1# This is the input file for automatically generating the postconf(5) 2# manual page, the summaries of parameters in on-line manual pages, 3# and for the postconf.5.html hyperlinked document. 4# 5# The following tools operate on information from this file: 6# 7# xpostconf 8# Extracts specific parameter definitions from this file, or 9# produces a sorted version of all the information in this 10# document. 11# 12# postconf2html 13# Adds parameter name +default headers. The result can be embedded 14# into the postconf.5.html hyperlinked document. 15# 16# postconf2man 17# Converts this file into something that can be embedded into 18# the postconf(5) UNIX-style manual page. This tool knows only 19# a limited subset of HTML as described below. 20# 21# postconf2src 22# Converts this file result into something that can be embedded 23# into Postfix source code files. 24# 25# The subset of HTML that you can use is limited by the postconf2man 26# tool: 27# 28# * Supported HTML elements are: blockquote, ul, li, dl, dt, dd, 29# p, pre, b, i, h, and the escapes for < <= >= >. Sorry, no 30# tables. 31# 32# * HTML elements must be specified in lower case. 33# 34# * Lists cannot be nested. 35# 36# * The postconf2man tool leaves unrecognized HTML in place as a 37# reminder that it is not supported. 38# 39# * Text between <!-- and --> is stripped out. The <!-- and --> 40# must appear on separate lines. 41# 42# * Blank lines are special for postconf2man: it replaces them by 43# a "new paragraph" command. Don't put any blank lines inside 44# <blockquote> text. Instead, put those blank lines between 45# </blockquote> and <blockquote>. 46# 47# * Text after a blank line must start with an HTML element. 48# 49# Also: 50# 51# * All <dt> and <dd>text must be closed with </dt> and </dd>. 52# 53# * Use <blockquote><pre>..</pre></blockquote> for examples 54# between narrative text, instead of indenting examples by hand. 55# 56# * Use <pre>..</pre> for the "Examples:" section at the end 57# of a parameter description. 58# 59# The postlink tool automatically inserts hyperlinks for the following, 60# so you must not hyperlink that information yourself: 61# 62# * Postfix manual pages 63# * URLs 64# * RFCs 65# * Postfix configuration parameters 66# * Postfix README files 67# * Address classes and other terminology. 68# 69# The xpostconf and postconf2html tools expect the file format described 70# in the comments below. The description includes the transformation 71# that is done by the postconf2html tool. 72# 73# * The format of this file is blocks of text separated by one or 74# more empty (or all whitespace) lines. 75# 76# * A text block that begins with %PARAM specifies a parameter name 77# and its default value, separated by whitespace. The text in 78# the blocks that follow is the parameter description. 79# 80# * The first line (text up to the first ". ") is used in Postfix 81# on-line manual pages, in the one-line configuration parameter 82# summaries. 83# 84# * A text block that begins with the "<" character is treated as 85# literal HTML. For example, to specify a "dl" list element one 86# would write: 87# 88# |<dt><b>name</b></dt> <dd> 89# | 90# |text that describes "name". 91# | 92# |</dd> ... 93# 94# As described below, the text that describes "name" will be 95# enclosed with <p> and </p>. 96# 97# An "ul" list element would be written like this: 98# 99# |<li> text for this list element. 100# 101# * Any text block that does not begin with < is an error. 102 103%CLASS address-verification Address verification (Postfix 2.1 and later) 104 105<p> 106Sender/recipient address verification is implemented by sending 107probe email messages that are not actually delivered. This feature 108is requested via the reject_unverified_sender and 109reject_unverified_recipient access restrictions. The status of 110verification probes is maintained by the address verification 111service. See the file ADDRESS_VERIFICATION_README for information 112about how to configure and operate the Postfix sender/recipient 113address verification service. 114</p> 115 116%CLASS smtpd-compatibility Compatibility controls 117 118%CLASS resource-control Resource controls 119 120%CLASS after-queue-filter After-queue content filter 121 122<p> 123As of version 1.0, Postfix can be configured to send new mail to 124an external content filter AFTER the mail is queued. This content 125filter is expected to inject mail back into a (Postfix or other) 126MTA for further delivery. See the FILTER_README document for 127details. 128</p> 129 130%CLASS before-queue-filter Before-queue content filter 131 132<p> 133The Postfix SMTP server can be configured to send incoming mail to 134a real-time SMTP-based content filter BEFORE mail is queued. This 135content filter is expected to inject mail back into Postfix. See 136the SMTPD_PROXY_README document for details on how to configure 137and operate this feature. 138</p> 139 140%CLASS basic-config Basic configuration parameters 141 142%CLASS smtpd-access-relay SMTP server access and relay control 143 144%CLASS smtpd-sasl SMTP server SASL authentication 145 146%CLASS unknown-recipients Rejecting mail for unknown recipients 147 148%CLASS smtpd-reply-code SMTP server response codes 149 150%CLASS other Other configuration parameters 151 152%PARAM access_map_reject_code 554 153 154<p> 155The numerical Postfix SMTP server response code for 156an access(5) map "reject" action. 157</p> 158 159<p> 160Do not change this unless you have a complete understanding of RFC 2821. 161</p> 162 163%PARAM access_map_defer_code 450 164 165<p> 166The numerical Postfix SMTP server response code for 167an access(5) map "defer" action, including "defer_if_permit" 168or "defer_if_reject". Prior to Postfix 2.6, the response 169is hard-coded as "450". 170</p> 171 172<p> 173Do not change this unless you have a complete understanding of RFC 2821. 174</p> 175 176<p> 177This feature is available in Postfix 2.6 and later. 178</p> 179 180%PARAM address_verify_default_transport $default_transport 181 182<p> 183Overrides the default_transport parameter setting for address 184verification probes. 185</p> 186 187<p> 188This feature is available in Postfix 2.1 and later. 189</p> 190 191%PARAM address_verify_local_transport $local_transport 192 193<p> 194Overrides the local_transport parameter setting for address 195verification probes. 196</p> 197 198<p> 199This feature is available in Postfix 2.1 and later. 200</p> 201 202%PARAM address_verify_map see "postconf -d" output 203 204<p> 205Lookup table for persistent address verification status 206storage. The table is maintained by the verify(8) service, and 207is opened before the process releases privileges. 208</p> 209 210<p> 211The lookup table is persistent by default (Postfix 2.7 and later). 212Specify an empty table name to keep the information in volatile 213memory which is lost after "<b>postfix reload</b>" or "<b>postfix 214stop</b>". This is the default with Postfix version 2.6 and earlier. 215</p> 216 217<p> 218Specify a location in a file system that will not fill up. If the 219database becomes corrupted, the world comes to an end. To recover 220delete (NOT: truncate) the file and do "<b>postfix reload</b>". 221</p> 222 223<p> Postfix daemon processes do not use root privileges when opening 224this file (Postfix 2.5 and later). The file must therefore be 225stored under a Postfix-owned directory such as the data_directory. 226As a migration aid, an attempt to open the file under a non-Postfix 227directory is redirected to the Postfix-owned data_directory, and a 228warning is logged. </p> 229 230<p> 231Examples: 232</p> 233 234<pre> 235address_verify_map = hash:/var/db/postfix/verify 236address_verify_map = btree:/var/db/postfix/verify 237</pre> 238 239<p> 240This feature is available in Postfix 2.1 and later. 241</p> 242 243%PARAM address_verify_negative_cache yes 244 245<p> 246Enable caching of failed address verification probe results. When 247this feature is enabled, the cache may pollute quickly with garbage. 248When this feature is disabled, Postfix will generate an address 249probe for every lookup. 250</p> 251 252<p> 253This feature is available in Postfix 2.1 and later. 254</p> 255 256%PARAM address_verify_negative_expire_time 3d 257 258<p> 259The time after which a failed probe expires from the address 260verification cache. 261</p> 262 263<p> 264Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 265</p> 266 267<p> 268This feature is available in Postfix 2.1 and later. 269</p> 270 271%PARAM address_verify_negative_refresh_time 3h 272 273<p> 274The time after which a failed address verification probe needs to 275be refreshed. 276</p> 277 278<p> 279Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 280</p> 281 282<p> 283This feature is available in Postfix 2.1 and later. 284</p> 285 286%PARAM address_verify_cache_cleanup_interval 12h 287 288<p> The amount of time between verify(8) address verification 289database cleanup runs. This feature requires that the database 290supports the "delete" and "sequence" operators. Specify a zero 291interval to disable database cleanup. </p> 292 293<p> After each database cleanup run, the verify(8) daemon logs the 294number of entries that were retained and dropped. A cleanup run is 295logged as "partial" when the daemon terminates early after "<b>postfix 296reload</b>", "<b>postfix stop</b>", or no requests for $max_idle 297seconds. </p> 298 299<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 300(weeks). </p> 301 302<p> This feature is available in Postfix 2.7. </p> 303 304%PARAM address_verify_poll_count ${stress?1}${stress:3} 305 306<p> 307How many times to query the verify(8) service for the completion 308of an address verification request in progress. 309</p> 310 311<p> By default, the Postfix SMTP server polls the verify(8) service 312up to three times under non-overload conditions, and only once when 313under overload. With Postfix version 2.6 and earlier, the SMTP 314server always polls the verify(8) service up to three times by 315default. </p> 316 317<p> 318Specify 1 to implement a crude form of greylisting, that is, always 319defer the first delivery request for a new address. 320</p> 321 322<p> 323Examples: 324</p> 325 326<pre> 327# Postfix ≤ 2.6 default 328address_verify_poll_count = 3 329# Poor man's greylisting 330address_verify_poll_count = 1 331</pre> 332 333<p> 334This feature is available in Postfix 2.1 and later. 335</p> 336 337%PARAM address_verify_poll_delay 3s 338 339<p> 340The delay between queries for the completion of an address 341verification request in progress. 342</p> 343 344<p> 345The default polling delay is 3 seconds. 346</p> 347 348<p> 349Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 350</p> 351 352<p> 353This feature is available in Postfix 2.1 and later. 354</p> 355 356%PARAM address_verify_positive_expire_time 31d 357 358<p> 359The time after which a successful probe expires from the address 360verification cache. 361</p> 362 363<p> 364Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 365</p> 366 367<p> 368This feature is available in Postfix 2.1 and later. 369</p> 370 371%PARAM address_verify_positive_refresh_time 7d 372 373<p> 374The time after which a successful address verification probe needs 375to be refreshed. The address verification status is not updated 376when the probe fails (optimistic caching). 377</p> 378 379<p> 380Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 381</p> 382 383<p> 384This feature is available in Postfix 2.1 and later. 385</p> 386 387%PARAM address_verify_relay_transport $relay_transport 388 389<p> 390Overrides the relay_transport parameter setting for address 391verification probes. 392</p> 393 394<p> 395This feature is available in Postfix 2.1 and later. 396</p> 397 398%PARAM address_verify_relayhost $relayhost 399 400<p> 401Overrides the relayhost parameter setting for address verification 402probes. This information can be overruled with the transport(5) table. 403</p> 404 405<p> 406This feature is available in Postfix 2.1 and later. 407</p> 408 409%PARAM address_verify_sender $double_bounce_sender 410 411<p> The sender address to use in address verification probes; prior 412to Postfix 2.5 the default was "postmaster". To 413avoid problems with address probes that are sent in response to 414address probes, the Postfix SMTP server excludes the probe sender 415address from all SMTPD access blocks. </p> 416 417<p> 418Specify an empty value (address_verify_sender =) or <> if you want 419to use the null sender address. Beware, some sites reject mail from 420<>, even though RFCs require that such addresses be accepted. 421</p> 422 423<p> 424Examples: 425</p> 426 427<pre> 428address_verify_sender = <> 429address_verify_sender = postmaster@my.domain 430</pre> 431 432<p> 433This feature is available in Postfix 2.1 and later. 434</p> 435 436%PARAM address_verify_transport_maps $transport_maps 437 438<p> 439Overrides the transport_maps parameter setting for address verification 440probes. 441</p> 442 443<p> 444This feature is available in Postfix 2.1 and later. 445</p> 446 447%PARAM address_verify_virtual_transport $virtual_transport 448 449<p> 450Overrides the virtual_transport parameter setting for address 451verification probes. 452</p> 453 454<p> 455This feature is available in Postfix 2.1 and later. 456</p> 457 458%PARAM alias_database see "postconf -d" output 459 460<p> 461The alias databases for local(8) delivery that are updated with 462"<b>newaliases</b>" or with "<b>sendmail -bi</b>". 463</p> 464 465<p> 466This is a separate configuration parameter because not all the 467tables specified with $alias_maps have to be local files. 468</p> 469 470<p> 471Examples: 472</p> 473 474<pre> 475alias_database = hash:/etc/aliases 476alias_database = hash:/etc/mail/aliases 477</pre> 478 479%PARAM alias_maps see "postconf -d" output 480 481<p> 482The alias databases that are used for local(8) delivery. See 483aliases(5) for syntax details. 484</p> 485 486<p> 487The default list is system dependent. On systems with NIS, the 488default is to search the local alias database, then the NIS alias 489database. 490</p> 491 492<p> 493If you change the alias database, run "<b>postalias /etc/aliases</b>" 494(or wherever your system stores the mail alias file), or simply 495run "<b>newaliases</b>" to build the necessary DBM or DB file. 496</p> 497 498<p> 499The local(8) delivery agent disallows regular expression substitution 500of $1 etc. in alias_maps, because that would open a security hole. 501</p> 502 503<p> 504The local(8) delivery agent will silently ignore requests to use 505the proxymap(8) server within alias_maps. Instead it will open the 506table directly. Before Postfix version 2.2, the local(8) delivery 507agent will terminate with a fatal error. 508</p> 509 510<p> 511Examples: 512</p> 513 514<pre> 515alias_maps = hash:/etc/aliases, nis:mail.aliases 516alias_maps = hash:/etc/aliases 517</pre> 518 519%PARAM allow_mail_to_commands alias, forward 520 521<p> 522Restrict local(8) mail delivery to external commands. The default 523is to disallow delivery to "|command" in :include: files (see 524aliases(5) for the text that defines this terminology). 525</p> 526 527<p> 528Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 529in order to allow commands in aliases(5), .forward files or in 530:include: files, respectively. 531</p> 532 533<p> 534Example: 535</p> 536 537<pre> 538allow_mail_to_commands = alias,forward,include 539</pre> 540 541%PARAM allow_mail_to_files alias, forward 542 543<p> 544Restrict local(8) mail delivery to external files. The default is 545to disallow "/file/name" destinations in :include: files (see 546aliases(5) for the text that defines this terminology). 547</p> 548 549<p> 550Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 551in order to allow "/file/name" destinations in aliases(5), .forward 552files and in :include: files, respectively. 553</p> 554 555<p> 556Example: 557</p> 558 559<pre> 560allow_mail_to_files = alias,forward,include 561</pre> 562 563%PARAM allow_min_user no 564 565<p> 566Allow a sender or recipient address to have `-' as the first 567character. By 568default, this is not allowed, to avoid accidents with software that 569passes email addresses via the command line. Such software 570would not be able to distinguish a malicious address from a 571bona fide command-line option. Although this can be prevented by 572inserting a "--" option terminator into the command line, this is 573difficult to enforce consistently and globally. </p> 574 575<p> As of Postfix version 2.5, this feature is implemented by 576trivial-rewrite(8). With earlier versions this feature was implemented 577by qmgr(8) and was limited to recipient addresses only. </p> 578 579%PARAM allow_percent_hack yes 580 581<p> 582Enable the rewriting of the form "user%domain" to "user@domain". 583This is enabled by default. 584</p> 585 586<p> Note: with Postfix version 2.2, message header address rewriting 587happens only when one of the following conditions is true: </p> 588 589<ul> 590 591<li> The message is received with the Postfix sendmail(1) command, 592 593<li> The message is received from a network client that matches 594$local_header_rewrite_clients, 595 596<li> The message is received from the network, and the 597remote_header_rewrite_domain parameter specifies a non-empty value. 598 599</ul> 600 601<p> To get the behavior before Postfix version 2.2, specify 602"local_header_rewrite_clients = static:all". </p> 603 604<p> 605Example: 606</p> 607 608<pre> 609allow_percent_hack = no 610</pre> 611 612%PARAM allow_untrusted_routing no 613 614<p> 615Forward mail with sender-specified routing (user[@%!]remote[@%!]site) 616from untrusted clients to destinations matching $relay_domains. 617</p> 618 619<p> 620By default, this feature is turned off. This closes a nasty open 621relay loophole where a backup MX host can be tricked into forwarding 622junk mail to a primary MX host which then spams it out to the world. 623</p> 624 625<p> 626This parameter also controls if non-local addresses with sender-specified 627routing can match Postfix access tables. By default, such addresses 628cannot match Postfix access tables, because the address is ambiguous. 629</p> 630 631%PARAM always_bcc 632 633<p> 634Optional address that receives a "blind carbon copy" of each message 635that is received by the Postfix mail system. 636</p> 637 638<p> 639Note: if mail to the BCC address bounces it will be returned to 640the sender. 641</p> 642 643<p> Note: automatic BCC recipients are produced only for new mail. 644To avoid mailer loops, automatic BCC recipients are not generated 645for mail that Postfix forwards internally, nor for mail that Postfix 646generates itself. </p> 647 648%PARAM berkeley_db_create_buffer_size 16777216 649 650<p> 651The per-table I/O buffer size for programs that create Berkeley DB 652hash or btree tables. Specify a byte count. 653</p> 654 655<p> 656This feature is available in Postfix 2.0 and later. 657</p> 658 659%PARAM berkeley_db_read_buffer_size 131072 660 661<p> 662The per-table I/O buffer size for programs that read Berkeley DB 663hash or btree tables. Specify a byte count. 664</p> 665 666<p> 667This feature is available in Postfix 2.0 and later. 668</p> 669 670%PARAM best_mx_transport 671 672<p> 673Where the Postfix SMTP client should deliver mail when it detects 674a "mail loops back to myself" error condition. This happens when 675the local MTA is the best SMTP mail exchanger for a destination 676not listed in $mydestination, $inet_interfaces, $proxy_interfaces, 677$virtual_alias_domains, or $virtual_mailbox_domains. By default, 678the Postfix SMTP client returns such mail as undeliverable. 679</p> 680 681<p> 682Specify, for example, "best_mx_transport = local" to pass the mail 683from the Postfix SMTP client to the local(8) delivery agent. You 684can specify 685any message delivery "transport" or "transport:nexthop" that is 686defined in the master.cf file. See the transport(5) manual page 687for the syntax and meaning of "transport" or "transport:nexthop". 688</p> 689 690<p> 691However, this feature is expensive because it ties up a Postfix 692SMTP client process while the local(8) delivery agent is doing its 693work. It is more efficient (for Postfix) to list all hosted domains 694in a table or database. 695</p> 696 697%PARAM biff yes 698 699<p> 700Whether or not to use the local biff service. This service sends 701"new mail" notifications to users who have requested new mail 702notification with the UNIX command "biff y". 703</p> 704 705<p> 706For compatibility reasons this feature is on by default. On systems 707with lots of interactive users, the biff service can be a performance 708drain. Specify "biff = no" in main.cf to disable. 709</p> 710 711%PARAM body_checks 712 713<p> Optional lookup tables for content inspection as specified in 714the body_checks(5) manual page. </p> 715 716<p> Note: with Postfix versions before 2.0, these rules inspect 717all content after the primary message headers. </p> 718 719%PARAM body_checks_size_limit 51200 720 721<p> 722How much text in a message body segment (or attachment, if you 723prefer to use that term) is subjected to body_checks inspection. 724The amount of text is limited to avoid scanning huge attachments. 725</p> 726 727<p> 728This feature is available in Postfix 2.0 and later. 729</p> 730 731%PARAM bounce_queue_lifetime 5d 732 733<p> 734The maximal time a bounce message is queued before it is considered 735undeliverable. By default, this is the same as the queue life time 736for regular mail. 737</p> 738 739<p> 740Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 741The default time unit is d (days). 742</p> 743 744<p> 745Specify 0 when mail delivery should be tried only once. 746</p> 747 748<p> 749This feature is available in Postfix 2.1 and later. 750</p> 751 752%PARAM bounce_size_limit 50000 753 754<p> The maximal amount of original message text that is sent in a 755non-delivery notification. Specify a byte count. A message is 756returned as either message/rfc822 (the complete original) or as 757text/rfc822-headers (the headers only). With Postfix version 2.4 758and earlier, a message is always returned as message/rfc822 and is 759truncated when it exceeds the size limit. 760</p> 761 762<p> Notes: </p> 763 764<ul> 765 766<li> <p> If you increase this limit, then you should increase the 767mime_nesting_limit value proportionally. </p> 768 769<li> <p> Be careful when making changes. Excessively large values 770will result in the loss of non-delivery notifications, when a bounce 771message size exceeds a local or remote MTA's message size limit. 772</p> 773 774</ul> 775 776%PARAM canonical_maps 777 778<p> 779Optional address mapping lookup tables for message headers and 780envelopes. The mapping is applied to both sender and recipient 781addresses, in both envelopes and in headers, as controlled 782with the canonical_classes parameter. This is typically used 783to clean up dirty addresses from legacy mail systems, or to replace 784login names by Firstname.Lastname. The table format and lookups 785are documented in canonical(5). For an overview of Postfix address 786manipulations see the ADDRESS_REWRITING_README document. 787</p> 788 789<p> 790If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to 791build the necessary DBM or DB file after every change. The changes 792will become visible after a minute or so. Use "<b>postfix reload</b>" 793to eliminate the delay. 794</p> 795 796<p> Note: with Postfix version 2.2, message header address mapping 797happens only when message header address rewriting is enabled: </p> 798 799<ul> 800 801<li> The message is received with the Postfix sendmail(1) command, 802 803<li> The message is received from a network client that matches 804$local_header_rewrite_clients, 805 806<li> The message is received from the network, and the 807remote_header_rewrite_domain parameter specifies a non-empty value. 808 809</ul> 810 811<p> To get the behavior before Postfix version 2.2, specify 812"local_header_rewrite_clients = static:all". </p> 813 814<p> 815Examples: 816</p> 817 818<pre> 819canonical_maps = dbm:/etc/postfix/canonical 820canonical_maps = hash:/etc/postfix/canonical 821</pre> 822 823%PARAM canonical_classes envelope_sender, envelope_recipient, header_sender, header_recipient 824 825<p> What addresses are subject to canonical_maps address mapping. 826By default, canonical_maps address mapping is applied to envelope 827sender and recipient addresses, and to header sender and header 828recipient addresses. </p> 829 830<p> Specify one or more of: envelope_sender, envelope_recipient, 831header_sender, header_recipient </p> 832 833<p> This feature is available in Postfix 2.2 and later. </p> 834 835%PARAM sender_canonical_classes envelope_sender, header_sender 836 837<p> What addresses are subject to sender_canonical_maps address 838mapping. By default, sender_canonical_maps address mapping is 839applied to envelope sender addresses, and to header sender addresses. 840</p> 841 842<p> Specify one or more of: envelope_sender, header_sender </p> 843 844<p> This feature is available in Postfix 2.2 and later. </p> 845 846%PARAM recipient_canonical_classes envelope_recipient, header_recipient 847 848<p> What addresses are subject to recipient_canonical_maps address 849mapping. By default, recipient_canonical_maps address mapping is 850applied to envelope recipient addresses, and to header recipient 851addresses. </p> 852 853<p> Specify one or more of: envelope_recipient, header_recipient 854</p> 855 856<p> This feature is available in Postfix 2.2 and later. </p> 857 858%PARAM command_directory see "postconf -d" output 859 860<p> 861The location of all postfix administrative commands. 862</p> 863 864%PARAM command_time_limit 1000s 865 866<p> 867Time limit for delivery to external commands. This limit is used 868by the local(8) delivery agent, and is the default time limit for 869delivery by the pipe(8) delivery agent. 870</p> 871 872<p> 873Note: if you set this time limit to a large value you must update the 874global ipc_timeout parameter as well. 875</p> 876 877%PARAM daemon_directory see "postconf -d" output 878 879<p> 880The directory with Postfix support programs and daemon programs. 881These should not be invoked directly by humans. The directory must 882be owned by root. 883</p> 884 885%PARAM daemon_timeout 18000s 886 887<p> How much time a Postfix daemon process may take to handle a 888request before it is terminated by a built-in watchdog timer. </p> 889 890<p> 891Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 892The default time unit is s (seconds). 893</p> 894 895%PARAM debug_peer_level 2 896 897<p> The increment in verbose logging level when a remote client or 898server matches a pattern in the debug_peer_list parameter. </p> 899 900%PARAM debug_peer_list 901 902<p> Optional list of remote client or server hostname or network 903address patterns that cause the verbose logging level to increase 904by the amount specified in $debug_peer_level. </p> 905 906<p> Specify domain names, network/netmask patterns, "/file/name" 907patterns or "type:table" lookup tables. The right-hand side result 908from "type:table" lookups is ignored. </p> 909 910<p> Pattern matching of domain names is controlled by the 911parent_domain_matches_subdomains parameter. </p> 912 913<p> 914Examples: 915</p> 916 917<pre> 918debug_peer_list = 127.0.0.1 919debug_peer_list = example.com 920</pre> 921 922%PARAM default_database_type see "postconf -d" output 923 924<p> 925The default database type for use in newaliases(1), postalias(1) 926and postmap(1) commands. On many UNIX systems the default type is 927either <b>dbm</b> or <b>hash</b>. The default setting is frozen 928when the Postfix system is built. 929</p> 930 931<p> 932Examples: 933</p> 934 935<pre> 936default_database_type = hash 937default_database_type = dbm 938</pre> 939 940%PARAM default_delivery_slot_cost 5 941 942<p> 943How often the Postfix queue manager's scheduler is allowed to 944preempt delivery of one message with another. 945</p> 946 947<p> 948Each transport maintains a so-called "available delivery slot counter" 949for each message. One message can be preempted by another one when 950the other message can be delivered using no more delivery slots 951(i.e., invocations of delivery agents) than the current message 952counter has accumulated (or will eventually accumulate - see about 953slot loans below). This parameter controls how often is the counter 954incremented - it happens after each default_delivery_slot_cost 955recipients have been delivered. 956</p> 957 958<p> 959The cost of 0 is used to disable the preempting scheduling completely. 960The minimum value the scheduling algorithm can use is 2 - use it 961if you want to maximize the message throughput rate. Although there 962is no maximum, it doesn't make much sense to use values above say 96350. 964</p> 965 966<p> 967The only reason why the value of 2 is not the default is the way 968this parameter affects the delivery of mailing-list mail. In the 969worst case, their delivery can take somewhere between (cost+1/cost) 970and (cost/cost-1) times more than if the preemptive scheduler was 971disabled. The default value of 5 turns out to provide reasonable 972message response times while making sure the mailing-list deliveries 973are not extended by more than 20-25 percent even in the worst case. 974</p> 975 976<p> Use <i>transport</i>_delivery_slot_cost to specify a 977transport-specific override, where <i>transport</i> is the master.cf 978name of the message delivery transport. 979</p> 980 981<p> 982Examples: 983</p> 984 985<pre> 986default_delivery_slot_cost = 0 987default_delivery_slot_cost = 2 988</pre> 989 990%PARAM default_destination_concurrency_limit 20 991 992<p> 993The default maximal number of parallel deliveries to the same 994destination. This is the default limit for delivery via the lmtp(8), 995pipe(8), smtp(8) and virtual(8) delivery agents. 996With per-destination recipient limit > 1, a destination is a domain, 997otherwise it is a recipient. 998</p> 999 1000<p> Use <i>transport</i>_destination_concurrency_limit to specify a 1001transport-specific override, where <i>transport</i> is the master.cf 1002name of the message delivery transport. 1003</p> 1004 1005%PARAM default_destination_recipient_limit 50 1006 1007<p> 1008The default maximal number of recipients per message delivery. 1009This is the default limit for delivery via the lmtp(8), pipe(8), 1010smtp(8) and virtual(8) delivery agents. 1011</p> 1012 1013<p> Setting this parameter to a value of 1 changes the meaning of 1014the corresponding per-destination concurrency limit from concurrency 1015per domain into concurrency per recipient. </p> 1016 1017<p> Use <i>transport</i>_destination_recipient_limit to specify a 1018transport-specific override, where <i>transport</i> is the master.cf 1019name of the message delivery transport. 1020</p> 1021 1022%PARAM default_extra_recipient_limit 1000 1023 1024<p> 1025The default value for the extra per-transport limit imposed on the 1026number of in-memory recipients. This extra recipient space is 1027reserved for the cases when the Postfix queue manager's scheduler 1028preempts one message with another and suddenly needs some extra 1029recipients slots for the chosen message in order to avoid performance 1030degradation. 1031</p> 1032 1033<p> Use <i>transport</i>_extra_recipient_limit to specify a 1034transport-specific override, where <i>transport</i> is the master.cf 1035name of the message delivery transport. 1036</p> 1037 1038%PARAM default_minimum_delivery_slots 3 1039 1040<p> 1041How many recipients a message must have in order to invoke the 1042Postfix queue manager's scheduling algorithm at all. Messages 1043which would never accumulate at least this many delivery slots 1044(subject to slot cost parameter as well) are never preempted. 1045</p> 1046 1047<p> Use <i>transport</i>_minimum_delivery_slots to specify a 1048transport-specific override, where <i>transport</i> is the master.cf 1049name of the message delivery transport. 1050</p> 1051 1052%PARAM default_privs nobody 1053 1054<p> 1055The default rights used by the local(8) delivery agent for delivery 1056to external file or command. These rights are used when delivery 1057is requested from an aliases(5) file that is owned by <b>root</b>, or 1058when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A 1059PRIVILEGED USER OR THE POSTFIX OWNER</b>. 1060</p> 1061 1062%PARAM default_process_limit 100 1063 1064<p> 1065The default maximal number of Postfix child processes that provide 1066a given service. This limit can be overruled for specific services 1067in the master.cf file. 1068</p> 1069 1070%PARAM default_rbl_reply see "postconf -d" output 1071 1072<p> 1073The default SMTP server response template for a request that is 1074rejected by an RBL-based restriction. This template can be overruled 1075by specific entries in the optional rbl_reply_maps lookup table. 1076</p> 1077 1078<p> 1079This feature is available in Postfix 2.0 and later. 1080</p> 1081 1082<p> 1083The template is subject to exactly one level of $name substitution: 1084</p> 1085 1086<dl> 1087 1088<dt><b>$client</b></dt> 1089 1090<dd>The client hostname and IP address, formatted as name[address]. </dd> 1091 1092<dt><b>$client_address</b></dt> 1093 1094<dd>The client IP address. </dd> 1095 1096<dt><b>$client_name</b></dt> 1097 1098<dd>The client hostname or "unknown". See reject_unknown_client_hostname 1099for more details. </dd> 1100 1101<dt><b>$reverse_client_name</b></dt> 1102 1103<dd>The client hostname from address->name lookup, or "unknown". 