"tls_random_exchange_name"
729 #define DEF_TLS_RAND_EXCH_NAME	"${data_directory}/prng_exch"
730 extern char *var_tls_rand_exch_name;
731 
732 #define VAR_TLS_RAND_SOURCE	"tls_random_source"
733 #ifdef PREFERRED_RAND_SOURCE
734 #define DEF_TLS_RAND_SOURCE	PREFERRED_RAND_SOURCE
735 #else
736 #define DEF_TLS_RAND_SOURCE	""
737 #endif
738 extern char *var_tls_rand_source;
739 
740 #define VAR_TLS_RAND_BYTES	"tls_random_bytes"
741 #define DEF_TLS_RAND_BYTES	32
742 extern int var_tls_rand_bytes;
743 
744 #define VAR_TLS_DAEMON_RAND_BYTES	"tls_daemon_random_bytes"
745 #define DEF_TLS_DAEMON_RAND_BYTES	32
746 extern int var_tls_daemon_rand_bytes;
747 
748 #define VAR_TLS_RESEED_PERIOD	"tls_random_reseed_period"
749 #define DEF_TLS_RESEED_PERIOD	"3600s"
750 extern int var_tls_reseed_period;
751 
752 #define VAR_TLS_PRNG_UPD_PERIOD	"tls_random_prng_update_period"
753 #define DEF_TLS_PRNG_UPD_PERIOD "3600s"
754 extern int var_tls_prng_upd_period;
755 
756  /*
757   * Queue manager: relocated databases.
758   */
759 #define VAR_RELOCATED_MAPS		"relocated_maps"
760 #define DEF_RELOCATED_MAPS		""
761 extern char *var_relocated_maps;
762 
763  /*
764   * Queue manager: after each failed attempt the backoff time (how long we
765   * won't try this host in seconds) is doubled until it reaches the maximum.
766   * MAX_QUEUE_TIME limits the amount of time a message may spend in the mail
767   * queue before it is sent back.
768   */
769 #define VAR_QUEUE_RUN_DELAY	"queue_run_delay"
770 #define DEF_QUEUE_RUN_DELAY     "300s"
771 
772 #define VAR_MIN_BACKOFF_TIME	"minimal_backoff_time"
773 #define DEF_MIN_BACKOFF_TIME    DEF_QUEUE_RUN_DELAY
774 extern int var_min_backoff_time;
775 
776 #define VAR_MAX_BACKOFF_TIME	"maximal_backoff_time"
777 #define DEF_MAX_BACKOFF_TIME    "4000s"
778 extern int var_max_backoff_time;
779 
780 #define VAR_MAX_QUEUE_TIME	"maximal_queue_lifetime"
781 #define DEF_MAX_QUEUE_TIME	"5d"
782 extern int var_max_queue_time;
783 
784  /*
785   * XXX The default can't be $maximal_queue_lifetime, because that panics
786   * when a non-default maximal_queue_lifetime setting contains no time unit.
787   */
788 #define VAR_DSN_QUEUE_TIME	"bounce_queue_lifetime"
789 #define DEF_DSN_QUEUE_TIME	"5d"
790 extern int var_dsn_queue_time;
791 
792 #define VAR_DELAY_WARN_TIME	"delay_warning_time"
793 #define DEF_DELAY_WARN_TIME	"0h"
794 extern int var_delay_warn_time;
795 
796 #define VAR_DSN_DELAY_CLEARED	"confirm_delay_cleared"
797 #define DEF_DSN_DELAY_CLEARED	0
798 extern int var_dsn_delay_cleared;
799 
800  /*
801   * Queue manager: various in-core message and recipient limits.
802   */
803 #define VAR_QMGR_ACT_LIMIT	"qmgr_message_active_limit"
804 #define DEF_QMGR_ACT_LIMIT	20000
805 extern int var_qmgr_active_limit;
806 
807 #define VAR_QMGR_RCPT_LIMIT	"qmgr_message_recipient_limit"
808 #define DEF_QMGR_RCPT_LIMIT	20000
809 extern int var_qmgr_rcpt_limit;
810 
811 #define VAR_QMGR_MSG_RCPT_LIMIT	"qmgr_message_recipient_minimum"
812 #define DEF_QMGR_MSG_RCPT_LIMIT	10
813 extern int var_qmgr_msg_rcpt_limit;
814 
815 #define VAR_XPORT_RCPT_LIMIT	"default_recipient_limit"
816 #define _XPORT_RCPT_LIMIT	"_recipient_limit"
817 #define DEF_XPORT_RCPT_LIMIT	20000
818 extern int var_xport_rcpt_limit;
819 
820 #define VAR_STACK_RCPT_LIMIT	"default_extra_recipient_limit"
821 #define _STACK_RCPT_LIMIT	"_extra_recipient_limit"
822 #define DEF_STACK_RCPT_LIMIT	1000
823 extern int var_stack_rcpt_limit;
824 
825 #define VAR_XPORT_REFILL_LIMIT	"default_recipient_refill_limit"
826 #define _XPORT_REFILL_LIMIT	"_recipient_refill_limit"
827 #define DEF_XPORT_REFILL_LIMIT	100
828 extern int var_xport_refill_limit;
829 
830 #define VAR_XPORT_REFILL_DELAY	"default_recipient_refill_delay"
831 #define _XPORT_REFILL_DELAY	"_recipient_refill_delay"
832 #define DEF_XPORT_REFILL_DELAY	"5s"
833 extern int var_xport_refill_delay;
834 
835  /*
836   * Queue manager: default job scheduler parameters.
837   */
838 #define VAR_DELIVERY_SLOT_COST	"default_delivery_slot_cost"
839 #define _DELIVERY_SLOT_COST	"_delivery_slot_cost"
840 #define DEF_DELIVERY_SLOT_COST	5
841 extern int var_delivery_slot_cost;
842 
843 #define VAR_DELIVERY_SLOT_LOAN	"default_delivery_slot_loan"
844 #define _DELIVERY_SLOT_LOAN	"_delivery_slot_loan"
845 #define DEF_DELIVERY_SLOT_LOAN	3
846 extern int var_delivery_slot_loan;
847 
848 #define VAR_DELIVERY_SLOT_DISCOUNT	"default_delivery_slot_discount"
849 #define _DELIVERY_SLOT_DISCOUNT	"_delivery_slot_discount"
850 #define DEF_DELIVERY_SLOT_DISCOUNT	50
851 extern int var_delivery_slot_discount;
852 
853 #define VAR_MIN_DELIVERY_SLOTS	"default_minimum_delivery_slots"
854 #define _MIN_DELIVERY_SLOTS	"_minimum_delivery_slots"
855 #define DEF_MIN_DELIVERY_SLOTS	3
856 extern int var_min_delivery_slots;
857 
858 #define VAR_QMGR_FUDGE		"qmgr_fudge_factor"
859 #define DEF_QMGR_FUDGE		100
860 extern int var_qmgr_fudge;
861 
862  /*
863   * Queue manager: default destination concurrency levels.
864   */
865 #define VAR_INIT_DEST_CON	"initial_destination_concurrency"
866 #define _INIT_DEST_CON		"_initial_destination_concurrency"
867 #define DEF_INIT_DEST_CON	5
868 extern int var_init_dest_concurrency;
869 
870 #define VAR_DEST_CON_LIMIT	"default_destination_concurrency_limit"
871 #define _DEST_CON_LIMIT		"_destination_concurrency_limit"
872 #define DEF_DEST_CON_LIMIT	20
873 extern int var_dest_con_limit;
874 
875 #define VAR_LOCAL_CON_LIMIT	"local" _DEST_CON_LIMIT
876 #define DEF_LOCAL_CON_LIMIT	2
877 extern int var_local_con_lim;
878 
879  /*
880   * Queue manager: default number of recipients per transaction.
881   */
882 #define VAR_DEST_RCPT_LIMIT	"default_destination_recipient_limit"
883 #define _DEST_RCPT_LIMIT	"_destination_recipient_limit"
884 #define DEF_DEST_RCPT_LIMIT	50
885 extern int var_dest_rcpt_limit;
886 
887 #define VAR_LOCAL_RCPT_LIMIT	"local" _DEST_RCPT_LIMIT	/* XXX */
888 #define DEF_LOCAL_RCPT_LIMIT	1	/* XXX */
889 extern int var_local_rcpt_lim;
890 
891  /*
892   * Queue manager: default delay before retrying a dead transport.
893   */
894 #define VAR_XPORT_RETRY_TIME	"transport_retry_time"
895 #define DEF_XPORT_RETRY_TIME	"60s"
896 extern int var_transport_retry_time;
897 
898  /*
899   * Queue manager: what transports to defer delivery to.
900   */
901 #define VAR_DEFER_XPORTS	"defer_transports"
902 #define DEF_DEFER_XPORTS	""
903 extern char *var_defer_xports;
904 
905  /*
906   * Queue manager: how often to warn that a destination is clogging the
907   * active queue.
908   */
909 #define VAR_QMGR_CLOG_WARN_TIME	"qmgr_clog_warn_time"
910 #define DEF_QMGR_CLOG_WARN_TIME	"300s"
911 extern int var_qmgr_clog_warn_time;
912 
913  /*
914   * Master: default process count limit per mail subsystem.
915   */
916 #define VAR_PROC_LIMIT		"default_process_limit"
917 #define DEF_PROC_LIMIT		100
918 extern int var_proc_limit;
919 
920  /*
921   * Master: default time to wait after service is throttled.
922   */
923 #define VAR_THROTTLE_TIME	"service_throttle_time"
924 #define DEF_THROTTLE_TIME	"60s"
925 extern int var_throttle_time;
926 
927  /*
928   * Master: what master.cf services are turned off.
929   */
930 #define VAR_MASTER_DISABLE	"master_service_disable"
931 #define DEF_MASTER_DISABLE	""
932 extern char *var_master_disable;
933 
934  /*
935   * Any subsystem: default maximum number of clients serviced before a mail
936   * subsystem terminates (except queue manager).
937   */
938 #define VAR_MAX_USE		"max_use"
939 #define DEF_MAX_USE		100
940 extern int var_use_limit;
941 
942  /*
943   * Any subsystem: default amount of time a mail subsystem waits for a client
944   * connection (except queue manager).
945   */
946 #define VAR_MAX_IDLE		"max_idle"
947 #define DEF_MAX_IDLE		"100s"
948 extern int var_idle_limit;
949 
950  /*
951   * Any subsystem: default amount of time a mail subsystem waits for
952   * application events to drain.
953   */
954 #define VAR_EVENT_DRAIN		"application_event_drain_time"
955 #define DEF_EVENT_DRAIN		"100s"
956 extern int var_event_drain;
957 
958  /*
959   * Any subsystem: default amount of time a mail subsystem keeps an internal
960   * IPC connection before closing it because it is idle for too much time.
961   */
962 #define VAR_IPC_IDLE		"ipc_idle"
963 #define DEF_IPC_IDLE		"5s"
964 extern int var_ipc_idle_limit;
965 
966  /*
967   * Any subsystem: default amount of time a mail subsystem keeps an internal
968   * IPC connection before closing it because the connection has existed for
969   * too much time.
970   */
971 #define VAR_IPC_TTL		"ipc_ttl"
972 #define DEF_IPC_TTL		"1000s"
973 extern int var_ipc_ttl_limit;
974 
975  /*
976   * Any front-end subsystem: avoid running out of memory when someone sends
977   * infinitely-long requests or replies.
978   */
979 #define VAR_LINE_LIMIT		"line_length_limit"
980 #define DEF_LINE_LIMIT		2048
981 extern int var_line_limit;
982 
983  /*
984   * Specify what SMTP peers need verbose logging.
985   */
986 #define VAR_DEBUG_PEER_LIST	"debug_peer_list"
987 #define DEF_DEBUG_PEER_LIST	""
988 extern char *var_debug_peer_list;
989 
990 #define VAR_DEBUG_PEER_LEVEL	"debug_peer_level"
991 #define DEF_DEBUG_PEER_LEVEL	2
992 extern int var_debug_peer_level;
993 
994  /*
995   * Queue management: what queues are hashed behind a forest of
996   * subdirectories, and how deep the forest is.
997   */
998 #define VAR_HASH_QUEUE_NAMES	"hash_queue_names"
999 #define DEF_HASH_QUEUE_NAMES	"deferred, defer"
1000 extern char *var_hash_queue_names;
1001 
1002 #define VAR_HASH_QUEUE_DEPTH	"hash_queue_depth"
1003 #define DEF_HASH_QUEUE_DEPTH	1
1004 extern int var_hash_queue_depth;
1005 
1006  /*
1007   * Short queue IDs contain the time in microseconds and file inode number.
1008   * Long queue IDs also contain the time in seconds.
1009   */
1010 #define VAR_LONG_QUEUE_IDS	"enable_long_queue_ids"
1011 #define DEF_LONG_QUEUE_IDS	0
1012 extern bool var_long_queue_ids;
1013 
1014  /*
1015   * Multi-protocol support.
1016   */
1017 #define INET_PROTO_NAME_IPV4	"ipv4"
1018 #define INET_PROTO_NAME_IPV6	"ipv6"
1019 #define INET_PROTO_NAME_ALL	"all"
1020 #define INET_PROTO_NAME_ANY	"any"
1021 #define VAR_INET_PROTOCOLS	"inet_protocols"
1022 extern char *var_inet_protocols;
1023 
1024  /*
1025   * SMTP client. Timeouts inspired by RFC 1123. The SMTP recipient limit
1026   * determines how many recipient addresses the SMTP client sends along with
1027   * each message. Unfortunately, some mailers misbehave and disconnect (smap)
1028   * when given more recipients than they are willing to handle.
1029   *
1030   * XXX 2821: A mail system is supposed to use EHLO instead of HELO, and to fall
1031   * back to HELO if EHLO is not supported.
1032   */
1033 #define VAR_BESTMX_TRANSP	"best_mx_transport"
1034 #define DEF_BESTMX_TRANSP	""
1035 extern char *var_bestmx_transp;
1036 
1037 #define VAR_SMTP_CACHE_CONNT	"smtp_connection_cache_time_limit"
1038 #define DEF_SMTP_CACHE_CONNT	"2s"
1039 #define VAR_LMTP_CACHE_CONNT	"lmtp_connection_cache_time_limit"
1040 #define DEF_LMTP_CACHE_CONNT	"2s"
1041 extern int var_smtp_cache_conn;
1042 
1043 #define VAR_SMTP_REUSE_COUNT	"smtp_connection_reuse_count_limit"
1044 #define DEF_SMTP_REUSE_COUNT	0
1045 #define VAR_LMTP_REUSE_COUNT	"lmtp_connection_reuse_count_limit"
1046 #define DEF_LMTP_REUSE_COUNT	0
1047 extern int var_smtp_reuse_count;
1048 
1049 #define VAR_SMTP_REUSE_TIME	"smtp_connection_reuse_time_limit"
1050 #define DEF_SMTP_REUSE_TIME	"300s"
1051 #define VAR_LMTP_REUSE_TIME	"lmtp_connection_reuse_time_limit"
1052 #define DEF_LMTP_REUSE_TIME	"300s"
1053 extern int var_smtp_reuse_time;
1054 
1055 #define VAR_SMTP_CACHE_DEST	"smtp_connection_cache_destinations"
1056 #define DEF_SMTP_CACHE_DEST	""
1057 #define VAR_LMTP_CACHE_DEST	"lmtp_connection_cache_destinations"
1058 #define DEF_LMTP_CACHE_DEST	""
1059 extern char *var_smtp_cache_dest;
1060 
1061 #define VAR_SMTP_CACHE_DEMAND	"smtp_connection_cache_on_demand"
1062 #ifndef DEF_SMTP_CACHE_DEMAND
1063 #define DEF_SMTP_CACHE_DEMAND	1
1064 #endif
1065 #define VAR_LMTP_CACHE_DEMAND	"lmtp_connection_cache_on_demand"
1066 #ifndef DEF_LMTP_CACHE_DEMAND
1067 #define DEF_LMTP_CACHE_DEMAND	1
1068 #endif
1069 extern bool var_smtp_cache_demand;
1070 
1071 #define VAR_SMTP_CONN_TMOUT	"smtp_connect_timeout"
1072 #define DEF_SMTP_CONN_TMOUT	"30s"
1073 extern int var_smtp_conn_tmout;
1074 
1075 #define VAR_SMTP_HELO_TMOUT	"smtp_helo_timeout"
1076 #define DEF_SMTP_HELO_TMOUT	"300s"
1077 #define VAR_LMTP_HELO_TMOUT	"lmtp_lhlo_timeout"
1078 #define DEF_LMTP_HELO_TMOUT	"300s"
1079 extern int var_smtp_helo_tmout;
1080 
1081 #define VAR_SMTP_XFWD_TMOUT	"smtp_xforward_timeout"
1082 #define DEF_SMTP_XFWD_TMOUT	"300s"
1083 extern int var_smtp_xfwd_tmout;
1084 
1085 #define VAR_SMTP_STARTTLS_TMOUT	"smtp_starttls_timeout"
1086 #define DEF_SMTP_STARTTLS_TMOUT	"300s"
1087 #define VAR_LMTP_STARTTLS_TMOUT	"lmtp_starttls_timeout"
1088 #define DEF_LMTP_STARTTLS_TMOUT	"300s"
1089 extern int var_smtp_starttls_tmout;
1090 
1091 #define VAR_SMTP_MAIL_TMOUT	"smtp_mail_timeout"
1092 #define DEF_SMTP_MAIL_TMOUT	"300s"
1093 extern int var_smtp_mail_tmout;
1094 
1095 #define VAR_SMTP_RCPT_TMOUT	"smtp_rcpt_timeout"
1096 #define DEF_SMTP_RCPT_TMOUT	"300s"
1097 extern int var_smtp_rcpt_tmout;
1098 
1099 #define VAR_SMTP_DATA0_TMOUT	"smtp_data_init_timeout"
1100 #define DEF_SMTP_DATA0_TMOUT	"120s"
1101 extern int var_smtp_data0_tmout;
1102 
1103 #define VAR_SMTP_DATA1_TMOUT	"smtp_data_xfer_timeout"
1104 #define DEF_SMTP_DATA1_TMOUT	"180s"
1105 extern int var_smtp_data1_tmout;
1106 
1107 #define VAR_SMTP_DATA2_TMOUT	"smtp_data_done_timeout"
1108 #define DEF_SMTP_DATA2_TMOUT	"600s"
1109 extern int var_smtp_data2_tmout;
1110 
1111 #define VAR_SMTP_RSET_TMOUT	"smtp_rset_timeout"
1112 #define DEF_SMTP_RSET_TMOUT	"20s"
1113 extern int var_smtp_rset_tmout;
1114 
1115 #define VAR_SMTP_QUIT_TMOUT	"smtp_quit_timeout"
1116 #define DEF_SMTP_QUIT_TMOUT	"300s"
1117 extern int var_smtp_quit_tmout;
1118 
1119 #define VAR_SMTP_QUOTE_821_ENV	"smtp_quote_rfc821_envelope"
1120 #define DEF_SMTP_QUOTE_821_ENV	1
1121 #define VAR_LMTP_QUOTE_821_ENV	"lmtp_quote_rfc821_envelope"
1122 #define DEF_LMTP_QUOTE_821_ENV	1
1123 extern int var_smtp_quote_821_env;
1124 
1125 #define VAR_SMTP_SKIP_5XX	"smtp_skip_5xx_greeting"
1126 #define DEF_SMTP_SKIP_5XX	1
1127 #define VAR_LMTP_SKIP_5XX	"lmtp_skip_5xx_greeting"
1128 #define DEF_LMTP_SKIP_5XX	1
1129 extern bool var_smtp_skip_5xx_greeting;
1130 
1131 #define VAR_IGN_MX_LOOKUP_ERR	"ignore_mx_lookup_error"
1132 #define DEF_IGN_MX_LOOKUP_ERR	0
1133 extern bool var_ign_mx_lookup_err;
1134 
1135 #define VAR_SMTP_SKIP_QUIT_RESP	"smtp_skip_quit_response"
1136 #define DEF_SMTP_SKIP_QUIT_RESP	1
1137 extern bool var_skip_quit_resp;
1138 
1139 #define VAR_SMTP_ALWAYS_EHLO	"smtp_always_send_ehlo"
1140 #ifdef RFC821_SYNTAX
1141 #define DEF_SMTP_ALWAYS_EHLO	0
1142 #else
1143 #define DEF_SMTP_ALWAYS_EHLO	1
1144 #endif
1145 extern bool var_smtp_always_ehlo;
1146 
1147 #define VAR_SMTP_NEVER_EHLO	"smtp_never_send_ehlo"
1148 #define DEF_SMTP_NEVER_EHLO	0
1149 extern bool var_smtp_never_ehlo;
1150 
1151 #define VAR_SMTP_RESP_FILTER	"smtp_reply_filter"
1152 #define DEF_SMTP_RESP_FILTER	""
1153 #define VAR_LMTP_RESP_FILTER	"lmtp_reply_filter"
1154 #define DEF_LMTP_RESP_FILTER	""
1155 extern char *var_smtp_resp_filter;
1156 
1157 #define VAR_SMTP_BIND_ADDR	"smtp_bind_address"
1158 #define DEF_SMTP_BIND_ADDR	""
1159 #define VAR_LMTP_BIND_ADDR	"lmtp_bind_address"
1160 #define DEF_LMTP_BIND_ADDR	""
1161 extern char *var_smtp_bind_addr;
1162 
1163 #define VAR_SMTP_BIND_ADDR6	"smtp_bind_address6"
1164 #define DEF_SMTP_BIND_ADDR6	""
1165 #define VAR_LMTP_BIND_ADDR6	"lmtp_bind_address6"
1166 #define DEF_LMTP_BIND_ADDR6	""
1167 extern char *var_smtp_bind_addr6;
1168 
1169 #define VAR_SMTP_BIND_ADDR_ENFORCE	"smtp_bind_address_enforce"
1170 #define DEF_SMTP_BIND_ADDR_ENFORCE	0
1171 #define VAR_LMTP_BIND_ADDR_ENFORCE	"lmtp_bind_address_enforce"
1172 #define DEF_LMTP_BIND_ADDR_ENFORCE	0
1173 extern bool var_smtp_bind_addr_enforce;
1174 
1175 #define VAR_SMTP_HELO_NAME	"smtp_helo_name"
1176 #define DEF_SMTP_HELO_NAME	"$myhostname"
1177 #define VAR_LMTP_HELO_NAME	"lmtp_lhlo_name"
1178 #define DEF_LMTP_HELO_NAME	"$myhostname"
1179 extern char *var_smtp_helo_name;
1180 
1181 #define VAR_SMTP_RAND_ADDR	"smtp_randomize_addresses"
1182 #define DEF_SMTP_RAND_ADDR	1
1183 #define VAR_LMTP_RAND_ADDR	"lmtp_randomize_addresses"
1184 #define DEF_LMTP_RAND_ADDR	1
1185 extern bool var_smtp_rand_addr;
1186 
1187 #define VAR_SMTP_LINE_LIMIT	"smtp_line_length_limit"
1188 #define DEF_SMTP_LINE_LIMIT	998
1189 #define VAR_LMTP_LINE_LIMIT	"lmtp_line_length_limit"
1190 #define DEF_LMTP_LINE_LIMIT	998
1191 extern int var_smtp_line_limit;
1192 
1193 #define VAR_SMTP_PIX_THRESH	"smtp_pix_workaround_threshold_time"
1194 #define DEF_SMTP_PIX_THRESH	"500s"
1195 #define VAR_LMTP_PIX_THRESH	"lmtp_pix_workaround_threshold_time"
1196 #define DEF_LMTP_PIX_THRESH	"500s"
1197 extern int var_smtp_pix_thresh;
1198 
1199 #define VAR_SMTP_PIX_DELAY	"smtp_pix_workaround_delay_time"
1200 #define DEF_SMTP_PIX_DELAY	"10s"
1201 #define VAR_LMTP_PIX_DELAY	"lmtp_pix_workaround_delay_time"
1202 #define DEF_LMTP_PIX_DELAY	"10s"
1203 extern int var_smtp_pix_delay;
1204 
1205  /*
1206   * Courageous people may want to turn off PIX bug workarounds.