1104See reject_unknown_reverse_client_hostname for more details. </dd> 1105 1106#<dt><b>$forward_client_name</b></dt> 1107# 1108#<dd>The client hostname from address->name lookup followed by 1109#name->address lookup, or "unknown". See 1110#reject_unknown_forward_client_hostname for more details. </dd> 1111 1112<dt><b>$helo_name</b></dt> 1113 1114<dd>The hostname given in HELO or EHLO command or empty string. </dd> 1115 1116<dt><b>$rbl_class</b></dt> 1117 1118<dd>The blacklisted entity type: Client host, Helo command, Sender 1119address, or Recipient address. </dd> 1120 1121<dt><b>$rbl_code</b></dt> 1122 1123<dd>The numerical SMTP response code, as specified with the 1124maps_rbl_reject_code configuration parameter. Note: The numerical 1125SMTP response code is required, and must appear at the start of the 1126reply. With Postfix version 2.3 and later this information may be followed 1127by an RFC 3463 enhanced status code. </dd> 1128 1129<dt><b>$rbl_domain</b></dt> 1130 1131<dd>The RBL domain where $rbl_what is blacklisted. </dd> 1132 1133<dt><b>$rbl_reason</b></dt> 1134 1135<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd> 1136 1137<dt><b>$rbl_what</b></dt> 1138 1139<dd>The entity that is blacklisted (an IP address, a hostname, a domain 1140name, or an email address whose domain was blacklisted). </dd> 1141 1142<dt><b>$recipient</b></dt> 1143 1144<dd>The recipient address or <> in case of the null address. </dd> 1145 1146<dt><b>$recipient_domain</b></dt> 1147 1148<dd>The recipient domain or empty string. </dd> 1149 1150<dt><b>$recipient_name</b></dt> 1151 1152<dd>The recipient address localpart or <> in case of null address. </dd> 1153 1154<dt><b>$sender</b></dt> 1155 1156<dd>The sender address or <> in case of the null address. </dd> 1157 1158<dt><b>$sender_domain</b></dt> 1159 1160<dd>The sender domain or empty string. </dd> 1161 1162<dt><b>$sender_name</b></dt> 1163 1164<dd>The sender address localpart or <> in case of the null address. </dd> 1165 1166<dt><b>${name?text}</b></dt> 1167 1168<dd>Expands to `text' if $name is not empty. </dd> 1169 1170<dt><b>${name:text}</b></dt> 1171 1172<dd>Expands to `text' if $name is empty. </dd> 1173 1174</dl> 1175 1176<p> 1177Instead of $name you can also specify ${name} or $(name). 1178</p> 1179 1180<p> Note: when an enhanced status code is specified in an RBL reply 1181template, it is subject to modification. The following transformations 1182are needed when the same RBL reply template is used for client, 1183helo, sender, or recipient access restrictions. </p> 1184 1185<ul> 1186 1187<li> <p> When rejecting a sender address, the Postfix SMTP server 1188will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the 1189corresponding sender DSN status, and vice versa. </p> 1190 1191<li> <p> When rejecting non-address information (such as the HELO 1192command argument or the client hostname/address), the Postfix SMTP 1193server will transform a sender or recipient DSN status into a generic 1194non-address DSN status (e.g., 4.0.0). </p> 1195 1196</ul> 1197 1198%PARAM smtpd_expansion_filter see "postconf -d" output 1199 1200<p> 1201The smtpd_expansion_filter configuration parameter controls what 1202characters may appear in $name expansions. 1203</p> 1204 1205%PARAM default_recipient_limit 20000 1206 1207<p> 1208The default per-transport upper limit on the number of in-memory 1209recipients. These limits take priority over the global 1210qmgr_message_recipient_limit after the message has been assigned 1211to the respective transports. See also default_extra_recipient_limit 1212and qmgr_message_recipient_minimum. 1213</p> 1214 1215<p> Use <i>transport</i>_recipient_limit to specify a 1216transport-specific override, where <i>transport</i> is the master.cf 1217name of the message delivery transport. 1218</p> 1219 1220%PARAM default_recipient_refill_limit 100 1221 1222<p> 1223The default per-transport limit on the number of recipients refilled at 1224once. When not all message recipients fit into the memory at once, keep 1225loading more of them in batches of at least this many at a time. See also 1226$default_recipient_refill_delay, which may result in recipient batches 1227lower than this when this limit is too high for too slow deliveries. 1228</p> 1229 1230<p> Use <i>transport</i>_recipient_refill_limit to specify a 1231transport-specific override, where <i>transport</i> is the master.cf 1232name of the message delivery transport. 1233</p> 1234 1235<p> This feature is available in Postfix 2.4 and later. </p> 1236 1237%PARAM default_recipient_refill_delay 5s 1238 1239<p> 1240The default per-transport maximum delay between recipients refills. 1241When not all message recipients fit into the memory at once, keep loading 1242more of them at least once every this many seconds. This is used to 1243make sure the recipients are refilled in timely manner even when 1244$default_recipient_refill_limit is too high for too slow deliveries. 1245</p> 1246 1247<p> Use <i>transport</i>_recipient_refill_delay to specify a 1248transport-specific override, where <i>transport</i> is the master.cf 1249name of the message delivery transport. 1250</p> 1251 1252<p> This feature is available in Postfix 2.4 and later. </p> 1253 1254%PARAM default_transport smtp 1255 1256<p> 1257The default mail delivery transport and next-hop destination for 1258destinations that do not match $mydestination, $inet_interfaces, 1259$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, 1260or $relay_domains. This information can be overruled with the 1261sender_dependent_default_transport_maps parameter and with the 1262transport(5) table. </p> 1263 1264<p> 1265In order of decreasing precedence, the nexthop destination is taken 1266from $sender_dependent_default_transport_maps, $default_transport, 1267$sender_dependent_relayhost_maps, $relayhost, or from the recipient 1268domain. 1269</p> 1270 1271<p> 1272Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 1273is the name of a mail delivery transport defined in master.cf. 1274The <i>:nexthop</i> destination is optional; its syntax is documented 1275in the manual page of the corresponding delivery agent. 1276</p> 1277 1278<p> 1279Example: 1280</p> 1281 1282<pre> 1283default_transport = uucp:relayhostname 1284</pre> 1285 1286%PARAM defer_code 450 1287 1288<p> 1289The numerical Postfix SMTP server response code when a remote SMTP 1290client request is rejected by the "defer" restriction. 1291</p> 1292 1293<p> 1294Do not change this unless you have a complete understanding of RFC 2821. 1295</p> 1296 1297%PARAM defer_transports 1298 1299<p> 1300The names of message delivery transports that should not deliver mail 1301unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero 1302or more names of mail delivery transports names that appear in the 1303first field of master.cf. 1304</p> 1305 1306<p> 1307Example: 1308</p> 1309 1310<pre> 1311defer_transports = smtp 1312</pre> 1313 1314%PARAM deliver_lock_attempts 20 1315 1316<p> 1317The maximal number of attempts to acquire an exclusive lock on a 1318mailbox file or bounce(8) logfile. 1319</p> 1320 1321%PARAM deliver_lock_delay 1s 1322 1323<p> 1324The time between attempts to acquire an exclusive lock on a mailbox 1325file or bounce(8) logfile. 1326</p> 1327 1328<p> 1329Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1330The default time unit is s (seconds). 1331</p> 1332 1333%PARAM disable_vrfy_command no 1334 1335<p> 1336Disable the SMTP VRFY command. This stops some techniques used to 1337harvest email addresses. 1338</p> 1339 1340<p> 1341Example: 1342</p> 1343 1344<pre> 1345disable_vrfy_command = no 1346</pre> 1347 1348%PARAM double_bounce_sender double-bounce 1349 1350<p> The sender address of postmaster notifications that are generated 1351by the mail system. All mail to this address is silently discarded, 1352in order to terminate mail bounce loops. </p> 1353 1354%PARAM duplicate_filter_limit 1000 1355 1356<p> The maximal number of addresses remembered by the address 1357duplicate filter for aliases(5) or virtual(5) alias expansion, or 1358for showq(8) queue displays. </p> 1359 1360%PARAM enable_original_recipient yes 1361 1362<p> Enable support for the X-Original-To message header. This header 1363is needed for multi-recipient mailboxes. </p> 1364 1365<p> When this parameter is set to yes, the cleanup(8) daemon performs 1366duplicate elimination on distinct pairs of (original recipient, 1367rewritten recipient), and generates non-empty original recipient 1368queue file records. </p> 1369 1370<p> When this parameter is set to no, the cleanup(8) daemon performs 1371duplicate elimination on the rewritten recipient address only, and 1372generates empty original recipient queue file records. </p> 1373 1374<p> This feature is available in Postfix 2.1 and later. With Postfix 1375version 2.0, support for the X-Original-To message header is always turned 1376on. Postfix versions before 2.0 have no support for the X-Original-To 1377message header. </p> 1378 1379%PARAM export_environment see "postconf -d" output 1380 1381<p> 1382The list of environment variables that a Postfix process will export 1383to non-Postfix processes. The TZ variable is needed for sane 1384time keeping on System-V-ish systems. 1385</p> 1386 1387<p> 1388Specify a list of names and/or name=value pairs, separated by 1389whitespace or comma. The name=value form is supported with 1390Postfix version 2.1 and later. 1391</p> 1392 1393<p> 1394Example: 1395</p> 1396 1397<pre> 1398export_environment = TZ PATH=/bin:/usr/bin 1399</pre> 1400 1401%PARAM smtp_fallback_relay $fallback_relay 1402 1403<p> 1404Optional list of relay hosts for SMTP destinations that can't be 1405found or that are unreachable. With Postfix 2.2 and earlier this 1406parameter is called fallback_relay. </p> 1407 1408<p> 1409By default, mail is returned to the sender when a destination is 1410not found, and delivery is deferred when a destination is unreachable. 1411</p> 1412 1413<p> The fallback relays must be SMTP destinations. Specify a domain, 1414host, host:port, [host]:port, [address] or [address]:port; the form 1415[host] turns off MX lookups. If you specify multiple SMTP 1416destinations, Postfix will try them in the specified order. </p> 1417 1418<p> To prevent mailer loops between MX hosts and fall-back hosts, 1419Postfix version 2.2 and later will not use the fallback relays for 1420destinations that it is MX host for (assuming DNS lookup is turned on). 1421</p> 1422 1423%PARAM fallback_relay 1424 1425<p> 1426Optional list of relay hosts for SMTP destinations that can't be 1427found or that are unreachable. With Postfix 2.3 this parameter 1428is renamed to smtp_fallback_relay. </p> 1429 1430<p> 1431By default, mail is returned to the sender when a destination is 1432not found, and delivery is deferred when a destination is unreachable. 1433</p> 1434 1435<p> The fallback relays must be SMTP destinations. Specify a domain, 1436host, host:port, [host]:port, [address] or [address]:port; the form 1437[host] turns off MX lookups. If you specify multiple SMTP 1438destinations, Postfix will try them in the specified order. </p> 1439 1440<p> Note: before Postfix 2.2, do not use the fallback_relay feature 1441when relaying mail 1442for a backup or primary MX domain. Mail would loop between the 1443Postfix MX host and the fallback_relay host when the final destination 1444is unavailable. </p> 1445 1446<ul> 1447 1448<li> In main.cf specify "relay_transport = relay", 1449 1450<li> In master.cf specify "-o fallback_relay =" (i.e., empty) at 1451the end of the <tt>relay</tt> entry. 1452 1453<li> In transport maps, specify "relay:<i>nexthop...</i>" 1454as the right-hand side for backup or primary MX domain entries. 1455 1456</ul> 1457 1458<p> Postfix version 2.2 and later will not use the fallback_relay feature 1459for destinations that it is MX host for. 1460</p> 1461 1462%PARAM fast_flush_domains $relay_domains 1463 1464<p> 1465Optional list of destinations that are eligible for per-destination 1466logfiles with mail that is queued to those destinations. 1467</p> 1468 1469<p> 1470By default, Postfix maintains "fast flush" logfiles only for 1471destinations that the Postfix SMTP server is willing to relay to 1472(i.e. the default is: "fast_flush_domains = $relay_domains"; see 1473the relay_domains parameter in the postconf(5) manual). 1474</p> 1475 1476<p> Specify a list of hosts or domains, "/file/name" patterns or 1477"type:table" lookup tables, separated by commas and/or whitespace. 1478Continue long lines by starting the next line with whitespace. A 1479"/file/name" pattern is replaced by its contents; a "type:table" 1480lookup table is matched when the domain or its parent domain appears 1481as lookup key. </p> 1482 1483<p> 1484Specify "fast_flush_domains =" (i.e., empty) to disable the feature 1485altogether. 1486</p> 1487 1488%PARAM fast_flush_purge_time 7d 1489 1490<p> 1491The time after which an empty per-destination "fast flush" logfile 1492is deleted. 1493</p> 1494 1495<p> 1496You can specify the time as a number, or as a number followed by 1497a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 1498d=days, w=weeks. The default time unit is days. 1499</p> 1500 1501%PARAM fast_flush_refresh_time 12h 1502 1503<p> 1504The time after which a non-empty but unread per-destination "fast 1505flush" logfile needs to be refreshed. The contents of a logfile 1506are refreshed by requesting delivery of all messages listed in the 1507logfile. 1508</p> 1509 1510<p> 1511You can specify the time as a number, or as a number followed by 1512a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 1513d=days, w=weeks. The default time unit is hours. 1514</p> 1515 1516%PARAM fork_attempts 5 1517 1518<p> The maximal number of attempts to fork() a child process. </p> 1519 1520%PARAM fork_delay 1s 1521 1522<p> The delay between attempts to fork() a child process. </p> 1523 1524<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 1525(weeks). The default time unit is s (seconds). </p> 1526 1527%PARAM execution_directory_expansion_filter see "postconf -d" output 1528 1529<p> Restrict the characters that the local(8) delivery agent allows 1530in $name expansions of $command_execution_directory. Characters 1531outside the allowed set are replaced by underscores. </p> 1532 1533<p> This feature is available in Postfix 2.2 and later. </p> 1534 1535%PARAM command_execution_directory 1536 1537<p> The local(8) delivery agent working directory for delivery to 1538external command. Failure to change directory causes the delivery 1539to be deferred. </p> 1540 1541<p> The following $name expansions are done on command_execution_directory 1542before the directory is changed. Expansion happens in the context 1543of the delivery request. The result of $name expansion is filtered 1544with the character set that is specified with the 1545execution_directory_expansion_filter parameter. </p> 1546 1547<dl> 1548 1549<dt><b>$user</b></dt> 1550 1551<dd>The recipient's username. </dd> 1552 1553<dt><b>$shell</b></dt> 1554 1555<dd>The recipient's login shell pathname. </dd> 1556 1557<dt><b>$home</b></dt> 1558 1559<dd>The recipient's home directory. </dd> 1560 1561<dt><b>$recipient</b></dt> 1562 1563<dd>The full recipient address. </dd> 1564 1565<dt><b>$extension</b></dt> 1566 1567<dd>The optional recipient address extension. </dd> 1568 1569<dt><b>$domain</b></dt> 1570 1571<dd>The recipient domain. </dd> 1572 1573<dt><b>$local</b></dt> 1574 1575<dd>The entire recipient localpart. </dd> 1576 1577<dt><b>$recipient_delimiter</b></dt> 1578 1579<dd>The system-wide recipient address extension delimiter. </dd> 1580 1581<dt><b>${name?value}</b></dt> 1582 1583<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1584 1585<dt><b>${name:value}</b></dt> 1586 1587<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1588 1589</dl> 1590 1591<p> 1592Instead of $name you can also specify ${name} or $(name). 1593</p> 1594 1595<p> This feature is available in Postfix 2.2 and later. </p> 1596 1597%PARAM forward_path see "postconf -d" output 1598 1599<p> The local(8) delivery agent search list for finding a .forward 1600file with user-specified delivery methods. The first file that is 1601found is used. </p> 1602 1603<p> The following $name expansions are done on forward_path before 1604the search actually happens. The result of $name expansion is 1605filtered with the character set that is specified with the 1606forward_expansion_filter parameter. </p> 1607 1608<dl> 1609 1610<dt><b>$user</b></dt> 1611 1612<dd>The recipient's username. </dd> 1613 1614<dt><b>$shell</b></dt> 1615 1616<dd>The recipient's login shell pathname. </dd> 1617 1618<dt><b>$home</b></dt> 1619 1620<dd>The recipient's home directory. </dd> 1621 1622<dt><b>$recipient</b></dt> 1623 1624<dd>The full recipient address. </dd> 1625 1626<dt><b>$extension</b></dt> 1627 1628<dd>The optional recipient address extension. </dd> 1629 1630<dt><b>$domain</b></dt> 1631 1632<dd>The recipient domain. </dd> 1633 1634<dt><b>$local</b></dt> 1635 1636<dd>The entire recipient localpart. </dd> 1637 1638<dt><b>$recipient_delimiter</b></dt> 1639 1640<dd>The system-wide recipient address extension delimiter. </dd> 1641 1642<dt><b>${name?value}</b></dt> 1643 1644<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1645 1646<dt><b>${name:value}</b></dt> 1647 1648<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1649 1650</dl> 1651 1652<p> 1653Instead of $name you can also specify ${name} or $(name). 1654</p> 1655 1656<p> 1657Examples: 1658</p> 1659 1660<pre> 1661forward_path = /var/forward/$user 1662forward_path = 1663 /var/forward/$user/.forward$recipient_delimiter$extension, 1664 /var/forward/$user/.forward 1665</pre> 1666 1667%CLASS queue-hashing Queue directory hashing 1668 1669<p> 1670Queue directory hashing is a performance feature. Splitting one 1671queue directory across multiple subdirectory levels can speed up 1672file access by reducing the number of files per directory. 1673</p> 1674 1675<p> 1676Unfortunately, deeply hashing the incoming or deferred queue can 1677actually slow down the mail system (with a depth of 2, mailq with 1678an empty queue can take several seconds). 1679</p> 1680 1681<p> 1682Hashing must NOT be used with a world-writable maildrop directory. 1683Hashing MUST be used for the defer logfile directory, to avoid poor 1684performance when handling lots of deferred mail. 1685</p> 1686 1687%PARAM hash_queue_depth 1 1688 1689<p> 1690The number of subdirectory levels for queue directories listed with 1691the hash_queue_names parameter. 1692</p> 1693 1694<p> 1695After changing the hash_queue_names or hash_queue_depth parameter, 1696execute the command "<b>postfix reload</b>". 1697</p> 1698 1699%PARAM hash_queue_names deferred, defer 1700 1701<p> 1702The names of queue directories that are split across multiple 1703subdirectory levels. 1704</p> 1705 1706<p> Before Postfix version 2.2, the default list of hashed queues 1707was significantly larger. Claims about improvements in file system 1708technology suggest that hashing of the incoming and active queues 1709is no longer needed. Fewer hashed directories speed up the time 1710needed to restart Postfix. </p> 1711 1712<p> 1713After changing the hash_queue_names or hash_queue_depth parameter, 1714execute the command "<b>postfix reload</b>". 1715</p> 1716 1717%CLASS headerbody-checks Content inspection built-in features 1718 1719<p> 1720The Postfix cleanup(8) server has a limited ability to inspect 1721message headers and body content for signs of trouble. This is not 1722meant to be a substitute for content filters that do complex 1723processing such attachment decoding and unzipping. 1724</p> 1725 1726%PARAM header_checks 1727 1728<p> 1729Optional lookup tables for content inspection of primary non-MIME 1730message headers, as specified in the header_checks(5) manual page. 1731</p> 1732 1733%PARAM header_size_limit 102400 1734 1735<p> 1736The maximal amount of memory in bytes for storing a message header. 1737If a header is larger, the excess is discarded. The limit is 1738enforced by the cleanup(8) server. 1739</p> 1740 1741%PARAM home_mailbox 1742 1743<p> 1744Optional pathname of a mailbox file relative to a local(8) user's 1745home directory. 1746</p> 1747 1748<p> 1749Specify a pathname ending in "/" for qmail-style delivery. 1750</p> 1751 1752<p> The precedence of local(8) delivery features from high to low 1753is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 1754mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 1755fallback_transport_maps, fallback_transport and luser_relay. </p> 1756 1757<p> 1758Examples: 1759</p> 1760 1761<pre> 1762home_mailbox = Mailbox 1763home_mailbox = Maildir/ 1764</pre> 1765 1766%PARAM hopcount_limit 50 1767 1768<p> 1769The maximal number of Received: message headers that is allowed 1770in the primary message headers. A message that exceeds the limit 1771is bounced, in order to stop a mailer loop. 1772</p> 1773 1774%PARAM ignore_mx_lookup_error no 1775 1776<p> Ignore DNS MX lookups that produce no response. By default, 1777the Postfix SMTP client defers delivery and tries again after some 1778delay. This behavior is required by the SMTP standard. </p> 1779 1780<p> 1781Specify "ignore_mx_lookup_error = yes" to force a DNS A record 1782lookup instead. This violates the SMTP standard and can result in 1783mis-delivery of mail. 1784</p> 1785 1786%PARAM import_environment see "postconf -d" output 1787 1788<p> 1789The list of environment parameters that a Postfix process will 1790import from a non-Postfix parent process. Examples of relevant 1791parameters: 1792</p> 1793 1794<dl> 1795 1796<dt><b>TZ</b></dt> 1797 1798<dd>Needed for sane time keeping on most System-V-ish systems. </dd> 1799 1800<dt><b>DISPLAY</b></dt> 1801 1802<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 1803 1804<dt><b>XAUTHORITY</b></dt> 1805 1806<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 1807 1808<dt><b>MAIL_CONFIG</b></dt> 1809 1810<dd>Needed to make "<b>postfix -c</b>" work. </dd> 1811 1812</dl> 1813 1814<p> Specify a list of names and/or name=value pairs, separated by 1815whitespace or comma. The name=value form is supported with 1816Postfix version 2.1 and later. </p> 1817 1818%PARAM in_flow_delay 1s 1819 1820<p> Time to pause before accepting a new message, when the message 1821arrival rate exceeds the message delivery rate. This feature is 1822turned on by default (it's disabled on SCO UNIX due to an SCO bug). 1823</p> 1824 1825<p> 1826With the default 100 SMTP server process limit, "in_flow_delay 1827= 1s" limits the mail inflow to 100 messages per second above the 1828number of messages delivered per second. 1829</p> 1830 1831<p> 1832Specify 0 to disable the feature. Valid delays are 0..10. 1833</p> 1834 1835%PARAM inet_interfaces all 1836 1837<p> The network interface addresses that this mail system receives 1838mail on. Specify "all" to receive mail on all network 1839interfaces (default), and "loopback-only" to receive mail 1840on loopback network interfaces only (Postfix version 2.2 and later). The 1841parameter also controls delivery of mail to <tt>user@[ip.address]</tt>. 1842</p> 1843 1844<p> 1845Note 1: you need to stop and start Postfix when this parameter changes. 1846</p> 1847 1848<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 1849but this form is not required here. </p> 1850 1851<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address 1852that is not a loopback address, the Postfix SMTP client will use 1853this address as the IP source address for outbound mail. Support 1854for IPv6 is available in Postfix version 2.2 and later. </p> 1855 1856<p> 1857On a multi-homed firewall with separate Postfix instances listening on the 1858"inside" and "outside" interfaces, this can prevent each instance from 1859being able to reach servers on the "other side" of the firewall. Setting 1860smtp_bind_address to 0.0.0.0 avoids the potential problem for 1861IPv4, and setting smtp_bind_address6 to :: solves the problem 1862for IPv6. </p> 1863 1864<p> 1865A better solution for multi-homed firewalls is to leave inet_interfaces 1866at the default value and instead use explicit IP addresses in 1867the master.cf SMTP server definitions. This preserves the Postfix 1868SMTP client's 1869loop detection, by ensuring that each side of the firewall knows that the 1870other IP address is still the same host. Setting $inet_interfaces to a 1871single IPv4 and/or IPV6 address is primarily useful with virtual 1872hosting of domains on 1873secondary IP addresses, when each IP address serves a different domain 1874(and has a different $myhostname setting). </p> 1875 1876<p> 1877See also the proxy_interfaces parameter, for network addresses that 1878are forwarded to Postfix by way of a proxy or address translator. 1879</p> 1880 1881<p> 1882Examples: 1883</p> 1884 1885<pre> 1886inet_interfaces = all (DEFAULT) 1887inet_interfaces = loopback-only (Postfix version 2.2 and later) 1888inet_interfaces = 127.0.0.1 1889inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) 1890inet_interfaces = 192.168.1.2, 127.0.0.1 1891</pre> 1892 1893%PARAM inet_protocols ipv4 1894 1895<p> The Internet protocols Postfix will attempt to use when making 1896or accepting connections. Specify one or more of "ipv4" 1897or "ipv6", separated by whitespace or commas. The form 1898"all" is equivalent to "ipv4, ipv6" or "ipv4", depending 1899on whether the operating system implements IPv6. </p> 1900 1901<p> This feature is available in Postfix 2.2 and later. </p> 1902 1903<p> Note: you MUST stop and start Postfix after changing this 1904parameter. </p> 1905 1906<p> On systems that pre-date IPV6_V6ONLY support (RFC 3493), an 1907IPv6 server will also accept IPv4 connections, even when IPv4 is 1908turned off with the inet_protocols parameter. On systems with 1909IPV6_V6ONLY support, Postfix will use separate server sockets for 1910IPv6 and IPv4, and each will accept only connections for the 1911corresponding protocol. </p> 1912 1913<p> When IPv4 support is enabled via the inet_protocols parameter, 1914Postfix will to DNS type A record lookups, and will convert 1915IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original 1916IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date 1917IPV6_V6ONLY support (RFC 3493). </p> 1918 1919<p> When IPv6 support is enabled via the inet_protocols parameter, 1920Postfix will do DNS type AAAA record lookups. </p> 1921 1922<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP 1923client will attempt to connect via IPv6 before attempting to use 1924IPv4. </p> 1925 1926<p> 1927Examples: 1928</p> 1929 1930<pre> 1931inet_protocols = ipv4 (DEFAULT) 1932inet_protocols = all 1933inet_protocols = ipv6 1934inet_protocols = ipv4, ipv6 1935</pre> 1936 1937%PARAM initial_destination_concurrency 5 1938 1939<p> 1940The initial per-destination concurrency level for parallel delivery 1941to the same destination. 1942With per-destination recipient limit > 1, a destination is a domain, 1943otherwise it is a recipient. 1944</p> 1945 1946<p> Use <i>transport</i>_initial_destination_concurrency to specify 1947a transport-specific override, where <i>transport</i> is the master.cf 1948name of the message delivery transport (Postfix 2.5 and later). </p> 1949 1950<p> 1951Warning: with concurrency of 1, one bad message can be enough to 1952block all mail to a site. 1953</p> 1954 1955%PARAM invalid_hostname_reject_code 501 1956 1957<p> 1958The numerical Postfix SMTP server response code when the client 1959HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname 1960restriction. 1961</p> 1962 1963<p> 1964Do not change this unless you have a complete understanding of RFC 2821. 1965</p> 1966 1967%PARAM ipc_idle version dependent 1968 1969<p> 1970The time after which a client closes an idle internal communication 1971channel. The purpose is to allow servers to terminate voluntarily 1972after they become idle. This is used, for example, by the address 1973resolving and rewriting clients. 1974</p> 1975 1976<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p> 1977 1978<p> 1979Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1980The default time unit is s (seconds). 1981</p> 1982 1983%PARAM ipc_timeout 3600s 1984 1985<p> 1986The time limit for sending or receiving information over an internal 1987communication channel. The purpose is to break out of deadlock 1988situations. If the time limit is exceeded the software aborts with a 1989fatal error. 1990</p> 1991 1992<p> 1993Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1994The default time unit is s (seconds). 1995</p> 1996 1997%PARAM ipc_ttl 1000s 1998 1999<p> 2000The time after which a client closes an active internal communication 2001channel. The purpose is to allow servers to terminate voluntarily 2002after reaching their client limit. This is used, for example, by 2003the address resolving and rewriting clients. 2004</p> 2005 2006<p> 2007Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2008The default time unit is s (seconds). 2009</p> 2010 2011<p> 2012This feature is available in Postfix 2.1 and later. 2013</p> 2014 2015%PARAM line_length_limit 2048 2016 2017<p> Upon input, long lines are chopped up into pieces of at most 2018this length; upon delivery, long lines are reconstructed. </p> 2019 2020%PARAM lmtp_connect_timeout 0s 2021 2022<p> The LMTP client time limit for completing a TCP connection, or 2023zero (use the operating system built-in time limit). When no 2024connection can be made within the deadline, the LMTP client tries 2025the next address on the mail exchanger list. </p> 2026 2027<p> 2028Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2029The default time unit is s (seconds). 2030</p> 2031 2032<p> 2033Example: 2034</p> 2035 2036<pre> 2037lmtp_connect_timeout = 30s 2038</pre> 2039 2040%PARAM lmtp_data_done_timeout 600s 2041 2042<p> The LMTP client time limit for sending the LMTP ".", and for 2043receiving the server response. When no response is received within 2044the deadline, a warning is logged that the mail may be delivered 2045multiple times. </p> 2046 2047<p> 2048Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2049The default time unit is s (seconds). 2050</p> 2051 2052%PARAM lmtp_data_init_timeout 120s 2053 2054<p> 2055The LMTP client time limit for sending the LMTP DATA command, and 2056for receiving the server response. 2057</p> 2058 2059<p> 2060Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2061The default time unit is s (seconds). 2062</p> 2063 2064%PARAM lmtp_data_xfer_timeout 180s 2065 2066<p> 2067The LMTP client time limit for sending the LMTP message content. 2068When the connection stalls for more than $lmtp_data_xfer_timeout 2069the LMTP client terminates the transfer. 2070</p> 2071 2072<p> 2073Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2074The default time unit is s (seconds). 2075</p> 2076 2077%PARAM lmtp_lhlo_timeout 300s 2078 2079<p> The LMTP client time limit for receiving the LMTP greeting 2080banner. When the server drops the connection without sending a 2081greeting banner, or when it sends no greeting banner within the 2082deadline, the LMTP client tries the next address on the mail 2083exchanger list. </p> 2084 2085<p> 2086Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2087The default time unit is s (seconds). 2088</p> 2089 2090%PARAM lmtp_mail_timeout 300s 2091 2092<p> 2093The LMTP client time limit for sending the MAIL FROM command, and 2094for receiving the server response. 2095</p> 2096 2097<p> 2098Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2099The default time unit is s (seconds). 2100</p> 2101 2102%PARAM lmtp_quit_timeout 300s 2103 2104<p> 2105The LMTP client time limit for sending the QUIT command, and for 2106receiving the server response. 2107</p> 2108 2109<p> 2110Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2111The default time unit is s (seconds). 2112</p> 2113 2114%PARAM lmtp_rcpt_timeout 300s 2115 2116<p> 2117The LMTP client time limit for sending the RCPT TO command, and 2118for receiving the server response. 2119</p> 2120 2121<p> 2122Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2123The default time unit is s (seconds). 2124</p> 2125 2126%PARAM lmtp_rset_timeout 20s 2127 2128<p> The LMTP client time limit for sending the RSET command, and 2129for receiving the server response. The LMTP client sends RSET in 2130order to finish a recipient address probe, or to verify that a 2131cached connection is still alive. </p> 2132 2133<p> 2134Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2135The default time unit is s (seconds). 2136</p> 2137 2138%PARAM lmtp_send_xforward_command no 2139 2140<p> 2141Send an XFORWARD command to the LMTP server when the LMTP LHLO 2142server response announces XFORWARD support. This allows an lmtp(8) 2143delivery agent, used for content filter message injection, to 2144forward the name, address, protocol and HELO name of the original 2145client to the content filter and downstream queuing LMTP server. 2146Before you change the value to yes, it is best to make sure that 2147your content filter supports this command. 2148</p> 2149 2150<p> 2151This feature is available in Postfix 2.1 and later. 2152</p> 2153 2154%PARAM lmtp_skip_quit_response no 2155 2156<p> 2157Wait for the response to the LMTP QUIT command. 2158</p> 2159 2160%PARAM lmtp_xforward_timeout 300s 2161 2162<p> 2163The LMTP client time limit for sending the XFORWARD command, and 2164for receiving the server response. 2165</p> 2166 2167<p> 2168In case of problems the client does NOT try the next address on 2169the mail exchanger list. 2170</p> 2171 2172<p> 2173Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2174The default time unit is s (seconds). 2175</p> 2176 2177<p> 2178This feature is available in Postfix 2.1 and later. 2179</p> 2180 2181%PARAM local_command_shell 2182 2183<p> 2184Optional shell program for local(8) delivery to non-Postfix command. 2185By default, non-Postfix commands are executed directly; commands 2186are given to given to /bin/sh only when they contain shell meta 2187characters or shell built-in commands. </p> 2188 2189<p> "sendmail's restricted shell" (smrsh) is what most people will 2190use in order to restrict what programs can be run from e.g. .forward 2191files (smrsh is part of the Sendmail distribution). </p> 2192 2193<p> Note: when a shell program is specified, it is invoked even 2194when the command contains no shell built-in commands or meta 2195characters. </p> 2196 2197<p> 2198Example: 2199</p> 2200 2201<pre> 2202local_command_shell = /some/where/smrsh -c 2203</pre> 2204 2205%PARAM local_destination_concurrency_limit 2 2206 2207<p> The maximal number of parallel deliveries via the local mail 2208delivery transport to the same recipient (when 2209"local_destination_recipient_limit = 1") or the maximal number of 2210parallel deliveries to the same local domain (when 2211"local_destination_recipient_limit > 1"). This limit is enforced by 2212the queue manager. The message delivery transport name is the first 2213field in the entry in the master.cf file. </p> 2214 2215<p> A low limit of 2 is recommended, just in case someone has an 2216expensive shell command in a .forward file or in an alias (e.g., 2217a mailing list manager). You don't want to run lots of those at 2218the same time. </p> 2219 2220%PARAM local_destination_recipient_limit 1 2221 2222<p> The maximal number of recipients per message delivery via the 2223local mail delivery transport. This limit is enforced by the queue 2224manager. The message delivery transport name is the first field in 2225the entry in the master.cf file. </p> 2226 2227<p> Setting this parameter to a value > 1 changes the meaning of 2228local_destination_concurrency_limit from concurrency per recipient 2229into concurrency per domain. </p> 2230 2231%PARAM local_recipient_maps proxy:unix:passwd.byname $alias_maps 2232 2233<p> Lookup tables with all names or addresses of local recipients: 2234a recipient address is local when its domain matches $mydestination, 2235$inet_interfaces or $proxy_interfaces. Specify @domain as a 2236wild-card for domains that do not have a valid recipient list. 2237Technically, tables listed with $local_recipient_maps are used as 2238lists: Postfix needs to know only if a lookup string is found or 2239not, but it does not use the result from table lookup. </p> 2240 2241<p> 2242If this parameter is non-empty (the default), then the Postfix SMTP 2243server will reject mail for unknown local users. 2244</p> 2245 2246<p> 2247To turn off local recipient checking in the Postfix SMTP server, 2248specify "local_recipient_maps =" (i.e. empty). 2249</p> 2250 2251<p> 2252The default setting assumes that you use the default Postfix local 2253delivery agent for local delivery. You need to update the 2254local_recipient_maps setting if: 2255</p> 2256 2257<ul> 2258 2259<li>You redefine the local delivery agent in master.cf. 2260 2261<li>You redefine the "local_transport" setting in main.cf. 2262 2263<li>You use the "luser_relay", "mailbox_transport", or "fallback_transport" 2264feature of the Postfix local(8) delivery agent. 2265 2266</ul> 2267 2268<p> 2269Details are described in the LOCAL_RECIPIENT_README file. 2270</p> 2271 2272<p> 2273Beware: if the Postfix SMTP server runs chrooted, you need to access 2274the passwd file via the proxymap(8) service, in order to overcome 2275chroot access restrictions. The alternative, maintaining a copy of 2276the system password file in the chroot jail is not practical. 2277</p> 2278 2279<p> 2280Examples: 2281</p> 2282 2283<pre> 2284local_recipient_maps = 2285</pre> 2286 2287%PARAM local_transport local:$myhostname 2288 2289<p> The default mail delivery transport and next-hop destination 2290for final delivery to domains listed with mydestination, and for 2291[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. 2292This information can be overruled with the transport(5) table. </p> 2293 2294<p> 2295By default, local mail is delivered to the transport called "local", 2296which is just the name of a service that is defined the master.cf file. 2297</p> 2298 2299<p> 2300Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 2301is the name of a mail delivery transport defined in master.cf. 2302The <i>:nexthop</i> destination is optional; its syntax is documented 2303in the manual page of the corresponding delivery agent. 2304</p> 2305 2306<p> 2307Beware: if you override the default local delivery agent then you 2308need to review the LOCAL_RECIPIENT_README document, otherwise the 2309SMTP server may reject mail for local recipients. 2310</p> 2311 2312%PARAM luser_relay 2313 2314<p> 2315Optional catch-all destination for unknown local(8) recipients. 2316By default, mail for unknown recipients in domains that match 2317$mydestination, $inet_interfaces or $proxy_interfaces is returned 2318as undeliverable. 2319</p> 2320 2321<p> 2322The following $name expansions are done on luser_relay: 2323</p> 2324 2325<dl> 2326 2327<dt><b>$domain</b></dt> 2328 2329<dd>The recipient domain. </dd> 2330 2331<dt><b>$extension</b></dt> 2332 2333<dd>The recipient address extension. </dd> 2334 2335<dt><b>$home</b></dt> 2336 2337<dd>The recipient's home directory. </dd> 2338 2339<dt><b>$local</b></dt> 2340 2341<dd>The entire recipient address localpart. </dd> 2342 2343<dt><b>$recipient</b></dt> 2344 2345<dd>The full recipient address. </dd> 2346 2347<dt><b>$recipient_delimiter</b></dt> 2348 2349<dd>The system-wide recipient address extension delimiter. </dd> 2350 2351<dt><b>$shell</b></dt> 2352 2353<dd>The recipient's login shell. </dd> 2354 2355<dt><b>$user</b></dt> 2356 2357<dd>The recipient username. </dd> 2358 2359<dt><b>${name?value}</b></dt> 2360 2361<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd> 2362 2363<dt><b>${name:value}</b></dt> 2364 2365<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd> 2366 2367</dl> 2368 2369<p> 2370Instead of $name you can also specify ${name} or $(name). 2371</p> 2372 2373<p> 2374Note: luser_relay works only for the Postfix local(8) delivery agent. 2375</p> 2376 2377<p> 2378Note: if you use this feature for accounts not in the UNIX password 2379file, then you must specify "local_recipient_maps =" (i.e. empty) 2380in the main.cf file, otherwise the Postfix SMTP server will reject mail 2381for non-UNIX accounts with "User unknown in local recipient table". 2382</p> 2383 2384<p> 2385Examples: 2386</p> 2387 2388<pre> 2389luser_relay = $user@other.host 2390luser_relay = $local@other.host 2391luser_relay = admin+$local 2392</pre> 2393 2394%PARAM mail_name Postfix 2395 2396<p> 2397The mail system name that is displayed in Received: headers, in 2398the SMTP greeting banner, and in bounced mail. 2399</p> 2400 2401%PARAM mail_owner postfix 2402 2403<p> 2404The UNIX system account that owns the Postfix queue and most Postfix 2405daemon processes. Specify the name of a user account that does 2406not share a group with other accounts and that owns no other files 2407or processes on the system. In particular, don't specify nobody 2408or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. 2409</p> 2410 2411<p> 2412When this parameter value is changed you need to re-run "<b>postfix 2413set-permissions</b>" (with Postfix version 2.0 and earlier: 2414"<b>/etc/postfix/post-install set-permissions</b>". 2415</p> 2416 2417%PARAM mail_spool_directory see "postconf -d" output 2418 2419<p> 2420The directory where local(8) UNIX-style mailboxes are kept. The 2421default setting depends on the system type. Specify a name ending 2422in / for maildir-style delivery. 2423</p> 2424 2425<p> 2426Note: maildir delivery is done with the privileges of the recipient. 2427If you use the mail_spool_directory setting for maildir style 2428delivery, then you must create the top-level maildir directory in 2429advance. Postfix will not create it. 2430</p> 2431 2432<p> 2433Examples: 2434</p> 2435 2436<pre> 2437mail_spool_directory = /var/mail 2438mail_spool_directory = /var/spool/mail 2439</pre> 2440 2441%PARAM mail_version see "postconf -d" output 2442 2443<p> 2444The version of the mail system. Stable releases are named 2445<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases 2446also include the release date. The version string can be used in, 2447for example, the SMTP greeting banner. 2448</p> 2449 2450%PARAM mailbox_command 2451 2452<p> 2453Optional external command that the local(8) delivery agent should 2454use for mailbox delivery. The command is run with the user ID and 2455the primary group ID privileges of the recipient. Exception: 2456command delivery for root executes with $default_privs privileges. 2457This is not a problem, because 1) mail for root should always be 2458aliased to a real user and 2) don't log in as root, use "su" instead. 2459</p> 2460 2461<p> 2462The following environment variables are exported to the command: 2463</p> 2464 2465<dl> 2466 2467<dt><b>CLIENT_ADDRESS</b></dt> 2468 2469<dd>Remote client network address. Available in Postfix version 2.2 and 2470later. </dd> 2471 2472<dt><b>CLIENT_HELO</b></dt> 2473 2474<dd>Remote client EHLO command parameter. Available in Postfix version 2.2 2475and later.</dd> 2476 2477<dt><b>CLIENT_HOSTNAME</b></dt> 2478 2479<dd>Remote client hostname. Available in Postfix version 2.2 and later. 2480</dd> 2481 2482<dt><b>CLIENT_PROTOCOL</b></dt> 2483 2484<dd>Remote client protocol. Available in Postfix version 2.2 and later. 2485</dd> 2486 2487<dt><b>DOMAIN</b></dt> 2488 2489<dd>The domain part of the recipient address. </dd> 2490 2491<dt><b>EXTENSION</b></dt> 2492 2493<dd>The optional address extension. </dd> 2494 2495<dt><b>HOME</b></dt> 2496 2497<dd>The recipient home directory. </dd> 2498 2499<dt><b>LOCAL</b></dt> 2500 2501<dd>The recipient address localpart. </dd> 2502 2503<dt><b>LOGNAME</b></dt> 2504 2505<dd>The recipient's username. </dd> 2506 2507<dt><b>ORIGINAL_RECIPIENT</b></dt> 2508 2509<dd>The entire recipient address, before any address rewriting or 2510aliasing. </dd> 2511 2512<dt><b>RECIPIENT</b></dt> 2513 2514<dd>The full recipient address. </dd> 2515 2516<dt><b>SASL_METHOD</b></dt> 2517 2518<dd>SASL authentication method specified in the remote client AUTH 2519command. Available in Postfix version 2.2 and later. </dd> 2520 2521<dt><b>SASL_SENDER</b></dt> 2522 2523<dd>SASL sender address specified in the remote client MAIL FROM 2524command. Available in Postfix version 2.2 and later. </dd> 2525 2526<dt><b>SASL_USER</b></dt> 2527 2528<dd>SASL username specified in the remote client AUTH command. 2529Available in Postfix version 2.2 and later. </dd> 2530 2531<dt><b>SENDER</b></dt> 2532 2533<dd>The full sender address. </dd> 2534 2535<dt><b>SHELL</b></dt> 2536 2537<dd>The recipient's login shell. </dd> 2538 2539<dt><b>USER</b></dt> 2540 2541<dd>The recipient username. </dd> 2542 2543</dl> 2544 2545<p> 2546Unlike other Postfix configuration parameters, the mailbox_command 2547parameter is not subjected to $name substitutions. This is to make 2548it easier to specify shell syntax (see example below). 2549</p> 2550 2551<p> 2552If you can, avoid shell meta characters because they will force 2553Postfix to run an expensive shell process. If you're delivering 2554via Procmail then running a shell won't make a noticeable difference 2555in the total cost. 2556</p> 2557 2558<p> 2559Note: if you use the mailbox_command feature to deliver mail 2560system-wide, you must set up an alias that forwards mail for root 2561to a real user. 2562</p> 2563 2564<p> The precedence of local(8) delivery features from high to low 2565is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 2566mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 2567fallback_transport_maps, fallback_transport and luser_relay. </p> 2568 2569<p> 2570Examples: 2571</p> 2572 2573<pre> 2574mailbox_command = /some/where/procmail 2575mailbox_command = /some/where/procmail -a "$EXTENSION" 2576mailbox_command = /some/where/maildrop -d "$USER" 2577 -f "$SENDER" "$EXTENSION" 2578</pre> 2579 2580%PARAM mailbox_size_limit 51200000 2581 2582<p> The maximal size of any local(8) individual mailbox or maildir 2583file, or zero (no limit). In fact, this limits the size of any 2584file that is written to upon local delivery, including files written 2585by external commands that are executed by the local(8) delivery 2586agent. </p> 2587 2588<p> 2589This limit must not be smaller than the message size limit. 2590</p> 2591 2592%PARAM maps_rbl_reject_code 554 2593 2594<p> 2595The numerical Postfix SMTP server response code when a remote SMTP 2596client request is blocked by the reject_rbl_client, reject_rhsbl_client, 2597reject_rhsbl_sender or reject_rhsbl_recipient restriction. 2598</p> 2599 2600<p> 2601Do not change this unless you have a complete understanding of RFC 2821. 2602</p> 2603 2604%PARAM masquerade_classes envelope_sender, header_sender, header_recipient 2605 2606<p> 2607What addresses are subject to address masquerading. 2608</p> 2609 2610<p> 2611By default, address masquerading is limited to envelope sender 2612addresses, and to header sender and header recipient addresses. 2613This allows you to use address masquerading on a mail gateway while 2614still being able to forward mail to users on individual machines. 2615</p> 2616 2617<p> 2618Specify zero or more of: envelope_sender, envelope_recipient, 2619header_sender, header_recipient 2620</p> 2621 2622%PARAM masquerade_domains 2623 2624<p> 2625Optional list of domains whose subdomain structure will be stripped 2626off in email addresses. 2627</p> 2628 2629<p> 2630The list is processed left to right, and processing stops at the 2631first match. Thus, 2632</p> 2633 2634<blockquote> 2635<pre> 2636masquerade_domains = foo.example.com example.com 2637</pre> 2638</blockquote> 2639 2640<p> 2641strips "user@any.thing.foo.example.com" to "user@foo.example.com", 2642but strips "user@any.thing.else.example.com" to "user@example.com". 2643</p> 2644 2645<p> 2646A domain name prefixed with ! means do not masquerade this domain 2647or its subdomains. Thus, 2648</p> 2649 2650<blockquote> 2651<pre> 2652masquerade_domains = !foo.example.com example.com 2653</pre> 2654</blockquote> 2655 2656<p> 2657does not change "user@any.thing.foo.example.com" or "user@foo.example.com", 2658but strips "user@any.thing.else.example.com" to "user@example.com". 2659</p> 2660 2661<p> Note: with Postfix version 2.2, message header address masquerading 2662happens only when message header address rewriting is enabled: </p> 2663 2664<ul> 2665 2666<li> The message is received with the Postfix sendmail(1) command, 2667 2668<li> The message is received from a network client that matches 2669$local_header_rewrite_clients, 2670 2671<li> The message is received from the network, and the 2672remote_header_rewrite_domain parameter specifies a non-empty value. 2673 2674</ul> 2675 2676<p> To get the behavior before Postfix version 2.2, specify 2677"local_header_rewrite_clients = static:all". </p> 2678 2679 2680<p> 2681Example: 2682</p> 2683 2684<pre> 2685masquerade_domains = $mydomain 2686</pre> 2687 2688%PARAM masquerade_exceptions 2689 2690<p> 2691Optional list of user names that are not subjected to address 2692masquerading, even when their address matches $masquerade_domains. 2693</p> 2694 2695<p> 2696By default, address masquerading makes no exceptions. 2697</p> 2698 2699<p> 2700Specify a list of user names, "/file/name" or "type:table" patterns, 2701separated by commas and/or whitespace. The list is matched left to 2702right, and the search stops on the first match. A "/file/name" 2703pattern is replaced 2704by its contents; a "type:table" lookup table is matched when a name 2705matches a lookup key (the lookup result is ignored). Continue long 2706lines by starting the next line with whitespace. Specify "!pattern" 2707to exclude a name from the list. The form "!/file/name" is supported 2708only in Postfix version 2.4 and later. </p> 2709 2710<p> 2711Examples: 2712</p> 2713 2714<pre> 2715masquerade_exceptions = root, mailer-daemon 2716masquerade_exceptions = root 2717</pre> 2718 2719%PARAM max_idle 100s 2720 2721<p> 2722The maximum amount of time that an idle Postfix daemon process waits 2723for an incoming connection before terminating voluntarily. This 2724parameter 2725is ignored by the Postfix queue manager and by other long-lived 2726Postfix daemon processes. 2727</p> 2728 2729<p> 2730Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2731The default time unit is s (seconds). 2732</p> 2733 2734%PARAM max_use 100 2735 2736<p> 2737The maximal number of incoming connections that a Postfix daemon 2738process will service before terminating voluntarily. This parameter 2739is ignored by the Postfix queue 2740manager and by other long-lived Postfix daemon processes. 2741</p> 2742 2743%PARAM maximal_backoff_time 4000s 2744 2745<p> 2746The maximal time between attempts to deliver a deferred message. 2747</p> 2748 2749<p> This parameter should be set to a value greater than or equal 2750to $minimal_backoff_time. See also $queue_run_delay. </p> 2751 2752<p> 2753Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2754The default time unit is s (seconds). 2755</p> 2756 2757%PARAM maximal_queue_lifetime 5d 2758 2759<p> 2760The maximal time a message is queued before it is sent back as 2761undeliverable. 2762</p> 2763 2764<p> 2765Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2766The default time unit is d (days). 2767</p> 2768 2769<p> 2770Specify 0 when mail delivery should be tried only once. 2771</p> 2772 2773%PARAM message_size_limit 10240000 2774 2775<p> 2776The maximal size in bytes of a message, including envelope information. 2777</p> 2778 2779<p> Note: be careful when making changes. Excessively small values 2780will result in the loss of non-delivery notifications, when a bounce 2781message size exceeds the local or remote MTA's message size limit. 2782</p> 2783 2784%PARAM minimal_backoff_time 300s 2785 2786<p> 2787The minimal time between attempts to deliver a deferred message; 2788prior to Postfix 2.4 the default value was 1000s. 2789</p> 2790 2791<p> 2792This parameter also limits the time an unreachable destination is 2793kept in the short-term, in-memory, destination status cache. 2794</p> 2795 2796<p> This parameter should be set greater than or equal to 2797$queue_run_delay. See also $maximal_backoff_time. </p> 2798 2799<p> 2800Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2801The default time unit is s (seconds). 2802</p> 2803 2804%PARAM multi_recipient_bounce_reject_code 550 2805 2806<p> 2807The numerical Postfix SMTP server response code when a remote SMTP 2808client request is blocked by the reject_multi_recipient_bounce 2809restriction. 2810</p> 2811 2812<p> 2813Do not change this unless you have a complete understanding of RFC 2821. 2814</p> 2815 2816<p> 2817This feature is available in Postfix 2.1 and later. 2818</p> 2819 2820%PARAM mydestination $myhostname, localhost.$mydomain, localhost 2821 2822<p> The list of domains that are delivered via the $local_transport 2823mail delivery transport. By default this is the Postfix local(8) 2824delivery agent which looks up all recipients in /etc/passwd and 2825/etc/aliases. The SMTP server validates recipient addresses with 2826$local_recipient_maps and rejects non-existent recipients. See also 2827the local domain class in the ADDRESS_CLASS_README file. 2828</p> 2829 2830<p> 2831The default mydestination value specifies names for the local 2832machine only. On a mail domain gateway, you should also include 2833$mydomain. 2834</p> 2835 2836<p> 2837The $local_transport delivery method is also selected for mail 2838addressed to user@[the.net.work.address] of the mail system (the 2839IP addresses specified with the inet_interfaces and proxy_interfaces 2840parameters). 2841</p> 2842 2843<p> 2844Warnings: 2845</p> 2846 2847<ul> 2848 2849<li><p>Do not specify the names of virtual domains - those domains 2850are specified elsewhere. See VIRTUAL_README for more information. </p> 2851 2852<li><p>Do not specify the names of domains that this machine is 2853backup MX host for. See STANDARD_CONFIGURATION_README for how to 2854set up backup MX hosts. </p> 2855 2856<li><p>By default, the Postfix SMTP server rejects mail for recipients 2857not listed with the local_recipient_maps parameter. See the 2858postconf(5) manual for a description of the local_recipient_maps 2859and unknown_local_recipient_reject_code parameters. </p> 2860 2861</ul> 2862 2863<p> 2864Specify a list of host or domain names, "/file/name" or "type:table" 2865patterns, separated by commas and/or whitespace. A "/file/name" 2866pattern is replaced by its contents; a "type:table" lookup table 2867is matched when a name matches a lookup key (the lookup result is 2868ignored). Continue long lines by starting the next line with 2869whitespace. </p> 2870 2871<p> 2872Examples: 2873</p> 2874 2875<pre> 2876mydestination = $myhostname, localhost.$mydomain $mydomain 2877mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain 2878</pre> 2879 2880%PARAM mydomain see "postconf -d" output 2881 2882<p> 2883The internet domain name of this mail system. The default is to 2884use $myhostname minus the first component. $mydomain is used as 2885a default value for many other configuration parameters. 2886</p> 2887 2888<p> 2889Example: 2890</p> 2891 2892<pre> 2893mydomain = domain.tld 2894</pre> 2895 2896%PARAM myhostname see "postconf -d" output 2897 2898<p> 2899The internet hostname of this mail system. The default is to use 2900the fully-qualified domain name from gethostname(). $myhostname is 2901used as a default value for many other configuration parameters. 2902</p> 2903 2904<p> 2905Example: 2906</p> 2907 2908<pre> 2909myhostname = host.example.com 2910</pre> 2911 2912%PARAM mynetworks see "postconf -d" output 2913 2914<p> 2915The list of "trusted" SMTP clients that have more privileges than 2916"strangers". 2917</p> 2918 2919<p> 2920In particular, "trusted" SMTP clients are allowed to relay mail 2921through Postfix. See the smtpd_recipient_restrictions parameter 2922description in the postconf(5) manual. 2923</p> 2924 2925<p> 2926You can specify the list of "trusted" network addresses by hand 2927or you can let Postfix do it for you (which is the default). 2928See the description of the mynetworks_style parameter for more 2929information. 2930</p> 2931 2932<p> 2933If you specify the mynetworks list by hand, 2934Postfix ignores the mynetworks_style setting. 2935</p> 2936 2937<p> Specify a list of network addresses or network/netmask patterns, 2938separated by commas and/or whitespace. Continue long lines by 2939starting the next line with whitespace. </p> 2940 2941<p> The netmask specifies the number of bits in the network part 2942of a host address. You can also specify "/file/name" or "type:table" 2943patterns. A "/file/name" pattern is replaced by its contents; a 2944"type:table" lookup table is matched when a table entry matches a 2945lookup string (the lookup result is ignored). </p> 2946 2947<p> The list is matched left to right, and the search stops on the 2948first match. Specify "!pattern" to exclude an address or network 2949block from the list. The form "!/file/name" is supported only 2950in Postfix version 2.4 and later. </p> 2951 2952<p> Note: IP version 6 address information must be specified inside 2953<tt>[]</tt> in the mynetworks value, and in files specified with 2954"/file/name". IP version 6 addresses contain the ":" character, 2955and would otherwise be confused with a "type:table" pattern. </p> 2956 2957<p> Examples: </p> 2958 2959<pre> 2960mynetworks = 127.0.0.0/8 168.100.189.0/28 2961mynetworks = !192.168.0.1, 192.168.0.0/28 2962mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 2963mynetworks = $config_directory/mynetworks 2964mynetworks = hash:/etc/postfix/network_table 2965</pre> 2966 2967%PARAM myorigin $myhostname 2968 2969<p> 2970The domain name that locally-posted mail appears to come 2971from, and that locally posted mail is delivered to. The default, 2972$myhostname, is adequate for small sites. If you run a domain with 2973multiple machines, you should (1) change this to $mydomain and (2) 2974set up a domain-wide alias database that aliases each user to 2975user@that.users.mailhost. 2976</p> 2977 2978<p> 2979Example: 2980</p> 2981 2982<pre> 2983myorigin = $mydomain 2984</pre> 2985 2986%PARAM notify_classes resource, software 2987 2988<p> 2989The list of error classes that are reported to the postmaster. The 2990default is to report only the most serious problems. The paranoid 2991may wish to turn on the policy (UCE and mail relaying) and protocol 2992error (broken mail software) reports. 2993</p> 2994 2995<p> NOTE: postmaster notifications may contain confidential information 2996such as SASL passwords or message content. It is the system 2997administrator's responsibility to treat such information with care. 2998</p> 2999 3000<p> 3001The error classes are: 3002</p> 3003 3004<dl> 3005 3006<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt> 3007 3008<dd>Send the postmaster copies of the headers of bounced mail, and 3009send transcripts of SMTP sessions when Postfix rejects mail. The 3010notification is sent to the address specified with the 3011bounce_notice_recipient configuration parameter (default: postmaster). 3012</dd> 3013 3014<dt><b>2bounce</b></dt> 3015 3016<dd>Send undeliverable bounced mail to the postmaster. The notification 3017is sent to the address specified with the 2bounce_notice_recipient 3018configuration parameter (default: postmaster). </dd> 3019 3020<dt><b>delay</b></dt> 3021 3022<dd>Send the postmaster copies of the headers of delayed mail. The 3023notification is sent to the address specified with the 3024delay_notice_recipient configuration parameter (default: postmaster). 3025</dd> 3026 3027<dt><b>policy</b></dt> 3028 3029<dd>Send the postmaster a transcript of the SMTP session when a 3030client request was rejected because of (UCE) policy. The notification 3031is sent to the address specified with the error_notice_recipient 3032configuration parameter (default: postmaster). </dd> 3033 3034<dt><b>protocol</b></dt> 3035 3036<dd>Send the postmaster a transcript of the SMTP session in case 3037of client or server protocol errors. The notification is sent to 3038the address specified with the error_notice_recipient configuration 3039parameter (default: postmaster). </dd> 3040 3041<dt><b>resource</b></dt> 3042 3043<dd>Inform the postmaster of mail not delivered due to resource 3044problems. The notification is sent to the address specified with 3045the error_notice_recipient configuration parameter (default: 3046postmaster). </dd> 3047 3048<dt><b>software</b></dt> 3049 3050<dd>Inform the postmaster of mail not delivered due to software 3051problems. The notification is sent to the address specified with 3052the error_notice_recipient configuration parameter (default: 3053postmaster). </dd> 3054 3055</dl> 3056 3057<p> 3058Examples: 3059</p> 3060 3061<pre> 3062notify_classes = bounce, delay, policy, protocol, resource, software 3063notify_classes = 2bounce, resource, software 3064</pre> 3065 3066%PARAM parent_domain_matches_subdomains see "postconf -d" output 3067 3068<p> 3069What Postfix features match subdomains of "domain.tld" automatically, 3070instead of requiring an explicit ".domain.tld" pattern. This is 3071planned backwards compatibility: eventually, all Postfix features 3072are expected to require explicit ".domain.tld" style patterns when 3073you really want to match subdomains. 3074</p> 3075 3076%PARAM propagate_unmatched_extensions canonical, virtual 3077 3078<p> 3079What address lookup tables copy an address extension from the lookup 3080key to the lookup result. 3081</p> 3082 3083<p> 3084For example, with a virtual(5) mapping of "<i>joe@example.com => 3085joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>" 3086would rewrite to "<i>joe.user+foo@example.net</i>". 3087</p> 3088 3089<p> 3090Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, 3091<b>forward</b>, <b>include</b> or <b>generic</b>. These cause 3092address extension 3093propagation with canonical(5), virtual(5), and aliases(5) maps, 3094with local(8) .forward and :include: file lookups, and with smtp(8) 3095generic maps, respectively. </p> 3096 3097<p> 3098Note: enabling this feature for types other than <b>canonical</b> 3099and <b>virtual</b> is likely to cause problems when mail is forwarded 3100to other sites, especially with mail that is sent to a mailing list 3101exploder address. 3102</p> 3103 3104<p> 3105Examples: 3106</p> 3107 3108<pre> 3109propagate_unmatched_extensions = canonical, virtual, alias, 3110 forward, include 3111propagate_unmatched_extensions = canonical, virtual 3112</pre> 3113 3114%PARAM proxy_interfaces 3115 3116<p> 3117The network interface addresses that this mail system receives mail 3118on by way of a proxy or network address translation unit. 3119</p> 3120 3121<p> 3122This feature is available in Postfix 2.0 and later. 3123</p> 3124 3125<p> You must specify your "outside" proxy/NAT addresses when your 3126system is a backup MX host for other domains, otherwise mail delivery 3127loops will happen when the primary MX host is down. </p> 3128 3129<p> 3130Example: 3131</p> 3132 3133<pre> 3134proxy_interfaces = 1.2.3.4 3135</pre> 3136 3137%PARAM qmgr_message_active_limit 20000 3138 3139<p> 3140The maximal number of messages in the active queue. 3141</p> 3142 3143%PARAM qmgr_message_recipient_limit 20000 3144 3145<p> The maximal number of recipients held in memory by the Postfix 3146queue manager, and the maximal size of the size of the short-term, 3147in-memory "dead" destination status cache. </p> 3148 3149%PARAM qmgr_message_recipient_minimum 10 3150 3151<p> 3152The minimal number of in-memory recipients for any message. This 3153takes priority over any other in-memory recipient limits (i.e., 3154the global qmgr_message_recipient_limit and the per transport 3155_recipient_limit) if necessary. The minimum value allowed for this 3156parameter is 1. 3157</p> 3158 3159%PARAM qmqpd_authorized_clients 3160 3161<p> 3162What clients are allowed to connect to the QMQP server port. 3163</p> 3164 3165<p> 3166By default, no client is allowed to use the service. This is 3167because the QMQP server will relay mail to any destination. 3168</p> 3169 3170<p> 3171Specify a list of client patterns. A list pattern specifies a host 3172name, a domain name, an internet address, or a network/mask pattern, 3173where the mask specifies the number of bits in the network part. 3174When a pattern specifies a file name, its contents are substituted 3175for the file name; when a pattern is a "type:table" table specification, 3176table lookup is used instead. </p> 3177 3178<p> 3179Patterns are separated by whitespace and/or commas. In order to 3180reverse the result, precede a pattern with an 3181exclamation point (!). The form "!/file/name" is supported only 3182in Postfix version 2.4 and later. 3183</p> 3184 3185<p> 3186Example: 3187</p> 3188 3189<pre> 3190qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24 3191</pre> 3192 3193%PARAM qmqpd_error_delay 1s 3194 3195<p> 3196How long the QMQP server will pause before sending a negative reply 3197to the client. The purpose is to slow down confused or malicious 3198clients. 3199</p> 3200 3201<p> 3202Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3203The default time unit is s (seconds). 3204</p> 3205 3206%PARAM qmqpd_timeout 300s 3207 3208<p> 3209The time limit for sending or receiving information over the network. 3210If a read or write operation blocks for more than $qmqpd_timeout 3211seconds the QMQP server gives up and disconnects. 3212</p> 3213 3214<p> 3215Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3216The default time unit is s (seconds). 3217</p> 3218 3219%PARAM queue_minfree 0 3220 3221<p> 3222The minimal amount of free space in bytes in the queue file system 3223that is needed to receive mail. This is currently used by the SMTP 3224server to decide if it will accept any mail at all. 3225</p> 3226 3227<p> 3228By default, the Postfix SMTP server rejects MAIL FROM commands when 3229the amount of free space is less than 1.5*$message_size_limit 3230(Postfix version 2.1 and later). 3231To specify a higher minimum free space limit, specify a queue_minfree 3232value that is at least 1.5*$message_size_limit. 3233</p> 3234 3235<p> 3236With Postfix versions 2.0 and earlier, a queue_minfree value of 3237zero means there is no minimum required amount of free space. 3238</p> 3239 3240%PARAM queue_run_delay 300s 3241 3242<p> 3243The time between deferred queue scans by the queue manager; 3244prior to Postfix 2.4 the default value was 1000s. 3245</p> 3246 3247<p> This parameter should be set less than or equal to 3248$minimal_backoff_time. See also $maximal_backoff_time. </p> 3249 3250<p> 3251Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3252The default time unit is s (seconds). 3253</p> 3254 3255%PARAM rbl_reply_maps 3256 3257<p> 3258Optional lookup tables with RBL response templates. The tables are 3259indexed by the RBL domain name. By default, Postfix uses the default 3260template as specified with the default_rbl_reply configuration 3261parameter. See there for a discussion of the syntax of RBL reply 3262templates. 