1207   */
1208 #define	PIX_BUG_DISABLE_ESMTP		"disable_esmtp"
1209 #define	PIX_BUG_DELAY_DOTCRLF		"delay_dotcrlf"
1210 #define VAR_SMTP_PIX_BUG_WORDS		"smtp_pix_workarounds"
1211 #define DEF_SMTP_PIX_BUG_WORDS		PIX_BUG_DISABLE_ESMTP "," \
1212 					PIX_BUG_DELAY_DOTCRLF
1213 #define VAR_LMTP_PIX_BUG_WORDS		"lmtp_pix_workarounds"
1214 #define DEF_LMTP_PIX_BUG_WORDS		DEF_SMTP_PIX_BUG_WORDS
1215 extern char *var_smtp_pix_bug_words;
1216 
1217 #define VAR_SMTP_PIX_BUG_MAPS		"smtp_pix_workaround_maps"
1218 #define DEF_SMTP_PIX_BUG_MAPS		""
1219 #define VAR_LMTP_PIX_BUG_MAPS		"lmtp_pix_workaround_maps"
1220 #define DEF_LMTP_PIX_BUG_MAPS		""
1221 extern char *var_smtp_pix_bug_maps;
1222 
1223 #define VAR_SMTP_DEFER_MXADDR	"smtp_defer_if_no_mx_address_found"
1224 #define DEF_SMTP_DEFER_MXADDR	0
1225 #define VAR_LMTP_DEFER_MXADDR	"lmtp_defer_if_no_mx_address_found"
1226 #define DEF_LMTP_DEFER_MXADDR	0
1227 extern bool var_smtp_defer_mxaddr;
1228 
1229 #define VAR_SMTP_SEND_XFORWARD	"smtp_send_xforward_command"
1230 #define DEF_SMTP_SEND_XFORWARD	0
1231 extern bool var_smtp_send_xforward;
1232 
1233 #define VAR_SMTP_GENERIC_MAPS	"smtp_generic_maps"
1234 #define DEF_SMTP_GENERIC_MAPS	""
1235 #define VAR_LMTP_GENERIC_MAPS	"lmtp_generic_maps"
1236 #define DEF_LMTP_GENERIC_MAPS	""
1237 extern char *var_smtp_generic_maps;
1238 
1239  /*
1240   * SMTP server. The soft error limit determines how many errors an SMTP
1241   * client may make before we start to slow down; the hard error limit
1242   * determines after how many client errors we disconnect.
1243   */
1244 #define VAR_SMTPD_BANNER	"smtpd_banner"
1245 #define DEF_SMTPD_BANNER	"$myhostname ESMTP $mail_name"
1246 extern char *var_smtpd_banner;
1247 
1248 #define VAR_SMTPD_TMOUT		"smtpd_timeout"
1249 #define DEF_SMTPD_TMOUT		"${stress?{10}:{300}}s"
1250 extern int var_smtpd_tmout;
1251 
1252 #define VAR_SMTPD_STARTTLS_TMOUT "smtpd_starttls_timeout"
1253 #define DEF_SMTPD_STARTTLS_TMOUT "${stress?{10}:{300}}s"
1254 extern int var_smtpd_starttls_tmout;
1255 
1256 #define VAR_SMTPD_RCPT_LIMIT	"smtpd_recipient_limit"
1257 #define DEF_SMTPD_RCPT_LIMIT	1000
1258 extern int var_smtpd_rcpt_limit;
1259 
1260 #define VAR_SMTPD_SOFT_ERLIM	"smtpd_soft_error_limit"
1261 #define DEF_SMTPD_SOFT_ERLIM	"10"
1262 extern int var_smtpd_soft_erlim;
1263 
1264 #define VAR_SMTPD_HARD_ERLIM	"smtpd_hard_error_limit"
1265 #define DEF_SMTPD_HARD_ERLIM	"${stress?{1}:{20}}"
1266 extern int var_smtpd_hard_erlim;
1267 
1268 #define VAR_SMTPD_ERR_SLEEP	"smtpd_error_sleep_time"
1269 #define DEF_SMTPD_ERR_SLEEP	"1s"
1270 extern int var_smtpd_err_sleep;
1271 
1272 #define VAR_SMTPD_JUNK_CMD	"smtpd_junk_command_limit"
1273 #define DEF_SMTPD_JUNK_CMD	"${stress?{1}:{100}}"
1274 extern int var_smtpd_junk_cmd_limit;
1275 
1276 #define VAR_SMTPD_RCPT_OVERLIM	"smtpd_recipient_overshoot_limit"
1277 #define DEF_SMTPD_RCPT_OVERLIM	1000
1278 extern int var_smtpd_rcpt_overlim;
1279 
1280 #define VAR_SMTPD_HIST_THRSH	"smtpd_history_flush_threshold"
1281 #define DEF_SMTPD_HIST_THRSH	100
1282 extern int var_smtpd_hist_thrsh;
1283 
1284 #define VAR_SMTPD_NOOP_CMDS	"smtpd_noop_commands"
1285 #define DEF_SMTPD_NOOP_CMDS	""
1286 extern char *var_smtpd_noop_cmds;
1287 
1288 #define VAR_SMTPD_FORBID_CMDS	"smtpd_forbidden_commands"
1289 #define DEF_SMTPD_FORBID_CMDS	"CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}}"
1290 extern char *var_smtpd_forbid_cmds;
1291 
1292 #define VAR_SMTPD_CMD_FILTER	"smtpd_command_filter"
1293 #define DEF_SMTPD_CMD_FILTER	""
1294 extern char *var_smtpd_cmd_filter;
1295 
1296 #define VAR_SMTPD_TLS_WRAPPER	"smtpd_tls_wrappermode"
1297 #define DEF_SMTPD_TLS_WRAPPER	0
1298 extern bool var_smtpd_tls_wrappermode;
1299 
1300 #define VAR_SMTPD_TLS_LEVEL	"smtpd_tls_security_level"
1301 #define DEF_SMTPD_TLS_LEVEL	""
1302 extern char *var_smtpd_tls_level;
1303 
1304 #define VAR_SMTPD_USE_TLS	"smtpd_use_tls"
1305 #define DEF_SMTPD_USE_TLS	0
1306 extern bool var_smtpd_use_tls;
1307 
1308 #define VAR_SMTPD_ENFORCE_TLS	"smtpd_enforce_tls"
1309 #define DEF_SMTPD_ENFORCE_TLS	0
1310 extern bool var_smtpd_enforce_tls;
1311 
1312 #define VAR_SMTPD_TLS_AUTH_ONLY	"smtpd_tls_auth_only"
1313 #define DEF_SMTPD_TLS_AUTH_ONLY 0
1314 extern bool var_smtpd_tls_auth_only;
1315 
1316 #define VAR_SMTPD_TLS_ACERT	"smtpd_tls_ask_ccert"
1317 #define DEF_SMTPD_TLS_ACERT	0
1318 extern bool var_smtpd_tls_ask_ccert;
1319 
1320 #define VAR_SMTPD_TLS_RCERT	"smtpd_tls_req_ccert"
1321 #define DEF_SMTPD_TLS_RCERT	0
1322 extern bool var_smtpd_tls_req_ccert;
1323 
1324 #define VAR_SMTPD_TLS_CCERT_VD	"smtpd_tls_ccert_verifydepth"
1325 #define DEF_SMTPD_TLS_CCERT_VD	9
1326 extern int var_smtpd_tls_ccert_vd;
1327 
1328 #define VAR_SMTPD_TLS_CHAIN_FILES	"smtpd_tls_chain_files"
1329 #define DEF_SMTPD_TLS_CHAIN_FILES	""
1330 extern char *var_smtpd_tls_chain_files;
1331 
1332 #define VAR_SMTPD_TLS_CERT_FILE	"smtpd_tls_cert_file"
1333 #define DEF_SMTPD_TLS_CERT_FILE	""
1334 extern char *var_smtpd_tls_cert_file;
1335 
1336 #define VAR_SMTPD_TLS_KEY_FILE	"smtpd_tls_key_file"
1337 #define DEF_SMTPD_TLS_KEY_FILE	"$smtpd_tls_cert_file"
1338 extern char *var_smtpd_tls_key_file;
1339 
1340 #define VAR_SMTPD_TLS_DCERT_FILE "smtpd_tls_dcert_file"
1341 #define DEF_SMTPD_TLS_DCERT_FILE ""
1342 extern char *var_smtpd_tls_dcert_file;
1343 
1344 #define VAR_SMTPD_TLS_DKEY_FILE	"smtpd_tls_dkey_file"
1345 #define DEF_SMTPD_TLS_DKEY_FILE	"$smtpd_tls_dcert_file"
1346 extern char *var_smtpd_tls_dkey_file;
1347 
1348 #define VAR_SMTPD_TLS_ECCERT_FILE "smtpd_tls_eccert_file"
1349 #define DEF_SMTPD_TLS_ECCERT_FILE ""
1350 extern char *var_smtpd_tls_eccert_file;
1351 
1352 #define VAR_SMTPD_TLS_ECKEY_FILE	"smtpd_tls_eckey_file"
1353 #define DEF_SMTPD_TLS_ECKEY_FILE	"$smtpd_tls_eccert_file"
1354 extern char *var_smtpd_tls_eckey_file;
1355 
1356 #define VAR_SMTPD_TLS_CA_FILE	"smtpd_tls_CAfile"
1357 #define DEF_SMTPD_TLS_CA_FILE	""
1358 extern char *var_smtpd_tls_CAfile;
1359 
1360 #define VAR_SMTPD_TLS_CA_PATH	"smtpd_tls_CApath"
1361 #define DEF_SMTPD_TLS_CA_PATH	""
1362 extern char *var_smtpd_tls_CApath;
1363 
1364 #define VAR_SMTPD_TLS_PROTO		"smtpd_tls_protocols"
1365 #define DEF_SMTPD_TLS_PROTO		">=TLSv1"
1366 extern char *var_smtpd_tls_proto;
1367 
1368 #define VAR_SMTPD_TLS_MAND_PROTO	"smtpd_tls_mandatory_protocols"
1369 #define DEF_SMTPD_TLS_MAND_PROTO	">=TLSv1"
1370 extern char *var_smtpd_tls_mand_proto;
1371 
1372 #define VAR_SMTPD_TLS_CIPH	"smtpd_tls_ciphers"
1373 #define DEF_SMTPD_TLS_CIPH	"medium"
1374 extern char *var_smtpd_tls_ciph;
1375 
1376 #define VAR_SMTPD_TLS_MAND_CIPH	"smtpd_tls_mandatory_ciphers"
1377 #define DEF_SMTPD_TLS_MAND_CIPH	"medium"
1378 extern char *var_smtpd_tls_mand_ciph;
1379 
1380 #define VAR_SMTPD_TLS_EXCL_CIPH  "smtpd_tls_exclude_ciphers"
1381 #define DEF_SMTPD_TLS_EXCL_CIPH  ""
1382 extern char *var_smtpd_tls_excl_ciph;
1383 
1384 #define VAR_SMTPD_TLS_MAND_EXCL  "smtpd_tls_mandatory_exclude_ciphers"
1385 #define DEF_SMTPD_TLS_MAND_EXCL  ""
1386 extern char *var_smtpd_tls_mand_excl;
1387 
1388 #define VAR_SMTPD_TLS_FPT_DGST	"smtpd_tls_fingerprint_digest"
1389 #define DEF_SMTPD_TLS_FPT_DGST	"${{$compatibility_level} <level {3.6} ? " \
1390                                 "{md5} : {sha256}}"
1391 extern char *var_smtpd_tls_fpt_dgst;
1392 
1393 #define VAR_SMTPD_TLS_512_FILE	"smtpd_tls_dh512_param_file"
1394 #define DEF_SMTPD_TLS_512_FILE	""
1395 extern char *var_smtpd_tls_dh512_param_file;
1396 
1397 #define VAR_SMTPD_TLS_1024_FILE	"smtpd_tls_dh1024_param_file"
1398 #define DEF_SMTPD_TLS_1024_FILE	""
1399 extern char *var_smtpd_tls_dh1024_param_file;
1400 
1401 #define VAR_SMTPD_TLS_EECDH	"smtpd_tls_eecdh_grade"
1402 #define DEF_SMTPD_TLS_EECDH	"auto"
1403 extern char *var_smtpd_tls_eecdh;
1404 
1405 #define VAR_SMTPD_TLS_LOGLEVEL	"smtpd_tls_loglevel"
1406 #define DEF_SMTPD_TLS_LOGLEVEL	"0"
1407 extern char *var_smtpd_tls_loglevel;
1408 
1409 #define VAR_SMTPD_TLS_RECHEAD	"smtpd_tls_received_header"
1410 #define DEF_SMTPD_TLS_RECHEAD	0
1411 extern bool var_smtpd_tls_received_header;
1412 
1413 #define VAR_SMTPD_TLS_SCACHE_DB	"smtpd_tls_session_cache_database"
1414 #define DEF_SMTPD_TLS_SCACHE_DB	""
1415 extern char *var_smtpd_tls_scache_db;
1416 
1417 #define MAX_SMTPD_TLS_SCACHETIME	8640000
1418 #define VAR_SMTPD_TLS_SCACHTIME	"smtpd_tls_session_cache_timeout"
1419 #define DEF_SMTPD_TLS_SCACHTIME	"3600s"
1420 extern int var_smtpd_tls_scache_timeout;
1421 
1422 #define VAR_SMTPD_TLS_SET_SESSID	"smtpd_tls_always_issue_session_ids"
1423 #define DEF_SMTPD_TLS_SET_SESSID	1
1424 extern bool var_smtpd_tls_set_sessid;
1425 
1426 #define VAR_SMTPD_DELAY_OPEN	"smtpd_delay_open_until_valid_rcpt"
1427 #define DEF_SMTPD_DELAY_OPEN	1
1428 extern bool var_smtpd_delay_open;
1429 
1430 #define VAR_SMTP_TLS_PER_SITE	"smtp_tls_per_site"
1431 #define DEF_SMTP_TLS_PER_SITE	""
1432 #define VAR_LMTP_TLS_PER_SITE	"lmtp_tls_per_site"
1433 #define DEF_LMTP_TLS_PER_SITE	""
1434 extern char *var_smtp_tls_per_site;
1435 
1436 #define VAR_SMTP_USE_TLS	"smtp_use_tls"
1437 #define DEF_SMTP_USE_TLS	0
1438 #define VAR_LMTP_USE_TLS	"lmtp_use_tls"
1439 #define DEF_LMTP_USE_TLS	0
1440 extern bool var_smtp_use_tls;
1441 
1442 #define VAR_SMTP_ENFORCE_TLS	"smtp_enforce_tls"
1443 #define DEF_SMTP_ENFORCE_TLS	0
1444 #define VAR_LMTP_ENFORCE_TLS	"lmtp_enforce_tls"
1445 #define DEF_LMTP_ENFORCE_TLS	0
1446 extern bool var_smtp_enforce_tls;
1447 
1448 #define VAR_SMTP_TLS_ENFORCE_PN	"smtp_tls_enforce_peername"
1449 #define DEF_SMTP_TLS_ENFORCE_PN	1
1450 #define VAR_LMTP_TLS_ENFORCE_PN	"lmtp_tls_enforce_peername"
1451 #define DEF_LMTP_TLS_ENFORCE_PN	1
1452 extern bool var_smtp_tls_enforce_peername;
1453 
1454 #define VAR_SMTP_TLS_WRAPPER	"smtp_tls_wrappermode"
1455 #define DEF_SMTP_TLS_WRAPPER	0
1456 #define VAR_LMTP_TLS_WRAPPER	"lmtp_tls_wrappermode"
1457 #define DEF_LMTP_TLS_WRAPPER	0
1458 extern bool var_smtp_tls_wrappermode;
1459 
1460 #define VAR_SMTP_TLS_LEVEL	"smtp_tls_security_level"
1461 #define DEF_SMTP_TLS_LEVEL	""
1462 #define VAR_LMTP_TLS_LEVEL	"lmtp_tls_security_level"
1463 #define DEF_LMTP_TLS_LEVEL	""
1464 extern char *var_smtp_tls_level;
1465 
1466 #define VAR_SMTP_TLS_SCERT_VD	"smtp_tls_scert_verifydepth"
1467 #define DEF_SMTP_TLS_SCERT_VD	9
1468 #define VAR_LMTP_TLS_SCERT_VD	"lmtp_tls_scert_verifydepth"
1469 #define DEF_LMTP_TLS_SCERT_VD	9
1470 extern int var_smtp_tls_scert_vd;
1471 
1472 #define VAR_SMTP_TLS_CHAIN_FILES	"smtp_tls_chain_files"
1473 #define DEF_SMTP_TLS_CHAIN_FILES	""
1474 #define VAR_LMTP_TLS_CHAIN_FILES	"lmtp_tls_chain_files"
1475 #define DEF_LMTP_TLS_CHAIN_FILES	""
1476 extern char *var_smtp_tls_chain_files;
1477 
1478 #define VAR_SMTP_TLS_CERT_FILE	"smtp_tls_cert_file"
1479 #define DEF_SMTP_TLS_CERT_FILE	""
1480 #define VAR_LMTP_TLS_CERT_FILE	"lmtp_tls_cert_file"
1481 #define DEF_LMTP_TLS_CERT_FILE	""
1482 extern char *var_smtp_tls_cert_file;
1483 
1484 #define VAR_SMTP_TLS_KEY_FILE	"smtp_tls_key_file"
1485 #define DEF_SMTP_TLS_KEY_FILE	"$smtp_tls_cert_file"
1486 #define VAR_LMTP_TLS_KEY_FILE	"lmtp_tls_key_file"
1487 #define DEF_LMTP_TLS_KEY_FILE	"$lmtp_tls_cert_file"
1488 extern char *var_smtp_tls_key_file;
1489 
1490 #define VAR_SMTP_TLS_DCERT_FILE "smtp_tls_dcert_file"
1491 #define DEF_SMTP_TLS_DCERT_FILE ""
1492 #define VAR_LMTP_TLS_DCERT_FILE "lmtp_tls_dcert_file"
1493 #define DEF_LMTP_TLS_DCERT_FILE ""
1494 extern char *var_smtp_tls_dcert_file;
1495 
1496 #define VAR_SMTP_TLS_DKEY_FILE	"smtp_tls_dkey_file"
1497 #define DEF_SMTP_TLS_DKEY_FILE	"$smtp_tls_dcert_file"
1498 #define VAR_LMTP_TLS_DKEY_FILE	"lmtp_tls_dkey_file"
1499 #define DEF_LMTP_TLS_DKEY_FILE	"$lmtp_tls_dcert_file"
1500 extern char *var_smtp_tls_dkey_file;
1501 
1502 #define VAR_SMTP_TLS_ECCERT_FILE "smtp_tls_eccert_file"
1503 #define DEF_SMTP_TLS_ECCERT_FILE ""
1504 #define VAR_LMTP_TLS_ECCERT_FILE "lmtp_tls_eccert_file"
1505 #define DEF_LMTP_TLS_ECCERT_FILE ""
1506 extern char *var_smtp_tls_eccert_file;
1507 
1508 #define VAR_SMTP_TLS_ECKEY_FILE	"smtp_tls_eckey_file"
1509 #define DEF_SMTP_TLS_ECKEY_FILE	"$smtp_tls_eccert_file"
1510 #define VAR_LMTP_TLS_ECKEY_FILE	"lmtp_tls_eckey_file"
1511 #define DEF_LMTP_TLS_ECKEY_FILE	"$lmtp_tls_eccert_file"
1512 extern char *var_smtp_tls_eckey_file;
1513 
1514 #define VAR_SMTP_TLS_CA_FILE	"smtp_tls_CAfile"
1515 #define DEF_SMTP_TLS_CA_FILE	""
1516 #define VAR_LMTP_TLS_CA_FILE	"lmtp_tls_CAfile"
1517 #define DEF_LMTP_TLS_CA_FILE	""
1518 extern char *var_smtp_tls_CAfile;
1519 
1520 #define VAR_SMTP_TLS_CA_PATH	"smtp_tls_CApath"
1521 #define DEF_SMTP_TLS_CA_PATH	""
1522 #define VAR_LMTP_TLS_CA_PATH	"lmtp_tls_CApath"
1523 #define DEF_LMTP_TLS_CA_PATH	""
1524 extern char *var_smtp_tls_CApath;
1525 
1526 #define VAR_SMTP_TLS_CIPH	"smtp_tls_ciphers"
1527 #define DEF_SMTP_TLS_CIPH	"medium"
1528 #define VAR_LMTP_TLS_CIPH	"lmtp_tls_ciphers"
1529 #define DEF_LMTP_TLS_CIPH	"medium"
1530 extern char *var_smtp_tls_ciph;
1531 
1532 #define VAR_SMTP_TLS_MAND_CIPH	"smtp_tls_mandatory_ciphers"
1533 #define DEF_SMTP_TLS_MAND_CIPH	"medium"
1534 #define VAR_LMTP_TLS_MAND_CIPH	"lmtp_tls_mandatory_ciphers"
1535 #define DEF_LMTP_TLS_MAND_CIPH	"medium"
1536 extern char *var_smtp_tls_mand_ciph;
1537 
1538 #define VAR_SMTP_TLS_EXCL_CIPH  "smtp_tls_exclude_ciphers"
1539 #define DEF_SMTP_TLS_EXCL_CIPH  ""
1540 #define VAR_LMTP_TLS_EXCL_CIPH  "lmtp_tls_exclude_ciphers"
1541 #define DEF_LMTP_TLS_EXCL_CIPH  ""
1542 extern char *var_smtp_tls_excl_ciph;
1543 
1544 #define VAR_SMTP_TLS_MAND_EXCL  "smtp_tls_mandatory_exclude_ciphers"
1545 #define DEF_SMTP_TLS_MAND_EXCL  ""
1546 #define VAR_LMTP_TLS_MAND_EXCL  "lmtp_tls_mandatory_exclude_ciphers"
1547 #define DEF_LMTP_TLS_MAND_EXCL  ""
1548 extern char *var_smtp_tls_mand_excl;
1549 
1550 #define VAR_SMTP_TLS_FPT_DGST	"smtp_tls_fingerprint_digest"
1551 #define DEF_SMTP_TLS_FPT_DGST	"${{$compatibility_level} <level {3.6} ? " \
1552                                 "{md5} : {sha256}}"
1553 #define VAR_LMTP_TLS_FPT_DGST	"lmtp_tls_fingerprint_digest"
1554 #define DEF_LMTP_TLS_FPT_DGST	"${{$compatibility_level} <level {3.6} ? " \
1555                                 "{md5} : {sha256}}"
1556 extern char *var_smtp_tls_fpt_dgst;
1557 
1558 #define VAR_SMTP_TLS_TAFILE	"smtp_tls_trust_anchor_file"
1559 #define DEF_SMTP_TLS_TAFILE	""
1560 #define VAR_LMTP_TLS_TAFILE	"lmtp_tls_trust_anchor_file"
1561 #define DEF_LMTP_TLS_TAFILE	""
1562 extern char *var_smtp_tls_tafile;
1563 
1564 #define VAR_SMTP_TLS_LOGLEVEL	"smtp_tls_loglevel"
1565 #define DEF_SMTP_TLS_LOGLEVEL	"0"
1566 #define VAR_LMTP_TLS_LOGLEVEL	"lmtp_tls_loglevel"
1567 #define DEF_LMTP_TLS_LOGLEVEL	"0"
1568 extern char *var_smtp_tls_loglevel;	/* In smtp(8) and tlsmgr(8) */
1569 extern char *var_lmtp_tls_loglevel;	/* In tlsmgr(8) */
1570 
1571 #define VAR_SMTP_TLS_NOTEOFFER	"smtp_tls_note_starttls_offer"
1572 #define DEF_SMTP_TLS_NOTEOFFER	0
1573 #define VAR_LMTP_TLS_NOTEOFFER	"lmtp_tls_note_starttls_offer"
1574 #define DEF_LMTP_TLS_NOTEOFFER	0
1575 extern bool var_smtp_tls_note_starttls_offer;
1576 
1577 #define VAR_SMTP_TLS_SCACHE_DB	"smtp_tls_session_cache_database"
1578 #define DEF_SMTP_TLS_SCACHE_DB	""
1579 #define VAR_LMTP_TLS_SCACHE_DB	"lmtp_tls_session_cache_database"
1580 #define DEF_LMTP_TLS_SCACHE_DB	""
1581 extern char *var_smtp_tls_scache_db;
1582 extern char *var_lmtp_tls_scache_db;
1583 
1584 #define MAX_SMTP_TLS_SCACHETIME	8640000
1585 #define VAR_SMTP_TLS_SCACHTIME	"smtp_tls_session_cache_timeout"
1586 #define DEF_SMTP_TLS_SCACHTIME	"3600s"
1587 #define MAX_LMTP_TLS_SCACHETIME	8640000
1588 #define VAR_LMTP_TLS_SCACHTIME	"lmtp_tls_session_cache_timeout"
1589 #define DEF_LMTP_TLS_SCACHTIME	"3600s"
1590 extern int var_smtp_tls_scache_timeout;
1591 extern int var_lmtp_tls_scache_timeout;
1592 
1593 #define VAR_SMTP_TLS_POLICY	"smtp_tls_policy_maps"
1594 #define DEF_SMTP_TLS_POLICY	""
1595 #define VAR_LMTP_TLS_POLICY	"lmtp_tls_policy_maps"
1596 #define DEF_LMTP_TLS_POLICY	""
1597 extern char *var_smtp_tls_policy;
1598 
1599 #define VAR_SMTP_TLS_PROTO	"smtp_tls_protocols"
1600 #define DEF_SMTP_TLS_PROTO	">=TLSv1"
1601 #define VAR_LMTP_TLS_PROTO	"lmtp_tls_protocols"
1602 #define DEF_LMTP_TLS_PROTO	">=TLSv1"
1603 extern char *var_smtp_tls_proto;
1604 
1605 #define VAR_SMTP_TLS_MAND_PROTO	"smtp_tls_mandatory_protocols"
1606 #define DEF_SMTP_TLS_MAND_PROTO	">=TLSv1"
1607 #define VAR_LMTP_TLS_MAND_PROTO	"lmtp_tls_mandatory_protocols"
1608 #define DEF_LMTP_TLS_MAND_PROTO	">=TLSv1"
1609 extern char *var_smtp_tls_mand_proto;
1610 
1611 #define VAR_SMTP_TLS_VFY_CMATCH	"smtp_tls_verify_cert_match"
1612 #define DEF_SMTP_TLS_VFY_CMATCH	"hostname"
1613 #define VAR_LMTP_TLS_VFY_CMATCH	"lmtp_tls_verify_cert_match"
1614 #define DEF_LMTP_TLS_VFY_CMATCH	"hostname"
1615 extern char *var_smtp_tls_vfy_cmatch;
1616 
1617  /*
1618   * There are no MX lookups for LMTP, so verify == secure
1619   */
1620 #define VAR_SMTP_TLS_SEC_CMATCH	"smtp_tls_secure_cert_match"
1621 #define DEF_SMTP_TLS_SEC_CMATCH	"nexthop, dot-nexthop"
1622 #define VAR_LMTP_TLS_SEC_CMATCH	"lmtp_tls_secure_cert_match"
1623 #define DEF_LMTP_TLS_SEC_CMATCH	"nexthop"
1624 extern char *var_smtp_tls_sec_cmatch;
1625 
1626 
1627 #define VAR_SMTP_TLS_FPT_CMATCH "smtp_tls_fingerprint_cert_match"
1628 #define DEF_SMTP_TLS_FPT_CMATCH ""
1629 #define VAR_LMTP_TLS_FPT_CMATCH "lmtp_tls_fingerprint_cert_match"
1630 #define DEF_LMTP_TLS_FPT_CMATCH ""
1631 extern char *var_smtp_tls_fpt_cmatch;
1632 
1633 #define VAR_SMTP_TLS_SNI "smtp_tls_servername"
1634 #define DEF_SMTP_TLS_SNI ""
1635 #define VAR_LMTP_TLS_SNI "lmtp_tls_servername"
1636 #define DEF_LMTP_TLS_SNI ""
1637 extern char *var_smtp_tls_sni;
1638 
1639 #define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply"
1640 #define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0
1641 #define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply"
1642 #define DEF_LMTP_TLS_BLK_EARLY_MAIL_REPLY 0
1643 extern bool var_smtp_tls_blk_early_mail_reply;
1644 
1645 #define VAR_SMTP_TLS_FORCE_TLSA "smtp_tls_force_insecure_host_tlsa_lookup"
1646 #define DEF_SMTP_TLS_FORCE_TLSA 0
1647 #define VAR_LMTP_TLS_FORCE_TLSA "lmtp_tls_force_insecure_host_tlsa_lookup"
1648 #define DEF_LMTP_TLS_FORCE_TLSA 0
1649 extern bool var_smtp_tls_force_tlsa;
1650 
1651  /* SMTP only */
1652 #define VAR_SMTP_TLS_INSECURE_MX_POLICY "smtp_tls_dane_insecure_mx_policy"
1653 #define DEF_SMTP_TLS_INSECURE_MX_POLICY "${{$smtp_tls_security_level} == {dane} ? {dane} : {may}}"
1654 extern char *var_smtp_tls_insecure_mx_policy;
1655 
1656  /*
1657   * SASL authentication support, SMTP server side.