3263</p> 3264 3265<p> 3266This feature is available in Postfix 2.0 and later. 3267</p> 3268 3269%PARAM receive_override_options 3270 3271<p> Enable or disable recipient validation, built-in content 3272filtering, or address mapping. Typically, these are specified in 3273master.cf as command-line arguments for the smtpd(8), qmqpd(8) or 3274pickup(8) daemons. </p> 3275 3276<p> Specify zero or more of the following options. The options 3277override main.cf settings and are either implemented by smtpd(8), 3278qmqpd(8), or pickup(8) themselves, or they are forwarded to the 3279cleanup server. </p> 3280 3281<dl> 3282 3283<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt> 3284 3285<dd>Do not try to reject unknown recipients (SMTP server only). 3286This is typically specified AFTER an external content filter. 3287</dd> 3288 3289<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt> 3290 3291<dd>Disable canonical address mapping, virtual alias map expansion, 3292address masquerading, and automatic BCC (blind carbon-copy) 3293recipients. This is typically specified BEFORE an external content 3294filter. </dd> 3295 3296<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt> 3297 3298<dd>Disable header/body_checks. This is typically specified AFTER 3299an external content filter. </dd> 3300 3301<dt><b><a name="no_milters">no_milters</a></b></dt> 3302 3303<dd>Disable Milter (mail filter) applications. This is typically 3304specified AFTER an external content filter. </dd> 3305 3306</dl> 3307 3308<p> 3309Note: when the "BEFORE content filter" receive_override_options 3310setting is specified in the main.cf file, specify the "AFTER content 3311filter" receive_override_options setting in master.cf (and vice 3312versa). 3313</p> 3314 3315<p> 3316Examples: 3317</p> 3318 3319<pre> 3320receive_override_options = 3321 no_unknown_recipient_checks, no_header_body_checks 3322receive_override_options = no_address_mappings 3323</pre> 3324 3325<p> 3326This feature is available in Postfix 2.1 and later. 3327</p> 3328 3329%PARAM recipient_bcc_maps 3330 3331<p> 3332Optional BCC (blind carbon-copy) address lookup tables, indexed by 3333recipient address. The BCC address (multiple results are not 3334supported) is added when mail enters from outside of Postfix. 3335</p> 3336 3337<p> 3338This feature is available in Postfix 2.1 and later. 3339</p> 3340 3341<p> 3342The table search order is as follows: 3343</p> 3344 3345<ul> 3346 3347<li> Look up the "user+extension@domain.tld" address including the 3348optional address extension. 3349 3350<li> Look up the "user@domain.tld" address without the optional 3351address extension. 3352 3353<li> Look up the "user+extension" address local part when the 3354recipient domain equals $myorigin, $mydestination, $inet_interfaces 3355or $proxy_interfaces. 3356 3357<li> Look up the "user" address local part when the recipient domain 3358equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. 3359 3360<li> Look up the "@domain.tld" part. 3361 3362</ul> 3363 3364<p> 3365Specify the types and names of databases to use. After change, 3366run "<b>postmap /etc/postfix/recipient_bcc</b>". 3367</p> 3368 3369<p> 3370Note: if mail to the BCC address bounces it will be returned to 3371the sender. 3372</p> 3373 3374<p> Note: automatic BCC recipients are produced only for new mail. 3375To avoid mailer loops, automatic BCC recipients are not generated 3376for mail that Postfix forwards internally, nor for mail that Postfix 3377generates itself. </p> 3378 3379<p> 3380Example: 3381</p> 3382 3383<pre> 3384recipient_bcc_maps = hash:/etc/postfix/recipient_bcc 3385</pre> 3386 3387%PARAM recipient_canonical_maps 3388 3389<p> 3390Optional address mapping lookup tables for envelope and header 3391recipient addresses. 3392The table format and lookups are documented in canonical(5). 3393</p> 3394 3395<p> 3396Note: $recipient_canonical_maps is processed before $canonical_maps. 3397</p> 3398 3399<p> 3400Example: 3401</p> 3402 3403<pre> 3404recipient_canonical_maps = hash:/etc/postfix/recipient_canonical 3405</pre> 3406 3407%PARAM recipient_delimiter 3408 3409<p> 3410The separator between user names and address extensions (user+foo). 3411See canonical(5), local(8), relocated(5) and virtual(5) for the 3412effects this has on aliases, canonical, virtual, relocated and 3413on .forward file lookups. Basically, the software tries user+foo 3414and .forward+foo before trying user and .forward. 3415</p> 3416 3417<p> 3418Example: 3419</p> 3420 3421<pre> 3422recipient_delimiter = + 3423</pre> 3424 3425%PARAM reject_code 554 3426 3427<p> 3428The numerical Postfix SMTP server response code when a remote SMTP 3429client request is rejected by the "reject" restriction. 3430</p> 3431 3432<p> 3433Do not change this unless you have a complete understanding of RFC 2821. 3434</p> 3435 3436%PARAM relay_domains $mydestination 3437 3438<p> What destination domains (and subdomains thereof) this system 3439will relay mail to. Subdomain matching is controlled with the 3440parent_domain_matches_subdomains parameter. For details about how 3441the relay_domains value is used, see the description of the 3442permit_auth_destination and reject_unauth_destination SMTP recipient 3443restrictions. </p> 3444 3445<p> Domains that match $relay_domains are delivered with the 3446$relay_transport mail delivery transport. The SMTP server validates 3447recipient addresses with $relay_recipient_maps and rejects non-existent 3448recipients. See also the relay domains address class in the 3449ADDRESS_CLASS_README file. </p> 3450 3451<p> Note: Postfix will not automatically forward mail for domains 3452that list this system as their primary or backup MX host. See the 3453permit_mx_backup restriction in the postconf(5) manual page. </p> 3454 3455<p> Specify a list of host or domain names, "/file/name" patterns 3456or "type:table" lookup tables, separated by commas and/or whitespace. 3457Continue long lines by starting the next line with whitespace. A 3458"/file/name" pattern is replaced by its contents; a "type:table" 3459lookup table is matched when a (parent) domain appears as lookup 3460key. Specify "!pattern" to exclude a domain from the list. The form 3461"!/file/name" is supported only in Postfix version 2.4 and later. 3462</p> 3463 3464%PARAM relay_domains_reject_code 554 3465 3466<p> 3467The numerical Postfix SMTP server response code when a client 3468request is rejected by the reject_unauth_destination recipient 3469restriction. 3470</p> 3471 3472<p> 3473Do not change this unless you have a complete understanding of RFC 2821. 3474</p> 3475 3476%PARAM relay_recipient_maps 3477 3478<p> Optional lookup tables with all valid addresses in the domains 3479that match $relay_domains. Specify @domain as a wild-card for 3480domains that have no valid recipient list, and become a source of 3481backscatter mail: Postfix accepts spam for non-existent recipients 3482and then floods innocent people with undeliverable mail. Technically, 3483tables 3484listed with $relay_recipient_maps are used as lists: Postfix needs 3485to know only if a lookup string is found or not, but it does not 3486use the result from table lookup. </p> 3487 3488<p> 3489If this parameter is non-empty, then the Postfix SMTP server will reject 3490mail to unknown relay users. This feature is off by default. 3491</p> 3492 3493<p> 3494See also the relay domains address class in the ADDRESS_CLASS_README 3495file. 3496</p> 3497 3498<p> 3499Example: 3500</p> 3501 3502<pre> 3503relay_recipient_maps = hash:/etc/postfix/relay_recipients 3504</pre> 3505 3506<p> 3507This feature is available in Postfix 2.0 and later. 3508</p> 3509 3510%PARAM relayhost 3511 3512<p> 3513The next-hop destination of non-local mail; overrides non-local 3514domains in recipient addresses. This information is overruled with 3515relay_transport, sender_dependent_default_transport_maps, 3516default_transport, sender_dependent_relayhost_maps 3517and with the transport(5) table. 3518</p> 3519 3520<p> 3521On an intranet, specify the organizational domain name. If your 3522internal DNS uses no MX records, specify the name of the intranet 3523gateway host instead. 3524</p> 3525 3526<p> 3527In the case of SMTP, specify a domain name, hostname, hostname:port, 3528[hostname]:port, [hostaddress] or [hostaddress]:port. The form 3529[hostname] turns off MX lookups. 3530</p> 3531 3532<p> 3533If you're connected via UUCP, see the UUCP_README file for useful 3534information. 3535</p> 3536 3537<p> 3538Examples: 3539</p> 3540 3541<pre> 3542relayhost = $mydomain 3543relayhost = [gateway.example.com] 3544relayhost = uucphost 3545relayhost = [an.ip.add.ress] 3546</pre> 3547 3548%PARAM relocated_maps 3549 3550<p> 3551Optional lookup tables with new contact information for users or 3552domains that no longer exist. The table format and lookups are 3553documented in relocated(5). 3554</p> 3555 3556<p> 3557If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to 3558build the necessary DBM or DB file after change, then "<b>postfix 3559reload</b>" to make the changes visible. 3560</p> 3561 3562<p> 3563Examples: 3564</p> 3565 3566<pre> 3567relocated_maps = dbm:/etc/postfix/relocated 3568relocated_maps = hash:/etc/postfix/relocated 3569</pre> 3570 3571%PARAM require_home_directory no 3572 3573<p> 3574Require that a local(8) recipient's home directory exists 3575before mail delivery is attempted. By default this test is disabled. 3576It can be useful for environments that import home directories to 3577the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). 3578</p> 3579 3580%PARAM resolve_dequoted_address yes 3581 3582<p> Resolve a recipient address safely instead of correctly, by 3583looking inside quotes. </p> 3584 3585<p> By default, the Postfix address resolver does not quote the 3586address localpart as per RFC 822, so that additional @ or % or ! 3587operators remain visible. This behavior is safe but it is also 3588technically incorrect. </p> 3589 3590<p> If you specify "resolve_dequoted_address = no", then 3591the Postfix 3592resolver will not know about additional @ etc. operators in the 3593address localpart. This opens opportunities for obscure mail relay 3594attacks with user@domain@domain addresses when Postfix provides 3595backup MX service for Sendmail systems. </p> 3596 3597%PARAM resolve_null_domain no 3598 3599<p> Resolve an address that ends in the "@" null domain as if the 3600local hostname were specified, instead of rejecting the address as 3601invalid. </p> 3602 3603<p> This feature is available in Postfix 2.1 and later. 3604Earlier versions always resolve the null domain as the local 3605hostname. </p> 3606 3607<p> The Postfix SMTP server uses this feature to reject mail from 3608or to addresses that end in the "@" null domain, and from addresses 3609that rewrite into a form that ends in the "@" null domain. </p> 3610 3611%PARAM sender_bcc_maps 3612 3613<p> Optional BCC (blind carbon-copy) address lookup tables, indexed 3614by sender address. The BCC address (multiple results are not 3615supported) is added when mail enters from outside of Postfix. </p> 3616 3617<p> 3618This feature is available in Postfix 2.1 and later. 3619</p> 3620 3621<p> 3622The table search order is as follows: 3623</p> 3624 3625<ul> 3626 3627<li> Look up the "user+extension@domain.tld" address including the 3628optional address extension. 3629 3630<li> Look up the "user@domain.tld" address without the optional 3631address extension. 3632 3633<li> Look up the "user+extension" address local part when the 3634sender domain equals $myorigin, $mydestination, $inet_interfaces 3635or $proxy_interfaces. 3636 3637<li> Look up the "user" address local part when the sender domain 3638equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. 3639 3640<li> Look up the "@domain.tld" part. 3641 3642</ul> 3643 3644<p> 3645Specify the types and names of databases to use. After change, 3646run "<b>postmap /etc/postfix/sender_bcc</b>". 3647</p> 3648 3649<p> 3650Note: if mail to the BCC address bounces it will be returned to 3651the sender. 3652</p> 3653 3654<p> Note: automatic BCC recipients are produced only for new mail. 3655To avoid mailer loops, automatic BCC recipients are not generated 3656for mail that Postfix forwards internally, nor for mail that Postfix 3657generates itself. </p> 3658 3659<p> 3660Example: 3661</p> 3662 3663<pre> 3664sender_bcc_maps = hash:/etc/postfix/sender_bcc 3665</pre> 3666 3667%PARAM sender_canonical_maps 3668 3669<p> 3670Optional address mapping lookup tables for envelope and header 3671sender addresses. 3672The table format and lookups are documented in canonical(5). 3673</p> 3674 3675<p> 3676Example: you want to rewrite the SENDER address "user@ugly.domain" 3677to "user@pretty.domain", while still being able to send mail to 3678the RECIPIENT address "user@ugly.domain". 3679</p> 3680 3681<p> 3682Note: $sender_canonical_maps is processed before $canonical_maps. 3683</p> 3684 3685<p> 3686Example: 3687</p> 3688 3689<pre> 3690sender_canonical_maps = hash:/etc/postfix/sender_canonical 3691</pre> 3692 3693%PARAM smtp_always_send_ehlo yes 3694 3695<p> 3696Always send EHLO at the start of an SMTP session. 3697</p> 3698 3699<p> 3700With "smtp_always_send_ehlo = no", Postfix sends EHLO only when 3701the word "ESMTP" appears in the server greeting banner (example: 3702220 spike.porcupine.org ESMTP Postfix). 3703</p> 3704 3705%PARAM smtp_bind_address 3706 3707<p> 3708An optional numerical network address that the Postfix SMTP client 3709should bind to when making an IPv4 connection. 3710</p> 3711 3712<p> 3713This can be specified in the main.cf file for all SMTP clients, or 3714it can be specified in the master.cf file for a specific client, 3715for example: 3716</p> 3717 3718<blockquote> 3719<pre> 3720/etc/postfix/master.cf: 3721 smtp ... smtp -o smtp_bind_address=11.22.33.44 3722</pre> 3723</blockquote> 3724 3725<p> Note 1: when inet_interfaces specifies no more than one IPv4 3726address, and that address is a non-loopback address, it is 3727automatically used as the smtp_bind_address. This supports virtual 3728IP hosting, but can be a problem on multi-homed firewalls. See the 3729inet_interfaces documentation for more detail. </p> 3730 3731<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 3732but this form is not required here. </p> 3733 3734%PARAM smtp_bind_address6 3735 3736<p> 3737An optional numerical network address that the Postfix SMTP client 3738should bind to when making an IPv6 connection. 3739</p> 3740 3741<p> This feature is available in Postfix 2.2 and later. </p> 3742 3743<p> 3744This can be specified in the main.cf file for all SMTP clients, or 3745it can be specified in the master.cf file for a specific client, 3746for example: 3747</p> 3748 3749<blockquote> 3750<pre> 3751/etc/postfix/master.cf: 3752 smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8 3753</pre> 3754</blockquote> 3755 3756<p> Note 1: when inet_interfaces specifies no more than one IPv6 3757address, and that address is a non-loopback address, it is 3758automatically used as the smtp_bind_address6. This supports virtual 3759IP hosting, but can be a problem on multi-homed firewalls. See the 3760inet_interfaces documentation for more detail. </p> 3761 3762<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 3763but this form is not recommended here. </p> 3764 3765%PARAM smtp_connection_cache_time_limit 2s 3766 3767<p> When SMTP connection caching is enabled, the amount of time that 3768an unused SMTP client socket is kept open before it is closed. Do 3769not specify larger values without permission from the remote sites. 3770</p> 3771 3772<p> This feature is available in Postfix 2.2 and later. </p> 3773 3774%PARAM smtp_connection_cache_reuse_limit 10 3775 3776<p> When SMTP connection caching is enabled, the number of times that 3777an SMTP session may be reused before it is closed. 3778</p> 3779 3780<p> This feature is available in Postfix 2.2. In Postfix 2.3 it is 3781replaced by $smtp_connection_reuse_time_limit.</p> 3782 3783%PARAM smtp_connection_reuse_time_limit 300s 3784 3785<p> The amount of time during which Postfix will use an SMTP 3786connection repeatedly. The timer starts when the connection is 3787initiated (i.e. it includes the connect, greeting and helo latency, 3788in addition to the latencies of subsequent mail delivery transactions). 3789</p> 3790 3791<p> This feature addresses a performance stability problem with 3792remote SMTP servers. This problem is not specific to Postfix: it 3793can happen when any MTA sends large amounts of SMTP email to a site 3794that has multiple MX hosts. </p> 3795 3796<p> The problem starts when one of a set of MX hosts becomes slower 3797than the rest. Even though SMTP clients connect to fast and slow 3798MX hosts with equal probability, the slow MX host ends up with more 3799simultaneous inbound connections than the faster MX hosts, because 3800the slow MX host needs more time to serve each client request. </p> 3801 3802<p> The slow MX host becomes a connection attractor. If one MX 3803host becomes N times slower than the rest, it dominates mail delivery 3804latency unless there are more than N fast MX hosts to counter the 3805effect. And if the number of MX hosts is smaller than N, the mail 3806delivery latency becomes effectively that of the slowest MX host 3807divided by the total number of MX hosts. </p> 3808 3809<p> The solution uses connection caching in a way that differs from 3810Postfix version 2.2. By limiting the amount of time during which a connection 3811can be used repeatedly (instead of limiting the number of deliveries 3812over that connection), Postfix not only restores fairness in the 3813distribution of simultaneous connections across a set of MX hosts, 3814it also favors deliveries over connections that perform well, which 3815is exactly what we want. </p> 3816 3817<p> The default reuse time limit, 300s, is comparable to the various 3818smtp transaction timeouts which are fair estimates of maximum excess 3819latency for a slow delivery. Note that hosts may accept thousands 3820of messages over a single connection within the default connection 3821reuse time limit. This number is much larger than the default Postfix 3822version 2.2 limit of 10 messages per cached connection. It may prove necessary 3823to lower the limit to avoid interoperability issues with MTAs that 3824exhibit bugs when many messages are delivered via a single connection. 3825A lower reuse time limit risks losing the benefit of connection 3826reuse when the average connection and mail delivery latency exceeds 3827the reuse time limit. </p> 3828 3829<p> This feature is available in Postfix 2.3 and later. </p> 3830 3831%PARAM smtp_connection_cache_destinations 3832 3833<p> Permanently enable SMTP connection caching for the specified 3834destinations. With SMTP connection caching, a connection is not 3835closed immediately after completion of a mail transaction. Instead, 3836the connection is kept open for up to $smtp_connection_cache_time_limit 3837seconds. This allows connections to be reused for other deliveries, 3838and can improve mail delivery performance. </p> 3839 3840<p> Specify a comma or white space separated list of destinations 3841or pseudo-destinations: </p> 3842 3843<ul> 3844 3845<li> if mail is sent without a relay host: a domain name (the 3846right-hand side of an email address, without the [] around a numeric 3847IP address), 3848 3849<li> if mail is sent via a relay host: a relay host name (without 3850[] or non-default TCP port), as specified in main.cf or in the 3851transport map, 3852 3853<li> if mail is sent via a UNIX-domain socket: a pathname (without 3854the unix: prefix), 3855 3856<li> a /file/name with domain names and/or relay host names as 3857defined above, 3858 3859<li> a "type:table" with domain names and/or relay host names on 3860the left-hand side. The right-hand side result from "type:table" 3861lookups is ignored. 3862 3863</ul> 3864 3865<p> This feature is available in Postfix 2.2 and later. </p> 3866 3867%PARAM smtp_connection_cache_on_demand yes 3868 3869<p> Temporarily enable SMTP connection caching while a destination 3870has a high volume of mail in the active queue. With SMTP connection 3871caching, a connection is not closed immediately after completion 3872of a mail transaction. Instead, the connection is kept open for 3873up to $smtp_connection_cache_time_limit seconds. This allows 3874connections to be reused for other deliveries, and can improve mail 3875delivery performance. </p> 3876 3877<p> This feature is available in Postfix 2.2 and later. </p> 3878 3879%PARAM smtp_connect_timeout 30s 3880 3881<p> 3882The SMTP client time limit for completing a TCP connection, or 3883zero (use the operating system built-in time limit). 3884</p> 3885 3886<p> 3887When no connection can be made within the deadline, the Postfix 3888SMTP client 3889tries the next address on the mail exchanger list. Specify 0 to 3890disable the time limit (i.e. use whatever timeout is implemented by 3891the operating system). 3892</p> 3893 3894<p> 3895Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3896The default time unit is s (seconds). 3897</p> 3898 3899%PARAM smtp_data_done_timeout 600s 3900 3901<p> 3902The SMTP client time limit for sending the SMTP ".", and for receiving 3903the server response. 3904</p> 3905 3906<p> 3907When no response is received within the deadline, a warning is 3908logged that the mail may be delivered multiple times. 3909</p> 3910 3911<p> 3912Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3913The default time unit is s (seconds). 3914</p> 3915 3916%PARAM smtp_data_init_timeout 120s 3917 3918<p> 3919The SMTP client time limit for sending the SMTP DATA command, and for 3920receiving the server response. 3921</p> 3922 3923<p> 3924Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3925The default time unit is s (seconds). 3926</p> 3927 3928%PARAM smtp_data_xfer_timeout 180s 3929 3930<p> 3931The SMTP client time limit for sending the SMTP message content. 3932When the connection makes no progress for more than $smtp_data_xfer_timeout 3933seconds the Postfix SMTP client terminates the transfer. 3934</p> 3935 3936<p> 3937Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3938The default time unit is s (seconds). 3939</p> 3940 3941%PARAM smtp_defer_if_no_mx_address_found no 3942 3943<p> 3944Defer mail delivery when no MX record resolves to an IP address. 3945</p> 3946 3947<p> 3948The default (no) is to return the mail as undeliverable. With older 3949Postfix versions the default was to keep trying to deliver the mail 3950until someone fixed the MX record or until the mail was too old. 3951</p> 3952 3953<p> 3954Note: Postfix always ignores MX records with equal or worse preference 3955than the local MTA itself. 3956</p> 3957 3958<p> 3959This feature is available in Postfix 2.1 and later. 3960</p> 3961 3962%PARAM lmtp_destination_concurrency_limit $default_destination_concurrency_limit 3963 3964<p> The maximal number of parallel deliveries to the same destination 3965via the lmtp message delivery transport. This limit is enforced by 3966the queue manager. The message delivery transport name is the first 3967field in the entry in the master.cf file. </p> 3968 3969%PARAM lmtp_destination_recipient_limit $default_destination_recipient_limit 3970 3971<p> The maximal number of recipients per message for the lmtp 3972message delivery transport. This limit is enforced by the queue 3973manager. The message delivery transport name is the first field in 3974the entry in the master.cf file. </p> 3975 3976<p> Setting this parameter to a value of 1 changes the meaning of 3977lmtp_destination_concurrency_limit from concurrency per domain into 3978concurrency per recipient. </p> 3979 3980%PARAM relay_destination_concurrency_limit $default_destination_concurrency_limit 3981 3982<p> The maximal number of parallel deliveries to the same destination 3983via the relay message delivery transport. This limit is enforced 3984by the queue manager. The message delivery transport name is the 3985first field in the entry in the master.cf file. </p> 3986 3987<p> This feature is available in Postfix 2.0 and later. </p> 3988 3989%PARAM relay_destination_recipient_limit $default_destination_recipient_limit 3990 3991<p> The maximal number of recipients per message for the relay 3992message delivery transport. This limit is enforced by the queue 3993manager. The message delivery transport name is the first field in 3994the entry in the master.cf file. </p> 3995 3996<p> Setting this parameter to a value of 1 changes the meaning of 3997relay_destination_concurrency_limit from concurrency per domain 3998into concurrency per recipient. </p> 3999 4000<p> This feature is available in Postfix 2.0 and later. </p> 4001 4002%PARAM smtp_destination_concurrency_limit $default_destination_concurrency_limit 4003 4004<p> The maximal number of parallel deliveries to the same destination 4005via the smtp message delivery transport. This limit is enforced by 4006the queue manager. The message delivery transport name is the first 4007field in the entry in the master.cf file. </p> 4008 4009%PARAM smtp_destination_recipient_limit $default_destination_recipient_limit 4010 4011<p> The maximal number of recipients per message for the smtp 4012message delivery transport. This limit is enforced by the queue 4013manager. The message delivery transport name is the first field in 4014the entry in the master.cf file. </p> 4015 4016<p> Setting this parameter to a value of 1 changes the meaning of 4017smtp_destination_concurrency_limit from concurrency per domain 4018into concurrency per recipient. </p> 4019 4020%PARAM virtual_destination_concurrency_limit $default_destination_concurrency_limit 4021 4022<p> The maximal number of parallel deliveries to the same destination 4023via the virtual message delivery transport. This limit is enforced 4024by the queue manager. The message delivery transport name is the 4025first field in the entry in the master.cf file. </p> 4026 4027%PARAM virtual_destination_recipient_limit $default_destination_recipient_limit 4028 4029<p> The maximal number of recipients per message for the virtual 4030message delivery transport. This limit is enforced by the queue 4031manager. The message delivery transport name is the first field in 4032the entry in the master.cf file. </p> 4033 4034<p> Setting this parameter to a value of 1 changes the meaning of 4035virtual_destination_concurrency_limit from concurrency per domain 4036into concurrency per recipient. </p> 4037 4038%PARAM smtp_helo_name $myhostname 4039 4040<p> 4041The hostname to send in the SMTP EHLO or HELO command. 4042</p> 4043 4044<p> 4045The default value is the machine hostname. Specify a hostname or 4046[ip.add.re.ss]. 4047</p> 4048 4049<p> 4050This information can be specified in the main.cf file for all SMTP 4051clients, or it can be specified in the master.cf file for a specific 4052client, for example: 4053</p> 4054 4055<blockquote> 4056<pre> 4057/etc/postfix/master.cf: 4058 mysmtp ... smtp -o smtp_helo_name=foo.bar.com 4059</pre> 4060</blockquote> 4061 4062<p> 4063This feature is available in Postfix 2.0 and later. 4064</p> 4065 4066%PARAM smtp_helo_timeout 300s 4067 4068<p> 4069The SMTP client time limit for sending the HELO or EHLO command, 4070and for receiving the initial server response. 4071</p> 4072 4073<p> 4074Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4075The default time unit is s (seconds). 4076</p> 4077 4078%PARAM smtp_host_lookup dns 4079 4080<p> 4081What mechanisms the Postfix SMTP client uses to look up a host's IP 4082address. This parameter is ignored when DNS lookups are disabled 4083(see: disable_dns_lookups). 4084</p> 4085 4086<p> 4087Specify one of the following: 4088</p> 4089 4090<dl> 4091 4092<dt><b>dns</b></dt> 4093 4094<dd>Hosts can be found in the DNS (preferred). </dd> 4095 4096<dt><b>native</b></dt> 4097 4098<dd>Use the native naming service only (nsswitch.conf, or equivalent 4099mechanism). </dd> 4100 4101<dt><b>dns, native</b></dt> 4102 4103<dd>Use the native service for hosts not found in the DNS. </dd> 4104 4105</dl> 4106 4107<p> 4108This feature is available in Postfix 2.1 and later. 4109</p> 4110 4111%PARAM smtp_line_length_limit 990 4112 4113<p> 4114The maximal length of message header and body lines that Postfix 4115will send via SMTP. Longer lines are broken by inserting 4116"<CR><LF><SPACE>". This minimizes the damage to 4117MIME formatted mail. 4118</p> 4119 4120<p> 4121By default, the line length is limited to 990 characters, because 4122some server implementations cannot receive mail with long lines. 4123</p> 4124 4125%PARAM smtp_mail_timeout 300s 4126 4127<p> 4128The SMTP client time limit for sending the MAIL FROM command, and 4129for receiving the server response. 4130</p> 4131 4132<p> 4133Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4134The default time unit is s (seconds). 4135</p> 4136 4137%PARAM smtp_mx_address_limit 5 4138 4139<p> 4140The maximal number of MX (mail exchanger) IP addresses that can 4141result from mail exchanger lookups, or zero (no limit). Prior to 4142Postfix version 2.3, this limit was disabled by default. 4143</p> 4144 4145<p> 4146This feature is available in Postfix 2.1 and later. 4147</p> 4148 4149%PARAM smtp_mx_session_limit 2 4150 4151<p> The maximal number of SMTP sessions per delivery request before 4152giving up or delivering to a fall-back relay host, or zero (no 4153limit). This restriction ignores sessions that fail to complete the 4154SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to 4155complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p> 4156 4157<p> This feature is available in Postfix 2.1 and later. </p> 4158 4159%PARAM smtp_never_send_ehlo no 4160 4161<p> Never send EHLO at the start of an SMTP session. See also the 4162smtp_always_send_ehlo parameter. </p> 4163 4164%PARAM smtp_pix_workaround_threshold_time 500s 4165 4166<p> How long a message must be queued before the Postfix SMTP client 4167turns on the PIX firewall "<CR><LF>.<CR><LF>" 4168bug workaround for delivery through firewalls with "smtp fixup" 4169mode turned on. </p> 4170 4171<p> 4172By default, the workaround is turned off for mail that is queued 4173for less than 500 seconds. In other words, the workaround is normally 4174turned off for the first delivery attempt. 4175</p> 4176 4177<p> 4178Specify 0 to enable the PIX firewall 4179"<CR><LF>.<CR><LF>" bug workaround upon the 4180first delivery attempt. 4181</p> 4182 4183%PARAM smtp_quit_timeout 300s 4184 4185<p> 4186The SMTP client time limit for sending the QUIT command, and for 4187receiving the server response. 4188</p> 4189 4190<p> 4191Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4192The default time unit is s (seconds). 4193</p> 4194 4195%PARAM smtp_quote_rfc821_envelope yes 4196 4197<p> 4198Quote addresses in SMTP MAIL FROM and RCPT TO commands as required 4199by RFC 2821. This includes putting quotes around an address localpart 4200that ends in ".". 4201</p> 4202 4203<p> 4204The default is to comply with RFC 2821. If you have to send mail to 4205a broken SMTP server, configure a special SMTP client in master.cf: 4206</p> 4207 4208<blockquote> 4209<pre> 4210/etc/postfix/master.cf: 4211 broken-smtp . . . smtp -o smtp_quote_rfc821_envelope=no 4212</pre> 4213</blockquote> 4214 4215<p> 4216and route mail for the destination in question to the "broken-smtp" 4217message delivery with a transport(5) table. 4218</p> 4219 4220<p> 4221This feature is available in Postfix 2.1 and later. 4222</p> 4223 4224%PARAM smtp_rcpt_timeout 300s 4225 4226<p> 4227The SMTP client time limit for sending the SMTP RCPT TO command, and 4228for receiving the server response. 4229</p> 4230 4231<p> 4232Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4233The default time unit is s (seconds). 4234</p> 4235 4236%PARAM smtp_sasl_auth_enable no 4237 4238<p> 4239Enable SASL authentication in the Postfix SMTP client. By default, 4240the Postfix SMTP client uses no authentication. 4241</p> 4242 4243<p> 4244Example: 4245</p> 4246 4247<pre> 4248smtp_sasl_auth_enable = yes 4249</pre> 4250 4251%PARAM smtp_sasl_password_maps 4252 4253<p> 4254Optional SMTP client lookup tables with one username:password entry 4255per remote hostname or domain, or sender address when sender-dependent 4256authentication is enabled. If no username:password entry is found, 4257then the Postfix SMTP client will not 4258attempt to authenticate to the remote host. 4259</p> 4260 4261<p> 4262The Postfix SMTP client opens the lookup table before going to 4263chroot jail, so you can leave the password file in /etc/postfix. 4264</p> 4265 4266%PARAM smtp_sasl_security_options noplaintext, noanonymous 4267 4268<p> Postfix SMTP client SASL security options; as of Postfix 2.3 4269the list of available 4270features depends on the SASL client implementation that is selected 4271with <b>smtp_sasl_type</b>. </p> 4272 4273<p> The following security features are defined for the <b>cyrus</b> 4274client SASL implementation: </p> 4275 4276<p> 4277Specify zero or more of the following: 4278</p> 4279 4280<dl> 4281 4282<dt><b>noplaintext</b></dt> 4283 4284<dd>Disallow methods that use plaintext passwords. </dd> 4285 4286<dt><b>noactive</b></dt> 4287 4288<dd>Disallow methods subject to active (non-dictionary) attack. 4289</dd> 4290 4291<dt><b>nodictionary</b></dt> 4292 4293<dd>Disallow methods subject to passive (dictionary) attack. </dd> 4294 4295<dt><b>noanonymous</b></dt> 4296 4297<dd>Disallow methods that allow anonymous authentication. </dd> 4298 4299<dt><b>mutual_auth</b></dt> 4300 4301<dd>Only allow methods that provide mutual authentication (not 4302available with SASL version 1). </dd> 4303 4304</dl> 4305 4306<p> 4307Example: 4308</p> 4309 4310<pre> 4311smtp_sasl_security_options = noplaintext 4312</pre> 4313 4314%PARAM smtp_sasl_mechanism_filter 4315 4316<p> 4317If non-empty, a Postfix SMTP client filter for the remote SMTP 4318server's list of offered SASL mechanisms. Different client and 4319server implementations may support different mechanism lists. By 4320default, the Postfix SMTP client will use the intersection of the 4321two. smtp_sasl_mechanism_filter further restricts what server 4322mechanisms the client will take into consideration. </p> 4323 4324<p> Specify mechanism names, "/file/name" patterns or "type:table" 4325lookup tables. The right-hand side result from "type:table" lookups 4326is ignored. Specify "!pattern" to exclude a mechanism name from the 4327list. The form "!/file/name" is supported only in Postfix version 43282.4 and later. </p> 4329 4330<p> This feature is available in Postfix 2.2 and later. </p> 4331 4332<p> 4333Examples: 4334</p> 4335 4336<pre> 4337smtp_sasl_mechanism_filter = plain, login 4338smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs 4339smtp_sasl_mechanism_filter = !gssapi, !login, static:rest 4340</pre> 4341 4342%PARAM smtp_send_xforward_command no 4343 4344<p> 4345Send the non-standard XFORWARD command when the Postfix SMTP server 4346EHLO response announces XFORWARD support. 4347</p> 4348 4349<p> 4350This allows an "smtp" delivery agent, used for injecting mail into 4351a content filter, to forward the name, address, protocol and HELO 4352name of the original client to the content filter and downstream 4353queuing SMTP server. This can produce more useful logging than 4354localhost[127.0.0.1] etc. 4355</p> 4356 4357<p> 4358This feature is available in Postfix 2.1 and later. 4359</p> 4360 4361%PARAM smtp_skip_4xx_greeting yes 4362 4363<p> 4364Skip SMTP servers that greet with a 4XX status code (go away, try 4365again later). 4366</p> 4367 4368<p> 4369By default, Postfix moves on the next mail exchanger. Specify 4370"smtp_skip_4xx_greeting = no" if Postfix should defer delivery 4371immediately. 4372</p> 4373 4374<p> This feature is available in Postfix 2.0 and earlier. 4375Later Postfix versions always skip SMTP servers that greet with a 43764XX status code. </p> 4377 4378%PARAM smtp_skip_5xx_greeting yes 4379 4380<p> 4381Skip SMTP servers that greet with a 5XX status code (go away, do 4382not try again later). 4383</p> 4384 4385<p> By default, the Postfix SMTP client moves on the next mail 4386exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should 4387bounce the mail immediately. The default setting is incorrect, but 4388it is what a lot of people expect to happen. </p> 4389 4390%PARAM smtp_skip_quit_response yes 4391 4392<p> 4393Do not wait for the response to the SMTP QUIT command. 4394</p> 4395 4396%PARAM smtp_xforward_timeout 300s 4397 4398<p> 4399The SMTP client time limit for sending the XFORWARD command, and 4400for receiving the server response. 4401</p> 4402 4403<p> 4404Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4405The default time unit is s (seconds). 4406</p> 4407 4408<p> 4409This feature is available in Postfix 2.1 and later. 4410</p> 4411 4412%PARAM authorized_verp_clients $mynetworks 4413 4414<p> What SMTP clients are allowed to specify the XVERP command. 4415This command requests that mail be delivered one recipient at a 4416time with a per recipient return address. </p> 4417 4418<p> By default, only trusted clients are allowed to specify XVERP. 4419</p> 4420 4421<p> This parameter was introduced with Postfix version 1.1. Postfix 4422version 2.1 renamed this parameter to smtpd_authorized_verp_clients 4423and changed the default to none. </p> 4424 4425<p> Specify a list of network/netmask patterns, separated by commas 4426and/or whitespace. The mask specifies the number of bits in the 4427network part of a host address. You can also specify hostnames or 4428.domain names (the initial dot causes the domain to match any name 4429below it), "/file/name" or "type:table" patterns. A "/file/name" 4430pattern is replaced by its contents; a "type:table" lookup table 4431is matched when a table entry matches a lookup string (the lookup 4432result is ignored). Continue long lines by starting the next line 4433with whitespace. Specify "!pattern" to exclude an address or network 4434block from the list. The form "!/file/name" is supported only in 4435Postfix version 2.4 and later. </p> 4436 4437<p> Note: IP version 6 address information must be specified inside 4438<tt>[]</tt> in the authorized_verp_clients value, and in files 4439specified with "/file/name". IP version 6 addresses contain the 4440":" character, and would otherwise be confused with a "type:table" 4441pattern. </p> 4442 4443%PARAM smtpd_authorized_verp_clients $authorized_verp_clients 4444 4445<p> What SMTP clients are allowed to specify the XVERP command. 4446This command requests that mail be delivered one recipient at a 4447time with a per recipient return address. </p> 4448 4449<p> By default, no clients are allowed to specify XVERP. </p> 4450 4451<p> This parameter was renamed with Postfix version 2.1. The default value 4452is backwards compatible with Postfix version 2.0. </p> 4453 4454<p> Specify a list of network/netmask patterns, separated by commas 4455and/or whitespace. The mask specifies the number of bits in the 4456network part of a host address. You can also specify hostnames or 4457.domain names (the initial dot causes the domain to match any name 4458below it), "/file/name" or "type:table" patterns. A "/file/name" 4459pattern is replaced by its contents; a "type:table" lookup table 4460is matched when a table entry matches a lookup string (the lookup 4461result is ignored). Continue long lines by starting the next line 4462with whitespace. Specify "!pattern" to exclude an address or network 4463block from the list. The form "!/file/name" is supported only in 4464Postfix version 2.4 and later. </p> 4465 4466<p> Note: IP version 6 address information must be specified inside 4467<tt>[]</tt> in the smtpd_authorized_verp_clients value, and in 4468files specified with "/file/name". IP version 6 addresses contain 4469the ":" character, and would otherwise be confused with a "type:table" 4470pattern. </p> 4471 4472%PARAM smtpd_authorized_xclient_hosts 4473 4474<p> 4475What SMTP clients are allowed to use the XCLIENT feature. This 4476command overrides SMTP client information that is used for access 4477control. Typical use is for SMTP-based content filters, fetchmail-like 4478programs, or SMTP server access rule testing. See the XCLIENT_README 4479document for details. 4480</p> 4481 4482<p> 4483This feature is available in Postfix 2.1 and later. 4484</p> 4485 4486<p> 4487By default, no clients are allowed to specify XCLIENT. 4488</p> 4489 4490<p> 4491Specify a list of network/netmask patterns, separated by commas 4492and/or whitespace. The mask specifies the number of bits in the 4493network part of a host address. You can also specify hostnames or 4494.domain names (the initial dot causes the domain to match any name 4495below it), "/file/name" or "type:table" patterns. A "/file/name" 4496pattern is replaced by its contents; a "type:table" lookup table 4497is matched when a table entry matches a lookup string (the lookup 4498result is ignored). Continue long lines by starting the next line 4499with whitespace. Specify "!pattern" to exclude an address or network 4500block from the list. The form "!/file/name" is supported only in 4501Postfix version 2.4 and later. </p> 4502 4503<p> Note: IP version 6 address information must be specified inside 4504<tt>[]</tt> in the smtpd_authorized_xclient_hosts value, and in 4505files specified with "/file/name". IP version 6 addresses contain 4506the ":" character, and would otherwise be confused with a "type:table" 4507pattern. </p> 4508 4509%PARAM smtpd_authorized_xforward_hosts 4510 4511<p> 4512What SMTP clients are allowed to use the XFORWARD feature. This 4513command forwards information that is used to improve logging after 4514SMTP-based content filters. See the XFORWARD_README document for 4515details. 4516</p> 4517 4518<p> 4519This feature is available in Postfix 2.1 and later. 4520</p> 4521 4522<p> 4523By default, no clients are allowed to specify XFORWARD. 4524</p> 4525 4526<p> 4527Specify a list of network/netmask patterns, separated by commas 4528and/or whitespace. The mask specifies the number of bits in the 4529network part of a host address. You can also specify hostnames or 4530.domain names (the initial dot causes the domain to match any name 4531below it), "/file/name" or "type:table" patterns. A "/file/name" 4532pattern is replaced by its contents; a "type:table" lookup table 4533is matched when a table entry matches a lookup string (the lookup 4534result is ignored). Continue long lines by starting the next line 4535with whitespace. Specify "!pattern" to exclude an address or network 4536block from the list. The form "!/file/name" is supported only in 4537Postfix version 2.4 and later. </p> 4538 4539<p> Note: IP version 6 address information must be specified inside 4540<tt>[]</tt> in the smtpd_authorized_xforward_hosts value, and in 4541files specified with "/file/name". IP version 6 addresses contain 4542the ":" character, and would otherwise be confused with a "type:table" 4543pattern. </p> 4544 4545%PARAM smtpd_banner $myhostname ESMTP $mail_name 4546 4547<p> 4548The text that follows the 220 status code in the SMTP greeting 4549banner. Some people like to see the mail version advertised. By 4550default, Postfix shows no version. 4551</p> 4552 4553<p> 4554You MUST specify $myhostname at the start of the text. This is 4555required by the SMTP protocol. 4556</p> 4557 4558<p> 4559Example: 4560</p> 4561 4562<pre> 4563smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) 4564</pre> 4565 4566%PARAM smtpd_client_connection_count_limit 50 4567 4568<p> 4569How many simultaneous connections any client is allowed to 4570make to this service. By default, the limit is set to half 4571the default process limit value. 4572</p> 4573 4574<p> 4575To disable this feature, specify a limit of 0. 4576</p> 4577 4578<p> 4579WARNING: The purpose of this feature is to limit abuse. It must 4580not be used to regulate legitimate mail traffic. 4581</p> 4582 4583<p> 4584This feature is available in Postfix 2.2 and later. 4585</p> 4586 4587%PARAM smtpd_client_event_limit_exceptions $mynetworks 4588 4589<p> 4590Clients that are excluded from connection count, connection rate, 4591or SMTP request rate restrictions. See the mynetworks parameter 4592description for the parameter value syntax. 4593</p> 4594 4595<p> 4596By default, clients in trusted networks are excluded. Specify a 4597list of network blocks, hostnames or .domain names (the initial 4598dot causes the domain to match any name below it). 4599</p> 4600 4601<p> Note: IP version 6 address information must be specified inside 4602<tt>[]</tt> in the smtpd_client_event_limit_exceptions value, and 4603in files specified with "/file/name". IP version 6 addresses 4604contain the ":" character, and would otherwise be confused with a 4605"type:table" pattern. </p> 4606 4607<p> 4608This feature is available in Postfix 2.2 and later. 4609</p> 4610 4611%PARAM smtpd_client_connection_rate_limit 0 4612 4613<p> 4614The maximal number of connection attempts any client is allowed to 4615make to this service per time unit. The time unit is specified 4616with the anvil_rate_time_unit configuration parameter. 4617</p> 4618 4619<p> 4620By default, a client can make as many connections per time unit as 4621Postfix can accept. 4622</p> 4623 4624<p> 4625To disable this feature, specify a limit of 0. 4626</p> 4627 4628<p> 4629WARNING: The purpose of this feature is to limit abuse. It must 4630not be used to regulate legitimate mail traffic. 4631</p> 4632 4633<p> 4634This feature is available in Postfix 2.2 and later. 4635</p> 4636 4637<p> 4638Example: 4639</p> 4640 4641<pre> 4642smtpd_client_connection_rate_limit = 1000 4643</pre> 4644 4645%PARAM smtpd_client_message_rate_limit 0 4646 4647<p> 4648The maximal number of message delivery requests that any client is 4649allowed to make to this service per time unit, regardless of whether 4650or not Postfix actually accepts those messages. The time unit is 4651specified with the anvil_rate_time_unit configuration parameter. 4652</p> 4653 4654<p> 4655By default, a client can send as many message delivery requests 4656per time unit as Postfix can accept. 4657</p> 4658 4659<p> 4660To disable this feature, specify a limit of 0. 4661</p> 4662 4663<p> 4664WARNING: The purpose of this feature is to limit abuse. It must 4665not be used to regulate legitimate mail traffic. 4666</p> 4667 4668<p> 4669This feature is available in Postfix 2.2 and later. 4670</p> 4671 4672<p> 4673Example: 4674</p> 4675 4676<pre> 4677smtpd_client_message_rate_limit = 1000 4678</pre> 4679 4680%PARAM smtpd_client_recipient_rate_limit 0 4681 4682<p> 4683The maximal number of recipient addresses that any client is allowed 4684to send to this service per time unit, regardless of whether or not 4685Postfix actually accepts those recipients. The time unit is specified 4686with the anvil_rate_time_unit configuration parameter. 4687</p> 4688 4689<p> 4690By default, a client can send as many recipient addresses per time 4691unit as Postfix can accept. 4692</p> 4693 4694<p> 4695To disable this feature, specify a limit of 0. 4696</p> 4697 4698<p> 4699WARNING: The purpose of this feature is to limit abuse. It must 4700not be used to regulate legitimate mail traffic. 4701</p> 4702 4703<p> 4704This feature is available in Postfix 2.2 and later. 4705</p> 4706 4707<p> 4708Example: 4709</p> 4710 4711<pre> 4712smtpd_client_recipient_rate_limit = 1000 4713</pre> 4714 4715%PARAM smtpd_client_new_tls_session_rate_limit 0 4716 4717<p> 4718The maximal number of new (i.e., uncached) TLS sessions that a 4719remote SMTP client is allowed to negotiate with this service per 4720time unit. The time unit is specified with the anvil_rate_time_unit 4721configuration parameter. 4722</p> 4723 4724<p> 4725By default, a remote SMTP client can negotiate as many new TLS 4726sessions per time unit as Postfix can accept. 4727</p> 4728 4729<p> 4730To disable this feature, specify a limit of 0. Otherwise, specify 4731a limit that is at least the per-client concurrent session limit, 4732or else legitimate client sessions may be rejected. 4733</p> 4734 4735<p> 4736WARNING: The purpose of this feature is to limit abuse. It must 4737not be used to regulate legitimate mail traffic. 4738</p> 4739 4740<p> 4741This feature is available in Postfix 2.3 and later. 4742</p> 4743 4744<p> 4745Example: 4746</p> 4747 4748<pre> 4749smtpd_client_new_tls_session_rate_limit = 100 4750</pre> 4751 4752%PARAM smtpd_client_restrictions 4753 4754<p> 4755Optional SMTP server access restrictions in the context of a client 4756SMTP connection request. 4757See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 4758restriction lists" for a discussion of evaluation context and time. 4759</p> 4760 4761<p> 4762The default is to allow all connection requests. 4763</p> 4764 4765<p> 4766Specify a list of restrictions, separated by commas and/or whitespace. 4767Continue long lines by starting the next line with whitespace. 4768Restrictions are applied in the order as specified; the first 4769restriction that matches wins. 4770</p> 4771 4772<p> 4773The following restrictions are specific to client hostname or 4774client network address information. 4775</p> 4776 4777<dl> 4778 4779<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4780 4781<dd> Use the client certificate fingerprint as lookup key for the 4782specified access(5) database; with Postfix version 2.2, also require that 4783the SMTP client certificate is verified successfully. 4784The fingerprint digest algorithm is configurable via the 4785smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 4786Postfix version 2.5). This feature is available with Postfix version 47872.2 and later. </dd> 4788 4789<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4790 4791<dd>Search the specified access database for the client hostname, 4792parent domains, client IP address, or networks obtained by stripping 4793least significant octets. See the access(5) manual page for details. </dd> 4794 4795<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4796 4797<dd>Search the specified access(5) database for the MX hosts for the 4798client hostname, and execute the corresponding action. Note: a result 4799of "OK" is not allowed for safety reasons. Instead, use DUNNO in order 4800to exclude specific hosts from blacklists. This feature is available 4801in Postfix 2.7 and later. </dd> 4802 4803<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4804 4805<dd>Search the specified access(5) database for the DNS servers for 4806the client hostname, and execute the corresponding action. Note: a 4807result of "OK" is not allowed for safety reasons. Instead, use DUNNO 4808in order to exclude specific hosts from blacklists. This feature is 4809available in Postfix 2.7 and later. </dd> 4810 4811<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4812 4813<dd>Search the specified access database for the unverified reverse 4814client hostname, parent domains, client IP address, or networks 4815obtained by stripping least significant octets. See the access(5) 4816manual page for details. Note: a result of "OK" is not allowed for 4817safety reasons. Instead, use DUNNO in order to exclude specific 4818hosts from blacklists. This feature is available in Postfix 2.6 4819and later.</dd> 4820 4821<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4822 4823<dd>Search the specified access(5) database for the MX hosts for the 4824unverified reverse client hostname, and execute the corresponding 4825action. Note: a result of "OK" is not allowed for safety reasons. 4826Instead, use DUNNO in order to exclude specific hosts from blacklists. 4827This feature is available in Postfix 2.7 and later. </dd> 4828 4829<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 4830 4831<dd>Search the specified access(5) database for the DNS servers for 4832the unverified reverse client hostname, and execute the corresponding 4833action. Note: a result of "OK" is not allowed for safety reasons. 4834Instead, use DUNNO in order to exclude specific hosts from blacklists. 4835This feature is available in Postfix 2.7 and later. </dd> 4836 4837<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 4838 4839<dd>Permit the request when the client IP address matches 4840$inet_interfaces. </dd> 4841 4842<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt> 4843 4844<dd>Permit the request when the client IP address matches any 4845network or network address listed in $mynetworks. </dd> 4846 4847<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> 4848 4849<dd> Permit the request when the client is successfully 4850authenticated via the RFC 4954 (AUTH) protocol. </dd> 4851 4852 4853<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> 4854 4855<dd> Permit the request when the remote SMTP client certificate is 4856verified successfully. This option must be used only if a special 4857CA issues the certificates and only this CA is listed as trusted 4858CA. Otherwise, clients with a third-party certificate would also 4859be allowed to relay. Specify "tls_append_default_CA = no" when the 4860trusted CA is specified with smtpd_tls_CAfile or smtpd_tls_CApath, 4861to prevent Postfix from appending the system-supplied default CAs. 4862This feature is available with Postfix version 2.2.</dd> 4863 4864<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt> 4865 4866<dd>Permit the request when the remote SMTP client certificate 4867fingerprint is listed in $relay_clientcerts. 4868The fingerprint digest algorithm is configurable via the 4869smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 4870Postfix version 2.5). This feature is available with Postfix version 48712.2. </dd> 4872 4873<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 4874 4875<dd>Reject the request when the reversed client network address is 4876listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 4877(Postfix version 2.1 and later only). If no "<i>=d.d.d.d</i>" is 4878specified, reject the request when the reversed client network 4879address is listed with any A record under <i>rbl_domain</i>. <br> 4880The maps_rbl_reject_code parameter specifies the response code for 4881rejected requests (default: 554), the default_rbl_reply parameter 4882specifies the default server reply, and the rbl_reply_maps parameter 4883specifies tables with server replies indexed by <i>rbl_domain</i>. 4884This feature is available in Postfix 2.0 and later. </dd> 4885 4886<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 4887 4888<dd>Reject the request when the client hostname is listed with the 4889A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 48902.1 and later only). If no "<i>=d.d.d.d</i>" is specified, reject 4891the request when the client hostname is listed with 4892any A record under <i>rbl_domain</i>. See the reject_rbl_client 4893description above for additional RBL related configuration parameters. 4894This feature is available in Postfix 2.0 and later. </dd> 4895 4896<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt> 4897 4898<dd>Reject the request when 1) the client IP address->name mapping 4899fails, 2) the name->address mapping fails, or 3) the name->address 4900mapping does not match the client IP address. <br> This is a 4901stronger restriction than the reject_unknown_reverse_client_hostname 4902feature, which triggers only under condition 1) above. <br> The 4903unknown_client_reject_code parameter specifies the response code 4904for rejected requests (default: 450). The reply is always 450 in 4905case the address->name or name->address lookup failed due to 4906a temporary problem. </dd> 4907 4908<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt> 4909 4910<dd>Reject the request when the client IP address has no address->name 4911mapping. <br> This is a weaker restriction than the 4912reject_unknown_client_hostname feature, which requires not only 4913that the address->name and name->address mappings exist, but 4914also that the two mappings reproduce the client IP address. <br> 4915The unknown_client_reject_code parameter specifies the response 4916code for rejected requests (default: 450). The reply is always 450 4917in case the address->name lookup failed due to a temporary 4918problem. <br> This feature is available in Postfix 2.3 and 4919later. </dd> 4920 4921#<dt><b><a name="reject_unknown_forward_client_hostname">reject_unknown_forward_client_hostname</a></b></dt> 4922# 4923#<dd>Reject the request when the client IP address has no address->name 4924#or name ->address mapping. <br> This is a weaker restriction 4925#than the reject_unknown_client_hostname feature, which requires not 4926#only that the address->name and name->address mappings exist, 4927#but also that the two mappings reproduce the client IP address. 4928#<br> The unknown_client_reject_code parameter specifies the response 4929#code for rejected requests (default: 450). The reply is always 450 4930#in case the address->name or name ->address lookup failed due 4931#to a temporary problem. <br> This feature is available in Postfix 4932#version 2.3 and later. </dd> 4933 4934</dl> 4935 4936<p> 4937In addition, you can use any of the following <a name="generic"> 4938generic</a> restrictions. These restrictions are applicable in 4939any SMTP command context. 4940</p> 4941 4942<dl> 4943 4944<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt> 4945 4946<dd>Query the specified policy server. See the SMTPD_POLICY_README 4947document for details. This feature is available in Postfix 2.1 4948and later. </dd> 4949 4950<dt><b><a name="defer">defer</a></b></dt> 4951 4952<dd>Defer the request. The client is told to try again later. This 4953restriction is useful at the end of a restriction list, to make 4954the default policy explicit. <br> The defer_code parameter specifies 4955the SMTP server reply code (default: 450).</dd> 4956 4957<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt> 4958 4959<dd>Defer the request if some later restriction would result in an 4960explicit or implicit PERMIT action. This is useful when a blacklisting 4961feature fails due to a temporary problem. This feature is available 4962in Postfix version 2.1 and later. </dd> 4963 4964<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt> 4965 4966<dd>Defer the request if some later restriction would result in a 4967REJECT action. This is useful when a whitelisting feature fails 4968due to a temporary problem. This feature is available in Postfix 4969version 2.1 and later. </dd> 4970 4971<dt><b><a name="permit">permit</a></b></dt> 4972 4973<dd>Permit the request. This restriction is useful at the end of 4974a restriction list, to make the default policy explicit.</dd> 4975 4976<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt> 4977 4978<dd>Reject the request when the envelope sender is the null address, 4979and the message has multiple envelope recipients. This usage has 4980rare but legitimate applications: under certain conditions, 4981multi-recipient mail that was posted with the DSN option NOTIFY=NEVER 4982may be forwarded with the null sender address. 4983<br> Note: this restriction can only work reliably 4984when used in smtpd_data_restrictions or 4985smtpd_end_of_data_restrictions, because the total number of 4986recipients is not known at an earlier stage of the SMTP conversation. 4987Use at the RCPT stage will only reject the second etc. recipient. 4988<br> 4989The multi_recipient_bounce_reject_code parameter specifies the 4990response code for rejected requests (default: 550). This feature 4991is available in Postfix 2.1 and later. </dd> 4992 4993<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt> 4994 4995<dd>Reject the request when the connection is not encrypted. This 4996restriction should not be used before the client has had a chance 4997to negotiate encryption with the AUTH or STARTTLS commands. 4998<br> 4999The plaintext_reject_code parameter specifies the response 5000code for rejected requests (default: 450). This feature is available 5001in Postfix 2.3 and later. </dd> 5002 5003<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt> 5004 5005<dd>Reject the request when the client sends SMTP commands ahead 5006of time where it is not allowed, or when the client sends SMTP 5007commands ahead of time without knowing that Postfix actually supports 5008ESMTP command pipelining. This stops mail from bulk mail software 5009that improperly uses ESMTP command pipelining in order to speed up 5010deliveries. 5011<br> With Postfix 2.6 and later, the SMTP server sets a per-session 5012flag whenever it detects illegal pipelining, including pipelined 5013EHLO or HELO commands. The reject_unauth_pipelining feature simply 5014tests whether the flag was set at any point in time during the 5015session. 5016<br> With older Postfix versions, reject_unauth_pipelining checks 5017the current status of the input read queue, and its usage is not 5018recommended in contexts other than smtpd_data_restrictions. </dd> 5019 5020<dt><b><a name="reject">reject</a></b></dt> 5021 5022<dd>Reject the request. This restriction is useful at the end of 5023a restriction list, to make the default policy explicit. The 5024reject_code configuration parameter specifies the response code for 5025rejected requests (default: 554).</dd> 5026 5027<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt> 5028 5029<dd>Pause for the specified number of seconds and proceed with 5030the next restriction in the list, if any. This may stop zombie 5031mail when used as: 5032<pre> 5033/etc/postfix/main.cf: 5034 smtpd_client_restrictions = 5035 sleep 1, reject_unauth_pipelining 5036 smtpd_delay_reject = no 5037</pre> 5038This feature is available in Postfix 2.3. </dd> 5039 5040<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt> 5041 5042<dd>Change the meaning of the next restriction, so that it logs 5043a warning instead of rejecting a request (look for logfile records 5044that contain "reject_warning"). This is useful for testing new 5045restrictions in a "live" environment without risking unnecessary 5046loss of mail. </dd> 5047 5048</dl> 5049 5050<p> 5051Other restrictions that are valid in this context: 5052</p> 5053 5054<ul> 5055 5056<li> SMTP command specific restrictions that are described under 5057the smtpd_helo_restrictions, smtpd_sender_restrictions or 5058smtpd_recipient_restrictions parameters. When helo, sender or 5059recipient restrictions are listed under smtpd_client_restrictions, 5060they have effect only with "smtpd_delay_reject = yes", so that 5061$smtpd_client_restrictions is evaluated at the time of the RCPT TO 5062command. 5063 5064</ul> 5065 5066<p> 5067Example: 5068</p> 5069 5070<pre> 5071smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname 5072</pre> 5073 5074%CLASS smtpd-tarpit Tarpit features 5075 5076<p> 5077When a remote SMTP client makes errors, the Postfix SMTP server 5078can insert delays before responding. This can help to slow down 5079run-away software. The behavior is controlled by an error counter 5080that counts the number of errors within an SMTP session that a 5081client makes without delivering mail. 5082</p> 5083 5084<ul> 5085 5086<li><p>When the error counter is less than $smtpd_soft_error_limit the 5087Postfix SMTP server replies immediately (Postfix version 2.0 and earlier 5088delay their 4xx or 5xx error response). </p> 5089 5090<li><p>When the error counter reaches $smtpd_soft_error_limit, the Postfix 5091SMTP server delays all its responses. </p> 5092 5093<li><p>When the error counter reaches $smtpd_hard_error_limit the Postfix 5094SMTP server breaks the connection. </p> 5095 5096</ul> 5097 5098%PARAM smtpd_error_sleep_time 1s 5099 5100<p>With Postfix version 2.1 and later: the SMTP server response delay after 5101a client has made more than $smtpd_soft_error_limit errors, and 5102fewer than $smtpd_hard_error_limit errors, without delivering mail. 5103</p> 5104 5105<p>With Postfix version 2.0 and earlier: the SMTP server delay before 5106sending a reject (4xx or 5xx) response, when the client has made 5107fewer than $smtpd_soft_error_limit errors without delivering 5108mail. </p> 5109 5110%PARAM smtpd_soft_error_limit 10 5111 5112<p> 5113The number of errors a remote SMTP client is allowed to make without 5114delivering mail before the Postfix SMTP server slows down all its 5115responses. 5116</p> 5117 5118<ul> 5119 5120<li><p>With Postfix version 2.1 and later, the Postfix SMTP server 5121delays all responses by $smtpd_error_sleep_time seconds. </p> 5122 5123<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP 5124server delays all responses by (number of errors) seconds. </p> 5125 5126</ul> 5127 5128%PARAM smtpd_hard_error_limit normal: 20, stress: 1 5129 5130<p> 5131The maximal number of errors a remote SMTP client is allowed to 5132make without delivering mail. The Postfix SMTP server disconnects 5133when the limit is exceeded. Normally the default limit is 20, but 5134it changes under overload to just 1 with Postfix 2.6 and later. 5135</p> 5136 5137%PARAM smtpd_junk_command_limit normal: 100, stress: 1 5138 5139<p> 5140The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote 5141SMTP client can send before the Postfix SMTP server starts to 5142increment the error counter with each junk command. The junk 5143command count is reset after mail is delivered. See also the 5144smtpd_error_sleep_time and smtpd_soft_error_limit configuration 5145parameters. Normally the default limit is 100, but it changes under 5146overload to just 1 with Postfix 2.6 and later. 5147</p> 5148 5149%PARAM smtpd_recipient_overshoot_limit 1000 5150 5151<p> The number of recipients that a remote SMTP client can send in 5152excess of the limit specified with $smtpd_recipient_limit, before 5153the Postfix SMTP server increments the per-session error count 5154for each excess recipient. </p> 5155 5156%PARAM smtpd_etrn_restrictions 5157 5158<p> 5159Optional SMTP server access restrictions in the context of a client 5160ETRN request. 5161See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 5162restriction lists" for a discussion of evaluation context and time. 5163</p> 5164 5165<p> 5166The Postfix ETRN implementation accepts only destinations that are 5167eligible for the Postfix "fast flush" service. See the ETRN_README 5168file for details. 5169</p> 5170 5171<p> 5172Specify a list of restrictions, separated by commas and/or whitespace. 5173Continue long lines by starting the next line with whitespace. 5174Restrictions are applied in the order as specified; the first 5175restriction that matches wins. 5176</p> 5177 5178<p> 5179The following restrictions are specific to the domain name information 5180received with the ETRN command. 5181</p> 5182 5183<dl> 5184 5185<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5186 5187<dd>Search the specified access database for the ETRN domain name 5188or its parent domains. See the access(5) manual page for details. 5189</dd> 5190 5191</dl> 5192 5193<p> 5194Other restrictions that are valid in this context: 5195</p> 5196 5197<ul> 5198 5199<li><a href="#generic">Generic</a> restrictions that can be used 5200in any SMTP command context, described under smtpd_client_restrictions. 