1658   */
1659 #define VAR_SMTPD_SASL_ENABLE	"smtpd_sasl_auth_enable"
1660 #define DEF_SMTPD_SASL_ENABLE	0
1661 extern bool var_smtpd_sasl_enable;
1662 
1663 #define VAR_SMTPD_SASL_AUTH_HDR	"smtpd_sasl_authenticated_header"
1664 #define DEF_SMTPD_SASL_AUTH_HDR	0
1665 extern bool var_smtpd_sasl_auth_hdr;
1666 
1667 #define VAR_SMTPD_SASL_OPTS	"smtpd_sasl_security_options"
1668 #define DEF_SMTPD_SASL_OPTS	"noanonymous"
1669 extern char *var_smtpd_sasl_opts;
1670 
1671 #define VAR_SMTPD_SASL_PATH	"smtpd_sasl_path"
1672 #define DEF_SMTPD_SASL_PATH	"smtpd"
1673 extern char *var_smtpd_sasl_path;
1674 
1675 #define VAR_SMTPD_SASL_SERVICE	"smtpd_sasl_service"
1676 #define DEF_SMTPD_SASL_SERVICE	"smtp"
1677 extern char *var_smtpd_sasl_service;
1678 
1679 #define VAR_CYRUS_CONF_PATH	"cyrus_sasl_config_path"
1680 #define DEF_CYRUS_CONF_PATH	""
1681 extern char *var_cyrus_conf_path;
1682 
1683 #define VAR_SMTPD_SASL_TLS_OPTS	"smtpd_sasl_tls_security_options"
1684 #define DEF_SMTPD_SASL_TLS_OPTS	"$" VAR_SMTPD_SASL_OPTS
1685 extern char *var_smtpd_sasl_tls_opts;
1686 
1687 #define VAR_SMTPD_SASL_REALM	"smtpd_sasl_local_domain"
1688 #define DEF_SMTPD_SASL_REALM	""
1689 extern char *var_smtpd_sasl_realm;
1690 
1691 #define VAR_SMTPD_SASL_EXCEPTIONS_NETWORKS	"smtpd_sasl_exceptions_networks"
1692 #define DEF_SMTPD_SASL_EXCEPTIONS_NETWORKS	""
1693 extern char *var_smtpd_sasl_exceptions_networks;
1694 
1695 #ifndef DEF_SERVER_SASL_TYPE
1696 #define DEF_SERVER_SASL_TYPE	"cyrus"
1697 #endif
1698 
1699 #define VAR_SMTPD_SASL_TYPE	"smtpd_sasl_type"
1700 #define DEF_SMTPD_SASL_TYPE	DEF_SERVER_SASL_TYPE
1701 extern char *var_smtpd_sasl_type;
1702 
1703 #define VAR_SMTPD_SND_AUTH_MAPS	"smtpd_sender_login_maps"
1704 #define DEF_SMTPD_SND_AUTH_MAPS	""
1705 extern char *var_smtpd_snd_auth_maps;
1706 
1707 #define REJECT_SENDER_LOGIN_MISMATCH	"reject_sender_login_mismatch"
1708 #define REJECT_AUTH_SENDER_LOGIN_MISMATCH \
1709 				"reject_authenticated_sender_login_mismatch"
1710 #define REJECT_KNOWN_SENDER_LOGIN_MISMATCH \
1711 				"reject_known_sender_login_mismatch"
1712 #define REJECT_UNAUTH_SENDER_LOGIN_MISMATCH \
1713 				"reject_unauthenticated_sender_login_mismatch"
1714 
1715  /*
1716   * https://tools.ietf.org/html/rfc4954#page-5
1717   *
1718   * (At the time of writing of this document, 12288 octets is considered to be a
1719   * sufficient line length limit for handling of deployed authentication
1720   * mechanisms.)
1721   *
1722   * The default value is also the minimum permissible value for this parameter.
1723   */
1724 #define VAR_SMTPD_SASL_RESP_LIMIT	"smtpd_sasl_response_limit"
1725 #define DEF_SMTPD_SASL_RESP_LIMIT 12288
1726 extern int var_smtpd_sasl_resp_limit;
1727 
1728  /*
1729   * Some backends claim to support EXTERNAL authentication, but Postfix does
1730   * not have code to provide the backend with such credentials. To avoid
1731   * confusing errors, do not announce the EXTERNAL mechanism.
1732   */
1733 #define VAR_SMTPD_SASL_MECH_FILTER	"smtpd_sasl_mechanism_filter"
1734 #define DEF_SMTPD_SASL_MECH_FILTER	"!external, static:rest"
1735 extern char *var_smtpd_sasl_mech_filter;
1736 
1737  /*
1738   * SASL authentication support, SMTP client side.
1739   */
1740 #define VAR_SMTP_SASL_ENABLE	"smtp_sasl_auth_enable"
1741 #define DEF_SMTP_SASL_ENABLE	0
1742 extern bool var_smtp_sasl_enable;
1743 
1744 #define VAR_SMTP_SASL_PASSWD	"smtp_sasl_password_maps"
1745 #define DEF_SMTP_SASL_PASSWD	""
1746 extern char *var_smtp_sasl_passwd;
1747 
1748 #define VAR_SMTP_SASL_OPTS	"smtp_sasl_security_options"
1749 #define DEF_SMTP_SASL_OPTS	"noplaintext, noanonymous"
1750 extern char *var_smtp_sasl_opts;
1751 
1752 #define VAR_SMTP_SASL_PATH	"smtp_sasl_path"
1753 #define DEF_SMTP_SASL_PATH	""
1754 extern char *var_smtp_sasl_path;
1755 
1756 #define VAR_SMTP_SASL_MECHS	"smtp_sasl_mechanism_filter"
1757 #define DEF_SMTP_SASL_MECHS	""
1758 #define VAR_LMTP_SASL_MECHS	"lmtp_sasl_mechanism_filter"
1759 #define DEF_LMTP_SASL_MECHS	""
1760 extern char *var_smtp_sasl_mechs;
1761 
1762 #ifndef DEF_CLIENT_SASL_TYPE
1763 #define DEF_CLIENT_SASL_TYPE	"cyrus"
1764 #endif
1765 
1766 #define VAR_SMTP_SASL_TYPE	"smtp_sasl_type"
1767 #define DEF_SMTP_SASL_TYPE	DEF_CLIENT_SASL_TYPE
1768 #define VAR_LMTP_SASL_TYPE	"lmtp_sasl_type"
1769 #define DEF_LMTP_SASL_TYPE	DEF_CLIENT_SASL_TYPE
1770 extern char *var_smtp_sasl_type;
1771 
1772 #define VAR_SMTP_SASL_TLS_OPTS	"smtp_sasl_tls_security_options"
1773 #define DEF_SMTP_SASL_TLS_OPTS	"$" VAR_SMTP_SASL_OPTS
1774 #define VAR_LMTP_SASL_TLS_OPTS	"lmtp_sasl_tls_security_options"
1775 #define DEF_LMTP_SASL_TLS_OPTS	"$" VAR_LMTP_SASL_OPTS
1776 extern char *var_smtp_sasl_tls_opts;
1777 
1778 #define VAR_SMTP_SASL_TLSV_OPTS	"smtp_sasl_tls_verified_security_options"
1779 #define DEF_SMTP_SASL_TLSV_OPTS	"$" VAR_SMTP_SASL_TLS_OPTS
1780 #define VAR_LMTP_SASL_TLSV_OPTS	"lmtp_sasl_tls_verified_security_options"
1781 #define DEF_LMTP_SASL_TLSV_OPTS	"$" VAR_LMTP_SASL_TLS_OPTS
1782 extern char *var_smtp_sasl_tlsv_opts;
1783 
1784 #define VAR_SMTP_DUMMY_MAIL_AUTH	"smtp_send_dummy_mail_auth"
1785 #define DEF_SMTP_DUMMY_MAIL_AUTH	0
1786 extern bool var_smtp_dummy_mail_auth;
1787 
1788 #define VAR_LMTP_BALANCE_INET_PROTO "lmtp_balance_inet_protocols"
1789 #define DEF_LMTP_BALANCE_INET_PROTO DEF_SMTP_BALANCE_INET_PROTO
1790 #define VAR_SMTP_BALANCE_INET_PROTO "smtp_balance_inet_protocols"
1791 #define DEF_SMTP_BALANCE_INET_PROTO 1
1792 extern bool var_smtp_balance_inet_proto;
1793 
1794  /*
1795   * LMTP server. The soft error limit determines how many errors an LMTP
1796   * client may make before we start to slow down; the hard error limit
1797   * determines after how many client errors we disconnect.
1798   */
1799 #define VAR_LMTPD_BANNER	"lmtpd_banner"
1800 #define DEF_LMTPD_BANNER	"$myhostname $mail_name"
1801 extern char *var_lmtpd_banner;
1802 
1803 #define VAR_LMTPD_TMOUT		"lmtpd_timeout"
1804 #define DEF_LMTPD_TMOUT		"300s"
1805 extern int var_lmtpd_tmout;
1806 
1807 #define VAR_LMTPD_RCPT_LIMIT	"lmtpd_recipient_limit"
1808 #define DEF_LMTPD_RCPT_LIMIT	1000
1809 extern int var_lmtpd_rcpt_limit;
1810 
1811 #define VAR_LMTPD_SOFT_ERLIM	"lmtpd_soft_error_limit"
1812 #define DEF_LMTPD_SOFT_ERLIM	10
1813 extern int var_lmtpd_soft_erlim;
1814 
1815 #define VAR_LMTPD_HARD_ERLIM	"lmtpd_hard_error_limit"
1816 #define DEF_LMTPD_HARD_ERLIM	100
1817 extern int var_lmtpd_hard_erlim;
1818 
1819 #define VAR_LMTPD_ERR_SLEEP	"lmtpd_error_sleep_time"
1820 #define DEF_LMTPD_ERR_SLEEP	"5s"
1821 extern int var_lmtpd_err_sleep;
1822 
1823 #define VAR_LMTPD_JUNK_CMD	"lmtpd_junk_command_limit"
1824 #define DEF_LMTPD_JUNK_CMD	1000
1825 extern int var_lmtpd_junk_cmd_limit;
1826 
1827  /*
1828   * SASL authentication support, LMTP server side.
1829   */
1830 #define VAR_LMTPD_SASL_ENABLE	"lmtpd_sasl_auth_enable"
1831 #define DEF_LMTPD_SASL_ENABLE	0
1832 extern bool var_lmtpd_sasl_enable;
1833 
1834 #define VAR_LMTPD_SASL_OPTS	"lmtpd_sasl_security_options"
1835 #define DEF_LMTPD_SASL_OPTS	"noanonymous"
1836 extern char *var_lmtpd_sasl_opts;
1837 
1838 #define VAR_LMTPD_SASL_REALM	"lmtpd_sasl_local_domain"
1839 #define DEF_LMTPD_SASL_REALM	"$myhostname"
1840 extern char *var_lmtpd_sasl_realm;
1841 
1842  /*
1843   * SASL authentication support, LMTP client side.
1844   */
1845 #define VAR_LMTP_SASL_ENABLE	"lmtp_sasl_auth_enable"
1846 #define DEF_LMTP_SASL_ENABLE	0
1847 extern bool var_lmtp_sasl_enable;
1848 
1849 #define VAR_LMTP_SASL_PASSWD	"lmtp_sasl_password_maps"
1850 #define DEF_LMTP_SASL_PASSWD	""
1851 extern char *var_lmtp_sasl_passwd;
1852 
1853 #define VAR_LMTP_SASL_OPTS	"lmtp_sasl_security_options"
1854 #define DEF_LMTP_SASL_OPTS	"noplaintext, noanonymous"
1855 extern char *var_lmtp_sasl_opts;
1856 
1857 #define VAR_LMTP_SASL_PATH	"lmtp_sasl_path"
1858 #define DEF_LMTP_SASL_PATH	""
1859 extern char *var_lmtp_sasl_path;
1860 
1861 #define VAR_LMTP_DUMMY_MAIL_AUTH	"lmtp_send_dummy_mail_auth"
1862 #define DEF_LMTP_DUMMY_MAIL_AUTH	0
1863 extern bool var_lmtp_dummy_mail_auth;
1864 
1865  /*
1866   * SASL-based relay etc. control.
1867   */
1868 #define PERMIT_SASL_AUTH	"permit_sasl_authenticated"
1869 
1870 #define VAR_CYRUS_SASL_AUTHZID	"send_cyrus_sasl_authzid"
1871 #define DEF_CYRUS_SASL_AUTHZID	0
1872 extern int var_cyrus_sasl_authzid;
1873 
1874  /*
1875   * Special handling of AUTH 535 failures.
1876   */
1877 #define VAR_SMTP_SASL_AUTH_SOFT_BOUNCE	"smtp_sasl_auth_soft_bounce"
1878 #define DEF_SMTP_SASL_AUTH_SOFT_BOUNCE	1
1879 #define VAR_LMTP_SASL_AUTH_SOFT_BOUNCE	"lmtp_sasl_auth_soft_bounce"
1880 #define DEF_LMTP_SASL_AUTH_SOFT_BOUNCE	1
1881 extern bool var_smtp_sasl_auth_soft_bounce;
1882 
1883 #define VAR_SMTP_SASL_AUTH_CACHE_NAME	"smtp_sasl_auth_cache_name"
1884 #define DEF_SMTP_SASL_AUTH_CACHE_NAME	""
1885 #define VAR_LMTP_SASL_AUTH_CACHE_NAME	"lmtp_sasl_auth_cache_name"
1886 #define DEF_LMTP_SASL_AUTH_CACHE_NAME	""
1887 extern char *var_smtp_sasl_auth_cache_name;
1888 
1889 #define VAR_SMTP_SASL_AUTH_CACHE_TIME	"smtp_sasl_auth_cache_time"
1890 #define DEF_SMTP_SASL_AUTH_CACHE_TIME	"90d"
1891 #define VAR_LMTP_SASL_AUTH_CACHE_TIME	"lmtp_sasl_auth_cache_time"
1892 #define DEF_LMTP_SASL_AUTH_CACHE_TIME	"90d"
1893 extern int var_smtp_sasl_auth_cache_time;
1894 
1895 #define VAR_SMTP_TCP_PORT	"smtp_tcp_port"
1896 #define DEF_SMTP_TCP_PORT	"smtp"
1897 extern char *var_smtp_tcp_port;
1898 
1899  /*
1900   * LMTP client. Timeouts inspired by RFC 1123. The LMTP recipient limit
1901   * determines how many recipient addresses the LMTP client sends along with
1902   * each message. Unfortunately, some mailers misbehave and disconnect (smap)
1903   * when given more recipients than they are willing to handle.
1904   */
1905 #define VAR_LMTP_TCP_PORT	"lmtp_tcp_port"
1906 #define DEF_LMTP_TCP_PORT	"24"
1907 extern char *var_lmtp_tcp_port;
1908 
1909 #define VAR_LMTP_ASSUME_FINAL	"lmtp_assume_final"
1910 #define DEF_LMTP_ASSUME_FINAL	0
1911 extern bool var_lmtp_assume_final;
1912 
1913 #define VAR_LMTP_CACHE_CONN	"lmtp_cache_connection"
1914 #define DEF_LMTP_CACHE_CONN	1
1915 extern bool var_lmtp_cache_conn;
1916 
1917 #define VAR_LMTP_SKIP_QUIT_RESP	"lmtp_skip_quit_response"
1918 #define DEF_LMTP_SKIP_QUIT_RESP	0
1919 extern bool var_lmtp_skip_quit_resp;
1920 
1921 #define VAR_LMTP_CONN_TMOUT	"lmtp_connect_timeout"
1922 #define DEF_LMTP_CONN_TMOUT	"0s"
1923 extern int var_lmtp_conn_tmout;
1924 
1925 #define VAR_LMTP_RSET_TMOUT	"lmtp_rset_timeout"
1926 #define DEF_LMTP_RSET_TMOUT	"20s"
1927 extern int var_lmtp_rset_tmout;
1928 
1929 #define VAR_LMTP_LHLO_TMOUT	"lmtp_lhlo_timeout"
1930 #define DEF_LMTP_LHLO_TMOUT	"300s"
1931 extern int var_lmtp_lhlo_tmout;
1932 
1933 #define VAR_LMTP_XFWD_TMOUT	"lmtp_xforward_timeout"
1934 #define DEF_LMTP_XFWD_TMOUT	"300s"
1935 extern int var_lmtp_xfwd_tmout;
1936 
1937 #define VAR_LMTP_MAIL_TMOUT	"lmtp_mail_timeout"
1938 #define DEF_LMTP_MAIL_TMOUT	"300s"
1939 extern int var_lmtp_mail_tmout;
1940 
1941 #define VAR_LMTP_RCPT_TMOUT	"lmtp_rcpt_timeout"
1942 #define DEF_LMTP_RCPT_TMOUT	"300s"
1943 extern int var_lmtp_rcpt_tmout;
1944 
1945 #define VAR_LMTP_DATA0_TMOUT	"lmtp_data_init_timeout"
1946 #define DEF_LMTP_DATA0_TMOUT	"120s"
1947 extern int var_lmtp_data0_tmout;
1948 
1949 #define VAR_LMTP_DATA1_TMOUT	"lmtp_data_xfer_timeout"
1950 #define DEF_LMTP_DATA1_TMOUT	"180s"
1951 extern int var_lmtp_data1_tmout;
1952 
1953 #define VAR_LMTP_DATA2_TMOUT	"lmtp_data_done_timeout"
1954 #define DEF_LMTP_DATA2_TMOUT	"600s"
1955 extern int var_lmtp_data2_tmout;
1956 
1957 #define VAR_LMTP_QUIT_TMOUT	"lmtp_quit_timeout"
1958 #define DEF_LMTP_QUIT_TMOUT	"300s"
1959 extern int var_lmtp_quit_tmout;
1960 
1961 #define VAR_LMTP_SEND_XFORWARD	"lmtp_send_xforward_command"
1962 #define DEF_LMTP_SEND_XFORWARD	0
1963 extern bool var_lmtp_send_xforward;
1964 
1965  /*
1966   * Cleanup service. Header info that exceeds $header_size_limit bytes or
1967   * $header_address_token_limit tokens is discarded.
1968   */
1969 #define VAR_HOPCOUNT_LIMIT	"hopcount_limit"
1970 #define DEF_HOPCOUNT_LIMIT	50
1971 extern int var_hopcount_limit;
1972 
1973 #define VAR_HEADER_LIMIT	"header_size_limit"
1974 #define DEF_HEADER_LIMIT	102400
1975 extern int var_header_limit;
1976 
1977 #define VAR_TOKEN_LIMIT		"header_address_token_limit"
1978 #define DEF_TOKEN_LIMIT		10240
1979 extern int var_token_limit;
1980 
1981 #define VAR_VIRT_RECUR_LIMIT	"virtual_alias_recursion_limit"
1982 #define DEF_VIRT_RECUR_LIMIT	1000
1983 extern int var_virt_recur_limit;
1984 
1985 #define VAR_VIRT_EXPAN_LIMIT	"virtual_alias_expansion_limit"
1986 #define DEF_VIRT_EXPAN_LIMIT	1000
1987 extern int var_virt_expan_limit;
1988 
1989 #define VAR_VIRT_ADDRLEN_LIMIT	"virtual_alias_address_length_limit"
1990 #define DEF_VIRT_ADDRLEN_LIMIT	1000
1991 extern int var_virt_addrlen_limit;
1992 
1993  /*
1994   * Message/queue size limits.
1995   */
1996 #define VAR_MESSAGE_LIMIT	"message_size_limit"
1997 #define DEF_MESSAGE_LIMIT	10240000
1998 extern long var_message_limit;
1999 
2000 #define VAR_QUEUE_MINFREE	"queue_minfree"
2001 #define DEF_QUEUE_MINFREE	0
2002 extern long var_queue_minfree;
2003 
2004  /*
2005   * Light-weight content inspection.
2006   */
2007 #define VAR_HEADER_CHECKS	"header_checks"
2008 #define DEF_HEADER_CHECKS	""
2009 extern char *var_header_checks;
2010 
2011 #define VAR_MIMEHDR_CHECKS	"mime_header_checks"
2012 #define DEF_MIMEHDR_CHECKS	"$header_checks"
2013 extern char *var_mimehdr_checks;
2014 
2015 #define VAR_NESTHDR_CHECKS	"nested_header_checks"
2016 #define DEF_NESTHDR_CHECKS	"$header_checks"
2017 extern char *var_nesthdr_checks;
2018 
2019 #define VAR_BODY_CHECKS		"body_checks"
2020 #define DEF_BODY_CHECKS		""
2021 extern char *var_body_checks;
2022 
2023 #define VAR_BODY_CHECK_LEN	"body_checks_size_limit"
2024 #define DEF_BODY_CHECK_LEN	(50*1024)
2025 extern int var_body_check_len;
2026 
2027  /*
2028   * Bounce service: truncate bounce message that exceed $bounce_size_limit.
2029   */
2030 #define VAR_BOUNCE_LIMIT	"bounce_size_limit"
2031 #define DEF_BOUNCE_LIMIT	50000
2032 extern int var_bounce_limit;
2033 
2034  /*
2035   * Bounce service: reserved sender address for double bounces. The local
2036   * delivery service discards undeliverable double bounces.
2037   */
2038 #define VAR_DOUBLE_BOUNCE	"double_bounce_sender"
2039 #define DEF_DOUBLE_BOUNCE	"double-bounce"
2040 extern char *var_double_bounce_sender;
2041 
2042  /*
2043   * Bounce service: enable threaded bounces, with References: and
2044   * In-Reply-To:.
2045   */
2046 #define VAR_THREADED_BOUNCE	"enable_threaded_bounces"
2047 #define DEF_THREADED_BOUNCE	CONFIG_BOOL_NO
2048 extern bool var_threaded_bounce;
2049 
2050  /*
2051   * When forking a process, how often to try and how long to wait.
2052   */
2053 #define VAR_FORK_TRIES		"fork_attempts"
2054 #define DEF_FORK_TRIES		5
2055 extern int var_fork_tries;
2056 
2057 #define VAR_FORK_DELAY		"fork_delay"
2058 #define DEF_FORK_DELAY		"1s"
2059 extern int var_fork_delay;
2060 
2061  /*
2062   * When locking a mailbox, how often to try and how long to wait.
2063   */
2064 #define VAR_FLOCK_TRIES          "deliver_lock_attempts"
2065 #define DEF_FLOCK_TRIES          20
2066 extern int var_flock_tries;
2067 
2068 #define VAR_FLOCK_DELAY          "deliver_lock_delay"
2069 #define DEF_FLOCK_DELAY          "1s"
2070 extern int var_flock_delay;
2071 
2072 #define VAR_FLOCK_STALE		"stale_lock_time"
2073 #define DEF_FLOCK_STALE		"500s"
2074 extern int var_flock_stale;
2075 
2076 #define VAR_MAILTOOL_COMPAT	"sun_mailtool_compatibility"
2077 #define DEF_MAILTOOL_COMPAT	0
2078 extern int var_mailtool_compat;
2079 
2080  /*
2081   * How long a daemon command may take to receive or deliver a message etc.
2082   * before we assume it is wegded (should never happen).
2083   */
2084 #define VAR_DAEMON_TIMEOUT	"daemon_timeout"
2085 #define DEF_DAEMON_TIMEOUT	"18000s"
2086 extern int var_daemon_timeout;
2087 
2088 #define VAR_QMGR_DAEMON_TIMEOUT	"qmgr_daemon_timeout"
2089 #define DEF_QMGR_DAEMON_TIMEOUT	"1000s"
2090 extern int var_qmgr_daemon_timeout;
2091 
2092  /*
2093   * How long an intra-mail command may take before we assume the mail system
2094   * is in deadlock (should never happen).
2095   */
2096 #define VAR_IPC_TIMEOUT		"ipc_timeout"
2097 #define DEF_IPC_TIMEOUT		"3600s"
2098 extern int var_ipc_timeout;
2099 
2100 #define VAR_QMGR_IPC_TIMEOUT	"qmgr_ipc_timeout"
2101 #define DEF_QMGR_IPC_TIMEOUT	"60s"
2102 extern int var_qmgr_ipc_timeout;
2103 
2104  /*
2105   * Time limit on intra-mail triggers.
2106   */
2107 #define VAR_TRIGGER_TIMEOUT	"trigger_timeout"
2108 #define DEF_TRIGGER_TIMEOUT	"10s"
2109 extern int var_trigger_timeout;
2110 
2111  /*
2112   * SMTP server restrictions. What networks I am willing to relay from, what
2113   * domains I am willing to forward mail from or to, what clients I refuse to
2114   * talk to, and what domains I never want to see in the sender address.
2115   */
2116 #define VAR_MYNETWORKS		"mynetworks"
2117 extern char *var_mynetworks;
2118 
2119 #define VAR_MYNETWORKS_STYLE	"mynetworks_style"
2120 #define DEF_MYNETWORKS_STYLE	"${{$compatibility_level} <level {2} ? " \
2121 				"{" MYNETWORKS_STYLE_SUBNET "} : " \
2122 				"{" MYNETWORKS_STYLE_HOST "}}"
2123 extern char *var_mynetworks_style;
2124 
2125 #define	MYNETWORKS_STYLE_CLASS	"class"
2126 #define	MYNETWORKS_STYLE_SUBNET	"subnet"
2127 #define	MYNETWORKS_STYLE_HOST	"host"
2128 
2129 #define VAR_RELAY_DOMAINS	"relay_domains"
2130 #define DEF_RELAY_DOMAINS	"${{$compatibility_level} <level {2} ? " \
2131 				"{$mydestination} : {}}"
2132 extern char *var_relay_domains;
2133 
2134 #define VAR_RELAY_TRANSPORT	"relay_transport"
2135 #define DEF_RELAY_TRANSPORT	MAIL_SERVICE_RELAY
2136 extern char *var_relay_transport;
2137 
2138 #define VAR_RELAY_RCPT_MAPS	"relay_recipient_maps"
2139 #define DEF_RELAY_RCPT_MAPS	""
2140 extern char *var_relay_rcpt_maps;
2141 
2142 #define VAR_RELAY_RCPT_CODE	"unknown_relay_recipient_reject_code"
2143 #define DEF_RELAY_RCPT_CODE	550
2144 extern int var_relay_rcpt_code;
2145 
2146 #define VAR_RELAY_CCERTS	"relay_clientcerts"
2147 #define DEF_RELAY_CCERTS	""
2148 extern char *var_smtpd_relay_ccerts;
2149 
2150 #define VAR_CLIENT_CHECKS	"smtpd_client_restrictions"
2151 #define DEF_CLIENT_CHECKS	""
2152 extern char *var_client_checks;
2153 
2154 #define VAR_HELO_REQUIRED	"smtpd_helo_required"
2155 #define DEF_HELO_REQUIRED	0
2156 extern bool var_helo_required;
2157 
2158 #define VAR_HELO_CHECKS		"smtpd_helo_restrictions"
2159 #define DEF_HELO_CHECKS		""
2160 extern char *var_helo_checks;
2161 
2162 #define VAR_MAIL_CHECKS		"smtpd_sender_restrictions"
2163 #define DEF_MAIL_CHECKS		""
2164 extern char *var_mail_checks;
2165 
2166 #define VAR_RELAY_CHECKS	"smtpd_relay_restrictions"
2167 #define DEF_RELAY_CHECKS	"${{$compatibility_level} <level {1} ? " \
2168 				"{} : {" PERMIT_MYNETWORKS ", " \
2169 				PERMIT_SASL_AUTH ", " \
2170 				DEFER_UNAUTH_DEST "}}"
2171 extern char *var_relay_checks;
2172 
2173  /*
2174   * For warn_compat_break_relay_domains check. Same as DEF_RELAY_CHECKS
2175   * except that it evaluates to DUNNO instead of REJECT.
2176   */
2177 #define FAKE_RELAY_CHECKS	PERMIT_MYNETWORKS ", " \
2178 				PERMIT_SASL_AUTH ", " \
2179 				PERMIT_AUTH_DEST
2180 
2181 #define VAR_RCPT_CHECKS		"smtpd_recipient_restrictions"
2182 #define DEF_RCPT_CHECKS		""
2183 extern char *var_rcpt_checks;
2184 
2185 #define VAR_RELAY_BEFORE_RCPT_CHECKS "smtpd_relay_before_recipient_restrictions"
2186 #define DEF_RELAY_BEFORE_RCPT_CHECKS "${{$compatibility_level} <level {3.6} ?" \
2187 				" {no} : {yes}}"
2188 extern bool var_relay_before_rcpt_checks;
2189 
2190 #define VAR_ETRN_CHECKS		"smtpd_etrn_restrictions"
2191 #define DEF_ETRN_CHECKS		""
2192 extern char *var_etrn_checks;
2193 
2194 #define VAR_DATA_CHECKS		"smtpd_data_restrictions"
2195 #define DEF_DATA_CHECKS		""
2196 extern char *var_data_checks;
2197 
2198 #define VAR_EOD_CHECKS		"smtpd_end_of_data_restrictions"
2199 #define DEF_EOD_CHECKS		""
2200 extern char *var_eod_checks;
2201 
2202 #define VAR_REST_CLASSES	"smtpd_restriction_classes"
2203 #define DEF_REST_CLASSES	""
2204 extern char *var_rest_classes;
2205 
2206 #define VAR_ALLOW_UNTRUST_ROUTE	"allow_untrusted_routing"
2207 #define DEF_ALLOW_UNTRUST_ROUTE	0
2208 extern bool var_allow_untrust_route;
2209 
2210  /*
2211   * Names of specific restrictions, and the corresponding configuration
2212   * parameters that control the status codes sent in response to rejected
2213   * requests.
2214   */
2215 #define PERMIT_ALL		"permit"
2216 #define REJECT_ALL		"reject"
2217 #define VAR_REJECT_CODE		"reject_code"
2218 #define DEF_REJECT_CODE		554
2219 extern int var_reject_code;
2220 
2221 #define DEFER_ALL		"defer"
2222 #define VAR_DEFER_CODE		"defer_code"
2223 #define DEF_DEFER_CODE		450
2224 extern int var_defer_code;
2225 
2226 #define DEFER_IF_PERMIT		"defer_if_permit"
2227 #define DEFER_IF_REJECT		"defer_if_reject"
2228 
2229 #define VAR_REJECT_TMPF_ACT	"reject_tempfail_action"
2230 #define DEF_REJECT_TMPF_ACT	DEFER_IF_PERMIT
2231 extern char *var_reject_tmpf_act;
2232 
2233 #define SLEEP			"sleep"
2234 
2235 #define REJECT_PLAINTEXT_SESSION "reject_plaintext_session"
2236 #define VAR_PLAINTEXT_CODE	"plaintext_reject_code"
2237 #define DEF_PLAINTEXT_CODE	450
2238 extern int var_plaintext_code;
2239 
2240 #define REJECT_UNKNOWN_CLIENT	"reject_unknown_client"
2241 #define REJECT_UNKNOWN_CLIENT_HOSTNAME "reject_unknown_client_hostname"
2242 #define REJECT_UNKNOWN_REVERSE_HOSTNAME "reject_unknown_reverse_client_hostname"
2243 #define REJECT_UNKNOWN_FORWARD_HOSTNAME "reject_unknown_forward_client_hostname"
2244 #define VAR_UNK_CLIENT_CODE	"unknown_client_reject_code"
2245 #define DEF_UNK_CLIENT_CODE	450
2246 extern int var_unk_client_code;
2247 
2248 #define PERMIT_INET_INTERFACES	"permit_inet_interfaces"
2249 
2250 #define PERMIT_MYNETWORKS	"permit_mynetworks"
2251 
2252 #define PERMIT_NAKED_IP_ADDR	"permit_naked_ip_address"
2253 
2254 #define REJECT_INVALID_HELO_HOSTNAME	"reject_invalid_helo_hostname"
2255 #define REJECT_INVALID_HOSTNAME	"reject_invalid_hostname"
2256 #define VAR_BAD_NAME_CODE	"invalid_hostname_reject_code"
2257 #define DEF_BAD_NAME_CODE	501	/* SYNTAX */
2258 extern int var_bad_name_code;
2259 
2260 #define REJECT_UNKNOWN_HELO_HOSTNAME "reject_unknown_helo_hostname"
2261 #define REJECT_UNKNOWN_HOSTNAME	"reject_unknown_hostname"
2262 #define VAR_UNK_NAME_CODE	"unknown_hostname_reject_code"
2263 #define DEF_UNK_NAME_CODE	450
2264 extern int var_unk_name_code;
2265 
2266 #define VAR_UNK_NAME_TF_ACT	"unknown_helo_hostname_tempfail_action"
2267 #define DEF_UNK_NAME_TF_ACT	"$" VAR_REJECT_TMPF_ACT
2268 extern char *var_unk_name_tf_act;
2269 
2270 #define REJECT_NON_FQDN_HELO_HOSTNAME "reject_non_fqdn_helo_hostname"
2271 #define REJECT_NON_FQDN_HOSTNAME "reject_non_fqdn_hostname"
2272 #define REJECT_NON_FQDN_SENDER	"reject_non_fqdn_sender"
2273 #define REJECT_NON_FQDN_RCPT	"reject_non_fqdn_recipient"
2274 #define VAR_NON_FQDN_CODE	"non_fqdn_reject_code"
2275 #define DEF_NON_FQDN_CODE	504	/* POLICY */
2276 extern int var_non_fqdn_code;
2277 
2278 #define REJECT_UNKNOWN_SENDDOM	"reject_unknown_sender_domain"
2279 #define REJECT_UNKNOWN_RCPTDOM	"reject_unknown_recipient_domain"
2280 #define REJECT_UNKNOWN_ADDRESS	"reject_unknown_address"
2281 #define REJECT_UNLISTED_SENDER	"reject_unlisted_sender"
2282 #define REJECT_UNLISTED_RCPT	"reject_unlisted_recipient"
2283 #define CHECK_RCPT_MAPS		"check_recipient_maps"
2284 
2285 #define VAR_UNK_ADDR_CODE	"unknown_address_reject_code"
2286 #define DEF_UNK_ADDR_CODE	450
2287 extern int var_unk_addr_code;
2288 
2289 #define VAR_UNK_ADDR_TF_ACT	"unknown_address_tempfail_action"
2290 #define DEF_UNK_ADDR_TF_ACT	"$" VAR_REJECT_TMPF_ACT
2291 extern char *var_unk_addr_tf_act;
2292 
2293 #define VAR_SMTPD_REJ_UNL_FROM	"smtpd_reject_unlisted_sender"
2294 #define DEF_SMTPD_REJ_UNL_FROM	0
2295 extern bool var_smtpd_rej_unl_from;
2296 
2297 #define VAR_SMTPD_REJ_UNL_RCPT	"smtpd_reject_unlisted_recipient"
2298 #define DEF_SMTPD_REJ_UNL_RCPT	1
2299 extern bool var_smtpd_rej_unl_rcpt;
2300 
2301 #define REJECT_UNVERIFIED_RECIP "reject_unverified_recipient"
2302 #define VAR_UNV_RCPT_RCODE	"unverified_recipient_reject_code"
2303 #define DEF_UNV_RCPT_RCODE	450
2304 extern int var_unv_rcpt_rcode;
2305 
2306 #define REJECT_UNVERIFIED_SENDER "reject_unverified_sender"
2307 #define VAR_UNV_FROM_RCODE	"unverified_sender_reject_code"
2308 #define DEF_UNV_FROM_RCODE	450
2309 extern int var_unv_from_rcode;
2310 
2311 #define VAR_UNV_RCPT_DCODE	"unverified_recipient_defer_code"
2312 #define DEF_UNV_RCPT_DCODE	450
2313 extern int var_unv_rcpt_dcode;
2314 
2315 #define VAR_UNV_FROM_DCODE	"unverified_sender_defer_code"
2316 #define DEF_UNV_FROM_DCODE	450
2317 extern int var_unv_from_dcode;
2318 
2319 #define VAR_UNV_RCPT_TF_ACT	"unverified_recipient_tempfail_action"
2320 #define DEF_UNV_RCPT_TF_ACT	"$" VAR_REJECT_TMPF_ACT
2321 extern char *var_unv_rcpt_tf_act;
2322 
2323 #define VAR_UNV_FROM_TF_ACT	"unverified_sender_tempfail_action"
2324 #define DEF_UNV_FROM_TF_ACT	"$" VAR_REJECT_TMPF_ACT
2325 extern char *var_unv_from_tf_act;
2326 
2327 #define VAR_UNV_RCPT_WHY	"unverified_recipient_reject_reason"
2328 #define DEF_UNV_RCPT_WHY	""
2329 extern char *var_unv_rcpt_why;
2330 
2331 #define VAR_UNV_FROM_WHY	"unverified_sender_reject_reason"
2332 #define DEF_UNV_FROM_WHY	""
2333 extern char *var_unv_from_why;
2334 
2335 #define REJECT_MUL_RCPT_BOUNCE	"reject_multi_recipient_bounce"
2336 #define VAR_MUL_RCPT_CODE	"multi_recipient_bounce_reject_code"
2337 #define DEF_MUL_RCPT_CODE	550
2338 extern int var_mul_rcpt_code;
2339 
2340 #define PERMIT_AUTH_DEST	"permit_auth_destination"
2341 #define REJECT_UNAUTH_DEST	"reject_unauth_destination"
2342 #define DEFER_UNAUTH_DEST	"defer_unauth_destination"
2343 #define CHECK_RELAY_DOMAINS	"check_relay_domains"
2344 #define PERMIT_TLS_CLIENTCERTS	"permit_tls_clientcerts"
2345 #define PERMIT_TLS_ALL_CLIENTCERTS	"permit_tls_all_clientcerts"
2346 #define VAR_RELAY_CODE		"relay_domains_reject_code"
2347 #define DEF_RELAY_CODE		554
2348 extern int var_relay_code;
2349 
2350 #define PERMIT_MX_BACKUP	"permit_mx_backup"
2351 
2352 #define VAR_PERM_MX_NETWORKS	"permit_mx_backup_networks"
2353 #define DEF_PERM_MX_NETWORKS	""
2354 extern char *var_perm_mx_networks;
2355 
2356 #define VAR_MAP_REJECT_CODE	"access_map_reject_code"
2357 #define DEF_MAP_REJECT_CODE	554
2358 extern int var_map_reject_code;
2359 
2360 #define VAR_MAP_DEFER_CODE	"access_map_defer_code"
2361 #define DEF_MAP_DEFER_CODE	450
2362 extern int var_map_defer_code;
2363 
2364 #define CHECK_CLIENT_ACL	"check_client_access"
2365 #define CHECK_REVERSE_CLIENT_ACL "check_reverse_client_hostname_access"
2366 #define CHECK_CCERT_ACL		"check_ccert_access"
2367 #define CHECK_SASL_ACL		"check_sasl_access"
2368 #define CHECK_HELO_ACL		"check_helo_access"
2369 #define CHECK_SENDER_ACL	"check_sender_access"
2370 #define CHECK_RECIP_ACL		"check_recipient_access"
2371 #define CHECK_ETRN_ACL		"check_etrn_access"
2372 
2373 #define CHECK_CLIENT_MX_ACL	"check_client_mx_access"
2374 #define CHECK_REVERSE_CLIENT_MX_ACL "check_reverse_client_hostname_mx_access"
2375 #define CHECK_HELO_MX_ACL	"check_helo_mx_access"
2376 #define CHECK_SENDER_MX_ACL	"check_sender_mx_access"
2377 #define CHECK_RECIP_MX_ACL	"check_recipient_mx_access"
2378 #define CHECK_CLIENT_NS_ACL	"check_client_ns_access"
2379 #define CHECK_REVERSE_CLIENT_NS_ACL "check_reverse_client_hostname_ns_access"
2380 #define CHECK_HELO_NS_ACL	"check_helo_ns_access"
2381 #define CHECK_SENDER_NS_ACL	"check_sender_ns_access"
2382 #define CHECK_RECIP_NS_ACL	"check_recipient_ns_access"
2383 #define CHECK_CLIENT_A_ACL	"check_client_a_access"
2384 #define CHECK_REVERSE_CLIENT_A_ACL "check_reverse_client_hostname_a_access"
2385 #define CHECK_HELO_A_ACL	"check_helo_a_access"
2386 #define CHECK_SENDER_A_ACL	"check_sender_a_access"
2387 #define CHECK_RECIP_A_ACL	"check_recipient_a_access"
2388 
2389 #define WARN_IF_REJECT		"warn_if_reject"
2390 
2391 #define REJECT_RBL		"reject_rbl"	/* LaMont compatibility */
2392 #define REJECT_RBL_CLIENT	"reject_rbl_client"
2393 #define REJECT_RHSBL_CLIENT	"reject_rhsbl_client"
2394 #define REJECT_RHSBL_REVERSE_CLIENT	"reject_rhsbl_reverse_client"
2395 #define REJECT_RHSBL_HELO	"reject_rhsbl_helo"
2396 #define REJECT_RHSBL_SENDER	"reject_rhsbl_sender"
2397 #define REJECT_RHSBL_RECIPIENT	"reject_rhsbl_recipient"
2398 
2399 #define PERMIT_DNSWL_CLIENT	"permit_dnswl_client"
2400 #define PERMIT_RHSWL_CLIENT	"permit_rhswl_client"
2401 
2402 #define VAR_RBL_REPLY_MAPS	"rbl_reply_maps"
2403 #define DEF_RBL_REPLY_MAPS	""
2404 extern char *var_rbl_reply_maps;
2405 
2406 #define VAR_DEF_RBL_REPLY	"default_rbl_reply"
2407 #define DEF_DEF_RBL_REPLY	"$rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}"
2408 extern char *var_def_rbl_reply;
2409 
2410 #define REJECT_MAPS_RBL		"reject_maps_rbl"	/* backwards compat */
2411 #define VAR_MAPS_RBL_CODE	"maps_rbl_reject_code"
2412 #define DEF_MAPS_RBL_CODE	554
2413 extern int var_maps_rbl_code;
2414 
2415 #define VAR_MAPS_RBL_DOMAINS	"maps_rbl_domains"	/* backwards compat */
2416 #define DEF_MAPS_RBL_DOMAINS	""
2417 extern char *var_maps_rbl_domains;
2418 
2419 #define VAR_SMTPD_DELAY_REJECT	"smtpd_delay_reject"
2420 #define DEF_SMTPD_DELAY_REJECT	1
2421 extern int var_smtpd_delay_reject;
2422 
2423 #define REJECT_UNAUTH_PIPE	"reject_unauth_pipelining"
2424 
2425 #define VAR_SMTPD_NULL_KEY	"smtpd_null_access_lookup_key"
2426 #define DEF_SMTPD_NULL_KEY	"<>"
2427 extern char *var_smtpd_null_key;
2428 
2429 #define VAR_SMTPD_EXP_FILTER	"smtpd_expansion_filter"
2430 #define DEF_SMTPD_EXP_FILTER	"\\t\\40!\"#$%&'()*+,-./0123456789:;<=>?@\
2431 ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`\
2432 abcdefghijklmnopqrstuvwxyz{|}~"
2433 extern char *var_smtpd_exp_filter;
2434 
2435 #define VAR_SMTPD_PEERNAME_LOOKUP	"smtpd_peername_lookup"
2436 #define DEF_SMTPD_PEERNAME_LOOKUP	1
2437 extern bool var_smtpd_peername_lookup;
2438 
2439  /*
2440   * Heuristic to reject unknown local recipients at the SMTP port.
2441   */
2442 #define VAR_LOCAL_RCPT_MAPS	"local_recipient_maps"
2443 #define DEF_LOCAL_RCPT_MAPS	"proxy:unix:passwd.byname $" VAR_ALIAS_MAPS
2444 extern char *var_local_rcpt_maps;
2445 
2446 #define VAR_LOCAL_RCPT_CODE	"unknown_local_recipient_reject_code"
2447 #define DEF_LOCAL_RCPT_CODE	550
2448 extern int var_local_rcpt_code;
2449 
2450  /*
2451   * List of pre-approved maps that are OK to open with the proxymap service.