5201 5202<li>SMTP command specific restrictions described under 5203smtpd_client_restrictions and smtpd_helo_restrictions. 5204 5205</ul> 5206 5207<p> 5208Example: 5209</p> 5210 5211<pre> 5212smtpd_etrn_restrictions = permit_mynetworks, reject 5213</pre> 5214 5215%PARAM smtpd_expansion_filter see "postconf -d" output 5216 5217<p> 5218What characters are allowed in $name expansions of RBL reply 5219templates. Characters not in the allowed set are replaced by "_". 5220Use C like escapes to specify special characters such as whitespace. 5221</p> 5222 5223<p> 5224This parameter is not subjected to $parameter expansion. 5225</p> 5226 5227<p> 5228This feature is available in Postfix 2.0 and later. 5229</p> 5230 5231%PARAM smtpd_forbidden_commands CONNECT, GET, POST 5232 5233<p> 5234List of commands that causes the Postfix SMTP server to immediately 5235terminate the session with a 221 code. This can be used to disconnect 5236clients that obviously attempt to abuse the system. In addition to the 5237commands listed in this parameter, commands that follow the "Label:" 5238format of message headers will also cause a disconnect. 5239</p> 5240 5241<p> 5242This feature is available in Postfix 2.2 and later. 5243</p> 5244 5245%PARAM smtpd_helo_required no 5246 5247<p> 5248Require that a remote SMTP client introduces itself with the HELO 5249or EHLO command before sending the MAIL command or other commands 5250that require EHLO negotiation. 5251</p> 5252 5253<p> 5254Example: 5255</p> 5256 5257<pre> 5258smtpd_helo_required = yes 5259</pre> 5260 5261%PARAM smtpd_helo_restrictions 5262 5263<p> 5264Optional restrictions that the Postfix SMTP server applies in the 5265context of the SMTP HELO command. 5266See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 5267restriction lists" for a discussion of evaluation context and time. 5268</p> 5269 5270<p> 5271The default is to permit everything. 5272</p> 5273 5274<p> 5275Specify a list of restrictions, separated by commas and/or whitespace. 5276Continue long lines by starting the next line with whitespace. 5277Restrictions are applied in the order as specified; the first 5278restriction that matches wins. 5279</p> 5280 5281<p> 5282The following restrictions are specific to the hostname information 5283received with the HELO or EHLO command. 5284</p> 5285 5286<dl> 5287 5288<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5289 5290<dd>Search the specified access(5) database for the HELO or EHLO 5291hostname or parent domains, and execute the corresponding action. 5292</dd> 5293 5294<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5295 5296<dd>Search the specified access(5) database for the MX hosts for 5297the HELO or EHLO hostname, and execute the corresponding action. 5298Note: a result of "OK" is not allowed for safety reasons. Instead, 5299use DUNNO in order to exclude specific hosts from blacklists. This 5300feature is available in Postfix 2.1 and later. </dd> 5301 5302<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5303 5304<dd>Search the specified access(5) database for the DNS servers 5305for the HELO or EHLO hostname, and execute the corresponding action. 5306Note: a result of "OK" is not allowed for safety reasons. Instead, 5307use DUNNO in order to exclude specific hosts from blacklists. This 5308feature is available in Postfix 2.1 and later. </dd> 5309 5310<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt> 5311 5312<dd>Reject the request when the HELO or EHLO hostname syntax is 5313invalid. <br> The invalid_hostname_reject_code specifies the response 5314code for rejected requests (default: 501).</dd> 5315 5316<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt> 5317 5318<dd>Reject the request when the HELO or EHLO hostname is not in 5319fully-qualified domain form, as required by the RFC. <br> The 5320non_fqdn_reject_code parameter specifies the response code for 5321rejected requests (default: 504).</dd> 5322 5323<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt> 5324 5325<dd>Reject the request when the HELO or EHLO hostname hostname is 5326listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 5327(Postfix version 2.1 and later only). If no "<i>=d.d.d.d</i>" is 5328specified, reject the request when the HELO or EHLO hostname is 5329listed with any A record under <i>rbl_domain</i>. See the 5330reject_rbl_client description for additional RBL related configuration 5331parameters. This feature is available in Postfix 2.0 and later. 5332</dd> 5333 5334<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt> 5335 5336<dd>Reject the request when the HELO or EHLO hostname has no DNS A 5337or MX record. <br> The unknown_hostname_reject_code parameter 5338specifies the numerical response code for rejected requests (default: 5339450). <br> The unknown_helo_hostname_tempfail_action parameter 5340specifies the action after a temporary DNS error (default: 5341defer_if_permit). </dd> 5342 5343</dl> 5344 5345<p> 5346Other restrictions that are valid in this context: 5347</p> 5348 5349<ul> 5350 5351<li> <a href="#generic">Generic</a> restrictions that can be used 5352in any SMTP command context, described under smtpd_client_restrictions. 5353 5354<li> Client hostname or network address specific restrictions 5355described under smtpd_client_restrictions. 5356 5357<li> SMTP command specific restrictions described under 5358smtpd_sender_restrictions or smtpd_recipient_restrictions. When 5359sender or recipient restrictions are listed under smtpd_helo_restrictions, 5360they have effect only with "smtpd_delay_reject = yes", so that 5361$smtpd_helo_restrictions is evaluated at the time of the RCPT TO 5362command. 5363 5364</ul> 5365 5366<p> 5367Examples: 5368</p> 5369 5370<pre> 5371smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname 5372smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname 5373</pre> 5374 5375%PARAM smtpd_history_flush_threshold 100 5376 5377<p> 5378The maximal number of lines in the Postfix SMTP server command history 5379before it is flushed upon receipt of EHLO, RSET, or end of DATA. 5380</p> 5381 5382%PARAM smtpd_noop_commands 5383 5384<p> 5385List of commands that the Postfix SMTP server replies to with "250 5386Ok", without doing any syntax checks and without changing state. 5387This list overrides any commands built into the Postfix SMTP server. 5388</p> 5389 5390%PARAM smtpd_proxy_ehlo $myhostname 5391 5392<p> 5393How the Postfix SMTP server announces itself to the proxy filter. 5394By default, the Postfix hostname is used. 5395</p> 5396 5397<p> 5398This feature is available in Postfix 2.1 and later. 5399</p> 5400 5401%PARAM smtpd_proxy_options 5402 5403<p> 5404List of options that control how the Postfix SMTP server 5405communicates with a before-queue content filter. Specify zero or 5406more of the following, separated by comma or whitespace. </p> 5407 5408<dl> 5409 5410<dt><b>speed_adjust</b></dt> 5411 5412<dd> <p> Do not connect to a before-queue content filter until an entire 5413message has been received. This reduces the number of simultaneous 5414before-queue content filter processes. </p> 5415 5416<p> NOTE 1: A filter must not <i>selectively</i> reject recipients 5417of a multi-recipient message. Rejecting all recipients is OK, as 5418is accepting all recipients. </p> 5419 5420<p> NOTE 2: This feature increases the minimum amount of free queue 5421space by $message_size_limit. The extra space is needed to save the 5422message to a temporary file. </p> </dd> 5423 5424</dl> 5425 5426<p> 5427This feature is available in Postfix 2.7 and later. 5428</p> 5429 5430%CLASS smtpd-proxy SMTP Proxy filter 5431 5432<p> 5433As of Postfix version 2.1, the SMTP server can forward all incoming 5434mail to a content filtering proxy server that inspects all mail 5435BEFORE it is stored in the Postfix mail queue. 5436</p> 5437 5438<p> 5439WARNING: the proxy filter must reply within a fixed deadline or 5440else the remote SMTP client times out and mail duplication happens. 5441This becomes a problem as mail load increases so that fewer and 5442fewer CPU cycles remain available to mead the fixed deadline. 5443</p> 5444 5445%PARAM smtpd_proxy_filter 5446 5447<p> The hostname and TCP port of the mail filtering proxy server. 5448The proxy receives all mail from the Postfix SMTP server, and is 5449supposed to give the result to another Postfix SMTP server process. 5450</p> 5451 5452<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or 5453"unix:pathname" for a UNIX-domain endpoint. The host can be specified 5454as an IP address or as a symbolic name; no MX lookups are done. 5455When no "host" or "host:" are specified, the local machine is 5456assumed. Pathname interpretation is relative to the Postfix queue 5457directory. </p> 5458 5459<p> This feature is available in Postfix 2.1 and later. </p> 5460 5461<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3 5462and later. </p> 5463 5464%PARAM smtpd_proxy_timeout 100s 5465 5466<p> 5467The time limit for connecting to a proxy filter and for sending or 5468receiving information. When a connection fails the client gets a 5469generic error message while more detailed information is logged to 5470the maillog file. 5471</p> 5472 5473<p> 5474Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5475The default time unit is s (seconds). 5476</p> 5477 5478<p> 5479This feature is available in Postfix 2.1 and later. 5480</p> 5481 5482%PARAM smtpd_recipient_limit 1000 5483 5484<p> 5485The maximal number of recipients that the Postfix SMTP server 5486accepts per message delivery request. 5487</p> 5488 5489%PARAM smtpd_recipient_restrictions permit_mynetworks, reject_unauth_destination 5490 5491<p> 5492The access restrictions that the Postfix SMTP server applies in 5493the context of the RCPT TO command. 5494See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 5495restriction lists" for a discussion of evaluation context and time. 5496</p> 5497 5498<p> 5499By default, the Postfix SMTP server accepts: 5500</p> 5501 5502<ul> 5503 5504<li> Mail from clients whose IP address matches $mynetworks, or: 5505 5506<li> Mail to remote destinations that match $relay_domains, except 5507for addresses that contain sender-specified routing 5508(user@elsewhere@domain), or: 5509 5510<li> Mail to local destinations that match $inet_interfaces 5511or $proxy_interfaces, $mydestination, $virtual_alias_domains, or 5512$virtual_mailbox_domains. 5513 5514</ul> 5515 5516<p> 5517IMPORTANT: If you change this parameter setting, you must specify 5518at least one of the following restrictions. Otherwise Postfix will 5519refuse to receive mail: 5520</p> 5521 5522<blockquote> 5523<pre> 5524reject, defer, defer_if_permit, reject_unauth_destination 5525</pre> 5526</blockquote> 5527 5528<p> 5529Specify a list of restrictions, separated by commas and/or whitespace. 5530Continue long lines by starting the next line with whitespace. 5531Restrictions are applied in the order as specified; the first 5532restriction that matches wins. 5533</p> 5534 5535<p> 5536The following restrictions are specific to the recipient address 5537that is received with the RCPT TO command. 5538</p> 5539 5540<dl> 5541 5542<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5543 5544<dd>Search the specified access(5) database for the resolved RCPT 5545TO address, domain, parent domains, or localpart@, and execute the 5546corresponding action. </dd> 5547 5548<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5549 5550<dd>Search the specified access(5) database for the MX hosts for 5551the RCPT TO domain, and execute the corresponding action. Note: 5552a result of "OK" is not allowed for safety reasons. Instead, use 5553DUNNO in order to exclude specific hosts from blacklists. This 5554feature is available in Postfix 2.1 and later. </dd> 5555 5556<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5557 5558<dd>Search the specified access(5) database for the DNS servers 5559for the RCPT TO domain, and execute the corresponding action. 5560Note: a result of "OK" is not allowed for safety reasons. Instead, 5561use DUNNO in order to exclude specific hosts from blacklists. This 5562feature is available in Postfix 2.1 and later. </dd> 5563 5564<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt> 5565 5566<dd>Permit the request when one of the following is true: 5567 5568<ul> 5569 5570<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 5571$relay_domains or a subdomain thereof, and the address contains no 5572sender-specified routing (user@elsewhere@domain), 5573 5574<li> Postfix is the final destination: the resolved RCPT TO domain 5575matches $mydestination, $inet_interfaces, $proxy_interfaces, 5576$virtual_alias_domains, or $virtual_mailbox_domains, and the address 5577contains no sender-specified routing (user@elsewhere@domain). 5578 5579</ul></dd> 5580 5581<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> 5582 5583<dd>Permit the request when the local mail system is backup MX for 5584the RCPT TO domain, or when the domain is an authorized destination 5585(see permit_auth_destination for definition). 5586 5587<ul> 5588 5589<li> Safety: permit_mx_backup does not accept addresses that have 5590sender-specified routing information (example: user@elsewhere@domain). 5591 5592<li> Safety: permit_mx_backup can be vulnerable to mis-use when 5593access is not restricted with permit_mx_backup_networks. 5594 5595<li> Safety: as of Postfix version 2.3, permit_mx_backup no longer 5596accepts the address when the local mail system is primary MX for 5597the recipient domain. Exception: permit_mx_backup accepts the address 5598when it specifies an authorized destination (see permit_auth_destination 5599for definition). 5600 5601<li> Limitation: mail may be rejected in case of a temporary DNS 5602lookup problem with Postfix prior to version 2.0. 5603 5604</ul></dd> 5605 5606<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> 5607 5608<dd>Reject the request when the RCPT TO address is not in 5609fully-qualified domain form, as required by the RFC. <br> The 5610non_fqdn_reject_code parameter specifies the response code for 5611rejected requests (default: 504). </dd> 5612 5613<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt> 5614 5615<dd>Reject the request when the RCPT TO domain is listed with the 5616A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 56172.1 and later only). If no "<i>=d.d.d.d</i>" is specified, reject 5618the request when the RCPT TO domain is listed with 5619any A record under <i>rbl_domain</i>. <br> The maps_rbl_reject_code 5620parameter specifies the response code for rejected requests (default: 5621554); the default_rbl_reply parameter specifies the default server 5622reply; and the rbl_reply_maps parameter specifies tables with server 5623replies indexed by <i>rbl_domain</i>. This feature is available 5624in Postfix version 2.0 and later.</dd> 5625 5626<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt> 5627 5628<dd>Reject the request unless one of the following is true: 5629 5630<ul> 5631 5632<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 5633$relay_domains or a subdomain thereof, and contains no sender-specified 5634routing (user@elsewhere@domain), 5635 5636<li> Postfix is the final destination: the resolved RCPT TO domain 5637matches $mydestination, $inet_interfaces, $proxy_interfaces, 5638$virtual_alias_domains, or $virtual_mailbox_domains, and contains 5639no sender-specified routing (user@elsewhere@domain). 5640 5641</ul> The relay_domains_reject_code parameter specifies the response 5642code for rejected requests (default: 554). </dd> 5643 5644<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt> 5645 5646<dd>Reject the request when Postfix is not final destination for 5647the recipient domain, and the RCPT TO domain has no DNS A or MX 5648record, or when it has a malformed MX record such as a record with 5649a zero-length MX hostname (Postfix version 2.3 and later). <br> The 5650unknown_address_reject_code parameter specifies the numerical 5651response code for rejected requests (default: 450). The response 5652is always 450 in case of a temporary DNS error. <br> The 5653unknown_address_tempfail_action parameter specifies the action 5654after a temporary DNS error (default: defer_if_permit). </dd> 5655 5656<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt> 5657 5658<dd> Reject the request when the RCPT TO address is not listed in 5659the list of valid recipients for its domain class. See the 5660smtpd_reject_unlisted_recipient parameter description for details. 5661This feature is available in Postfix 2.1 and later.</dd> 5662 5663<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt> 5664 5665<dd>Reject the request when mail to the RCPT TO address is known 5666to bounce, or when the recipient address destination is not reachable. 5667Address verification information is managed by the verify(8) server; 5668see the ADDRESS_VERIFICATION_README file for details. <br> The 5669unverified_recipient_reject_code parameter specifies the numerical 5670response code when an address is known to bounce (default: 450, 5671change into 550 when you are confident that it is safe to do so). 5672<br>The unverified_recipient_defer_code parameter specifies the 5673numerical response code when an address probe failed due to a 5674temporary problem (default: 450). <br> The 5675unverified_recipient_tempfail_action parameter specifies the action 5676after addres probe failure due to a temporary problem (default: 5677defer_if_permit). <br> This feature is available in Postfix 2.1 5678and later. </dd> 5679 5680</dl> 5681 5682<p> 5683Other restrictions that are valid in this context: 5684</p> 5685 5686<ul> 5687 5688<li><a href="#generic">Generic</a> restrictions that can be used 5689in any SMTP command context, described under smtpd_client_restrictions. 5690 5691<li>SMTP command specific restrictions described under 5692smtpd_client_restrictions, smtpd_helo_restrictions and 5693smtpd_sender_restrictions. 5694 5695</ul> 5696 5697<p> 5698Example: 5699</p> 5700 5701<pre> 5702smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination 5703</pre> 5704 5705%CLASS sasl-auth SASL Authentication 5706 5707<p> 5708Postfix SASL support (RFC 4954) can be used to authenticate remote 5709SMTP clients to the Postfix SMTP server, and to authenticate the 5710Postfix SMTP client to a remote SMTP server. 5711See the SASL_README document for details. 5712</p> 5713 5714%PARAM smtpd_sasl_auth_enable no 5715 5716<p> 5717Enable SASL authentication in the Postfix SMTP server. By default, 5718the Postfix SMTP server does not use authentication. 5719</p> 5720 5721<p> 5722If a remote SMTP client is authenticated, the permit_sasl_authenticated 5723access restriction can be used to permit relay access, like this: 5724</p> 5725 5726<blockquote> 5727<pre> 5728smtpd_recipient_restrictions = 5729 permit_mynetworks, permit_sasl_authenticated, ... 5730</pre> 5731</blockquote> 5732 5733<p> To reject all SMTP connections from unauthenticated clients, 5734specify "smtpd_delay_reject = yes" (which is the default) and use: 5735</p> 5736 5737<blockquote> 5738<pre> 5739smtpd_client_restrictions = permit_sasl_authenticated, reject 5740</pre> 5741</blockquote> 5742 5743<p> 5744See the SASL_README file for SASL configuration and operation details. 5745</p> 5746 5747%PARAM smtpd_sasl_authenticated_header no 5748 5749<p> Report the SASL authenticated user name in the smtpd(8) Received 5750message header. </p> 5751 5752<p> This feature is available in Postfix 2.3 and later. </p> 5753 5754%PARAM smtpd_sasl_exceptions_networks 5755 5756<p> 5757What remote SMTP clients the Postfix SMTP server will not offer 5758AUTH support to. 5759</p> 5760 5761<p> 5762Some clients (Netscape 4 at least) have a bug that causes them to 5763require a login and password whenever AUTH is offered, whether it's 5764necessary or not. To work around this, specify, for example, 5765$mynetworks to prevent Postfix from offering AUTH to local clients. 5766</p> 5767 5768<p> 5769Specify a list of network/netmask patterns, separated by commas 5770and/or whitespace. The mask specifies the number of bits in the 5771network part of a host address. You can also "/file/name" or 5772"type:table" patterns. A "/file/name" pattern is replaced by its 5773contents; a "type:table" lookup table is matched when a table entry 5774matches a lookup string (the lookup result is ignored). Continue 5775long lines by starting the next line with whitespace. Specify 5776"!pattern" to exclude an address or network block from the list. 5777The form "!/file/name" is supported only in Postfix version 2.4 and 5778later. </p> 5779 5780<p> Note: IP version 6 address information must be specified inside 5781<tt>[]</tt> in the smtpd_sasl_exceptions_networks value, and in 5782files specified with "/file/name". IP version 6 addresses contain 5783the ":" character, and would otherwise be confused with a "type:table" 5784pattern. </p> 5785 5786<p> 5787Example: 5788</p> 5789 5790<pre> 5791smtpd_sasl_exceptions_networks = $mynetworks 5792</pre> 5793 5794<p> 5795This feature is available in Postfix 2.1 and later. 5796</p> 5797 5798%PARAM smtpd_sasl_local_domain 5799 5800<p> 5801The name of the Postfix SMTP server's local SASL authentication 5802realm. 5803</p> 5804 5805<p> 5806By default, the local authentication realm name is the null string. 5807</p> 5808 5809<p> 5810Examples: 5811</p> 5812 5813<pre> 5814smtpd_sasl_local_domain = $mydomain 5815smtpd_sasl_local_domain = $myhostname 5816</pre> 5817 5818%PARAM smtpd_sasl_security_options noanonymous 5819 5820<p> Postfix SMTP server SASL security options; as of Postfix 2.3 5821the list of available 5822features depends on the SASL server implementation that is selected 5823with <b>smtpd_sasl_type</b>. </p> 5824 5825<p> The following security features are defined for the <b>cyrus</b> 5826server SASL implementation: </p> 5827 5828<p> 5829Restrict what authentication mechanisms the Postfix SMTP server 5830will offer to the client. The list of available authentication 5831mechanisms is system dependent. 5832</p> 5833 5834<p> 5835Specify zero or more of the following: 5836</p> 5837 5838<dl> 5839 5840<dt><b>noplaintext</b></dt> 5841 5842<dd>Disallow methods that use plaintext passwords. </dd> 5843 5844<dt><b>noactive</b></dt> 5845 5846<dd>Disallow methods subject to active (non-dictionary) attack. </dd> 5847 5848<dt><b>nodictionary</b></dt> 5849 5850<dd>Disallow methods subject to passive (dictionary) attack. </dd> 5851 5852<dt><b>noanonymous</b></dt> 5853 5854<dd>Disallow methods that allow anonymous authentication. </dd> 5855 5856<dt><b>forward_secrecy</b></dt> 5857 5858<dd>Only allow methods that support forward secrecy (Dovecot only). 5859</dd> 5860 5861<dt><b>mutual_auth</b></dt> 5862 5863<dd>Only allow methods that provide mutual authentication (not available 5864with Cyrus SASL version 1). </dd> 5865 5866</dl> 5867 5868<p> 5869By default, the Postfix SMTP server accepts plaintext passwords but 5870not anonymous logins. 5871</p> 5872 5873<p> 5874Warning: it appears that clients try authentication methods in the 5875order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) 5876which means that if you disable plaintext passwords, clients will 5877log in anonymously, even when they should be able to use CRAM-MD5. 5878So, if you disable plaintext logins, disable anonymous logins too. 5879Postfix treats anonymous login as no authentication. 5880</p> 5881 5882<p> 5883Example: 5884</p> 5885 5886<pre> 5887smtpd_sasl_security_options = noanonymous, noplaintext 5888</pre> 5889 5890%PARAM smtpd_sender_login_maps 5891 5892<p> 5893Optional lookup table with the SASL login names that own sender 5894(MAIL FROM) addresses. 5895</p> 5896 5897<p> 5898Specify zero or more "type:table" lookup tables. With lookups from 5899indexed files such as DB or DBM, or from networked tables such as 5900NIS, LDAP or SQL, the following search operations are done with a 5901sender address of <i>user@domain</i>: </p> 5902 5903<dl> 5904 5905<dt> 1) <i>user@domain</i> </dt> 5906 5907<dd>This table lookup is always done and has the highest precedence. </dd> 5908 5909<dt> 2) <i>user</i> </dt> 5910 5911<dd>This table lookup is done only when the <i>domain</i> part of the 5912sender address matches $myorigin, $mydestination, $inet_interfaces 5913or $proxy_interfaces. </dd> 5914 5915<dt> 3) <i>@domain</i> </dt> 5916 5917<dd>This table lookup is done last and has the lowest precedence. </dd> 5918 5919</dl> 5920 5921<p> 5922In all cases the result of table lookup must be either "not found" 5923or a list of SASL login names separated by comma and/or whitespace. 5924</p> 5925 5926%PARAM smtpd_sender_restrictions 5927 5928<p> 5929Optional restrictions that the Postfix SMTP server applies in the 5930context of the MAIL FROM command. 5931See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 5932restriction lists" for a discussion of evaluation context and time. 5933</p> 5934 5935<p> 5936The default is to permit everything. 5937</p> 5938 5939<p> 5940Specify a list of restrictions, separated by commas and/or whitespace. 5941Continue long lines by starting the next line with whitespace. 5942Restrictions are applied in the order as specified; the first 5943restriction that matches wins. 5944</p> 5945 5946<p> 5947The following restrictions are specific to the sender address 5948received with the MAIL FROM command. 5949</p> 5950 5951<dl> 5952 5953<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5954 5955<dd>Search the specified access(5) database for the MAIL FROM 5956address, domain, parent domains, or localpart@, and execute the 5957corresponding action. </dd> 5958 5959<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5960 5961<dd>Search the specified access(5) database for the MX hosts for 5962the MAIL FROM address, and execute the corresponding action. Note: 5963a result of "OK" is not allowed for safety reasons. Instead, use 5964DUNNO in order to exclude specific hosts from blacklists. This 5965feature is available in Postfix 2.1 and later. </dd> 5966 5967<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 5968 5969<dd>Search the specified access(5) database for the DNS servers 5970for the MAIL FROM address, and execute the corresponding action. 5971Note: a result of "OK" is not allowed for safety reasons. Instead, 5972use DUNNO in order to exclude specific hosts from blacklists. This 5973feature is available in Postfix 2.1 and later. </dd> 5974 5975<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> 5976 5977<dd>Enforces the reject_sender_login_mismatch restriction for 5978authenticated clients only. This feature is available in 5979Postfix version 2.1 and later. </dd> 5980 5981<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> 5982 5983<dd>Reject the request when the MAIL FROM address is not in 5984fully-qualified domain form, as required by the RFC. <br> The 5985non_fqdn_reject_code parameter specifies the response code for 5986rejected requests (default: 504). </dd> 5987 5988<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt> 5989 5990<dd>Reject the request when the MAIL FROM domain is listed with 5991the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix 5992version 2.1 and later only). If no "<i>=d.d.d.d</i>" is specified, 5993reject the request when the MAIL FROM domain is 5994listed with any A record under <i>rbl_domain</i>. <br> The 5995maps_rbl_reject_code parameter specifies the response code for 5996rejected requests (default: 554); the default_rbl_reply parameter 5997specifies the default server reply; and the rbl_reply_maps parameter 5998specifies tables with server replies indexed by <i>rbl_domain</i>. 5999This feature is available in Postfix 2.0 and later.</dd> 6000 6001<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> 6002 6003<dd>Reject the request when $smtpd_sender_login_maps specifies an 6004owner for the MAIL FROM address, but the client is not (SASL) logged 6005in as that MAIL FROM address owner; or when the client is (SASL) 6006logged in, but the client login name doesn't own the MAIL FROM 6007address according to $smtpd_sender_login_maps.</dd> 6008 6009<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> 6010 6011<dd>Enforces the reject_sender_login_mismatch restriction for 6012unauthenticated clients only. This feature is available in 6013Postfix version 2.1 and later. </dd> 6014 6015<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> 6016 6017<dd>Reject the request when Postfix is not final destination for 6018the sender address, and the MAIL FROM address has no DNS A or MX 6019record, or when it has a malformed MX record such as a record with 6020a zero-length MX hostname (Postfix version 2.3 and later). <br> The 6021unknown_address_reject_code parameter specifies the numerical 6022response code for rejected requests (default: 450). The response 6023is always 450 in case of a temporary DNS error. <br> The 6024unknown_address_tempfail_action parameter specifies the action 6025after a temporary DNS error (default: defer_if_permit). </dd> 6026 6027<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt> 6028 6029<dd>Reject the request when the MAIL FROM address is not listed in 6030the list of valid recipients for its domain class. See the 6031smtpd_reject_unlisted_sender parameter description for details. 6032This feature is available in Postfix 2.1 and later.</dd> 6033 6034<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt> 6035 6036<dd>Reject the request when mail to the MAIL FROM address is known to 6037bounce, or when the sender address destination is not reachable. 6038Address verification information is managed by the verify(8) server; 6039see the ADDRESS_VERIFICATION_README file for details. <br> The 6040unverified_sender_reject_code parameter specifies the numerical 6041response code when an address is known to bounce (default: 450, 6042change into 550 when you are confident that it is safe to do so). 6043<br>The unverified_sender_defer_code specifies the numerical response 6044code when an address address probe failed due to a temporary problem 6045(default: 450). <br> The unverified_sender_tempfail_action parameter 6046specifies the action after address probe failure due to a temporary 6047problem (default: defer_if_permit). <br> This feature is available 6048in Postfix 2.1 and later. </dd> 6049 6050</dl> 6051 6052<p> 6053Other restrictions that are valid in this context: 6054</p> 6055 6056<ul> 6057 6058<li> <a href="#generic">Generic</a> restrictions that can be used 6059in any SMTP command context, described under smtpd_client_restrictions. 6060 6061<li> SMTP command specific restrictions described under 6062smtpd_client_restrictions and smtpd_helo_restrictions. 6063 6064<li> SMTP command specific restrictions described under 6065smtpd_recipient_restrictions. When recipient restrictions are listed 6066under smtpd_sender_restrictions, they have effect only with 6067"smtpd_delay_reject = yes", so that $smtpd_sender_restrictions is 6068evaluated at the time of the RCPT TO command. 6069 6070</ul> 6071 6072<p> 6073Examples: 6074</p> 6075 6076<pre> 6077smtpd_sender_restrictions = reject_unknown_sender_domain 6078smtpd_sender_restrictions = reject_unknown_sender_domain, 6079 check_sender_access hash:/etc/postfix/access 6080</pre> 6081 6082%PARAM smtpd_timeout normal: 300s, stress: 10s 6083 6084<p> 6085The time limit for sending a Postfix SMTP server response and for 6086receiving a remote SMTP client request. Normally the default limit 6087is 300s, but it changes under overload to just 10s with Postfix 2.6 6088and later. 6089</p> 6090 6091<p> 6092Note: if you set SMTP time limits to very large values you may have 6093to update the global ipc_timeout parameter. 6094</p> 6095 6096<p> 6097Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6098The default time unit is s (seconds). 6099</p> 6100 6101%PARAM soft_bounce no 6102 6103<p> 6104Safety net to keep mail queued that would otherwise be returned to 6105the sender. This parameter disables locally-generated bounces, 6106and prevents the Postfix SMTP server from rejecting mail permanently, 6107by changing 5xx reply codes into 4xx. However, soft_bounce is no 6108cure for address rewriting mistakes or mail routing mistakes. 6109</p> 6110 6111<p> 6112Example: 6113</p> 6114 6115<pre> 6116soft_bounce = yes 6117</pre> 6118 6119%PARAM stale_lock_time 500s 6120 6121<p> 6122The time after which a stale exclusive mailbox lockfile is removed. 6123This is used for delivery to file or mailbox. 6124</p> 6125 6126<p> 6127Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6128The default time unit is s (seconds). 6129</p> 6130 6131%PARAM strict_rfc821_envelopes no 6132 6133<p> 6134Require that addresses received in SMTP MAIL FROM and RCPT TO 6135commands are enclosed with <>, and that those addresses do 6136not contain RFC 822 style comments or phrases. This stops mail 6137from poorly written software. 6138</p> 6139 6140<p> 6141By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL 6142FROM and RCPT TO addresses. 6143</p> 6144 6145%PARAM swap_bangpath yes 6146 6147<p> 6148Enable the rewriting of "site!user" into "user@site". This is 6149necessary if your machine is connected to UUCP networks. It is 6150enabled by default. 6151</p> 6152 6153<p> Note: with Postfix version 2.2, message header address rewriting 6154happens only when one of the following conditions is true: </p> 6155 6156<ul> 6157 6158<li> The message is received with the Postfix sendmail(1) command, 6159 6160<li> The message is received from a network client that matches 6161$local_header_rewrite_clients, 6162 6163<li> The message is received from the network, and the 6164remote_header_rewrite_domain parameter specifies a non-empty value. 6165 6166</ul> 6167 6168<p> To get the behavior before Postfix version 2.2, specify 6169"local_header_rewrite_clients = static:all". </p> 6170 6171<p> 6172Example: 6173</p> 6174 6175<pre> 6176swap_bangpath = no 6177</pre> 6178 6179%PARAM syslog_facility mail 6180 6181<p> 6182The syslog facility of Postfix logging. Specify a facility as 6183defined in syslog.conf(5). The default facility is "mail". 6184</p> 6185 6186<p> 6187Warning: a non-default syslog_facility setting takes effect only 6188after a Postfix process has completed initialization. Errors during 6189process initialization will be logged with the default facility. 6190Examples are errors while parsing the command line arguments, and 6191errors while accessing the Postfix main.cf configuration file. 6192</p> 6193 6194%PARAM syslog_name see "postconf -d" output 6195 6196<p> 6197The mail system name that is prepended to the process name in syslog 6198records, so that "smtpd" becomes, for example, "postfix/smtpd". 6199</p> 6200 6201<p> 6202Warning: a non-default syslog_name setting takes effect only after 6203a Postfix process has completed initialization. Errors during 6204process initialization will be logged with the default name. Examples 6205are errors while parsing the command line arguments, and errors 6206while accessing the Postfix main.cf configuration file. 6207</p> 6208 6209%PARAM transport_maps 6210 6211<p> 6212Optional lookup tables with mappings from recipient address to 6213(message delivery transport, next-hop destination). See transport(5) 6214for details. 6215</p> 6216 6217<p> 6218Specify zero or more "type:table" lookup tables. If you use this 6219feature with local files, run "<b>postmap /etc/postfix/transport</b>" 6220after making a change. </p> 6221 6222<p> For safety reasons, as of Postfix 2.3 this feature does not 6223allow $number substitutions in regular expression maps. </p> 6224 6225<p> 6226Examples: 6227</p> 6228 6229<pre> 6230transport_maps = dbm:/etc/postfix/transport 6231transport_maps = hash:/etc/postfix/transport 6232</pre> 6233 6234%PARAM transport_retry_time 60s 6235 6236<p> 6237The time between attempts by the Postfix queue manager to contact 6238a malfunctioning message delivery transport. 6239</p> 6240 6241<p> 6242Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6243The default time unit is s (seconds). 6244</p> 6245 6246%PARAM trigger_timeout 10s 6247 6248<p> 6249The time limit for sending a trigger to a Postfix daemon (for 6250example, the pickup(8) or qmgr(8) daemon). This time limit prevents 6251programs from getting stuck when the mail system is under heavy 6252load. 6253</p> 6254 6255<p> 6256Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6257The default time unit is s (seconds). 6258</p> 6259 6260%PARAM unknown_address_reject_code 450 6261 6262<p> 6263The numerical Postfix SMTP server response code when a sender or 6264recipient address is rejected by the reject_unknown_sender_domain 6265or reject_unknown_recipient_domain restriction. The response is 6266always 450 in case of a temporary DNS error. 6267</p> 6268 6269<p> 6270Do not change this unless you have a complete understanding of RFC 2821. 6271</p> 6272 6273%PARAM unknown_client_reject_code 450 6274 6275<p> 6276The numerical Postfix SMTP server response code when a client 6277without valid address <=> name mapping is rejected by the 6278reject_unknown_client_hostname restriction. The SMTP server always replies 6279with 450 when the mapping failed due to a temporary error condition. 6280</p> 6281 6282<p> 6283Do not change this unless you have a complete understanding of RFC 2821. 6284</p> 6285 6286%PARAM unknown_hostname_reject_code 450 6287 6288<p> 6289The numerical Postfix SMTP server response code when the hostname 6290specified with the HELO or EHLO command is rejected by the 6291reject_unknown_helo_hostname restriction. 6292</p> 6293 6294<p> 6295Do not change this unless you have a complete understanding of RFC 2821. 6296</p> 6297 6298%PARAM unknown_local_recipient_reject_code 550 6299 6300<p> 6301The numerical Postfix SMTP server response code when a recipient 6302address is local, and $local_recipient_maps specifies a list of 6303lookup tables that does not match the recipient. A recipient 6304address is local when its domain matches $mydestination, 6305$proxy_interfaces or $inet_interfaces. 6306</p> 6307 6308<p> 6309The default setting is 550 (reject mail) but it is safer to initially 6310use 450 (try again later) so you have time to find out if your 6311local_recipient_maps settings are OK. 6312</p> 6313 6314<p> 6315Example: 6316</p> 6317 6318<pre> 6319unknown_local_recipient_reject_code = 450 6320</pre> 6321 6322<p> 6323This feature is available in Postfix 2.0 and later. 6324</p> 6325 6326%PARAM unverified_recipient_reject_code 450 6327 6328<p> 6329The numerical Postfix SMTP server response when a recipient address 6330is rejected by the reject_unverified_recipient restriction. 6331</p> 6332 6333<p> 6334Unlike elsewhere in Postfix, you can specify 250 in order to 6335accept the address anyway. 6336</p> 6337 6338<p> 6339Do not change this unless you have a complete understanding of RFC 2821. 6340</p> 6341 6342<p> 6343This feature is available in Postfix 2.1 and later. 6344</p> 6345 6346%PARAM unverified_recipient_defer_code 450 6347 6348<p> 6349The numerical Postfix SMTP server response when a recipient address 6350probe fails due to a temporary error condition. 6351</p> 6352 6353<p> 6354Unlike elsewhere in Postfix, you can specify 250 in order to 6355accept the address anyway. 6356</p> 6357 6358<p> 6359Do not change this unless you have a complete understanding of RFC 2821. 6360</p> 6361 6362<p> 6363This feature is available in Postfix 2.6 and later. 6364</p> 6365 6366%PARAM unverified_sender_reject_code 450 6367 6368<p> 6369The numerical Postfix SMTP server response code when a recipient 6370address is rejected by the reject_unverified_sender restriction. 6371</p> 6372 6373<p> 6374Unlike elsewhere in Postfix, you can specify 250 in order to 6375accept the address anyway. 6376</p> 6377 6378<p> 6379Do not change this unless you have a complete understanding of RFC 2821. 6380</p> 6381 6382<p> 6383This feature is available in Postfix 2.1 and later. 6384</p> 6385 6386%PARAM unverified_sender_defer_code 450 6387 6388<p> 6389The numerical Postfix SMTP server response code when a sender address 6390probe fails due to a temporary error condition. 6391</p> 6392 6393<p> 6394Unlike elsewhere in Postfix, you can specify 250 in order to 6395accept the address anyway. 6396</p> 6397 6398<p> 6399Do not change this unless you have a complete understanding of RFC 2821. 6400</p> 6401 6402<p> 6403This feature is available in Postfix 2.6 and later. 6404</p> 6405 6406%PARAM virtual_alias_domains $virtual_alias_maps 6407 6408<p> Postfix is final destination for the specified list of virtual 6409alias domains, that is, domains for which all addresses are aliased 6410to addresses in other local or remote domains. The SMTP server 6411validates recipient addresses with $virtual_alias_maps and rejects 6412non-existent recipients. See also the virtual alias domain class 6413in the ADDRESS_CLASS_README file </p> 6414 6415<p> 6416This feature is available in Postfix 2.0 and later. The default 6417value is backwards compatible with Postfix version 1.1. 6418</p> 6419 6420<p> 6421The default value is $virtual_alias_maps so that you can keep all 6422information about virtual alias domains in one place. If you have 6423many users, it is better to separate information that changes more 6424frequently (virtual address -> local or remote address mapping) 6425from information that changes less frequently (the list of virtual 6426domain names). 6427</p> 6428 6429<p> Specify a list of host or domain names, "/file/name" or 6430"type:table" patterns, separated by commas and/or whitespace. A 6431"/file/name" pattern is replaced by its contents; a "type:table" 6432lookup table is matched when a table entry matches a lookup string 6433(the lookup result is ignored). Continue long lines by starting 6434the next line with whitespace. Specify "!pattern" to exclude a host 6435or domain name from the list. The form "!/file/name" is supported 6436only in Postfix version 2.4 and later. </p> 6437 6438<p> 6439See also the VIRTUAL_README and ADDRESS_CLASS_README documents 6440for further information. 6441</p> 6442 6443<p> 6444Example: 6445</p> 6446 6447<pre> 6448virtual_alias_domains = virtual1.tld virtual2.tld 6449</pre> 6450 6451%PARAM virtual_alias_expansion_limit 1000 6452 6453<p> 6454The maximal number of addresses that virtual alias expansion produces 6455from each original recipient. 6456</p> 6457 6458<p> 6459This feature is available in Postfix 2.1 and later. 6460</p> 6461 6462%PARAM virtual_alias_maps $virtual_maps 6463 6464<p> 6465Optional lookup tables that alias specific mail addresses or domains 6466to other local or remote address. The table format and lookups 6467are documented in virtual(5). For an overview of Postfix address 6468manipulations see the ADDRESS_REWRITING_README document. 6469</p> 6470 6471<p> 6472This feature is available in Postfix 2.0 and later. The default 6473value is backwards compatible with Postfix version 1.1. 6474</p> 6475 6476<p> 6477If you use this feature with indexed files, run "<b>postmap 6478/etc/postfix/virtual</b>" after changing the file. 6479</p> 6480 6481<p> 6482Examples: 6483</p> 6484 6485<pre> 6486virtual_alias_maps = dbm:/etc/postfix/virtual 6487virtual_alias_maps = hash:/etc/postfix/virtual 6488</pre> 6489 6490%PARAM virtual_alias_recursion_limit 1000 6491 6492<p> 6493The maximal nesting depth of virtual alias expansion. Currently 6494the recursion limit is applied only to the left branch of the 6495expansion graph, so the depth of the tree can in the worst case 6496reach the sum of the expansion and recursion limits. This may 6497change in the future. 6498</p> 6499 6500<p> 6501This feature is available in Postfix 2.1 and later. 6502</p> 6503 6504%CLASS trouble-shooting Trouble shooting 6505 6506<p> 6507The DEBUG_README document describes how to debug parts of the 6508Postfix mail system. The methods vary from making the software log 6509a lot of detail, to running some daemon processes under control of 6510a call tracer or debugger. 6511</p> 6512 6513%PARAM debugger_command 6514 6515<p> 6516The external command to execute when a Postfix daemon program is 6517invoked with the -D option. 6518</p> 6519 6520<p> 6521Use "command .. & sleep 5" so that the debugger can attach before 6522the process marches on. If you use an X-based debugger, be sure to 6523set up your XAUTHORITY environment variable before starting Postfix. 6524</p> 6525 6526<p> 6527Example: 6528</p> 6529 6530<pre> 6531debugger_command = 6532 PATH=/usr/bin:/usr/X11R6/bin 6533 ddd $daemon_directory/$process_name $process_id & sleep 5 6534</pre> 6535 6536%PARAM 2bounce_notice_recipient postmaster 6537 6538<p> The recipient of undeliverable mail that cannot be returned to 6539the sender. This feature is enabled with the notify_classes 6540parameter. </p> 6541 6542%PARAM address_verify_service_name verify 6543 6544<p> 6545The name of the verify(8) address verification service. This service 6546maintains the status of sender and/or recipient address verification 6547probes, and generates probes on request by other Postfix processes. 6548</p> 6549 6550%PARAM alternate_config_directories 6551 6552<p> 6553A list of non-default Postfix configuration directories that may 6554be specified with "-c config_directory" on the command line, or 6555via the MAIL_CONFIG environment parameter. 6556</p> 6557 6558<p> 6559This list must be specified in the default Postfix configuration 6560directory, and is used by set-gid Postfix commands such as postqueue(1) 6561and postdrop(1). 6562</p> 6563 6564%PARAM append_at_myorigin yes 6565 6566<p> 6567With locally submitted mail, append the string "@$myorigin" to mail 6568addresses without domain information. With remotely submitted mail, 6569append the string "@$remote_header_rewrite_domain" instead. 6570</p> 6571 6572<p> 6573Note 1: this feature is enabled by default and must not be turned off. 6574Postfix does not support domain-less addresses. 6575</p> 6576 6577<p> Note 2: with Postfix version 2.2, message header address rewriting 6578happens only when one of the following conditions is true: </p> 6579 6580<ul> 6581 6582<li> The message is received with the Postfix sendmail(1) command, 6583 6584<li> The message is received from a network client that matches 6585$local_header_rewrite_clients, 6586 6587<li> The message is received from the network, and the 6588remote_header_rewrite_domain parameter specifies a non-empty value. 6589 6590</ul> 6591 6592<p> To get the behavior before Postfix version 2.2, specify 6593"local_header_rewrite_clients = static:all". </p> 6594 6595%PARAM append_dot_mydomain yes 6596 6597<p> 6598With locally submitted mail, append the string ".$mydomain" to 6599addresses that have no ".domain" information. With remotely submitted 6600mail, append the string ".$remote_header_rewrite_domain" 6601instead. 6602</p> 6603 6604<p> 6605Note 1: this feature is enabled by default. If disabled, users will not be 6606able to send mail to "user@partialdomainname" but will have to 6607specify full domain names instead. 6608</p> 6609 6610<p> Note 2: with Postfix version 2.2, message header address rewriting 6611happens only when one of the following conditions is true: </p> 6612 6613<ul> 6614 6615<li> The message is received with the Postfix sendmail(1) command, 6616 6617<li> The message is received from a network client that matches 6618$local_header_rewrite_clients, 6619 6620<li> The message is received from the network, and the 6621remote_header_rewrite_domain parameter specifies a non-empty value. 6622 6623</ul> 6624 6625<p> To get the behavior before Postfix version 2.2, specify 6626"local_header_rewrite_clients = static:all". </p> 6627 6628%PARAM application_event_drain_time 100s 6629 6630<p> 6631How long the postkick(1) command waits for a request to enter the 6632server's input buffer before giving up. 6633</p> 6634 6635<p> 6636Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6637The default time unit is s (seconds). 6638</p> 6639 6640<p> 6641This feature is available in Postfix 2.1 and later. 6642</p> 6643 6644%PARAM authorized_flush_users static:anyone 6645 6646<p> 6647List of users who are authorized to flush the queue. 6648</p> 6649 6650<p> 6651By default, all users are allowed to flush the queue. Access is 6652always granted if the invoking user is the super-user or the 6653$mail_owner user. Otherwise, the real UID of the process is looked 6654up in the system password file, and access is granted only if the 6655corresponding login name is on the access list. The username 6656"unknown" is used for processes whose real UID is not found in the 6657password file. </p> 6658 6659<p> 6660Specify a list of user names, "/file/name" or "type:table" patterns, 6661separated by commas and/or whitespace. The list is matched left to 6662right, and the search stops on the first match. A "/file/name" 6663pattern is replaced 6664by its contents; a "type:table" lookup table is matched when a name 6665matches a lookup key (the lookup result is ignored). Continue long 6666lines by starting the next line with whitespace. Specify "!pattern" 6667to exclude a name from the list. The form "!/file/name" is supported 6668only in Postfix version 2.4 and later. </p> 6669 6670<p> 6671This feature is available in Postfix 2.2 and later. 6672</p> 6673 6674%PARAM authorized_mailq_users static:anyone 6675 6676<p> 6677List of users who are authorized to view the queue. 6678</p> 6679 6680<p> 6681By default, all users are allowed to view the queue. Access is 6682always granted if the invoking user is the super-user or the 6683$mail_owner user. Otherwise, the real UID of the process is looked 6684up in the system password file, and access is granted only if the 6685corresponding login name is on the access list. The username 6686"unknown" is used for processes whose real UID is not found in the 6687password file. </p> 6688 6689<p> 6690Specify a list of user names, "/file/name" or "type:table" patterns, 6691separated by commas and/or whitespace. The list is matched left to 6692right, and the search stops on the first match. A "/file/name" 6693pattern is replaced 6694by its contents; a "type:table" lookup table is matched when a name 6695matches a lookup key (the lookup result is ignored). Continue long 6696lines by starting the next line with whitespace. Specify "!pattern" 6697to exclude a user name from the list. The form "!/file/name" is 6698supported only in Postfix version 2.4 and later. </p> 6699 6700<p> 6701This feature is available in Postfix 2.2 and later. 6702</p> 6703 6704%PARAM authorized_submit_users static:anyone 6705 6706<p> 6707List of users who are authorized to submit mail with the sendmail(1) 6708command (and with the privileged postdrop(1) helper command). 6709</p> 6710 6711<p> 6712By default, all users are allowed to submit mail. Otherwise, the 6713real UID of the process is looked up in the system password file, 6714and access is granted only if the corresponding login name is on 6715the access list. The username "unknown" is used for processes 6716whose real UID is not found in the password file. To deny mail 6717submission access to all users specify an empty list. </p> 6718 6719<p> 6720Specify a list of user names, "/file/name" or "type:table" patterns, 6721separated by commas and/or whitespace. The list is matched left to right, 6722and the search stops on the first match. A "/file/name" pattern is 6723replaced by its contents; 6724a "type:table" lookup table is matched when a name matches a lookup key 6725(the lookup result is ignored). Continue long lines by starting the 6726next line with whitespace. Specify "!pattern" to exclude a user 6727name from the list. The form "!/file/name" is supported only in 6728Postfix version 2.4 and later. </p> 6729 6730<p> 6731Example: 6732</p> 6733 6734<pre> 6735authorized_submit_users = !www, static:all 6736</pre> 6737 6738<p> 6739This feature is available in Postfix 2.2 and later. 6740</p> 6741 6742%PARAM backwards_bounce_logfile_compatibility yes 6743 6744<p> 6745Produce additional bounce(8) logfile records that can be read by 6746Postfix versions before 2.0. The current and more extensible "name = 6747value" format is needed in order to implement more sophisticated 6748functionality. 6749</p> 6750 6751<p> 6752This feature is available in Postfix 2.1 and later. 6753</p> 6754 6755%PARAM bounce_notice_recipient postmaster 6756 6757<p> 6758The recipient of postmaster notifications with the message headers 6759of mail that Postfix did not deliver and of SMTP conversation 6760transcripts of mail that Postfix did not receive. This feature is 6761enabled with the notify_classes parameter. </p> 6762 6763%PARAM bounce_service_name bounce 6764 6765<p> 6766The name of the bounce(8) service. This service maintains a record 6767of failed delivery attempts and generates non-delivery notifications. 6768</p> 6769 6770<p> 6771This feature is available in Postfix 2.0 and later. 6772</p> 6773 6774%PARAM broken_sasl_auth_clients no 6775 6776<p> 6777Enable inter-operability with SMTP clients that implement an obsolete 6778version of the AUTH command (RFC 4954). Examples of such clients 6779are MicroSoft Outlook Express version 4 and MicroSoft Exchange 6780version 5.0. 6781</p> 6782 6783<p> 6784Specify "broken_sasl_auth_clients = yes" to have Postfix advertise 6785AUTH support in a non-standard way. 6786</p> 6787 6788%PARAM cleanup_service_name cleanup 6789 6790<p> 6791The name of the cleanup(8) service. This service rewrites addresses 6792into the standard form, and performs canonical(5) address mapping 6793and virtual(5) aliasing. 6794</p> 6795 6796<p> 6797This feature is available in Postfix 2.0 and later. 6798</p> 6799 6800%PARAM anvil_status_update_time 600s 6801 6802<p> 6803How frequently the anvil(8) connection and rate limiting server 6804logs peak usage information. 6805</p> 6806 6807<p> 6808This feature is available in Postfix 2.2 and later. 6809</p> 6810 6811<p> 6812Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6813The default time unit is s (seconds). 6814</p> 6815 6816%PARAM enable_errors_to no 6817 6818<p> Report mail delivery errors to the address specified with the 6819non-standard Errors-To: message header, instead of the envelope 6820sender address (this feature is removed with Postfix version 2.2, is 6821turned off by default with Postfix version 2.1, and is always turned on 6822with older Postfix versions). </p> 6823 6824%PARAM extract_recipient_limit 10240 6825 6826<p> 6827The maximal number of recipient addresses that Postfix will extract 6828from message headers when mail is submitted with "<b>sendmail -t</b>". 6829</p> 6830 6831<p> 6832This feature was removed in Postfix version 2.1. 6833</p> 6834 6835%PARAM anvil_rate_time_unit 60s 6836 6837<p> 6838The time unit over which client connection rates and other rates 6839are calculated. 6840</p> 6841 6842<p> 6843This feature is implemented by the anvil(8) service which is available 6844in Postfix version 2.2 and later. 6845</p> 6846 6847<p> 6848The default interval is relatively short. Because of the high 6849frequency of updates, the anvil(8) server uses volatile memory 6850only. Thus, information is lost whenever the process terminates. 6851</p> 6852 6853<p> 6854Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6855The default time unit is s (seconds). 6856</p> 6857 6858%PARAM command_expansion_filter see "postconf -d" output 6859 6860<p> 6861Restrict the characters that the local(8) delivery agent allows in 6862$name expansions of $mailbox_command and $command_execution_directory. 6863Characters outside the 6864allowed set are replaced by underscores. 6865</p> 6866 6867%PARAM content_filter 6868 6869<p> After the message is queued, send the entire message to the 6870specified <i>transport:destination</i>. The <i>transport</i> name 6871specifies the first field of a mail delivery agent definition in 6872master.cf; the syntax of the next-hop <i>destination</i> is described 6873in the manual page of the corresponding delivery agent. More 6874information about external content filters is in the Postfix 6875FILTER_README file. </p> 6876 6877<p> Notes: </p> 6878 6879<ul> 6880 6881<li> <p> This setting has lower precedence than a FILTER action 6882that is specified in an access(5), header_checks(5) or body_checks(5) 6883table. </p> 6884 6885<li> <p> The meaning of an empty next-hop filter <i>destination</i> 6886is version dependent. Postfix 2.7 and later will use the recipient 6887domain; earlier versions will use $myhostname. Specify 6888"default_filter_nexthop = $myhostname" for compatibility with Postfix 68892.6 or earlier, or specify a content_filter value with an explicit 6890next-hop <i>destination</i>. </p> 6891 6892</ul> 6893 6894%PARAM default_delivery_slot_discount 50 6895 6896<p> 6897The default value for transport-specific _delivery_slot_discount 6898settings. 6899</p> 6900 6901<p> 6902This parameter speeds up the moment when a message preemption can 6903happen. Instead of waiting until the full amount of delivery slots 6904required is available, the preemption can happen when 6905transport_delivery_slot_discount percent of the required amount 6906plus transport_delivery_slot_loan still remains to be accumulated. 6907Note that the full amount will still have to be accumulated before 6908another preemption can take place later. 6909</p> 6910 6911<p> Use <i>transport</i>_delivery_slot_discount to specify a 6912transport-specific override, where <i>transport</i> is the master.cf 6913name of the message delivery transport. 6914</p> 6915 6916%PARAM default_delivery_slot_loan 3 6917 6918<p> 6919The default value for transport-specific _delivery_slot_loan 6920settings. 6921</p> 6922 6923<p> 6924This parameter speeds up the moment when a message preemption can 6925happen. Instead of waiting until the full amount of delivery slots 6926required is available, the preemption can happen when 6927transport_delivery_slot_discount percent of the required amount 6928plus transport_delivery_slot_loan still remains to be accumulated. 6929Note that the full amount will still have to be accumulated before 6930another preemption can take place later. 6931</p> 6932 6933<p> Use <i>transport</i>_delivery_slot_loan to specify a 6934transport-specific override, where <i>transport</i> is the master.cf 6935name of the message delivery transport. 6936</p> 6937 6938%CLASS verp VERP Support 6939 6940<p> 6941With VERP style delivery, each recipient of a message receives a 6942customized copy of the message with his/her own recipient address 6943encoded in the envelope sender address. The VERP_README file 6944describes configuration and operation details of Postfix support 6945for variable envelope return path addresses. VERP style delivery 6946is requested with the SMTP XVERP command or with the "<b>sendmail 6947-V</b>" command-line option and is available in Postfix 69481.1 and later. 6949</p> 6950 6951%PARAM default_verp_delimiters += 6952 6953<p> The two default VERP delimiter characters. These are used when 6954no explicit delimiters are specified with the SMTP XVERP command 6955or with the "<b>sendmail -V</b>" command-line option. Specify 6956characters that are allowed by the verp_delimiter_filter setting. 6957</p> 6958 6959<p> 6960This feature is available in Postfix 1.1 and later. 6961</p> 6962 6963%PARAM defer_service_name defer 6964 6965<p> 6966The name of the defer service. This service is implemented by the 6967bounce(8) daemon and maintains a record 6968of failed delivery attempts and generates non-delivery notifications. 6969</p> 6970 6971<p> 6972This feature is available in Postfix 2.0 and later. 6973</p> 6974 6975%PARAM delay_notice_recipient postmaster 6976 6977<p> 6978The recipient of postmaster notifications with the message headers 6979of mail that cannot be delivered within $delay_warning_time time 6980units. </p> 6981 6982<p> 6983This feature is enabled with the delay_warning_time parameter. 6984</p> 6985 6986%PARAM delay_warning_time 0h 6987 6988<p> 6989The time after which the sender receives the message headers of 6990mail that is still queued. 6991</p> 6992 6993<p> 6994To enable this feature, specify a non-zero time value (an integral 6995value plus an optional one-letter suffix that specifies the time 6996unit). 6997</p> 6998 6999<p> 7000Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 7001The default time unit is h (hours). 7002</p> 7003 7004%PARAM disable_dns_lookups no 7005 7006<p> 7007Disable DNS lookups in the Postfix SMTP and LMTP clients. When 7008disabled, hosts are looked up with the getaddrinfo() system 7009library routine which normally also looks in /etc/hosts. 7010</p> 7011 7012<p> 7013DNS lookups are enabled by default. 7014</p> 7015 7016%CLASS mime MIME Processing 7017 7018<p> 7019MIME processing is available in Postfix as of version 2.0. Older 7020Postfix versions do not recognize MIME headers inside the message 7021body. 7022</p> 7023 7024%PARAM disable_mime_input_processing no 7025 7026<p> 7027Turn off MIME processing while receiving mail. This means that no 7028special treatment is given to Content-Type: message headers, and 7029that all text after the initial message headers is considered to 7030be part of the message body. 7031</p> 7032 7033<p> 7034This feature is available in Postfix 2.0 and later. 7035</p> 7036 7037<p> 7038Mime input processing is enabled by default, and is needed in order 7039to recognize MIME headers in message content. 7040</p> 7041 7042%PARAM disable_mime_output_conversion no 7043 7044<p> 7045Disable the conversion of 8BITMIME format to 7BIT format. Mime 7046output conversion is needed when the destination does not advertise 70478BITMIME support. 7048</p> 7049 7050<p> 7051This feature is available in Postfix 2.0 and later. 7052</p> 7053 7054%PARAM disable_verp_bounces no 7055 7056<p> 7057Disable sending one bounce report per recipient. 7058</p> 7059 7060<p> 7061The default, one per recipient, is what ezmlm needs. 7062</p> 7063 7064<p> 7065This feature is available in Postfix 1.1 and later. 7066</p> 7067 7068%PARAM dont_remove 0 7069 7070<p> 7071Don't remove queue files and save them to the "saved" mail queue. 7072This is a debugging aid. To inspect the envelope information and 7073content of a Postfix queue file, use the postcat(1) command. 7074</p> 7075 7076%PARAM empty_address_recipient MAILER-DAEMON 7077 7078<p> 7079The recipient of mail addressed to the null address. Postfix does 7080not accept such addresses in SMTP commands, but they may still be 7081created locally as the result of configuration or software error. 7082</p> 7083 7084%PARAM error_notice_recipient postmaster 7085 7086<p> The recipient of postmaster notifications about mail delivery 7087problems that are caused by policy, resource, software or protocol 7088errors. These notifications are enabled with the notify_classes 7089parameter. </p> 7090 7091%PARAM error_service_name error 7092 7093<p> 7094The name of the error(8) pseudo delivery agent. This service always 7095returns mail as undeliverable. 7096</p> 7097 7098<p> 7099This feature is available in Postfix 2.0 and later. 7100</p> 7101 7102%PARAM expand_owner_alias no 7103 7104<p> 7105When delivering to an alias "aliasname" that has an "owner-aliasname" 7106companion alias, set the envelope sender address to the expansion 7107of the "owner-aliasname" alias. Normally, Postfix sets the envelope 7108sender address to the name of the "owner-aliasname" alias. 7109</p> 7110 7111%PARAM fallback_transport 7112 7113<p> 7114Optional message delivery transport that the local(8) delivery 7115agent should use for names that are not found in the aliases(5) 7116or UNIX password database. 7117</p> 7118 7119<p> The precedence of local(8) delivery features from high to low 7120is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 7121mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 7122fallback_transport_maps, fallback_transport and luser_relay. </p> 7123 7124%PARAM fault_injection_code 0 7125 7126<p> 7127Force specific internal tests to fail, to test the handling of 7128errors that are difficult to reproduce otherwise. 7129</p> 7130 7131%PARAM flush_service_name flush 7132 7133<p> 7134The name of the flush(8) service. This service maintains per-destination 7135logfiles with the queue file names of mail that is queued for those 7136destinations. 7137</p> 7138 7139<p> 7140This feature is available in Postfix 2.0 and later. 7141</p> 7142 7143%PARAM forward_expansion_filter see "postconf -d" output 7144 7145<p> 7146Restrict the characters that the local(8) delivery agent allows in 7147$name expansions of $forward_path. Characters outside the 7148allowed set are replaced by underscores. 7149</p> 7150 7151%PARAM header_address_token_limit 10240 7152 7153<p> 7154The maximal number of address tokens are allowed in an address 7155message header. Information that exceeds the limit is discarded. 7156The limit is enforced by the cleanup(8) server. 7157</p> 7158 7159%PARAM helpful_warnings yes 7160 7161<p> 7162Log warnings about problematic configuration settings, and provide 7163helpful suggestions. 7164</p> 7165 7166<p> 7167This feature is available in Postfix 2.0 and later. 7168</p> 7169 7170%PARAM lmtp_cache_connection yes 7171 7172<p> 7173Keep Postfix LMTP client connections open for up to $max_idle 7174seconds. When the LMTP client receives a request for the same 7175connection the connection is reused. 7176</p> 7177 7178<p> This parameter is available in Postfix version 2.2 and earlier. 7179With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand, 7180lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit. 7181</p> 7182 7183<p> 7184The effectiveness of cached connections will be determined by the 7185number of LMTP servers in use, and the concurrency limit specified 7186for the LMTP client. Cached connections are closed under any of 7187the following conditions: 7188</p> 7189 7190<ul> 7191 7192<li> The LMTP client idle time limit is reached. This limit is 7193specified with the Postfix max_idle configuration parameter. 7194 7195<li> A delivery request specifies a different destination than the 7196one currently cached. 7197 7198<li> The per-process limit on the number of delivery requests is 7199reached. This limit is specified with the Postfix max_use 7200configuration parameter. 7201 7202<li> Upon the onset of another delivery request, the LMTP server 7203associated with the current session does not respond to the RSET 7204command. 7205 7206</ul> 7207 7208<p> 7209Most of these limitations will be removed after Postfix implements 7210a connection cache that is shared among multiple LMTP client 7211programs. 7212</p> 7213 7214%PARAM lmtp_sasl_auth_enable no 7215 7216<p> 7217Enable SASL authentication in the Postfix LMTP client. 