2452   */
2453 #define VAR_PROXY_READ_MAPS	"proxy_read_maps"
2454 #define DEF_PROXY_READ_MAPS	"$" VAR_LOCAL_RCPT_MAPS \
2455 				" $" VAR_MYDEST \
2456 				" $" VAR_VIRT_ALIAS_MAPS \
2457 				" $" VAR_VIRT_ALIAS_DOMS \
2458 				" $" VAR_VIRT_MAILBOX_MAPS \
2459 				" $" VAR_VIRT_MAILBOX_DOMS \
2460 				" $" VAR_RELAY_RCPT_MAPS \
2461 				" $" VAR_RELAY_DOMAINS \
2462 				" $" VAR_CANONICAL_MAPS \
2463 				" $" VAR_SEND_CANON_MAPS \
2464 				" $" VAR_RCPT_CANON_MAPS \
2465 				" $" VAR_RELOCATED_MAPS \
2466 				" $" VAR_TRANSPORT_MAPS \
2467 				" $" VAR_MYNETWORKS \
2468 				" $" VAR_SMTPD_SND_AUTH_MAPS \
2469 				" $" VAR_SEND_BCC_MAPS \
2470 				" $" VAR_RCPT_BCC_MAPS \
2471 				" $" VAR_SMTP_GENERIC_MAPS \
2472 				" $" VAR_LMTP_GENERIC_MAPS \
2473 				" $" VAR_ALIAS_MAPS \
2474 				" $" VAR_CLIENT_CHECKS \
2475 				" $" VAR_HELO_CHECKS \
2476 				" $" VAR_MAIL_CHECKS \
2477 				" $" VAR_RELAY_CHECKS \
2478 				" $" VAR_RCPT_CHECKS \
2479 				" $" VAR_VRFY_SND_DEF_XPORT_MAPS \
2480 				" $" VAR_VRFY_RELAY_MAPS \
2481 				" $" VAR_VRFY_XPORT_MAPS \
2482 				" $" VAR_FBCK_TRANSP_MAPS \
2483 				" $" VAR_LMTP_EHLO_DIS_MAPS \
2484 				" $" VAR_LMTP_PIX_BUG_MAPS \
2485 				" $" VAR_LMTP_SASL_PASSWD \
2486 				" $" VAR_LMTP_TLS_POLICY \
2487 				" $" VAR_MAILBOX_CMD_MAPS \
2488 				" $" VAR_MBOX_TRANSP_MAPS \
2489 				" $" VAR_PSC_EHLO_DIS_MAPS \
2490 				" $" VAR_RBL_REPLY_MAPS \
2491 				" $" VAR_SND_DEF_XPORT_MAPS \
2492 				" $" VAR_SND_RELAY_MAPS \
2493 				" $" VAR_SMTP_EHLO_DIS_MAPS \
2494 				" $" VAR_SMTP_PIX_BUG_MAPS \
2495 				" $" VAR_SMTP_SASL_PASSWD \
2496 				" $" VAR_SMTP_TLS_POLICY \
2497 				" $" VAR_SMTPD_EHLO_DIS_MAPS \
2498 				" $" VAR_SMTPD_MILTER_MAPS \
2499 				" $" VAR_VIRT_GID_MAPS \
2500 				" $" VAR_VIRT_UID_MAPS
2501 extern char *var_proxy_read_maps;
2502 
2503 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"
2504 #define DEF_PROXY_WRITE_MAPS	"$" VAR_SMTP_SASL_AUTH_CACHE_NAME \
2505 				" $" VAR_LMTP_SASL_AUTH_CACHE_NAME \
2506 				" $" VAR_VERIFY_MAP \
2507 				" $" VAR_PSC_CACHE_MAP
2508 extern char *var_proxy_write_maps;
2509 
2510 #define VAR_PROXY_READ_ACL	"proxy_read_access_list"
2511 #define DEF_PROXY_READ_ACL	"reject"
2512 extern char *var_proxy_read_acl;
2513 
2514 #define VAR_PROXY_WRITE_ACL	"proxy_write_access_list"
2515 #define DEF_PROXY_WRITE_ACL	"reject"
2516 extern char *var_proxy_write_acl;
2517 
2518  /*
2519   * Other.
2520   */
2521 #define VAR_PROCNAME		"process_name"
2522 extern char *var_procname;
2523 
2524 #define VAR_SERVNAME		"service_name"
2525 extern char *var_servname;
2526 
2527 #define VAR_PID			"process_id"
2528 extern int var_pid;
2529 
2530 #define VAR_DEBUG_COMMAND	"debugger_command"
2531 
2532  /*
2533   * Paranoia: save files instead of deleting them.
2534   */
2535 #define VAR_DONT_REMOVE		"dont_remove"
2536 #define DEF_DONT_REMOVE		0
2537 extern bool var_dont_remove;
2538 
2539  /*
2540   * Paranoia: defer messages instead of bouncing them.
2541   */
2542 #define VAR_SOFT_BOUNCE		"soft_bounce"
2543 #define DEF_SOFT_BOUNCE		0
2544 extern bool var_soft_bounce;
2545 
2546  /*
2547   * Give special treatment to owner- and -request.
2548   */
2549 #define VAR_OWNREQ_SPECIAL		"owner_request_special"
2550 #define DEF_OWNREQ_SPECIAL		1
2551 extern bool var_ownreq_special;
2552 
2553  /*
2554   * Allow/disallow recipient addresses starting with `-'.
2555   */
2556 #define VAR_ALLOW_MIN_USER		"allow_min_user"
2557 #define DEF_ALLOW_MIN_USER		0
2558 extern bool var_allow_min_user;
2559 
2560 extern void mail_params_init(void);
2561 
2562  /*
2563   * Content inspection and filtering.
2564   */
2565 #define VAR_FILTER_XPORT		"content_filter"
2566 #define DEF_FILTER_XPORT		""
2567 extern char *var_filter_xport;
2568 
2569 #define VAR_DEF_FILTER_NEXTHOP		"default_filter_nexthop"
2570 #define DEF_DEF_FILTER_NEXTHOP		""
2571 extern char *var_def_filter_nexthop;
2572 
2573  /*
2574   * Fast flush service support.
2575   */
2576 #define VAR_FFLUSH_DOMAINS		"fast_flush_domains"
2577 #define DEF_FFLUSH_DOMAINS		"$relay_domains"
2578 extern char *var_fflush_domains;
2579 
2580 #define VAR_FFLUSH_PURGE		"fast_flush_purge_time"
2581 #define DEF_FFLUSH_PURGE		"7d"
2582 extern int var_fflush_purge;
2583 
2584 #define VAR_FFLUSH_REFRESH		"fast_flush_refresh_time"
2585 #define DEF_FFLUSH_REFRESH		"12h"
2586 extern int var_fflush_refresh;
2587 
2588  /*
2589   * Environmental management - what Postfix imports from the external world,
2590   * and what Postfix exports to the external world.
2591   */
2592 #define VAR_IMPORT_ENVIRON		"import_environment"
2593 #define DEF_IMPORT_ENVIRON		"MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG " \
2594 					"TZ XAUTHORITY DISPLAY LANG=C " \
2595 					"POSTLOG_SERVICE POSTLOG_HOSTNAME"
2596 extern char *var_import_environ;
2597 
2598 #define VAR_EXPORT_ENVIRON		"export_environment"
2599 #define DEF_EXPORT_ENVIRON		"TZ MAIL_CONFIG LANG"
2600 extern char *var_export_environ;
2601 
2602  /*
2603   * Tunables for the "virtual" local delivery agent
2604   */
2605 #define VAR_VIRT_TRANSPORT		"virtual_transport"
2606 #define DEF_VIRT_TRANSPORT		MAIL_SERVICE_VIRTUAL
2607 extern char *var_virt_transport;
2608 
2609 #define VAR_VIRT_MAILBOX_MAPS		"virtual_mailbox_maps"
2610 #define DEF_VIRT_MAILBOX_MAPS		""
2611 extern char *var_virt_mailbox_maps;
2612 
2613 #define VAR_VIRT_MAILBOX_DOMS		"virtual_mailbox_domains"
2614 #define DEF_VIRT_MAILBOX_DOMS		"$virtual_mailbox_maps"
2615 extern char *var_virt_mailbox_doms;
2616 
2617 #define VAR_VIRT_MAILBOX_CODE		"unknown_virtual_mailbox_reject_code"
2618 #define DEF_VIRT_MAILBOX_CODE		550
2619 extern int var_virt_mailbox_code;
2620 
2621 #define VAR_VIRT_UID_MAPS		"virtual_uid_maps"
2622 #define DEF_VIRT_UID_MAPS		""
2623 extern char *var_virt_uid_maps;
2624 
2625 #define VAR_VIRT_GID_MAPS		"virtual_gid_maps"
2626 #define DEF_VIRT_GID_MAPS		""
2627 extern char *var_virt_gid_maps;
2628 
2629 #define VAR_VIRT_MINUID			"virtual_minimum_uid"
2630 #define DEF_VIRT_MINUID			100
2631 extern int var_virt_minimum_uid;
2632 
2633 #define VAR_VIRT_MAILBOX_BASE		"virtual_mailbox_base"
2634 #define DEF_VIRT_MAILBOX_BASE		""
2635 extern char *var_virt_mailbox_base;
2636 
2637 #define VAR_VIRT_MAILBOX_LIMIT		"virtual_mailbox_limit"
2638 #define DEF_VIRT_MAILBOX_LIMIT		(5 * DEF_MESSAGE_LIMIT)
2639 extern long var_virt_mailbox_limit;
2640 
2641 #define VAR_VIRT_MAILBOX_LOCK		"virtual_mailbox_lock"
2642 #define DEF_VIRT_MAILBOX_LOCK		"fcntl, dotlock"
2643 extern char *var_virt_mailbox_lock;
2644 
2645  /*
2646   * Distinct logging tag for multiple Postfix instances.
2647   */
2648 #define VAR_SYSLOG_NAME			"syslog_name"
2649 #if 1
2650 #define DEF_SYSLOG_NAME			\
2651     "${" VAR_MULTI_NAME "?{$" VAR_MULTI_NAME "}:{postfix}}"
2652 #else
2653 #define DEF_SYSLOG_NAME			"postfix"
2654 #endif
2655 extern char *var_syslog_name;
2656 
2657  /*
2658   * QMQPD
2659   */
2660 #define VAR_QMQPD_CLIENTS		"qmqpd_authorized_clients"
2661 #define DEF_QMQPD_CLIENTS		""
2662 extern char *var_qmqpd_clients;
2663 
2664 #define VAR_QMTPD_TMOUT			"qmqpd_timeout"
2665 #define DEF_QMTPD_TMOUT			"300s"
2666 extern int var_qmqpd_timeout;
2667 
2668 #define VAR_QMTPD_ERR_SLEEP		"qmqpd_error_delay"
2669 #define DEF_QMTPD_ERR_SLEEP		"1s"
2670 extern int var_qmqpd_err_sleep;
2671 
2672  /*
2673   * VERP, more DJB intellectual cross-pollination. However, we prefer + as
2674   * the default recipient delimiter.
2675   */
2676 #define VAR_VERP_DELIMS			"default_verp_delimiters"
2677 #define DEF_VERP_DELIMS			"+="
2678 extern char *var_verp_delims;
2679 
2680 #define VAR_VERP_FILTER			"verp_delimiter_filter"
2681 #define DEF_VERP_FILTER			"-=+"
2682 extern char *var_verp_filter;
2683 
2684 #define VAR_VERP_BOUNCE_OFF		"disable_verp_bounces"
2685 #define DEF_VERP_BOUNCE_OFF		0
2686 extern bool var_verp_bounce_off;
2687 
2688 #define VAR_VERP_CLIENTS		"smtpd_authorized_verp_clients"
2689 #define DEF_VERP_CLIENTS		"$authorized_verp_clients"
2690 extern char *var_verp_clients;
2691 
2692  /*
2693   * XCLIENT, for rule testing and fetchmail like apps.
2694   */
2695 #define VAR_XCLIENT_HOSTS		"smtpd_authorized_xclient_hosts"
2696 #define DEF_XCLIENT_HOSTS		""
2697 extern char *var_xclient_hosts;
2698 
2699  /*
2700   * XFORWARD, for improved post-filter logging.
2701   */
2702 #define VAR_XFORWARD_HOSTS		"smtpd_authorized_xforward_hosts"
2703 #define DEF_XFORWARD_HOSTS		""
2704 extern char *var_xforward_hosts;
2705 
2706  /*
2707   * Inbound mail flow control. This allows for a stiffer coupling between
2708   * receiving mail and sending mail. A sending process produces one token for
2709   * each message that it takes from the incoming queue; a receiving process
2710   * consumes one token for each message that it adds to the incoming queue.
2711   * When no token is available (Postfix receives more mail than it is able to
2712   * deliver) a receiving process pauses for $in_flow_delay seconds so that
2713   * the sending processes get a chance to access the disk.
2714   */
2715 #define VAR_IN_FLOW_DELAY			"in_flow_delay"
2716 #ifdef PIPES_CANT_FIONREAD
2717 #define DEF_IN_FLOW_DELAY			"0s"
2718 #else
2719 #define DEF_IN_FLOW_DELAY			"1s"
2720 #endif
2721 extern int var_in_flow_delay;
2722 
2723  /*
2724   * Backwards compatibility: foo.com matches itself and names below foo.com.
2725   */
2726 #define VAR_PAR_DOM_MATCH		"parent_domain_matches_subdomains"
2727 #define DEF_PAR_DOM_MATCH		VAR_DEBUG_PEER_LIST "," \
2728 					VAR_FFLUSH_DOMAINS "," \
2729 					VAR_MYNETWORKS "," \
2730 					VAR_PERM_MX_NETWORKS "," \
2731 					VAR_QMQPD_CLIENTS "," \
2732 					VAR_RELAY_DOMAINS "," \
2733 					SMTPD_ACCESS_MAPS
2734 extern char *var_par_dom_match;
2735 
2736 #define SMTPD_ACCESS_MAPS		"smtpd_access_maps"
2737 
2738  /*
2739   * Run-time fault injection.
2740   */
2741 #define VAR_FAULT_INJ_CODE		"fault_injection_code"
2742 #define DEF_FAULT_INJ_CODE		0
2743 extern int var_fault_inj_code;
2744 
2745  /*
2746   * Install/upgrade information.
2747   */
2748 #define VAR_SENDMAIL_PATH		"sendmail_path"
2749 #ifndef DEF_SENDMAIL_PATH
2750 #define DEF_SENDMAIL_PATH		"/usr/sbin/sendmail"
2751 #endif
2752 
2753 #define VAR_MAILQ_PATH			"mailq_path"
2754 #ifndef DEF_MAILQ_PATH
2755 #define DEF_MAILQ_PATH			"/usr/bin/mailq"
2756 #endif
2757 
2758 #define VAR_NEWALIAS_PATH		"newaliases_path"
2759 #ifndef DEF_NEWALIAS_PATH
2760 #define DEF_NEWALIAS_PATH		"/usr/bin/newaliases"
2761 #endif
2762 
2763 #define VAR_OPENSSL_PATH		"openssl_path"
2764 #ifndef DEF_OPENSSL_PATH
2765 #define DEF_OPENSSL_PATH		"openssl"
2766 #endif
2767 extern char *var_openssl_path;
2768 
2769 #define VAR_MANPAGE_DIR			"manpage_directory"
2770 #ifndef DEF_MANPAGE_DIR
2771 #define DEF_MANPAGE_DIR			"/usr/local/man"
2772 #endif
2773 
2774 #define VAR_SAMPLE_DIR			"sample_directory"
2775 #ifndef DEF_SAMPLE_DIR
2776 #define DEF_SAMPLE_DIR			DEF_CONFIG_DIR
2777 #endif
2778 
2779 #define VAR_README_DIR			"readme_directory"
2780 #ifndef DEF_README_DIR
2781 #define DEF_README_DIR			"no"
2782 #endif
2783 
2784 #define VAR_HTML_DIR			"html_directory"
2785 #ifndef DEF_HTML_DIR
2786 #define DEF_HTML_DIR			"no"
2787 #endif
2788 
2789  /*
2790   * Safety: resolve the address with unquoted localpart (default, but
2791   * technically incorrect), instead of resolving the address with quoted
2792   * localpart (technically correct, but unsafe). The default prevents mail
2793   * relay loopholes with "user@domain"@domain when relaying mail to a
2794   * Sendmail system.
2795   */
2796 #define VAR_RESOLVE_DEQUOTED		"resolve_dequoted_address"
2797 #define DEF_RESOLVE_DEQUOTED		1
2798 extern bool var_resolve_dequoted;
2799 
2800 #define VAR_RESOLVE_NULLDOM		"resolve_null_domain"
2801 #define DEF_RESOLVE_NULLDOM		0
2802 extern bool var_resolve_nulldom;
2803 
2804 #define VAR_RESOLVE_NUM_DOM		"resolve_numeric_domain"
2805 #define DEF_RESOLVE_NUM_DOM		0
2806 extern bool var_resolve_num_dom;
2807 
2808  /*
2809   * Service names. The transport (TCP, FIFO or UNIX-domain) type is frozen
2810   * because you cannot simply mix them, and accessibility (private/public) is
2811   * frozen for security reasons. We list only the internal services, not the
2812   * externally visible SMTP server, or the delivery agents that can already
2813   * be chosen via transport mappings etc.
2814   */
2815 #define VAR_BOUNCE_SERVICE		"bounce_service_name"
2816 #define DEF_BOUNCE_SERVICE		MAIL_SERVICE_BOUNCE
2817 extern char *var_bounce_service;
2818 
2819 #define VAR_CLEANUP_SERVICE		"cleanup_service_name"
2820 #define DEF_CLEANUP_SERVICE		MAIL_SERVICE_CLEANUP
2821 extern char *var_cleanup_service;
2822 
2823 #define VAR_DEFER_SERVICE		"defer_service_name"
2824 #define DEF_DEFER_SERVICE		MAIL_SERVICE_DEFER
2825 extern char *var_defer_service;
2826 
2827 #define VAR_PICKUP_SERVICE		"pickup_service_name"
2828 #define DEF_PICKUP_SERVICE		MAIL_SERVICE_PICKUP
2829 extern char *var_pickup_service;
2830 
2831 #define VAR_QUEUE_SERVICE		"queue_service_name"
2832 #define DEF_QUEUE_SERVICE		MAIL_SERVICE_QUEUE
2833 extern char *var_queue_service;
2834 
2835  /* XXX resolve does not exist as a separate service */
2836 
2837 #define VAR_REWRITE_SERVICE		"rewrite_service_name"
2838 #define DEF_REWRITE_SERVICE		MAIL_SERVICE_REWRITE
2839 extern char *var_rewrite_service;
2840 
2841 #define VAR_SHOWQ_SERVICE		"showq_service_name"
2842 #define DEF_SHOWQ_SERVICE		MAIL_SERVICE_SHOWQ
2843 extern char *var_showq_service;
2844 
2845 #define VAR_ERROR_SERVICE		"error_service_name"
2846 #define DEF_ERROR_SERVICE		MAIL_SERVICE_ERROR
2847 extern char *var_error_service;
2848 
2849 #define VAR_FLUSH_SERVICE		"flush_service_name"
2850 #define DEF_FLUSH_SERVICE		MAIL_SERVICE_FLUSH
2851 extern char *var_flush_service;
2852 
2853  /*
2854   * Session cache service.
2855   */
2856 #define VAR_SCACHE_SERVICE		"connection_cache_service_name"
2857 #define DEF_SCACHE_SERVICE		"scache"
2858 extern char *var_scache_service;
2859 
2860 #define VAR_SCACHE_PROTO_TMOUT		"connection_cache_protocol_timeout"
2861 #define DEF_SCACHE_PROTO_TMOUT		"5s"
2862 extern int var_scache_proto_tmout;
2863 
2864 #define VAR_SCACHE_TTL_LIM		"connection_cache_ttl_limit"
2865 #define DEF_SCACHE_TTL_LIM		"2s"
2866 extern int var_scache_ttl_lim;
2867 
2868 #define VAR_SCACHE_STAT_TIME		"connection_cache_status_update_time"
2869 #define DEF_SCACHE_STAT_TIME		"600s"
2870 extern int var_scache_stat_time;
2871 
2872 #define VAR_VRFY_PEND_LIMIT		"address_verify_pending_request_limit"
2873 #define DEF_VRFY_PEND_LIMIT		(DEF_QMGR_ACT_LIMIT / 4)
2874 extern int var_vrfy_pend_limit;
2875 
2876  /*
2877   * Address verification service.
2878   */
2879 #define VAR_VERIFY_SERVICE		"address_verify_service_name"
2880 #define DEF_VERIFY_SERVICE		MAIL_SERVICE_VERIFY
2881 extern char *var_verify_service;
2882 
2883 #define VAR_VERIFY_MAP			"address_verify_map"
2884 #define DEF_VERIFY_MAP			"btree:$data_directory/verify_cache"
2885 extern char *var_verify_map;
2886 
2887 #define VAR_VERIFY_POS_EXP		"address_verify_positive_expire_time"
2888 #define DEF_VERIFY_POS_EXP		"31d"
2889 extern int var_verify_pos_exp;
2890 
2891 #define VAR_VERIFY_POS_TRY		"address_verify_positive_refresh_time"
2892 #define DEF_VERIFY_POS_TRY		"7d"
2893 extern int var_verify_pos_try;
2894 
2895 #define VAR_VERIFY_NEG_EXP		"address_verify_negative_expire_time"
2896 #define DEF_VERIFY_NEG_EXP		"3d"
2897 extern int var_verify_neg_exp;
2898 
2899 #define VAR_VERIFY_NEG_TRY		"address_verify_negative_refresh_time"
2900 #define DEF_VERIFY_NEG_TRY		"3h"
2901 extern int var_verify_neg_try;
2902 
2903 #define VAR_VERIFY_NEG_CACHE		"address_verify_negative_cache"
2904 #define DEF_VERIFY_NEG_CACHE		1
2905 extern bool var_verify_neg_cache;
2906 
2907 #define VAR_VERIFY_SCAN_CACHE		"address_verify_cache_cleanup_interval"
2908 #define DEF_VERIFY_SCAN_CACHE		"12h"
2909 extern int var_verify_scan_cache;
2910 
2911 #define VAR_VERIFY_SENDER		"address_verify_sender"
2912 #define DEF_VERIFY_SENDER		"$" VAR_DOUBLE_BOUNCE
2913 extern char *var_verify_sender;
2914 
2915 #define VAR_VERIFY_SENDER_TTL		"address_verify_sender_ttl"
2916 #define DEF_VERIFY_SENDER_TTL		"0s"
2917 extern int var_verify_sender_ttl;
2918 
2919 #define VAR_VERIFY_POLL_COUNT		"address_verify_poll_count"
2920 #define DEF_VERIFY_POLL_COUNT		"${stress?{1}:{3}}"
2921 extern int var_verify_poll_count;
2922 
2923 #define VAR_VERIFY_POLL_DELAY		"address_verify_poll_delay"
2924 #define DEF_VERIFY_POLL_DELAY		"3s"
2925 extern int var_verify_poll_delay;
2926 
2927 #define VAR_VRFY_LOCAL_XPORT		"address_verify_local_transport"
2928 #define DEF_VRFY_LOCAL_XPORT		"$" VAR_LOCAL_TRANSPORT
2929 extern char *var_vrfy_local_xport;
2930 
2931 #define VAR_VRFY_VIRT_XPORT		"address_verify_virtual_transport"
2932 #define DEF_VRFY_VIRT_XPORT		"$" VAR_VIRT_TRANSPORT
2933 extern char *var_vrfy_virt_xport;
2934 
2935 #define VAR_VRFY_RELAY_XPORT		"address_verify_relay_transport"
2936 #define DEF_VRFY_RELAY_XPORT		"$" VAR_RELAY_TRANSPORT
2937 extern char *var_vrfy_relay_xport;
2938 
2939 #define VAR_VRFY_DEF_XPORT		"address_verify_default_transport"
2940 #define DEF_VRFY_DEF_XPORT		"$" VAR_DEF_TRANSPORT
2941 extern char *var_vrfy_def_xport;
2942 
2943 #define VAR_VRFY_SND_DEF_XPORT_MAPS	"address_verify_" VAR_SND_DEF_XPORT_MAPS
2944 #define DEF_VRFY_SND_DEF_XPORT_MAPS	"$" VAR_SND_DEF_XPORT_MAPS
2945 extern char *var_snd_def_xport_maps;
2946 
2947 #define VAR_VRFY_RELAYHOST		"address_verify_relayhost"
2948 #define DEF_VRFY_RELAYHOST		"$" VAR_RELAYHOST
2949 extern char *var_vrfy_relayhost;
2950 
2951 #define VAR_VRFY_RELAY_MAPS		"address_verify_sender_dependent_relayhost_maps"
2952 #define DEF_VRFY_RELAY_MAPS		"$" VAR_SND_RELAY_MAPS
2953 extern char *var_vrfy_relay_maps;
2954 
2955 #define VAR_VRFY_XPORT_MAPS		"address_verify_transport_maps"
2956 #define DEF_VRFY_XPORT_MAPS		"$" VAR_TRANSPORT_MAPS
2957 extern char *var_vrfy_xport_maps;
2958 
2959 #define SMTP_VRFY_TGT_RCPT		"rcpt"
2960 #define SMTP_VRFY_TGT_DATA		"data"
2961 #define VAR_LMTP_VRFY_TGT		"lmtp_address_verify_target"
2962 #define DEF_LMTP_VRFY_TGT		SMTP_VRFY_TGT_RCPT
2963 #define VAR_SMTP_VRFY_TGT		"smtp_address_verify_target"
2964 #define DEF_SMTP_VRFY_TGT		SMTP_VRFY_TGT_RCPT
2965 extern char *var_smtp_vrfy_tgt;
2966 
2967  /*
2968   * Message delivery trace service.
2969   */
2970 #define VAR_TRACE_SERVICE		"trace_service_name"
2971 #define DEF_TRACE_SERVICE		MAIL_SERVICE_TRACE
2972 extern char *var_trace_service;
2973 
2974  /*
2975   * Proxymappers.
2976   */
2977 #define VAR_PROXYMAP_SERVICE		"proxymap_service_name"
2978 #define DEF_PROXYMAP_SERVICE		MAIL_SERVICE_PROXYMAP
2979 extern char *var_proxymap_service;
2980 
2981 #define VAR_PROXYWRITE_SERVICE		"proxywrite_service_name"
2982 #define DEF_PROXYWRITE_SERVICE		MAIL_SERVICE_PROXYWRITE
2983 extern char *var_proxywrite_service;
2984 
2985  /*
2986   * Mailbox/maildir delivery errors that cause delivery to be tried again.
2987   */
2988 #define VAR_MBX_DEFER_ERRS		"mailbox_defer_errors"
2989 #define DEF_MBX_DEFER_ERRS		"eagain, enospc, estale"
2990 extern char *var_mbx_defer_errs;
2991 
2992 #define VAR_MDR_DEFER_ERRS		"maildir_defer_errors"
2993 #define DEF_MDR_DEFER_ERRS		"enospc, estale"
2994 extern char *var_mdr_defer_errs;
2995 
2996  /*
2997   * Berkeley DB memory pool sizes.
2998   */
2999 #define	VAR_DB_CREATE_BUF		"berkeley_db_create_buffer_size"
3000 #define DEF_DB_CREATE_BUF		(16 * 1024 *1024)
3001 extern int var_db_create_buf;
3002 
3003 #define	VAR_DB_READ_BUF			"berkeley_db_read_buffer_size"
3004 #define DEF_DB_READ_BUF			(128 *1024)
3005 extern int var_db_read_buf;
3006 
3007  /*
3008   * OpenLDAP LMDB settings.
3009   */
3010 #define VAR_LMDB_MAP_SIZE		"lmdb_map_size"
3011 #define DEF_LMDB_MAP_SIZE		(16 * 1024 *1024)
3012 extern long var_lmdb_map_size;
3013 
3014  /*
3015   * Named queue file attributes.
3016   */
3017 #define VAR_QATTR_COUNT_LIMIT		"queue_file_attribute_count_limit"
3018 #define DEF_QATTR_COUNT_LIMIT		100
3019 extern int var_qattr_count_limit;
3020 
3021  /*
3022   * MIME support.
3023   */
3024 #define VAR_MIME_MAXDEPTH		"mime_nesting_limit"
3025 #define DEF_MIME_MAXDEPTH		100
3026 extern int var_mime_maxdepth;
3027 
3028 #define VAR_MIME_BOUND_LEN		"mime_boundary_length_limit"
3029 #define DEF_MIME_BOUND_LEN		2048
3030 extern int var_mime_bound_len;
3031 
3032 #define VAR_DISABLE_MIME_INPUT		"disable_mime_input_processing"
3033 #define DEF_DISABLE_MIME_INPUT		0
3034 extern bool var_disable_mime_input;
3035 
3036 #define VAR_DISABLE_MIME_OCONV		"disable_mime_output_conversion"
3037 #define DEF_DISABLE_MIME_OCONV		0
3038 extern bool var_disable_mime_oconv;
3039 
3040 #define VAR_STRICT_8BITMIME		"strict_8bitmime"
3041 #define DEF_STRICT_8BITMIME		0
3042 extern bool var_strict_8bitmime;
3043 
3044 #define VAR_STRICT_7BIT_HDRS		"strict_7bit_headers"
3045 #define DEF_STRICT_7BIT_HDRS		0
3046 extern bool var_strict_7bit_hdrs;
3047 
3048 #define VAR_STRICT_8BIT_BODY		"strict_8bitmime_body"
3049 #define DEF_STRICT_8BIT_BODY		0
3050 extern bool var_strict_8bit_body;
3051 
3052 #define VAR_STRICT_ENCODING		"strict_mime_encoding_domain"
3053 #define DEF_STRICT_ENCODING		0
3054 extern bool var_strict_encoding;
3055 
3056 #define VAR_AUTO_8BIT_ENC_HDR		"detect_8bit_encoding_header"
3057 #define DEF_AUTO_8BIT_ENC_HDR		1
3058 extern int var_auto_8bit_enc_hdr;
3059 
3060  /*
3061   * Bizarre.
3062   */
3063 #define VAR_SENDER_ROUTING		"sender_based_routing"
3064 #define DEF_SENDER_ROUTING		0
3065 extern bool var_sender_routing;
3066 
3067 #define VAR_XPORT_NULL_KEY	"transport_null_address_lookup_key"
3068 #define DEF_XPORT_NULL_KEY	"<>"
3069 extern char *var_xport_null_key;
3070 
3071  /*
3072   * Bounce service controls.
3073   */
3074 #define VAR_OLDLOG_COMPAT		"backwards_bounce_logfile_compatibility"
3075 #define DEF_OLDLOG_COMPAT		1
3076 extern bool var_oldlog_compat;
3077 
3078  /*
3079   * SMTPD content proxy.
3080   */
3081 #define VAR_SMTPD_PROXY_FILT		"smtpd_proxy_filter"
3082 #define DEF_SMTPD_PROXY_FILT		""
3083 extern char *var_smtpd_proxy_filt;
3084 
3085 #define VAR_SMTPD_PROXY_EHLO		"smtpd_proxy_ehlo"
3086 #define DEF_SMTPD_PROXY_EHLO		"$" VAR_MYHOSTNAME
3087 extern char *var_smtpd_proxy_ehlo;
3088 
3089 #define VAR_SMTPD_PROXY_TMOUT		"smtpd_proxy_timeout"
3090 #define DEF_SMTPD_PROXY_TMOUT		"100s"
3091 extern int var_smtpd_proxy_tmout;
3092 
3093 #define VAR_SMTPD_PROXY_OPTS		"smtpd_proxy_options"
3094 #define DEF_SMTPD_PROXY_OPTS		""
3095 extern char *var_smtpd_proxy_opts;
3096 
3097  /*
3098   * Transparency options for mail input interfaces and for the cleanup server
3099   * behind them. These should turn off stuff we don't want to happen, because
3100   * the default is to do a lot of things.
3101   */
3102 #define VAR_INPUT_TRANSP		"receive_override_options"
3103 #define DEF_INPUT_TRANSP		""
3104 extern char *var_smtpd_input_transp;
3105 
3106  /*
3107   * SMTP server policy delegation.
3108   */
3109 #define VAR_SMTPD_POLICY_TMOUT		"smtpd_policy_service_timeout"
3110 #define DEF_SMTPD_POLICY_TMOUT		"100s"
3111 extern int var_smtpd_policy_tmout;
3112 
3113 #define VAR_SMTPD_POLICY_REQ_LIMIT	"smtpd_policy_service_request_limit"
3114 #define DEF_SMTPD_POLICY_REQ_LIMIT	0
3115 extern int var_smtpd_policy_req_limit;
3116 
3117 #define VAR_SMTPD_POLICY_IDLE		"smtpd_policy_service_max_idle"
3118 #define DEF_SMTPD_POLICY_IDLE		"300s"
3119 extern int var_smtpd_policy_idle;
3120 
3121 #define VAR_SMTPD_POLICY_TTL		"smtpd_policy_service_max_ttl"
3122 #define DEF_SMTPD_POLICY_TTL		"1000s"
3123 extern int var_smtpd_policy_ttl;
3124 
3125 #define VAR_SMTPD_POLICY_TRY_LIMIT	"smtpd_policy_service_try_limit"
3126 #define DEF_SMTPD_POLICY_TRY_LIMIT	2
3127 extern int var_smtpd_policy_try_limit;
3128 
3129 #define VAR_SMTPD_POLICY_TRY_DELAY	"smtpd_policy_service_retry_delay"
3130 #define DEF_SMTPD_POLICY_TRY_DELAY	"1s"
3131 extern int var_smtpd_policy_try_delay;
3132 
3133 #define VAR_SMTPD_POLICY_DEF_ACTION	"smtpd_policy_service_default_action"
3134 #define DEF_SMTPD_POLICY_DEF_ACTION	"451 4.3.5 Server configuration problem"
3135 extern char *var_smtpd_policy_def_action;
3136 
3137 #define VAR_SMTPD_POLICY_CONTEXT	"smtpd_policy_service_policy_context"
3138 #define DEF_SMTPD_POLICY_CONTEXT	""
3139 extern char *var_smtpd_policy_context;
3140 
3141 #define CHECK_POLICY_SERVICE		"check_policy_service"
3142 
3143  /*
3144   * Client rate control.
3145   */
3146 #define VAR_SMTPD_CRATE_LIMIT		"smtpd_client_connection_rate_limit"
3147 #define DEF_SMTPD_CRATE_LIMIT		0
3148 extern int var_smtpd_crate_limit;
3149 
3150 #define VAR_SMTPD_CCONN_LIMIT		"smtpd_client_connection_count_limit"
3151 #define DEF_SMTPD_CCONN_LIMIT		((DEF_PROC_LIMIT + 1) / 2)
3152 extern int var_smtpd_cconn_limit;
3153 
3154 #define VAR_SMTPD_CMAIL_LIMIT		"smtpd_client_message_rate_limit"
3155 #define DEF_SMTPD_CMAIL_LIMIT		0
3156 extern int var_smtpd_cmail_limit;
3157 
3158 #define VAR_SMTPD_CRCPT_LIMIT		"smtpd_client_recipient_rate_limit"
3159 #define DEF_SMTPD_CRCPT_LIMIT		0
3160 extern int var_smtpd_crcpt_limit;
3161 
3162 #define VAR_SMTPD_CNTLS_LIMIT		"smtpd_client_new_tls_session_rate_limit"
3163 #define DEF_SMTPD_CNTLS_LIMIT		0
3164 extern int var_smtpd_cntls_limit;
3165 
3166 #define VAR_SMTPD_CAUTH_LIMIT		"smtpd_client_auth_rate_limit"
3167 #define DEF_SMTPD_CAUTH_LIMIT		0
3168 extern int var_smtpd_cauth_limit;
3169 
3170 #define VAR_SMTPD_HOGGERS		"smtpd_client_event_limit_exceptions"
3171 #define DEF_SMTPD_HOGGERS		"${smtpd_client_connection_limit_exceptions:$" VAR_MYNETWORKS "}"
3172 extern char *var_smtpd_hoggers;
3173 
3174 #define VAR_ANVIL_TIME_UNIT		"anvil_rate_time_unit"
3175 #define DEF_ANVIL_TIME_UNIT		"60s"
3176 extern int var_anvil_time_unit;
3177 
3178 #define VAR_ANVIL_STAT_TIME		"anvil_status_update_time"
3179 #define DEF_ANVIL_STAT_TIME		"600s"
3180 extern int var_anvil_stat_time;
3181 
3182  /*
3183   * Temporary stop gap.
3184   */
3185 #if 0
3186 #include <anvil_clnt.h>
3187 
3188 #define VAR_ANVIL_SERVICE		"client_connection_rate_service_name"
3189 #define DEF_ANVIL_SERVICE		"local:" ANVIL_CLASS "/" ANVIL_SERVICE
3190 extern char *var_anvil_service;
3191 
3192 #endif
3193 
3194  /*
3195   * What domain names to assume when no valid domain context exists.
3196   */
3197 #define VAR_REM_RWR_DOMAIN		"remote_header_rewrite_domain"
3198 #define DEF_REM_RWR_DOMAIN		""
3199 extern char *var_remote_rwr_domain;
3200 
3201 #define CHECK_ADDR_MAP			"check_address_map"
3202 
3203 #define VAR_LOC_RWR_CLIENTS		"local_header_rewrite_clients"
3204 #define DEF_LOC_RWR_CLIENTS		PERMIT_INET_INTERFACES
3205 extern char *var_local_rwr_clients;
3206 
3207  /*
3208   * EHLO keyword filter.
3209   */
3210 #define VAR_SMTPD_EHLO_DIS_WORDS	"smtpd_discard_ehlo_keywords"
3211 #define DEF_SMTPD_EHLO_DIS_WORDS	""
3212 extern char *var_smtpd_ehlo_dis_words;
3213 
3214 #define VAR_SMTPD_EHLO_DIS_MAPS		"smtpd_discard_ehlo_keyword_address_maps"
3215 #define DEF_SMTPD_EHLO_DIS_MAPS		""
3216 extern char *var_smtpd_ehlo_dis_maps;
3217 
3218 #define VAR_SMTP_EHLO_DIS_WORDS		"smtp_discard_ehlo_keywords"
3219 #define DEF_SMTP_EHLO_DIS_WORDS		""
3220 #define VAR_LMTP_EHLO_DIS_WORDS		"lmtp_discard_lhlo_keywords"
3221 #define DEF_LMTP_EHLO_DIS_WORDS		""
3222 extern char *var_smtp_ehlo_dis_words;
3223 
3224 #define VAR_SMTP_EHLO_DIS_MAPS		"smtp_discard_ehlo_keyword_address_maps"
3225 #define DEF_SMTP_EHLO_DIS_MAPS		""
3226 #define VAR_LMTP_EHLO_DIS_MAPS		"lmtp_discard_lhlo_keyword_address_maps"
3227 #define DEF_LMTP_EHLO_DIS_MAPS		""
3228 extern char *var_smtp_ehlo_dis_maps;
3229 
3230  /*
3231   * gcc workaround for warnings about empty or null format strings.
3232   */
3233 extern const char null_format_string[1];
3234 
3235  /*
3236   * Characters to reject or strip.
3237   */
3238 #define VAR_MSG_REJECT_CHARS		"message_reject_characters"
3239 #define DEF_MSG_REJECT_CHARS		""
3240 extern char *var_msg_reject_chars;
3241 
3242 #define VAR_MSG_STRIP_CHARS		"message_strip_characters"
3243 #define DEF_MSG_STRIP_CHARS		""
3244 extern char *var_msg_strip_chars;
3245 
3246  /*
3247   * Local forwarding complexity controls.
3248   */
3249 #define VAR_FROZEN_DELIVERED		"frozen_delivered_to"
3250 #define DEF_FROZEN_DELIVERED		1
3251 extern bool var_frozen_delivered;
3252 
3253 #define VAR_RESET_OWNER_ATTR		"reset_owner_alias"
3254 #define DEF_RESET_OWNER_ATTR		0
3255 extern bool var_reset_owner_attr;
3256 
3257  /*
3258   * Delay logging time roundup.
3259   */
3260 #define VAR_DELAY_MAX_RES		"delay_logging_resolution_limit"
3261 #define MAX_DELAY_MAX_RES		6
3262 #define DEF_DELAY_MAX_RES		2
3263 #define MIN_DELAY_MAX_RES		0
3264 extern int var_delay_max_res;
3265 
3266  /*
3267   * Bounce message templates.
3268   */
3269 #define VAR_BOUNCE_TMPL			"bounce_template_file"
3270 #define DEF_BOUNCE_TMPL			""
3271 extern char *var_bounce_tmpl;
3272 
3273  /*
3274   * Sender-dependent authentication.
3275   */
3276 #define VAR_SMTP_SENDER_AUTH	"smtp_sender_dependent_authentication"
3277 #define DEF_SMTP_SENDER_AUTH	0
3278 #define VAR_LMTP_SENDER_AUTH	"lmtp_sender_dependent_authentication"
3279 #define DEF_LMTP_SENDER_AUTH	0
3280 extern bool var_smtp_sender_auth;
3281 
3282  /*
3283   * Allow CNAME lookup result to override the server hostname.
3284   */
3285 #define VAR_SMTP_CNAME_OVERR		"smtp_cname_overrides_servername"
3286 #define DEF_SMTP_CNAME_OVERR		0
3287 #define VAR_LMTP_CNAME_OVERR		"lmtp_cname_overrides_servername"
3288 #define DEF_LMTP_CNAME_OVERR		0
3289 extern bool var_smtp_cname_overr;
3290 
3291  /*
3292   * TLS cipherlists
3293   */
3294 #define VAR_TLS_HIGH_CLIST	"tls_high_cipherlist"
3295 #define DEF_TLS_HIGH_CLIST	"aNULL:-aNULL:HIGH:@STRENGTH"
3296 extern char *var_tls_high_clist;
3297 
3298 #define VAR_TLS_MEDIUM_CLIST	"tls_medium_cipherlist"
3299 #define DEF_TLS_MEDIUM_CLIST	"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
3300 extern char *var_tls_medium_clist;
3301 
3302 #define VAR_TLS_LOW_CLIST	"tls_low_cipherlist"
3303 #define DEF_TLS_LOW_CLIST	"aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH"
3304 extern char *var_tls_low_clist;
3305 
3306 #define VAR_TLS_EXPORT_CLIST	"tls_export_cipherlist"
3307 #define DEF_TLS_EXPORT_CLIST	"aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH"
3308 extern char *var_tls_export_clist;
3309 
3310 #define VAR_TLS_NULL_CLIST	"tls_null_cipherlist"
3311 #define DEF_TLS_NULL_CLIST	"eNULL:!aNULL"
3312 extern char *var_tls_null_clist;
3313 
3314 #if defined(SN_X25519) && defined(NID_X25519)
3315 #define DEF_TLS_EECDH_AUTO_1 SN_X25519 " "
3316 #else
3317 #define DEF_TLS_EECDH_AUTO_1 ""
3318 #endif
3319 #if defined(SN_X448) && defined(NID_X448)
3320 #define DEF_TLS_EECDH_AUTO_2 SN_X448 " "
3321 #else
3322 #define DEF_TLS_EECDH_AUTO_2 ""
3323 #endif
3324 #if defined(SN_X9_62_prime256v1) && defined(NID_X9_62_prime256v1)
3325 #define DEF_TLS_EECDH_AUTO_3 SN_X9_62_prime256v1 " "
3326 #else
3327 #define DEF_TLS_EECDH_AUTO_3 ""
3328 #endif
3329 #if defined(SN_secp521r1) && defined(NID_secp521r1)
3330 #define DEF_TLS_EECDH_AUTO_4 SN_secp521r1 " "
3331 #else
3332 #define DEF_TLS_EECDH_AUTO_4 ""
3333 #endif
3334 #if defined(SN_secp384r1) && defined(NID_secp384r1)
3335 #define DEF_TLS_EECDH_AUTO_5 SN_secp384r1
3336 #else
3337 #define DEF_TLS_EECDH_AUTO_5 ""
3338 #endif
3339 
3340 #define VAR_TLS_EECDH_AUTO	"tls_eecdh_auto_curves"
3341 #define DEF_TLS_EECDH_AUTO      DEF_TLS_EECDH_AUTO_1 \
3342                                 DEF_TLS_EECDH_AUTO_2 \
3343                                 DEF_TLS_EECDH_AUTO_3 \
3344                                 DEF_TLS_EECDH_AUTO_4 \
3345                                 DEF_TLS_EECDH_AUTO_5
3346 extern char *var_tls_eecdh_auto;
3347 
3348 #define VAR_TLS_EECDH_STRONG	"tls_eecdh_strong_curve"
3349 #define DEF_TLS_EECDH_STRONG	"prime256v1"
3350 extern char *var_tls_eecdh_strong;
3351 
3352 #define VAR_TLS_EECDH_ULTRA	"tls_eecdh_ultra_curve"
3353 #define DEF_TLS_EECDH_ULTRA	"secp384r1"
3354 extern char *var_tls_eecdh_ultra;
3355 
3356 #define VAR_TLS_PREEMPT_CLIST	"tls_preempt_cipherlist"
3357 #define DEF_TLS_PREEMPT_CLIST	0
3358 extern bool var_tls_preempt_clist;
3359 
3360 #define VAR_TLS_MULTI_WILDCARD	"tls_wildcard_matches_multiple_labels"
3361 #define DEF_TLS_MULTI_WILDCARD	1
3362 extern bool var_tls_multi_wildcard;
3363 
3364 #define VAR_TLS_BUG_TWEAKS	"tls_disable_workarounds"
3365 #define DEF_TLS_BUG_TWEAKS	""
3366 extern char *var_tls_bug_tweaks;
3367 
3368 #define VAR_TLS_SSL_OPTIONS	"tls_ssl_options"
3369 #define DEF_TLS_SSL_OPTIONS	""
3370 extern char *var_tls_ssl_options;
3371 
3372 #define VAR_TLS_TKT_CIPHER	"tls_session_ticket_cipher"
3373 #define DEF_TLS_TKT_CIPHER	"aes-256-cbc"
3374 extern char *var_tls_tkt_cipher;
3375 
3376 #define VAR_TLS_BC_PKEY_FPRINT	"tls_legacy_public_key_fingerprints"
3377 #define DEF_TLS_BC_PKEY_FPRINT	0
3378 extern bool var_tls_bc_pkey_fprint;
3379 
3380 #define VAR_TLS_SERVER_SNI_MAPS "tls_server_sni_maps"
3381 #define DEF_TLS_SERVER_SNI_MAPS ""
3382 extern char *var_tls_server_sni_maps;
3383 
3384  /*
3385   * Ordered list of DANE digest algorithms.
3386   */
3387 #define VAR_TLS_DANE_DIGESTS	"tls_dane_digests"
3388 #define DEF_TLS_DANE_DIGESTS	"sha512 sha256"
3389 extern char *var_tls_dane_digests;
3390 
3391  /*
3392   * The default is incompatible with pre-TLSv1.0 protocols.
3393   */
3394 #define VAR_TLS_FAST_SHUTDOWN	"tls_fast_shutdown_enable"
3395 #define DEF_TLS_FAST_SHUTDOWN	1
3396 extern bool var_tls_fast_shutdown;
3397 
3398  /*
3399   * Sendmail-style mail filter support.
3400   */
3401 #define VAR_SMTPD_MILTERS		"smtpd_milters"
3402 #define DEF_SMTPD_MILTERS		""
3403 extern char *var_smtpd_milters;
3404 
3405 #define VAR_SMTPD_MILTER_MAPS		"smtpd_milter_maps"
3406 #define DEF_SMTPD_MILTER_MAPS		""
3407 extern char *var_smtpd_milter_maps;
3408 
3409 #define SMTPD_MILTERS_DISABLE		"DISABLE"
3410 
3411 #define VAR_CLEANUP_MILTERS		"non_smtpd_milters"
3412 #define DEF_CLEANUP_MILTERS		""
3413 extern char *var_cleanup_milters;
3414 
3415 #define VAR_MILT_DEF_ACTION		"milter_default_action"
3416 #define DEF_MILT_DEF_ACTION		"tempfail"
3417 extern char *var_milt_def_action;
3418 
3419 #define VAR_MILT_CONN_MACROS		"milter_connect_macros"
3420 #define DEF_MILT_CONN_MACROS		"j {daemon_name} {daemon_addr} v _"
3421 extern char *var_milt_conn_macros;
3422 
3423 #define VAR_MILT_HELO_MACROS		"milter_helo_macros"
3424 #define DEF_MILT_HELO_MACROS		"{tls_version} {cipher} {cipher_bits}" \
3425 					" {cert_subject} {cert_issuer}"
3426 extern char *var_milt_helo_macros;
3427 
3428 #define VAR_MILT_MAIL_MACROS		"milter_mail_macros"
3429 #define DEF_MILT_MAIL_MACROS		"i {auth_type} {auth_authen}" \
3430 					" {auth_author} {mail_addr}" \
3431 					" {mail_host} {mail_mailer}"
3432 extern char *var_milt_mail_macros;
3433 
3434 #define VAR_MILT_RCPT_MACROS		"milter_rcpt_macros"
3435 #define DEF_MILT_RCPT_MACROS		"i {rcpt_addr} {rcpt_host}" \
3436 					" {rcpt_mailer}"
3437 extern char *var_milt_rcpt_macros;
3438 
3439 #define VAR_MILT_DATA_MACROS		"milter_data_macros"
3440 #define DEF_MILT_DATA_MACROS		"i"
3441 extern char *var_milt_data_macros;
3442 
3443 #define VAR_MILT_UNK_MACROS		"milter_unknown_command_macros"
3444 #define DEF_MILT_UNK_MACROS		""
3445 extern char *var_milt_unk_macros;
3446 
3447 #define VAR_MILT_EOH_MACROS		"milter_end_of_header_macros"
3448 #define DEF_MILT_EOH_MACROS		"i"
3449 extern char *var_milt_eoh_macros;
3450 
3451 #define VAR_MILT_EOD_MACROS		"milter_end_of_data_macros"
3452 #define DEF_MILT_EOD_MACROS		"i"
3453 extern char *var_milt_eod_macros;
3454 
3455 #define VAR_MILT_CONN_TIME		"milter_connect_timeout"
3456 #define DEF_MILT_CONN_TIME		"30s"
3457 extern int var_milt_conn_time;
3458 
3459 #define VAR_MILT_CMD_TIME		"milter_command_timeout"
3460 #define DEF_MILT_CMD_TIME		"30s"
3461 extern int var_milt_cmd_time;
3462 
3463 #define VAR_MILT_MSG_TIME		"milter_content_timeout"
3464 #define DEF_MILT_MSG_TIME		"300s"
3465 extern int var_milt_msg_time;
3466 
3467 #define VAR_MILT_PROTOCOL		"milter_protocol"
3468 #define DEF_MILT_PROTOCOL		"6"
3469 extern char *var_milt_protocol;
3470 
3471 #define VAR_MILT_DEF_ACTION		"milter_default_action"
3472 #define DEF_MILT_DEF_ACTION		"tempfail"
3473 extern char *var_milt_def_action;
3474 
3475 #define VAR_MILT_DAEMON_NAME		"milter_macro_daemon_name"
3476 #define DEF_MILT_DAEMON_NAME		"$" VAR_MYHOSTNAME
3477 extern char *var_milt_daemon_name;
3478 
3479 #define VAR_MILT_V			"milter_macro_v"
3480 #define DEF_MILT_V			"$" VAR_MAIL_NAME " $" VAR_MAIL_VERSION
3481 extern char *var_milt_v;
3482 
3483 #define VAR_MILT_HEAD_CHECKS		"milter_header_checks"
3484 #define DEF_MILT_HEAD_CHECKS		""
3485 extern char *var_milt_head_checks;
3486 
3487 #define VAR_MILT_MACRO_DEFLTS		"milter_macro_defaults"
3488 #define DEF_MILT_MACRO_DEFLTS		""
3489 extern char *var_milt_macro_deflts;
3490 
3491  /*
3492   * What internal mail do we inspect/stamp/etc.? This is not yet safe enough
3493   * to enable world-wide.
3494   */
3495 #define INT_FILT_CLASS_NONE		""
3496 #define INT_FILT_CLASS_NOTIFY		"notify"
3497 #define INT_FILT_CLASS_BOUNCE		"bounce"
3498 
3499 #define VAR_INT_FILT_CLASSES		"internal_mail_filter_classes"
3500 #define DEF_INT_FILT_CLASSES		INT_FILT_CLASS_NONE
3501 extern char *var_int_filt_classes;
3502 
3503  /*
3504   * This could break logfile processors, so it's off by default.
3505   */
3506 #define VAR_SMTPD_CLIENT_PORT_LOG		"smtpd_client_port_logging"
3507 #define DEF_SMTPD_CLIENT_PORT_LOG		0
3508 extern bool var_smtpd_client_port_log;
3509 
3510 #define VAR_QMQPD_CLIENT_PORT_LOG		"qmqpd_client_port_logging"
3511 #define DEF_QMQPD_CLIENT_PORT_LOG		0
3512 extern bool var_qmqpd_client_port_log;
3513 
3514  /*
3515   * Header/body checks in delivery agents.
3516   */
3517 #define VAR_SMTP_HEAD_CHKS	"smtp_header_checks"
3518 #define DEF_SMTP_HEAD_CHKS	""
3519 extern char *var_smtp_head_chks;
3520 
3521 #define VAR_SMTP_MIME_CHKS	"smtp_mime_header_checks"
3522 #define DEF_SMTP_MIME_CHKS	""
3523 extern char *var_smtp_mime_chks;
3524 
3525 #define VAR_SMTP_NEST_CHKS	"smtp_nested_header_checks"
3526 #define DEF_SMTP_NEST_CHKS	""
3527 extern char *var_smtp_nest_chks;
3528 
3529 #define VAR_SMTP_BODY_CHKS	"smtp_body_checks"
3530 #define DEF_SMTP_BODY_CHKS	""
3531 extern char *var_smtp_body_chks;
3532 
3533 #define VAR_LMTP_HEAD_CHKS	"lmtp_header_checks"
3534 #define DEF_LMTP_HEAD_CHKS	""
3535 #define VAR_LMTP_MIME_CHKS	"lmtp_mime_header_checks"
3536 #define DEF_LMTP_MIME_CHKS	""
3537 #define VAR_LMTP_NEST_CHKS	"lmtp_nested_header_checks"
3538 #define DEF_LMTP_NEST_CHKS	""
3539 #define VAR_LMTP_BODY_CHKS	"lmtp_body_checks"
3540 #define DEF_LMTP_BODY_CHKS	""
3541 
3542 #define VAR_SMTP_ADDR_PREF	"smtp_address_preference"
3543 #ifdef HAS_IPV6
3544 #define DEF_SMTP_ADDR_PREF	INET_PROTO_NAME_ANY
3545 #else
3546 #define DEF_SMTP_ADDR_PREF	INET_PROTO_NAME_IPV4
3547 #endif
3548 extern char *var_smtp_addr_pref;
3549 
3550 #define VAR_LMTP_ADDR_PREF	"lmtp_address_preference"
3551 #define DEF_LMTP_ADDR_PREF	DEF_SMTP_ADDR_PREF
3552 
3553  /*
3554   * Scheduler concurrency feedback algorithms.
3555   */
3556 #define VAR_CONC_POS_FDBACK	"default_destination_concurrency_positive_feedback"
3557 #define _CONC_POS_FDBACK	"_destination_concurrency_positive_feedback"
3558 #define DEF_CONC_POS_FDBACK	"1"
3559 extern char *var_conc_pos_feedback;
3560 
3561 #define VAR_CONC_NEG_FDBACK	"default_destination_concurrency_negative_feedback"
3562 #define _CONC_NEG_FDBACK	"_destination_concurrency_negative_feedback"
3563 #define DEF_CONC_NEG_FDBACK	"1"
3564 extern char *var_conc_neg_feedback;
3565 
3566 #define CONC_FDBACK_NAME_WIN	"concurrency"
3567 #define CONC_FDBACK_NAME_SQRT_WIN "sqrt_concurrency"
3568 
3569 #define VAR_CONC_COHORT_LIM	"default_destination_concurrency_failed_cohort_limit"
3570 #define _CONC_COHORT_LIM	"_destination_concurrency_failed_cohort_limit"
3571 #define DEF_CONC_COHORT_LIM	1
3572 extern int var_conc_cohort_limit;
3573 
3574 #define VAR_CONC_FDBACK_DEBUG	"destination_concurrency_feedback_debug"
3575 #define DEF_CONC_FDBACK_DEBUG	0
3576 extern bool var_conc_feedback_debug;
3577 
3578 #define VAR_DEST_RATE_DELAY	"default_destination_rate_delay"
3579 #define _DEST_RATE_DELAY	"_destination_rate_delay"
3580 #define DEF_DEST_RATE_DELAY	"0s"
3581 extern int var_dest_rate_delay;
3582 
3583 #define VAR_XPORT_RATE_DELAY	"default_transport_rate_delay"
3584 #define _XPORT_RATE_DELAY	"_transport_rate_delay"
3585 #define DEF_XPORT_RATE_DELAY	"0s"
3586 extern int var_xport_rate_delay;
3587 
3588  /*
3589   * Stress handling.
3590   */
3591 #define VAR_STRESS		"stress"
3592 #define DEF_STRESS		""
3593 extern char *var_stress;
3594 
3595  /*
3596   * Mailbox ownership.
3597   */
3598 #define VAR_STRICT_MBOX_OWNER	"strict_mailbox_ownership"
3599 #define DEF_STRICT_MBOX_OWNER	1
3600 extern bool var_strict_mbox_owner;
3601 
3602  /*
3603   * Window scaling workaround.
3604   */
3605 #define VAR_INET_WINDOW		"tcp_windowsize"
3606 #define DEF_INET_WINDOW		0
3607 extern int var_inet_windowsize;
3608 
3609  /*
3610   * Plug-in multi-instance support. Only the first two parameters are used by
3611   * Postfix itself; the other ones are reserved for the instance manager.
3612   */
3613 #define VAR_MULTI_CONF_DIRS	"multi_instance_directories"
3614 #define DEF_MULTI_CONF_DIRS	""
3615 extern char *var_multi_conf_dirs;
3616 
3617 #define VAR_MULTI_WRAPPER	"multi_instance_wrapper"
3618 #define DEF_MULTI_WRAPPER	""
3619 extern char *var_multi_wrapper;
3620 
3621 #define VAR_MULTI_NAME		"multi_instance_name"
3622 #define DEF_MULTI_NAME		""
3623 extern char *var_multi_name;
3624 
3625 #define VAR_MULTI_GROUP		"multi_instance_group"
3626 #define DEF_MULTI_GROUP		""
3627 extern char *var_multi_group;
3628 
3629 #define VAR_MULTI_ENABLE	"multi_instance_enable"
3630 #define DEF_MULTI_ENABLE	0
3631 extern bool var_multi_enable;
3632 
3633  /*
3634   * postmulti(1) instance manager
3635   */
3636 #define VAR_MULTI_START_CMDS	"postmulti_start_commands"
3637 #define DEF_MULTI_START_CMDS	"start"
3638 extern char *var_multi_start_cmds;
3639 
3640 #define VAR_MULTI_STOP_CMDS	"postmulti_stop_commands"
3641 #define DEF_MULTI_STOP_CMDS	"stop abort drain quick-stop"
3642 extern char *var_multi_stop_cmds;
3643 
3644 #define VAR_MULTI_CNTRL_CMDS	"postmulti_control_commands"
3645 #define DEF_MULTI_CNTRL_CMDS	"reload flush"
3646 extern char *var_multi_cntrl_cmds;
3647 
3648  /*
3649   * postscreen(8)
3650   */
3651 #define VAR_PSC_CACHE_MAP	"postscreen_cache_map"
3652 #define DEF_PSC_CACHE_MAP	"btree:$data_directory/postscreen_cache"
3653 extern char *var_psc_cache_map;
3654 
3655 #define VAR_SMTPD_SERVICE	"smtpd_service_name"
3656 #define DEF_SMTPD_SERVICE	"smtpd"
3657 extern char *var_smtpd_service;
3658 
3659 #define VAR_PSC_POST_QLIMIT	"postscreen_post_queue_limit"
3660 #define DEF_PSC_POST_QLIMIT	"$" VAR_PROC_LIMIT
3661 extern int var_psc_post_queue_limit;
3662 
3663 #define VAR_PSC_PRE_QLIMIT	"postscreen_pre_queue_limit"
3664 #define DEF_PSC_PRE_QLIMIT	"$" VAR_PROC_LIMIT
3665 extern int var_psc_pre_queue_limit;
3666 
3667 #define VAR_PSC_CACHE_RET	"postscreen_cache_retention_time"
3668 #define DEF_PSC_CACHE_RET	"7d"
3669 extern int var_psc_cache_ret;
3670 
3671 #define VAR_PSC_CACHE_SCAN	"postscreen_cache_cleanup_interval"
3672 #define DEF_PSC_CACHE_SCAN	"12h"
3673 extern int var_psc_cache_scan;
3674 
3675 #define VAR_PSC_GREET_WAIT	"postscreen_greet_wait"
3676 #define DEF_PSC_GREET_WAIT	"${stress?{2}:{6}}s"
3677 extern int var_psc_greet_wait;
3678 
3679 #define VAR_PSC_PREGR_BANNER	"postscreen_greet_banner"
3680 #define DEF_PSC_PREGR_BANNER	"$" VAR_SMTPD_BANNER
3681 extern char *var_psc_pregr_banner;
3682 
3683 #define VAR_PSC_PREGR_ENABLE	"postscreen_greet_enable"
3684 #define DEF_PSC_PREGR_ENABLE	no
3685 extern char *var_psc_pregr_enable;
3686 
3687 #define VAR_PSC_PREGR_ACTION	"postscreen_greet_action"
3688 #define DEF_PSC_PREGR_ACTION	"ignore"
3689 extern char *var_psc_pregr_action;
3690 
3691 #define VAR_PSC_PREGR_TTL	"postscreen_greet_ttl"
3692 #define DEF_PSC_PREGR_TTL	"1d"
3693 extern int var_psc_pregr_ttl;
3694 
3695 #define VAR_PSC_DNSBL_SITES	"postscreen_dnsbl_sites"
3696 #define DEF_PSC_DNSBL_SITES	""
3697 extern char *var_psc_dnsbl_sites;
3698 
3699 #define VAR_PSC_DNSBL_THRESH	"postscreen_dnsbl_threshold"
3700 #define DEF_PSC_DNSBL_THRESH	1
3701 extern int var_psc_dnsbl_thresh;
3702 
3703 #define VAR_PSC_DNSBL_WTHRESH	"postscreen_dnsbl_whitelist_threshold"
3704 #define DEF_PSC_DNSBL_WTHRESH	0
3705 
3706 #define VAR_PSC_DNSBL_ALTHRESH	"postscreen_dnsbl_allowlist_threshold"
3707 #define DEF_PSC_DNSBL_ALTHRESH	\
3708 	"${" VAR_PSC_DNSBL_WTHRESH "?{$" VAR_PSC_DNSBL_WTHRESH "}:{0}}"
3709 extern int var_psc_dnsbl_althresh;
3710 
3711 #define VAR_PSC_DNSBL_ENABLE	"postscreen_dnsbl_enable"
3712 #define DEF_PSC_DNSBL_ENABLE	0
3713 extern char *var_psc_dnsbl_enable;
3714 
3715 #define VAR_PSC_DNSBL_ACTION	"postscreen_dnsbl_action"
3716 #define DEF_PSC_DNSBL_ACTION	"ignore"
3717 extern char *var_psc_dnsbl_action;
3718 
3719 #define VAR_PSC_DNSBL_MIN_TTL	"postscreen_dnsbl_min_ttl"
3720 #define DEF_PSC_DNSBL_MIN_TTL	"60s"
3721 extern int var_psc_dnsbl_min_ttl;
3722 
3723 #define VAR_PSC_DNSBL_MAX_TTL	"postscreen_dnsbl_max_ttl"
3724 #define DEF_PSC_DNSBL_MAX_TTL	"${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h"
3725 extern int var_psc_dnsbl_max_ttl;
3726 
3727 #define	VAR_PSC_DNSBL_REPLY	"postscreen_dnsbl_reply_map"
3728 #define	DEF_PSC_DNSBL_REPLY	""
3729 extern char *var_psc_dnsbl_reply;
3730 
3731 #define VAR_PSC_DNSBL_TMOUT	"postscreen_dnsbl_timeout"
3732 #define DEF_PSC_DNSBL_TMOUT	"10s"
3733 extern int var_psc_dnsbl_tmout;
3734 
3735 #define VAR_PSC_PIPEL_ENABLE	"postscreen_pipelining_enable"
3736 #define DEF_PSC_PIPEL_ENABLE	0
3737 extern bool var_psc_pipel_enable;
3738 
3739 #define VAR_PSC_PIPEL_ACTION	"postscreen_pipelining_action"
3740 #define DEF_PSC_PIPEL_ACTION	"enforce"
3741 extern char *var_psc_pipel_action;
3742 
3743 #define VAR_PSC_PIPEL_TTL	"postscreen_pipelining_ttl"
3744 #define DEF_PSC_PIPEL_TTL	"30d"
3745 extern int var_psc_pipel_ttl;
3746 
3747 #define VAR_PSC_NSMTP_ENABLE	"postscreen_non_smtp_command_enable"
3748 #define DEF_PSC_NSMTP_ENABLE	0
3749 extern bool var_psc_nsmtp_enable;
3750 
3751 #define VAR_PSC_NSMTP_ACTION	"postscreen_non_smtp_command_action"
3752 #define DEF_PSC_NSMTP_ACTION	"drop"
3753 extern char *var_psc_nsmtp_action;
3754 
3755 #define VAR_PSC_NSMTP_TTL	"postscreen_non_smtp_command_ttl"
3756 #define DEF_PSC_NSMTP_TTL	"30d"
3757 extern int var_psc_nsmtp_ttl;
3758 
3759 #define VAR_PSC_BARLF_ENABLE	"postscreen_bare_newline_enable"
3760 #define DEF_PSC_BARLF_ENABLE	0
3761 extern bool var_psc_barlf_enable;
3762 
3763 #define VAR_PSC_BARLF_ACTION	"postscreen_bare_newline_action"
3764 #define DEF_PSC_BARLF_ACTION	"ignore"
3765 extern char *var_psc_barlf_action;
3766 
3767 #define VAR_PSC_BARLF_TTL	"postscreen_bare_newline_ttl"
3768 #define DEF_PSC_BARLF_TTL	"30d"
3769 extern int var_psc_barlf_ttl;
3770 
3771 #define VAR_PSC_BLIST_ACTION	"postscreen_blacklist_action"
3772 #define DEF_PSC_BLIST_ACTION	"ignore"
3773 
3774 #define VAR_PSC_DNLIST_ACTION	"postscreen_denylist_action"
3775 #define DEF_PSC_DNLIST_ACTION	\
3776 	"${" VAR_PSC_BLIST_ACTION "?{$" VAR_PSC_BLIST_ACTION "}:{" DEF_PSC_BLIST_ACTION "}}"
3777 extern char *var_psc_dnlist_nets;
3778 
3779 #define VAR_PSC_CMD_COUNT	"postscreen_command_count_limit"
3780 #define DEF_PSC_CMD_COUNT	20
3781 extern int var_psc_cmd_count;
3782 
3783 #define VAR_PSC_CMD_TIME		"postscreen_command_time_limit"
3784 #define DEF_PSC_CMD_TIME		DEF_SMTPD_TMOUT
3785 extern int var_psc_cmd_time;
3786 
3787 #define VAR_PSC_WATCHDOG		"postscreen_watchdog_timeout"
3788 #define DEF_PSC_WATCHDOG		"10s"
3789 extern int var_psc_watchdog;
3790 
3791 #define VAR_PSC_EHLO_DIS_WORDS	"postscreen_discard_ehlo_keywords"
3792 #define DEF_PSC_EHLO_DIS_WORDS	"$" VAR_SMTPD_EHLO_DIS_WORDS
3793 extern char *var_psc_ehlo_dis_words;
3794 
3795 #define VAR_PSC_EHLO_DIS_MAPS	"postscreen_discard_ehlo_keyword_address_maps"
3796 #define DEF_PSC_EHLO_DIS_MAPS	"$" VAR_SMTPD_EHLO_DIS_MAPS
3797 extern char *var_psc_ehlo_dis_maps;
3798 
3799 #define VAR_PSC_TLS_LEVEL	"postscreen_tls_security_level"
3800 #define DEF_PSC_TLS_LEVEL	"$" VAR_SMTPD_TLS_LEVEL
3801 extern char *var_psc_tls_level;
3802 
3803 #define VAR_PSC_USE_TLS		"postscreen_use_tls"
3804 #define DEF_PSC_USE_TLS		"$" VAR_SMTPD_USE_TLS
3805 extern bool var_psc_use_tls;
3806 
3807 #define VAR_PSC_ENFORCE_TLS	"postscreen_enforce_tls"
3808 #define DEF_PSC_ENFORCE_TLS	"$" VAR_SMTPD_ENFORCE_TLS
3809 extern bool var_psc_enforce_tls;
3810 
3811 #define VAR_PSC_FORBID_CMDS	"postscreen_forbidden_commands"
3812 #define DEF_PSC_FORBID_CMDS	"$" VAR_SMTPD_FORBID_CMDS
3813 extern char *var_psc_forbid_cmds;
3814 
3815 #define VAR_PSC_HELO_REQUIRED	"postscreen_helo_required"
3816 #define DEF_PSC_HELO_REQUIRED	"$" VAR_HELO_REQUIRED
3817 extern bool var_psc_helo_required;
3818 
3819 #define VAR_PSC_DISABLE_VRFY	"postscreen_disable_vrfy_command"
3820 #define DEF_PSC_DISABLE_VRFY	"$" VAR_DISABLE_VRFY_CMD
3821 extern bool var_psc_disable_vrfy;
3822 
3823 #define VAR_PSC_CCONN_LIMIT	"postscreen_client_connection_count_limit"
3824 #define DEF_PSC_CCONN_LIMIT	"$" VAR_SMTPD_CCONN_LIMIT
3825 extern int var_psc_cconn_limit;
3826 
3827 #define VAR_PSC_REJ_FOOTER	"postscreen_reject_footer"
3828 #define DEF_PSC_REJ_FOOTER	"$" VAR_SMTPD_REJ_FOOTER
3829 extern char *var_psc_rej_footer;
3830 
3831 #define VAR_PSC_REJ_FTR_MAPS	"postscreen_reject_footer_maps"
3832 #define DEF_PSC_REJ_FTR_MAPS	"$" VAR_SMTPD_REJ_FTR_MAPS
3833 extern char *var_psc_rej_ftr_maps;
3834 
3835 #define VAR_PSC_EXP_FILTER	"postscreen_expansion_filter"
3836 #define DEF_PSC_EXP_FILTER	"$" VAR_SMTPD_EXP_FILTER
3837 extern char *var_psc_exp_filter;
3838 
3839 #define VAR_PSC_CMD_FILTER	"postscreen_command_filter"
3840 #define DEF_PSC_CMD_FILTER	""
3841 extern char *var_psc_cmd_filter;
3842 
3843 #define VAR_PSC_ACL		"postscreen_access_list"
3844 #define DEF_PSC_ACL		SERVER_ACL_NAME_WL_MYNETWORKS
3845 extern char *var_psc_acl;
3846 
3847 #define VAR_PSC_WLIST_IF	"postscreen_whitelist_interfaces"
3848 #define DEF_PSC_WLIST_IF	"static:all"
3849 
3850 #define VAR_PSC_ALLIST_IF	"postscreen_allowlist_interfaces"
3851 #define DEF_PSC_ALLIST_IF	\
3852 	"${" VAR_PSC_WLIST_IF "?{$" VAR_PSC_WLIST_IF "}:{" DEF_PSC_WLIST_IF "}}"
3853 extern char *var_psc_allist_if;
3854 
3855 #define NOPROXY_PROTO_NAME	""
3856 
3857 #define VAR_PSC_UPROXY_PROTO	"postscreen_upstream_proxy_protocol"
3858 #define DEF_PSC_UPROXY_PROTO	NOPROXY_PROTO_NAME
3859 extern char *var_psc_uproxy_proto;
3860 
3861 #define VAR_PSC_UPROXY_TMOUT	"postscreen_upstream_proxy_timeout"
3862 #define DEF_PSC_UPROXY_TMOUT	"5s"
3863 extern int var_psc_uproxy_tmout;
3864 
3865 #define VAR_RESPECTFUL_LOGGING "respectful_logging"
3866 #define DEF_RESPECTFUL_LOGGING \
3867 	"${{$compatibility_level} <level {3.6} ?" " {no} : {yes}}"
3868 extern bool var_respectful_logging;
3869 
3870 #define VAR_DNSBLOG_SERVICE	"dnsblog_service_name"
3871 #define DEF_DNSBLOG_SERVICE	MAIL_SERVICE_DNSBLOG
3872 extern char *var_dnsblog_service;
3873 
3874 #define VAR_DNSBLOG_DELAY	"dnsblog_reply_delay"
3875 #define DEF_DNSBLOG_DELAY	"0s"
3876 extern int var_dnsblog_delay;
3877 
3878 #define VAR_TLSPROXY_SERVICE	"tlsproxy_service_name"
3879 #define DEF_TLSPROXY_SERVICE	MAIL_SERVICE_TLSPROXY
3880 extern char *var_tlsproxy_service;
3881 
3882 #define VAR_TLSP_WATCHDOG	"tlsproxy_watchdog_timeout"
3883 #define DEF_TLSP_WATCHDOG	"10s"
3884 extern int var_tlsp_watchdog;
3885 
3886 #define VAR_TLSP_TLS_LEVEL	"tlsproxy_tls_security_level"
3887 #define DEF_TLSP_TLS_LEVEL	"$" VAR_SMTPD_TLS_LEVEL
3888 extern char *var_tlsp_tls_level;
3889 
3890 #define VAR_TLSP_USE_TLS	"tlsproxy_use_tls"
3891 #define DEF_TLSP_USE_TLS	"$" VAR_SMTPD_USE_TLS
3892 extern bool var_tlsp_use_tls;
3893 
3894 #define VAR_TLSP_ENFORCE_TLS	"tlsproxy_enforce_tls"
3895 #define DEF_TLSP_ENFORCE_TLS	"$" VAR_SMTPD_ENFORCE_TLS
3896 extern bool var_tlsp_enforce_tls;
3897 
3898 #define VAR_TLSP_TLS_ACERT	"tlsproxy_tls_ask_ccert"
3899 #define DEF_TLSP_TLS_ACERT	"$" VAR_SMTPD_TLS_ACERT
3900 extern bool var_tlsp_tls_ask_ccert;
3901 
3902 #define VAR_TLSP_TLS_RCERT	"tlsproxy_tls_req_ccert"
3903 #define DEF_TLSP_TLS_RCERT	"$" VAR_SMTPD_TLS_RCERT
3904 extern bool var_tlsp_tls_req_ccert;
3905 
3906 #define VAR_TLSP_TLS_CCERT_VD	"tlsproxy_tls_ccert_verifydepth"
3907 #define DEF_TLSP_TLS_CCERT_VD	"$" VAR_SMTPD_TLS_CCERT_VD
3908 extern int var_tlsp_tls_ccert_vd;
3909 
3910 #define VAR_TLSP_TLS_CHAIN_FILES	"tlsproxy_tls_chain_files"
3911 #define DEF_TLSP_TLS_CHAIN_FILES	"$" VAR_SMTPD_TLS_CHAIN_FILES
3912 extern char *var_tlsp_tls_chain_files;
3913 
3914 #define VAR_TLSP_TLS_CERT_FILE	"tlsproxy_tls_cert_file"
3915 #define DEF_TLSP_TLS_CERT_FILE	"$" VAR_SMTPD_TLS_CERT_FILE
3916 extern char *var_tlsp_tls_cert_file;
3917 
3918 #define VAR_TLSP_TLS_KEY_FILE	"tlsproxy_tls_key_file"
3919 #define DEF_TLSP_TLS_KEY_FILE	"$" VAR_SMTPD_TLS_KEY_FILE
3920 extern char *var_tlsp_tls_key_file;
3921 
3922 #define VAR_TLSP_TLS_DCERT_FILE "tlsproxy_tls_dcert_file"
3923 #define DEF_TLSP_TLS_DCERT_FILE	"$" VAR_SMTPD_TLS_DCERT_FILE
3924 extern char *var_tlsp_tls_dcert_file;
3925 
3926 #define VAR_TLSP_TLS_DKEY_FILE	"tlsproxy_tls_dkey_file"
3927 #define DEF_TLSP_TLS_DKEY_FILE	"$" VAR_SMTPD_TLS_DKEY_FILE
3928 extern char *var_tlsp_tls_dkey_file;
3929 
3930 #define VAR_TLSP_TLS_ECCERT_FILE "tlsproxy_tls_eccert_file"
3931 #define DEF_TLSP_TLS_ECCERT_FILE	"$" VAR_SMTPD_TLS_ECCERT_FILE
3932 extern char *var_tlsp_tls_eccert_file;
3933 
3934 #define VAR_TLSP_TLS_ECKEY_FILE	"tlsproxy_tls_eckey_file"
3935 #define DEF_TLSP_TLS_ECKEY_FILE	"$" VAR_SMTPD_TLS_ECKEY_FILE
3936 extern char *var_tlsp_tls_eckey_file;
3937 
3938 #define DEF_TLSP_TLS_ECKEY_FILE	"$" VAR_SMTPD_TLS_ECKEY_FILE
3939 extern char *var_tlsp_tls_eckey_file;
3940 
3941 #define VAR_TLSP_TLS_CA_FILE	"tlsproxy_tls_CAfile"
3942 #define DEF_TLSP_TLS_CA_FILE	"$" VAR_SMTPD_TLS_CA_FILE
3943 extern char *var_tlsp_tls_CAfile;
3944 
3945 #define VAR_TLSP_TLS_CA_PATH	"tlsproxy_tls_CApath"
3946 #define DEF_TLSP_TLS_CA_PATH	"$" VAR_SMTPD_TLS_CA_PATH
3947 extern char *var_tlsp_tls_CApath;
3948 
3949 #define VAR_TLSP_TLS_PROTO	"tlsproxy_tls_protocols"
3950 #define DEF_TLSP_TLS_PROTO	"$" VAR_SMTPD_TLS_PROTO
3951 extern char *var_tlsp_tls_proto;
3952 
3953 #define VAR_TLSP_TLS_MAND_PROTO	"tlsproxy_tls_mandatory_protocols"
3954 #define DEF_TLSP_TLS_MAND_PROTO	"$" VAR_SMTPD_TLS_MAND_PROTO
3955 extern char *var_tlsp_tls_mand_proto;
3956 
3957 #define VAR_TLSP_TLS_CIPH	"tlsproxy_tls_ciphers"
3958 #define DEF_TLSP_TLS_CIPH	"$" VAR_SMTPD_TLS_CIPH
3959 extern char *var_tlsp_tls_ciph;
3960 
3961 #define VAR_TLSP_TLS_MAND_CIPH	"tlsproxy_tls_mandatory_ciphers"
3962 #define DEF_TLSP_TLS_MAND_CIPH	"$" VAR_SMTPD_TLS_MAND_CIPH
3963 extern char *var_tlsp_tls_mand_ciph;
3964 
3965 #define VAR_TLSP_TLS_EXCL_CIPH  "tlsproxy_tls_exclude_ciphers"
3966 #define DEF_TLSP_TLS_EXCL_CIPH	"$" VAR_SMTPD_TLS_EXCL_CIPH
3967 extern char *var_tlsp_tls_excl_ciph;
3968 
3969 #define VAR_TLSP_TLS_MAND_EXCL  "tlsproxy_tls_mandatory_exclude_ciphers"
3970 #define DEF_TLSP_TLS_MAND_EXCL	"$" VAR_SMTPD_TLS_MAND_EXCL
3971 extern char *var_tlsp_tls_mand_excl;
3972 
3973 #define VAR_TLSP_TLS_FPT_DGST	"tlsproxy_tls_fingerprint_digest"
3974 #define DEF_TLSP_TLS_FPT_DGST	"$" VAR_SMTPD_TLS_FPT_DGST
3975 extern char *var_tlsp_tls_fpt_dgst;
3976 
3977 #define VAR_TLSP_TLS_512_FILE	"tlsproxy_tls_dh512_param_file"
3978 #define DEF_TLSP_TLS_512_FILE	"$" VAR_SMTPD_TLS_512_FILE
3979 extern char *var_tlsp_tls_dh512_param_file;
3980 
3981 #define VAR_TLSP_TLS_1024_FILE	"tlsproxy_tls_dh1024_param_file"
3982 #define DEF_TLSP_TLS_1024_FILE	"$" VAR_SMTPD_TLS_1024_FILE
3983 extern char *var_tlsp_tls_dh1024_param_file;
3984 
3985 #define VAR_TLSP_TLS_EECDH	"tlsproxy_tls_eecdh_grade"
3986 #define DEF_TLSP_TLS_EECDH	"$" VAR_SMTPD_TLS_EECDH
3987 extern char *var_tlsp_tls_eecdh;
3988 
3989 #define VAR_TLSP_TLS_LOGLEVEL	"tlsproxy_tls_loglevel"
3990 #define DEF_TLSP_TLS_LOGLEVEL	"$" VAR_SMTPD_TLS_LOGLEVEL
3991 extern char *var_tlsp_tls_loglevel;
3992 
3993 #define VAR_TLSP_TLS_RECHEAD	"tlsproxy_tls_received_header"
3994 #define DEF_TLSP_TLS_RECHEAD	"$" VAR_SMTPD_TLS_RECHEAD
3995 extern bool var_tlsp_tls_received_header;
3996 
3997 #define VAR_TLSP_TLS_SET_SESSID	"tlsproxy_tls_always_issue_session_ids"
3998 #define DEF_TLSP_TLS_SET_SESSID	"$" VAR_SMTPD_TLS_SET_SESSID
3999 extern bool var_tlsp_tls_set_sessid;
4000 
4001  /*
4002   * Workaround for tlsproxy(8) pre-jail client certs/keys access.
4003   */
4004 #define VAR_TLSP_CLNT_LOGLEVEL		"tlsproxy_client_loglevel"
4005 #define DEF_TLSP_CLNT_LOGLEVEL		"$" VAR_SMTP_TLS_LOGLEVEL
4006 extern char *var_tlsp_clnt_loglevel;
4007 
4008 #define VAR_TLSP_CLNT_LOGPARAM		"tlsproxy_client_loglevel_parameter"
4009 #define DEF_TLSP_CLNT_LOGPARAM		VAR_SMTP_TLS_LOGLEVEL
4010 extern char *var_tlsp_clnt_logparam;
4011 
4012 #define VAR_TLSP_CLNT_SCERT_VD		"tlsproxy_client_scert_verifydepth"
4013 #define DEF_TLSP_CLNT_SCERT_VD		"$" VAR_SMTP_TLS_SCERT_VD
4014 extern int var_tlsp_clnt_scert_vd;
4015 
4016 #define VAR_TLSP_CLNT_CHAIN_FILES	"tlsproxy_client_chain_files"
4017 #define DEF_TLSP_CLNT_CHAIN_FILES	"$" VAR_SMTP_TLS_CHAIN_FILES
4018 extern char *var_tlsp_clnt_chain_files;
4019 
4020 #define VAR_TLSP_CLNT_CERT_FILE		"tlsproxy_client_cert_file"
4021 #define DEF_TLSP_CLNT_CERT_FILE		"$" VAR_SMTP_TLS_CERT_FILE
4022 extern char *var_tlsp_clnt_cert_file;
4023 
4024 #define VAR_TLSP_CLNT_KEY_FILE		"tlsproxy_client_key_file"
4025 #define DEF_TLSP_CLNT_KEY_FILE		"$" VAR_SMTP_TLS_KEY_FILE
4026 extern char *var_tlsp_clnt_key_file;
4027 
4028 #define VAR_TLSP_CLNT_DCERT_FILE	"tlsproxy_client_dcert_file"
4029 #define DEF_TLSP_CLNT_DCERT_FILE	"$" VAR_SMTP_TLS_DCERT_FILE
4030 extern char *var_tlsp_clnt_dcert_file;
4031 
4032 #define VAR_TLSP_CLNT_DKEY_FILE		"tlsproxy_client_dkey_file"
4033 #define DEF_TLSP_CLNT_DKEY_FILE		"$" VAR_SMTP_TLS_DKEY_FILE
4034 extern char *var_tlsp_clnt_dkey_file;
4035 
4036 #define VAR_TLSP_CLNT_ECCERT_FILE	"tlsproxy_client_eccert_file"
4037 #define DEF_TLSP_CLNT_ECCERT_FILE	"$" VAR_SMTP_TLS_ECCERT_FILE
4038 extern char *var_tlsp_clnt_eccert_file;
4039 
4040 #define VAR_TLSP_CLNT_ECKEY_FILE	"tlsproxy_client_eckey_file"
4041 #define DEF_TLSP_CLNT_ECKEY_FILE	"$" VAR_SMTP_TLS_ECKEY_FILE
4042 extern char *var_tlsp_clnt_eckey_file;
4043 
4044 #define VAR_TLSP_CLNT_CAFILE		"tlsproxy_client_CAfile"
4045 #define DEF_TLSP_CLNT_CAFILE		"$" VAR_SMTP_TLS_CA_FILE
4046 extern char *var_tlsp_clnt_CAfile;
4047 
4048 #define VAR_TLSP_CLNT_CAPATH		"tlsproxy_client_CApath"
4049 #define DEF_TLSP_CLNT_CAPATH		"$" VAR_SMTP_TLS_CA_PATH
4050 extern char *var_tlsp_clnt_CApath;
4051 
4052 #define VAR_TLSP_CLNT_FPT_DGST		"tlsproxy_client_fingerprint_digest"
4053 #define DEF_TLSP_CLNT_FPT_DGST		"$" VAR_SMTP_TLS_FPT_DGST
4054 extern char *var_tlsp_clnt_fpt_dgst;
4055 
4056 #define VAR_TLSP_CLNT_USE_TLS		"tlsproxy_client_use_tls"
4057 #define DEF_TLSP_CLNT_USE_TLS		"$" VAR_SMTP_USE_TLS
4058 extern bool var_tlsp_clnt_use_tls;
4059 
4060 #define VAR_TLSP_CLNT_ENFORCE_TLS	"tlsproxy_client_enforce_tls"
4061 #define DEF_TLSP_CLNT_ENFORCE_TLS	"$" VAR_SMTP_ENFORCE_TLS
4062 extern bool var_tlsp_clnt_enforce_tls;
4063 
4064 #define VAR_TLSP_CLNT_LEVEL		"tlsproxy_client_level"
4065 #define DEF_TLSP_CLNT_LEVEL		"$" VAR_SMTP_TLS_LEVEL
4066 extern char *var_tlsp_clnt_level;
4067 
4068 #define VAR_TLSP_CLNT_PER_SITE		"tlsproxy_client_per_site"
4069 #define DEF_TLSP_CLNT_PER_SITE		"$" VAR_SMTP_TLS_PER_SITE
4070 extern char *var_tlsp_clnt_per_site;
4071 
4072 #define VAR_TLSP_CLNT_POLICY		"tlsproxy_client_policy"
4073 #define DEF_TLSP_CLNT_POLICY		"$" VAR_SMTP_TLS_POLICY
4074 extern char *var_tlsp_clnt_policy;
4075 
4076  /*
4077   * SMTPD "reject" contact info.
4078   */
4079 #define VAR_SMTPD_REJ_FOOTER	"smtpd_reject_footer"
4080 #define DEF_SMTPD_REJ_FOOTER	""
4081 extern char *var_smtpd_rej_footer;
4082 
4083 #define VAR_SMTPD_REJ_FTR_MAPS	"smtpd_reject_footer_maps"
4084 #define DEF_SMTPD_REJ_FTR_MAPS	""
4085 extern char *var_smtpd_rej_ftr_maps;
4086 
4087  /*
4088   * Per-record time limit support.
4089   */
4090 #define VAR_SMTPD_REC_DEADLINE	"smtpd_per_record_deadline"
4091 #define DEF_SMTPD_REC_DEADLINE	"${stress?{yes}:{no}}"
4092 extern bool var_smtpd_rec_deadline;
4093 
4094 #define VAR_SMTP_REC_DEADLINE	"smtp_per_record_deadline"
4095 #define DEF_SMTP_REC_DEADLINE	0
4096 #define VAR_LMTP_REC_DEADLINE	"lmtp_per_record_deadline"
4097 #define DEF_LMTP_REC_DEADLINE	0
4098 extern bool var_smtp_rec_deadline;
4099 
4100 #define VAR_SMTPD_REQ_DEADLINE	"smtpd_per_request_deadline"
4101 #define DEF_SMTPD_REQ_DEADLINE	"${smtpd_per_record_deadline?" \
4102 				"{$smtpd_per_record_deadline}:" \
4103 				"{${stress?{yes}:{no}}}}"
4104 extern bool var_smtpd_req_deadline;
4105 
4106 #define VAR_SMTP_REQ_DEADLINE	"smtp_per_request_deadline"
4107 #define DEF_SMTP_REQ_DEADLINE	"${smtp_per_record_deadline?" \
4108 				"{$smtp_per_record_deadline}:{no}}"
4109 #define VAR_LMTP_REQ_DEADLINE	"lmtp_per_request_deadline"
4110 #define DEF_LMTP_REQ_DEADLINE	"${lmtp_per_record_deadline?" \
4111 				"{$lmtp_per_record_deadline}:{no}}"
4112 extern bool var_smtp_req_deadline;
4113 
4114 #define VAR_SMTPD_MIN_DATA_RATE	"smtpd_min_data_rate"
4115 #define DEF_SMTPD_MIN_DATA_RATE	500
4116 extern int var_smtpd_min_data_rate;
4117 
4118 #define VAR_SMTP_MIN_DATA_RATE	"smtp_min_data_rate"
4119 #define DEF_SMTP_MIN_DATA_RATE	500
4120 #define VAR_LMTP_MIN_DATA_RATE	"lmtp_min_data_rate"
4121 #define DEF_LMTP_MIN_DATA_RATE	500
4122 extern int var_smtp_min_data_rate;
4123 
4124  /*
4125   * Permit logging.
4126   */
4127 #define VAR_SMTPD_ACL_PERM_LOG	"smtpd_log_access_permit_actions"
4128 #define DEF_SMTPD_ACL_PERM_LOG	""
4129 extern char *var_smtpd_acl_perm_log;
4130 
4131  /*
4132   * Before-smtpd proxy support.
4133   */
4134 #define VAR_SMTPD_UPROXY_PROTO	"smtpd_upstream_proxy_protocol"
4135 #define DEF_SMTPD_UPROXY_PROTO	""
4136 extern char *var_smtpd_uproxy_proto;
4137 
4138 #define VAR_SMTPD_UPROXY_TMOUT	"smtpd_upstream_proxy_timeout"
4139 #define DEF_SMTPD_UPROXY_TMOUT	"5s"
4140 extern int var_smtpd_uproxy_tmout;
4141 
4142  /*
4143   * Postfix sendmail command compatibility features.
4144   */
4145 #define SM_FIX_EOL_STRICT	"strict"
4146 #define SM_FIX_EOL_NEVER	"never"
4147 #define SM_FIX_EOL_ALWAYS	"always"
4148 
4149 #define VAR_SM_FIX_EOL		"sendmail_fix_line_endings"
4150 #define DEF_SM_FIX_EOL		SM_FIX_EOL_ALWAYS
4151 extern char *var_sm_fix_eol;
4152 
4153  /*
4154   * Gradual degradation, or fatal exit after table open error?
4155   */
4156 #define VAR_DAEMON_OPEN_FATAL	"daemon_table_open_error_is_fatal"
4157 #define DEF_DAEMON_OPEN_FATAL	0
4158 extern bool var_daemon_open_fatal;
4159 
4160  /*
4161   * Optional delivery status filter.
4162   */
4163 #define VAR_DSN_FILTER			"default_delivery_status_filter"
4164 #define DEF_DSN_FILTER			""
4165 extern char *var_dsn_filter;
4166 
4167 #define VAR_SMTP_DSN_FILTER		"smtp_delivery_status_filter"
4168 #define DEF_SMTP_DSN_FILTER		"$" VAR_DSN_FILTER
4169 #define VAR_LMTP_DSN_FILTER		"lmtp_delivery_status_filter"
4170 #define DEF_LMTP_DSN_FILTER		"$" VAR_DSN_FILTER
4171 extern char *var_smtp_dsn_filter;
4172 
4173 #define VAR_PIPE_DSN_FILTER		"pipe_delivery_status_filter"
4174 #define DEF_PIPE_DSN_FILTER		"$" VAR_DSN_FILTER
4175 extern char *var_pipe_dsn_filter;
4176 
4177 #define VAR_VIRT_DSN_FILTER		"virtual_delivery_status_filter"
4178 #define DEF_VIRT_DSN_FILTER		"$" VAR_DSN_FILTER
4179 extern char *var_virt_dsn_filter;
4180 
4181 #define VAR_LOCAL_DSN_FILTER		"local_delivery_status_filter"
4182 #define DEF_LOCAL_DSN_FILTER		"$" VAR_DSN_FILTER
4183 extern char *var_local_dsn_filter;
4184 
4185  /*
4186   * Optional DNS reply filter.
4187   */
4188 #define VAR_SMTP_DNS_RE_FILTER		"smtp_dns_reply_filter"
4189 #define DEF_SMTP_DNS_RE_FILTER		""
4190 #define VAR_LMTP_DNS_RE_FILTER		"lmtp_dns_reply_filter"
4191 #define DEF_LMTP_DNS_RE_FILTER		""
4192 extern char *var_smtp_dns_re_filter;
4193 
4194 #define VAR_SMTPD_DNS_RE_FILTER		"smtpd_dns_reply_filter"
4195 #define DEF_SMTPD_DNS_RE_FILTER		""
4196 extern char *var_smtpd_dns_re_filter;
4197 
4198  /*
4199   * Share TLS sessions through tlproxy(8).
4200   */
4201 #define VAR_SMTP_TLS_CONN_REUSE		"smtp_tls_connection_reuse"
4202 #define DEF_SMTP_TLS_CONN_REUSE		0
4203 #define VAR_LMTP_TLS_CONN_REUSE		"lmtp_tls_connection_reuse"
4204 #define DEF_LMTP_TLS_CONN_REUSE		0
4205 extern bool var_smtp_tls_conn_reuse;
4206 
4207  /*
4208   * Location of shared-library files.
4209   *
4210   * If the files will be installed into a known directory, such as a directory
4211   * that is processed with the ldconfig(1) command, then the shlib_directory
4212   * parameter may be configured at installation time.
4213   *
4214   * Otherwise, the shlib_directory parameter must be specified at compile time,
4215   * and it cannot be changed afterwards.
4216   */
4217 #define VAR_SHLIB_DIR	"shlib_directory"
4218 #ifndef DEF_SHLIB_DIR
4219 #define DEF_SHLIB_DIR	"/usr/lib/postfix"
4220 #endif
4221 extern char *var_shlib_dir;
4222 
4223 #define VAR_META_DIR	"meta_directory"
4224 #ifndef DEF_META_DIR
4225 #define DEF_META_DIR	DEF_CONFIG_DIR
4226 #endif
4227 extern char *var_meta_dir;
4228 
4229  /*
4230   * SMTPUTF8 support.
4231   */
4232 #define VAR_SMTPUTF8_ENABLE		"smtputf8_enable"
4233 #ifndef DEF_SMTPUTF8_ENABLE
4234 #define DEF_SMTPUTF8_ENABLE		"${{$compatibility_level} <level {1} ? " \
4235 					"{no} : {yes}}"
4236 #endif
4237 extern int var_smtputf8_enable;
4238 
4239 #define VAR_STRICT_SMTPUTF8		"strict_smtputf8"
4240 #define DEF_STRICT_SMTPUTF8		0
4241 extern int var_strict_smtputf8;
4242 
4243 #define VAR_SMTPUTF8_AUTOCLASS		"smtputf8_autodetect_classes"
4244 #define DEF_SMTPUTF8_AUTOCLASS		MAIL_SRC_NAME_SENDMAIL ", " \
4245 					MAIL_SRC_NAME_VERIFY
4246 extern char *var_smtputf8_autoclass;
4247 
4248 #define VAR_IDNA2003_COMPAT		"enable_idna2003_compatibility"
4249 #define DEF_IDNA2003_COMPAT		"no"
4250 extern int var_idna2003_compat;
4251 
4252  /*
4253   * Workaround for future incompatibility. Our implementation of RFC 2308
4254   * negative reply caching relies on the promise that res_query() and
4255   * res_search() invoke res_send(), which returns the server response in an
4256   * application buffer even if the requested record does not exist. If this
4257   * promise is broken, we have a workaround that is good enough for DNS
4258   * reputation lookups.
4259   */
4260 #define VAR_DNS_NCACHE_TTL_FIX		"dns_ncache_ttl_fix_enable"
4261 #define DEF_DNS_NCACHE_TTL_FIX		0
4262 extern bool var_dns_ncache_ttl_fix;
4263 
4264  /*
4265   * Logging. As systems evolve over time, logging becomes more challenging.
4266   */
4267 #define VAR_MAILLOG_FILE	"maillog_file"
4268 #define DEF_MAILLOG_FILE	""
4269 extern char *var_maillog_file;
4270 
4271 #define VAR_MAILLOG_FILE_PFXS	"maillog_file_prefixes"
4272 #define DEF_MAILLOG_FILE_PFXS	"/var, /dev/stdout"
4273 extern char *var_maillog_file_pfxs;
4274 
4275 #define VAR_MAILLOG_FILE_COMP	"maillog_file_compressor"
4276 #define DEF_MAILLOG_FILE_COMP	"gzip"
4277 extern char *var_maillog_file_comp;
4278 
4279 #define VAR_MAILLOG_FILE_STAMP	"maillog_file_rotate_suffix"
4280 #define DEF_MAILLOG_FILE_STAMP	"%Y%m%d-%H%M%S"
4281 extern char *var_maillog_file_stamp;
4282 
4283 #define VAR_POSTLOG_SERVICE	"postlog_service_name"
4284 #define DEF_POSTLOG_SERVICE	MAIL_SERVICE_POSTLOG
4285 extern char *var_postlog_service;
4286 
4287 #define VAR_POSTLOGD_WATCHDOG	"postlogd_watchdog_timeout"
4288 #define DEF_POSTLOGD_WATCHDOG	"10s"
4289 extern int var_postlogd_watchdog;
4290 
4291  /*
4292   * Backwards compatibility for internal-form address logging.
4293   */
4294 #define INFO_LOG_ADDR_FORM_NAME_EXTERNAL	"external"
4295 #define INFO_LOG_ADDR_FORM_NAME_INTERNAL	"internal"
4296 
4297 #define VAR_INFO_LOG_ADDR_FORM	"info_log_address_format"
4298 #define DEF_INFO_LOG_ADDR_FORM	INFO_LOG_ADDR_FORM_NAME_EXTERNAL
4299 extern char *var_info_log_addr_form;
4300 
4301  /*
4302   * DNSSEC probing, to find out if DNSSEC validation is available.
4303   */
4304 #define VAR_DNSSEC_PROBE	"dnssec_probe"
4305 #define DEF_DNSSEC_PROBE	"ns:."
4306 extern char *var_dnssec_probe;
4307 
4308  /*
4309   * Pre-empt services(5) lookups.
4310   */
4311 #define VAR_KNOWN_TCP_PORTS	"known_tcp_ports"
4312 #define	DEF_KNOWN_TCP_PORTS	\
4313 		"lmtp=24, smtp=25, smtps=submissions=465, submission=587"
4314 extern char *var_known_tcp_ports;
4315 
4316 /* LICENSE
4317 /* .ad
4318 /* .fi
4319 /*	The Secure Mailer license must be distributed with this software.
4320 /* AUTHOR(S)
4321 /*	Wietse Venema
4322 /*	IBM T.J. Watson Research
4323 /*	P.O. Box 704
4324 /*	Yorktown Heights, NY 10598, USA
4325 /*
4326 /*	Wietse Venema
4327 /*	Google, Inc.
4328 /*	111 8th Avenue
4329 /*	New York, NY 10011, USA
4330 /*--*/
4331 
4332 #endif
4333