7218</p> 7219 7220%PARAM lmtp_sasl_password_maps 7221 7222<p> 7223Optional LMTP client lookup tables with one username:password entry 7224per host or domain. If a remote host or domain has no username:password 7225entry, then the Postfix LMTP client will not attempt to authenticate 7226to the remote host. 7227</p> 7228 7229%PARAM lmtp_sasl_security_options noplaintext, noanonymous 7230 7231<p> SASL security options; as of Postfix 2.3 the list of available 7232features depends on the SASL client implementation that is selected 7233with <b>lmtp_sasl_type</b>. </p> 7234 7235<p> The following security features are defined for the <b>cyrus</b> 7236client SASL implementation: </p> 7237 7238<dl> 7239 7240<dt><b>noplaintext</b></dt> 7241 7242<dd>Disallow authentication methods that use plaintext passwords. </dd> 7243 7244<dt><b>noactive</b></dt> 7245 7246<dd>Disallow authentication methods that are vulnerable to non-dictionary 7247active attacks. </dd> 7248 7249<dt><b>nodictionary</b></dt> 7250 7251<dd>Disallow authentication methods that are vulnerable to passive 7252dictionary attack. </dd> 7253 7254<dt><b>noanonymous</b></dt> 7255 7256<dd>Disallow anonymous logins. </dd> 7257 7258</dl> 7259 7260<p> 7261Example: 7262</p> 7263 7264<pre> 7265lmtp_sasl_security_options = noplaintext 7266</pre> 7267 7268%PARAM lmtp_tcp_port 24 7269 7270<p> 7271The default TCP port that the Postfix LMTP client connects to. 7272</p> 7273 7274%PARAM mail_release_date see "postconf -d" output 7275 7276<p> 7277The Postfix release date, in "YYYYMMDD" format. 7278</p> 7279 7280%PARAM mailbox_command_maps 7281 7282<p> 7283Optional lookup tables with per-recipient external commands to use 7284for local(8) mailbox delivery. Behavior is as with mailbox_command. 7285</p> 7286 7287<p> The precedence of local(8) delivery features from high to low 7288is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 7289mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 7290fallback_transport_maps, fallback_transport and luser_relay. </p> 7291 7292%PARAM mailbox_delivery_lock see "postconf -d" output 7293 7294<p> 7295How to lock a UNIX-style local(8) mailbox before attempting delivery. 7296For a list of available file locking methods, use the "<b>postconf 7297-l</b>" command. 7298</p> 7299 7300<p> 7301This setting is ignored with <b>maildir</b> style delivery, 7302because such deliveries are safe without explicit locks. 7303</p> 7304 7305<p> 7306Note: The <b>dotlock</b> method requires that the recipient UID or 7307GID has write access to the parent directory of the mailbox file. 7308</p> 7309 7310<p> 7311Note: the default setting of this parameter is system dependent. 7312</p> 7313 7314%PARAM mailbox_transport 7315 7316<p> 7317Optional message delivery transport that the local(8) delivery 7318agent should use for mailbox delivery to all local recipients, 7319whether or not they are found in the UNIX passwd database. 7320</p> 7321 7322<p> The precedence of local(8) delivery features from high to low 7323is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 7324mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 7325fallback_transport_maps, fallback_transport and luser_relay. </p> 7326 7327%PARAM mailq_path see "postconf -d" output 7328 7329<p> 7330Sendmail compatibility feature that specifies where the Postfix 7331mailq(1) command is installed. This command can be used to 7332list the Postfix mail queue. 7333</p> 7334 7335%PARAM manpage_directory see "postconf -d" output 7336 7337<p> 7338Where the Postfix manual pages are installed. 7339</p> 7340 7341%PARAM maps_rbl_domains 7342 7343<p> 7344Obsolete feature: use the reject_rbl_client feature instead. 7345</p> 7346 7347%PARAM mime_boundary_length_limit 2048 7348 7349<p> 7350The maximal length of MIME multipart boundary strings. The MIME 7351processor is unable to distinguish between boundary strings that 7352do not differ in the first $mime_boundary_length_limit characters. 7353</p> 7354 7355<p> 7356This feature is available in Postfix 2.0 and later. 7357</p> 7358 7359%PARAM mime_header_checks $header_checks 7360 7361<p> 7362Optional lookup tables for content inspection of MIME related 7363message headers, as described in the header_checks(5) manual page. 7364</p> 7365 7366<p> 7367This feature is available in Postfix 2.0 and later. 7368</p> 7369 7370%PARAM mime_nesting_limit 100 7371 7372<p> 7373The maximal recursion level that the MIME processor will handle. 7374Postfix refuses mail that is nested deeper than the specified limit. 7375</p> 7376 7377<p> 7378This feature is available in Postfix 2.0 and later. 7379</p> 7380 7381%PARAM mynetworks_style subnet 7382 7383<p> 7384The method to generate the default value for the mynetworks parameter. 7385This is the list of trusted networks for relay access control etc. 7386</p> 7387 7388<ul> 7389 7390<li><p>Specify "mynetworks_style = host" when Postfix should 7391"trust" only the local machine. </p> 7392 7393<li><p>Specify "mynetworks_style = subnet" when Postfix 7394should "trust" SMTP clients in the same IP subnetworks as the local 7395machine. On Linux, this works correctly only with interfaces 7396specified with the "ifconfig" command. </p> 7397 7398<li><p>Specify "mynetworks_style = class" when Postfix should 7399"trust" SMTP clients in the same IP class A/B/C networks as the 7400local machine. Don't do this with a dialup site - it would cause 7401Postfix to "trust" your entire provider's network. Instead, specify 7402an explicit mynetworks list by hand, as described with the mynetworks 7403configuration parameter. </p> 7404 7405</ul> 7406 7407%PARAM nested_header_checks $header_checks 7408 7409<p> 7410Optional lookup tables for content inspection of non-MIME message 7411headers in attached messages, as described in the header_checks(5) 7412manual page. 7413</p> 7414 7415<p> 7416This feature is available in Postfix 2.0 and later. 7417</p> 7418 7419%PARAM newaliases_path see "postconf -d" output 7420 7421<p> 7422Sendmail compatibility feature that specifies the location of the 7423newaliases(1) command. This command can be used to rebuild the 7424local(8) aliases(5) database. 7425</p> 7426 7427%PARAM non_fqdn_reject_code 504 7428 7429<p> 7430The numerical Postfix SMTP server reply code when a client request 7431is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender 7432or reject_non_fqdn_recipient restriction. 7433</p> 7434 7435%PARAM owner_request_special yes 7436 7437<p> 7438Give special treatment to owner-listname and listname-request 7439address localparts: don't split such addresses when the 7440recipient_delimiter is set to "-". This feature is useful for 7441mailing lists. 7442</p> 7443 7444%PARAM permit_mx_backup_networks 7445 7446<p> 7447Restrict the use of the permit_mx_backup SMTP access feature to 7448only domains whose primary MX hosts match the listed networks. 7449The parameter value syntax is the same as with the mynetworks 7450parameter; note, however, that the default value is empty. </p> 7451 7452%PARAM pickup_service_name pickup 7453 7454<p> 7455The name of the pickup(8) service. This service picks up local mail 7456submissions from the Postfix maildrop queue. 7457</p> 7458 7459<p> 7460This feature is available in Postfix 2.0 and later. 7461</p> 7462 7463%PARAM prepend_delivered_header command, file, forward 7464 7465<p> The message delivery contexts where the Postfix local(8) delivery 7466agent prepends a Delivered-To: message header with the address 7467that the mail was delivered to. This information is used for mail 7468delivery loop detection. </p> 7469 7470<p> 7471By default, the Postfix local delivery agent prepends a Delivered-To: 7472header when forwarding mail and when delivering to file (mailbox) 7473and command. Turning off the Delivered-To: header when forwarding 7474mail is not recommended. 7475</p> 7476 7477<p> 7478Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>. 7479</p> 7480 7481<p> 7482Example: 7483</p> 7484 7485<pre> 7486prepend_delivered_header = forward 7487</pre> 7488 7489%PARAM process_name read-only 7490 7491<p> 7492The process name of a Postfix command or daemon process. 7493</p> 7494 7495%PARAM process_id read-only 7496 7497<p> 7498The process ID of a Postfix command or daemon process. 7499</p> 7500 7501%PARAM process_id_directory pid 7502 7503<p> 7504The location of Postfix PID files relative to $queue_directory. 7505This is a read-only parameter. 7506</p> 7507 7508%PARAM proxy_read_maps see "postconf -d" output 7509 7510<p> 7511The lookup tables that the proxymap(8) server is allowed to 7512access for the read-only service. 7513Table references that don't begin with proxy: are ignored. 7514</p> 7515 7516<p> 7517This feature is available in Postfix 2.0 and later. 7518</p> 7519 7520%PARAM proxy_write_maps see "postconf -d" output 7521 7522<p> The lookup tables that the proxymap(8) server is allowed to 7523access for the read-write service. Postfix-owned local database 7524files should be stored under the Postfix-owned data_directory. 7525Table references that don't begin with proxy: are ignored. </p> 7526 7527<p> 7528This feature is available in Postfix 2.5 and later. 7529</p> 7530 7531%PARAM qmgr_clog_warn_time 300s 7532 7533<p> 7534The minimal delay between warnings that a specific destination is 7535clogging up the Postfix active queue. Specify 0 to disable. 7536</p> 7537 7538<p> 7539This feature is enabled with the helpful_warnings parameter. 7540</p> 7541 7542<p> 7543This feature is available in Postfix 2.0 and later. 7544</p> 7545 7546%PARAM qmgr_fudge_factor 100 7547 7548<p> 7549Obsolete feature: the percentage of delivery resources that a busy 7550mail system will use up for delivery of a large mailing list 7551message. 7552</p> 7553 7554<p> 7555This feature exists only in the oqmgr(8) old queue manager. The 7556current queue manager solves the problem in a better way. 7557</p> 7558 7559%PARAM queue_directory see "postconf -d" output 7560 7561<p> 7562The location of the Postfix top-level queue directory. This is the 7563root directory of Postfix daemon processes that run chrooted. 7564</p> 7565 7566%PARAM queue_file_attribute_count_limit 100 7567 7568<p> 7569The maximal number of (name=value) attributes that may be stored 7570in a Postfix queue file. The limit is enforced by the cleanup(8) 7571server. 7572</p> 7573 7574<p> 7575This feature is available in Postfix 2.0 and later. 7576</p> 7577 7578%PARAM queue_service_name qmgr 7579 7580<p> 7581The name of the qmgr(8) service. This service manages the Postfix 7582queue and schedules delivery requests. 7583</p> 7584 7585<p> 7586This feature is available in Postfix 2.0 and later. 7587</p> 7588 7589%PARAM html_directory see "postconf -d" output 7590 7591<p> 7592The location of Postfix HTML files that describe how to build, 7593configure or operate a specific Postfix subsystem or feature. 7594</p> 7595 7596%PARAM readme_directory see "postconf -d" output 7597 7598<p> 7599The location of Postfix README files that describe how to build, 7600configure or operate a specific Postfix subsystem or feature. 7601</p> 7602 7603%PARAM relay_transport relay 7604 7605<p> 7606The default mail delivery transport and next-hop destination for 7607remote delivery to domains listed with $relay_domains. In order of 7608decreasing precedence, the nexthop destination is taken from 7609$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or 7610from the recipient domain. This information can be overruled with 7611the transport(5) table. 7612</p> 7613 7614<p> 7615Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 7616is the name of a mail delivery transport defined in master.cf. 7617The <i>:nexthop</i> destination is optional; its syntax is documented 7618in the manual page of the corresponding delivery agent. 7619</p> 7620 7621<p> 7622See also the relay domains address class in the ADDRESS_CLASS_README 7623file. 7624</p> 7625 7626<p> 7627This feature is available in Postfix 2.0 and later. 7628</p> 7629 7630%PARAM rewrite_service_name rewrite 7631 7632<p> 7633The name of the address rewriting service. This service rewrites 7634addresses to standard form and resolves them to a (delivery method, 7635next-hop host, recipient) triple. 7636</p> 7637 7638<p> 7639This feature is available in Postfix 2.0 and later. 7640</p> 7641 7642%PARAM sample_directory /etc/postfix 7643 7644<p> 7645The name of the directory with example Postfix configuration files. 7646Starting with Postfix 2.1, these files have been replaced with the 7647postconf(5) manual page. 7648</p> 7649 7650%PARAM sender_based_routing no 7651 7652<p> 7653This parameter should not be used. It was replaced by sender_dependent_relayhost_maps 7654in Postfix version 2.3. 7655</p> 7656 7657%PARAM sendmail_path see "postconf -d" output 7658 7659<p> 7660A Sendmail compatibility feature that specifies the location of 7661the Postfix sendmail(1) command. This command can be used to 7662submit mail into the Postfix queue. 7663</p> 7664 7665%PARAM service_throttle_time 60s 7666 7667<p> 7668How long the Postfix master(8) waits before forking a server that 7669appears to be malfunctioning. 7670</p> 7671 7672<p> 7673Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 7674The default time unit is s (seconds). 7675</p> 7676 7677%PARAM setgid_group postdrop 7678 7679<p> 7680The group ownership of set-gid Postfix commands and of group-writable 7681Postfix directories. When this parameter value is changed you need 7682to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and 7683earlier: "<b>/etc/postfix/post-install set-permissions</b>". 7684</p> 7685 7686%PARAM show_user_unknown_table_name yes 7687 7688<p> 7689Display the name of the recipient table in the "User unknown" 7690responses. The extra detail makes trouble shooting easier but also 7691reveals information that is nobody elses business. 7692</p> 7693 7694<p> 7695This feature is available in Postfix 2.0 and later. 7696</p> 7697 7698%PARAM showq_service_name showq 7699 7700<p> 7701The name of the showq(8) service. This service produces mail queue 7702status reports. 7703</p> 7704 7705<p> 7706This feature is available in Postfix 2.0 and later. 7707</p> 7708 7709%PARAM smtp_pix_workaround_delay_time 10s 7710 7711<p> 7712How long the Postfix SMTP client pauses before sending 7713".<CR><LF>" in order to work around the PIX firewall 7714"<CR><LF>.<CR><LF>" bug. 7715</p> 7716 7717<p> 7718Choosing a too short time makes this workaround ineffective when 7719sending large messages over slow network connections. 7720</p> 7721 7722%PARAM smtp_randomize_addresses yes 7723 7724<p> 7725Randomize the order of equal-preference MX host addresses. This 7726is a performance feature of the Postfix SMTP client. 7727</p> 7728 7729%PARAM smtp_rset_timeout 20s 7730 7731<p> The SMTP client time limit for sending the RSET command, and 7732for receiving the server response. The SMTP client sends RSET in 7733order to finish a recipient address probe, or to verify that a 7734cached session is still usable. </p> 7735 7736<p> This feature is available in Postfix 2.1 and later. </p> 7737 7738%PARAM smtpd_data_restrictions 7739 7740<p> 7741Optional access restrictions that the Postfix SMTP server applies 7742in the context of the SMTP DATA command. 7743See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 7744restriction lists" for a discussion of evaluation context and time. 7745</p> 7746 7747<p> 7748This feature is available in Postfix 2.0 and later. 7749</p> 7750 7751<p> 7752Specify a list of restrictions, separated by commas and/or whitespace. 7753Continue long lines by starting the next line with whitespace. 7754Restrictions are applied in the order as specified; the first 7755restriction that matches wins. 7756</p> 7757 7758<p> 7759The following restrictions are valid in this context: 7760</p> 7761 7762<ul> 7763 7764<li><a href="#generic">Generic</a> restrictions that can be used 7765in any SMTP command context, described under smtpd_client_restrictions. 7766 7767<li>SMTP command specific restrictions described under 7768smtpd_client_restrictions, smtpd_helo_restrictions, 7769smtpd_sender_restrictions or smtpd_recipient_restrictions. 7770 7771</ul> 7772 7773<p> 7774Examples: 7775</p> 7776 7777<pre> 7778smtpd_data_restrictions = reject_unauth_pipelining 7779smtpd_data_restrictions = reject_multi_recipient_bounce 7780</pre> 7781 7782%PARAM smtpd_end_of_data_restrictions 7783 7784<p> Optional access restrictions that the Postfix SMTP server 7785applies in the context of the SMTP END-OF-DATA command. 7786See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access 7787restriction lists" for a discussion of evaluation context and time. 7788</p> 7789 7790<p> This feature is available in Postfix 2.2 and later. </p> 7791 7792<p> See smtpd_data_restrictions for syntax details. </p> 7793 7794%PARAM smtpd_delay_reject yes 7795 7796<p> 7797Wait until the RCPT TO command before evaluating 7798$smtpd_client_restrictions, $smtpd_helo_restrictions and 7799$smtpd_sender_restrictions, or wait until the ETRN command before 7800evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. 7801</p> 7802 7803<p> 7804This feature is turned on by default because some clients apparently 7805mis-behave when the Postfix SMTP server rejects commands before 7806RCPT TO. 7807</p> 7808 7809<p> 7810The default setting has one major benefit: it allows Postfix to log 7811recipient address information when rejecting a client name/address 7812or sender address, so that it is possible to find out whose mail 7813is being rejected. 7814</p> 7815 7816%PARAM smtpd_null_access_lookup_key <> 7817 7818<p> 7819The lookup key to be used in SMTP access(5) tables instead of the 7820null sender address. 7821</p> 7822 7823%CLASS smtpd-policy SMTP server policy delegation 7824 7825<p> 7826The Postfix SMTP server has a number of built-in mechanisms to 7827block or accept mail at specific SMTP protocol stages. As of version 78282.1 Postfix can be configured to delegate policy decisions to an 7829external server that runs outside Postfix. See the file 7830SMTPD_POLICY_README for more information. 7831</p> 7832 7833%PARAM smtpd_policy_service_max_idle 300s 7834 7835<p> 7836The time after which an idle SMTPD policy service connection is 7837closed. 7838</p> 7839 7840<p> 7841This feature is available in Postfix 2.1 and later. 7842</p> 7843 7844%PARAM smtpd_policy_service_max_ttl 1000s 7845 7846<p> 7847The time after which an active SMTPD policy service connection is 7848closed. 7849</p> 7850 7851<p> 7852This feature is available in Postfix 2.1 and later. 7853</p> 7854 7855%PARAM smtpd_policy_service_timeout 100s 7856 7857<p> 7858The time limit for connecting to, writing to or receiving from a 7859delegated SMTPD policy server. 7860</p> 7861 7862<p> 7863This feature is available in Postfix 2.1 and later. 7864</p> 7865 7866%PARAM smtpd_reject_unlisted_recipient yes 7867 7868<p> 7869Request that the Postfix SMTP server rejects mail for unknown 7870recipient addresses, even when no explicit reject_unlisted_recipient 7871access restriction is specified. This prevents the Postfix queue 7872from filling up with undeliverable MAILER-DAEMON messages. 7873</p> 7874 7875<p> An address is always considered "known" when it matches a 7876virtual(5) alias or a canonical(5) mapping. 7877 7878<ul> 7879 7880<li> The recipient domain matches $mydestination, $inet_interfaces 7881or $proxy_interfaces, but the recipient is not listed in 7882$local_recipient_maps, and $local_recipient_maps is not null. 7883 7884<li> The recipient domain matches $virtual_alias_domains but the 7885recipient is not listed in $virtual_alias_maps. 7886 7887<li> The recipient domain matches $virtual_mailbox_domains but the 7888recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps 7889is not null. 7890 7891<li> The recipient domain matches $relay_domains but the recipient 7892is not listed in $relay_recipient_maps, and $relay_recipient_maps 7893is not null. 7894 7895</ul> 7896 7897<p> 7898This feature is available in Postfix 2.1 and later. 7899</p> 7900 7901%PARAM smtpd_reject_unlisted_sender no 7902 7903<p> Request that the Postfix SMTP server rejects mail from unknown 7904sender addresses, even when no explicit reject_unlisted_sender 7905access restriction is specified. This can slow down an explosion 7906of forged mail from worms or viruses. </p> 7907 7908<p> An address is always considered "known" when it matches a 7909virtual(5) alias or a canonical(5) mapping. 7910 7911<ul> 7912 7913<li> The sender domain matches $mydestination, $inet_interfaces or 7914$proxy_interfaces, but the sender is not listed in 7915$local_recipient_maps, and $local_recipient_maps is not null. 7916 7917<li> The sender domain matches $virtual_alias_domains but the sender 7918is not listed in $virtual_alias_maps. 7919 7920<li> The sender domain matches $virtual_mailbox_domains but the 7921sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps 7922is not null. 7923 7924<li> The sender domain matches $relay_domains but the sender is 7925not listed in $relay_recipient_maps, and $relay_recipient_maps is 7926not null. 7927 7928</ul> 7929 7930<p> 7931This feature is available in Postfix 2.1 and later. 7932</p> 7933 7934%PARAM smtpd_restriction_classes 7935 7936<p> 7937User-defined aliases for groups of access restrictions. The aliases 7938can be specified in smtpd_recipient_restrictions etc., and on the 7939right-hand side of a Postfix access(5) table. 7940</p> 7941 7942<p> 7943One major application is for implementing per-recipient UCE control. 7944See the RESTRICTION_CLASS_README document for other examples. 7945</p> 7946 7947%PARAM smtpd_sasl_application_name smtpd 7948 7949<p> 7950The application name that the Postfix SMTP server uses for SASL 7951server initialization. This 7952controls the name of the SASL configuration file. The default value 7953is <b>smtpd</b>, corresponding to a SASL configuration file named 7954<b>smtpd.conf</b>. 7955</p> 7956 7957<p> 7958This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 7959it was renamed to smtpd_sasl_path. 7960</p> 7961 7962%PARAM strict_7bit_headers no 7963 7964<p> 7965Reject mail with 8-bit text in message headers. This blocks mail 7966from poorly written applications. 7967</p> 7968 7969<p> 7970This feature should not be enabled on a general purpose mail server, 7971because it is likely to reject legitimate email. 7972</p> 7973 7974<p> 7975This feature is available in Postfix 2.0 and later. 7976</p> 7977 7978%PARAM strict_8bitmime no 7979 7980<p> 7981Enable both strict_7bit_headers and strict_8bitmime_body. 7982</p> 7983 7984<p> 7985This feature should not be enabled on a general purpose mail server, 7986because it is likely to reject legitimate email. 7987</p> 7988 7989<p> 7990This feature is available in Postfix 2.0 and later. 7991</p> 7992 7993%PARAM strict_8bitmime_body no 7994 7995<p> 7996Reject 8-bit message body text without 8-bit MIME content encoding 7997information. This blocks mail from poorly written applications. 7998</p> 7999 8000<p> 8001Unfortunately, this also rejects majordomo approval requests when 8002the included request contains valid 8-bit MIME mail, and it rejects 8003bounces from mailers that do not MIME encapsulate 8-bit content 8004(for example, bounces from qmail or from old versions of Postfix). 8005</p> 8006 8007<p> 8008This feature should not be enabled on a general purpose mail server, 8009because it is likely to reject legitimate email. 8010</p> 8011 8012<p> 8013This feature is available in Postfix 2.0 and later. 8014</p> 8015 8016%PARAM strict_mime_encoding_domain no 8017 8018<p> 8019Reject mail with invalid Content-Transfer-Encoding: information 8020for the message/* or multipart/* MIME content types. This blocks 8021mail from poorly written software. 8022</p> 8023 8024<p> 8025This feature should not be enabled on a general purpose mail server, 8026because it will reject mail after a single violation. 8027</p> 8028 8029<p> 8030This feature is available in Postfix 2.0 and later. 8031</p> 8032 8033%PARAM sun_mailtool_compatibility no 8034 8035<p> 8036Obsolete SUN mailtool compatibility feature. Instead, use 8037"mailbox_delivery_lock = dotlock". 8038</p> 8039 8040%PARAM trace_service_name trace 8041 8042<p> 8043The name of the trace service. This service is implemented by the 8044bounce(8) daemon and maintains a record 8045of mail deliveries and produces a mail delivery report when verbose 8046delivery is requested with "<b>sendmail -v</b>". 8047</p> 8048 8049<p> 8050This feature is available in Postfix 2.1 and later. 8051</p> 8052 8053%PARAM undisclosed_recipients_header To: undisclosed-recipients:; 8054 8055<p> 8056Message header that the Postfix cleanup(8) server inserts when a 8057message contains no To: or Cc: message header. With Postfix 2.4 8058and later, specify an empty value to disable this feature. </p> 8059 8060%PARAM unknown_relay_recipient_reject_code 550 8061 8062<p> 8063The numerical Postfix SMTP server reply code when a recipient 8064address matches $relay_domains, and relay_recipient_maps specifies 8065a list of lookup tables that does not match the recipient address. 8066</p> 8067 8068<p> 8069This feature is available in Postfix 2.0 and later. 8070</p> 8071 8072%PARAM unknown_virtual_alias_reject_code 550 8073 8074<p> 8075The SMTP server reply code when a recipient address matches 8076$virtual_alias_domains, and $virtual_alias_maps specifies a list 8077of lookup tables that does not match the recipient address. 8078</p> 8079 8080<p> 8081This feature is available in Postfix 2.0 and later. 8082</p> 8083 8084%PARAM unknown_virtual_mailbox_reject_code 550 8085 8086<p> 8087The SMTP server reply code when a recipient address matches 8088$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list 8089of lookup tables that does not match the recipient address. 8090</p> 8091 8092<p> 8093This feature is available in Postfix 2.0 and later. 8094</p> 8095 8096%PARAM verp_delimiter_filter -=+ 8097 8098<p> 8099The characters Postfix accepts as VERP delimiter characters on the 8100Postfix sendmail(1) command line and in SMTP commands. 8101</p> 8102 8103<p> 8104This feature is available in Postfix 1.1 and later. 8105</p> 8106 8107%PARAM virtual_gid_maps 8108 8109<p> 8110Lookup tables with the per-recipient group ID for virtual(8) mailbox 8111delivery. 8112</p> 8113 8114<p> 8115In a lookup table, specify a left-hand side of "@domain.tld" to 8116match any user in the specified domain that does not have a specific 8117"user@domain.tld" entry. 8118</p> 8119 8120<p> 8121When a recipient address has an optional address extension 8122(user+foo@domain.tld), the virtual(8) delivery agent looks up 8123the full address first, and when the lookup fails, it looks up the 8124unextended address (user@domain.tld). 8125</p> 8126 8127<p> 8128Note 1: for security reasons, the virtual(8) delivery agent disallows 8129regular expression substitution of $1 etc. in regular expression 8130lookup tables, because that would open a security hole. 8131</p> 8132 8133<p> 8134Note 2: for security reasons, the virtual(8) delivery agent will 8135silently ignore requests to use the proxymap(8) server. Instead 8136it will open the table directly. Before Postfix version 2.2, the 8137virtual(8) delivery agent will terminate with a fatal error. 8138</p> 8139 8140%PARAM virtual_mailbox_base 8141 8142<p> 8143A prefix that the virtual(8) delivery agent prepends to all pathname 8144results from $virtual_mailbox_maps table lookups. This is a safety 8145measure to ensure that an out of control map doesn't litter the 8146file system with mailboxes. While virtual_mailbox_base could be 8147set to "/", this setting isn't recommended. 8148</p> 8149 8150<p> 8151Example: 8152</p> 8153 8154<pre> 8155virtual_mailbox_base = /var/mail 8156</pre> 8157 8158%PARAM virtual_mailbox_domains $virtual_mailbox_maps 8159 8160<p> Postfix is final destination for the specified list of domains; 8161mail is delivered via the $virtual_transport mail delivery transport. 8162By default this is the Postfix virtual(8) delivery agent. The SMTP 8163server validates recipient addresses with $virtual_mailbox_maps 8164and rejects mail for non-existent recipients. See also the virtual 8165mailbox domain class in the ADDRESS_CLASS_README file. </p> 8166 8167<p> This parameter expects the same syntax as the mydestination 8168configuration parameter. </p> 8169 8170<p> 8171This feature is available in Postfix 2.0 and later. The default 8172value is backwards compatible with Postfix version 1.1. 8173</p> 8174 8175%PARAM virtual_mailbox_limit 51200000 8176 8177<p> 8178The maximal size in bytes of an individual virtual(8) mailbox or 8179maildir file, or zero (no limit). </p> 8180 8181%PARAM virtual_mailbox_lock see "postconf -d" output 8182 8183<p> 8184How to lock a UNIX-style virtual(8) mailbox before attempting 8185delivery. For a list of available file locking methods, use the 8186"<b>postconf -l</b>" command. 8187</p> 8188 8189<p> 8190This setting is ignored with <b>maildir</b> style delivery, because 8191such deliveries are safe without application-level locks. 8192</p> 8193 8194<p> 8195Note 1: the <b>dotlock</b> method requires that the recipient UID 8196or GID has write access to the parent directory of the recipient's 8197mailbox file. 8198</p> 8199 8200<p> 8201Note 2: the default setting of this parameter is system dependent. 8202</p> 8203 8204%PARAM virtual_mailbox_maps 8205 8206<p> 8207Optional lookup tables with all valid addresses in the domains that 8208match $virtual_mailbox_domains. 8209</p> 8210 8211<p> 8212In a lookup table, specify a left-hand side of "@domain.tld" to 8213match any user in the specified domain that does not have a specific 8214"user@domain.tld" entry. 8215</p> 8216 8217<p> 8218The virtual(8) delivery agent uses this table to look up the 8219per-recipient mailbox or maildir pathname. If the lookup result 8220ends in a slash ("/"), maildir-style delivery is carried out, 8221otherwise the path is assumed to specify a UNIX-style mailbox file. 8222Note that $virtual_mailbox_base is unconditionally prepended to 8223this path. 8224</p> 8225 8226<p> 8227When a recipient address has an optional address extension 8228(user+foo@domain.tld), the virtual(8) delivery agent looks up 8229the full address first, and when the lookup fails, it looks up the 8230unextended address (user@domain.tld). 8231</p> 8232 8233<p> 8234Note 1: for security reasons, the virtual(8) delivery agent disallows 8235regular expression substitution of $1 etc. in regular expression 8236lookup tables, because that would open a security hole. 8237</p> 8238 8239<p> 8240Note 2: for security reasons, the virtual(8) delivery agent will 8241silently ignore requests to use the proxymap(8) server. Instead 8242it will open the table directly. Before Postfix version 2.2, the 8243virtual(8) delivery agent will terminate with a fatal error. 8244</p> 8245 8246%PARAM virtual_minimum_uid 100 8247 8248<p> 8249The minimum user ID value that the virtual(8) delivery agent accepts 8250as a result from $virtual_uid_maps table lookup. Returned 8251values less than this will be rejected, and the message will be 8252deferred. 8253</p> 8254 8255%PARAM virtual_transport virtual 8256 8257<p> 8258The default mail delivery transport and next-hop destination for 8259final delivery to domains listed with $virtual_mailbox_domains. 8260This information can be overruled with the transport(5) table. 8261</p> 8262 8263<p> 8264Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 8265is the name of a mail delivery transport defined in master.cf. 8266The <i>:nexthop</i> destination is optional; its syntax is documented 8267in the manual page of the corresponding delivery agent. 8268</p> 8269 8270<p> 8271This feature is available in Postfix 2.0 and later. 8272</p> 8273 8274%PARAM virtual_uid_maps 8275 8276<p> 8277Lookup tables with the per-recipient user ID that the virtual(8) 8278delivery agent uses while writing to the recipient's mailbox. 8279</p> 8280 8281<p> 8282In a lookup table, specify a left-hand side of "@domain.tld" 8283to match any user in the specified domain that does not have a 8284specific "user@domain.tld" entry. 8285</p> 8286 8287<p> 8288When a recipient address has an optional address extension 8289(user+foo@domain.tld), the virtual(8) delivery agent looks up 8290the full address first, and when the lookup fails, it looks up the 8291unextended address (user@domain.tld). 8292</p> 8293 8294<p> 8295Note 1: for security reasons, the virtual(8) delivery agent disallows 8296regular expression substitution of $1 etc. in regular expression 8297lookup tables, because that would open a security hole. 8298</p> 8299 8300<p> 8301Note 2: for security reasons, the virtual(8) delivery agent will 8302silently ignore requests to use the proxymap(8) server. Instead 8303it will open the table directly. Before Postfix version 2.2, the 8304virtual(8) delivery agent will terminate with a fatal error. 8305</p> 8306 8307%PARAM config_directory see "postconf -d" output 8308 8309<p> The default location of the Postfix main.cf and master.cf 8310configuration files. This can be overruled via the following 8311mechanisms: </p> 8312 8313<ul> 8314 8315<li> <p> The MAIL_CONFIG environment variable (daemon processes 8316and commands). </p> 8317 8318<li> <p> The "-c" command-line option (commands only). </p> 8319 8320</ul> 8321 8322<p> With Postfix command that run with set-gid privileges, a 8323config_directory override requires either root privileges, or it 8324requires that the directory is listed with the alternate_config_directories 8325parameter in the default main.cf file. </p> 8326 8327%PARAM virtual_maps 8328 8329<p> Optional lookup tables with a) names of domains for which all 8330addresses are aliased to addresses in other local or remote domains, 8331and b) addresses that are aliased to addresses in other local or 8332remote domains. Available before Postfix version 2.0. With Postfix 8333version 2.0 and later, this is replaced by separate controls: virtual_alias_domains 8334and virtual_alias_maps. </p> 8335 8336%PARAM smtp_discard_ehlo_keywords 8337 8338<p> A case insensitive list of EHLO keywords (pipelining, starttls, 8339auth, etc.) that the Postfix SMTP client will ignore in the EHLO 8340response from a remote SMTP server. </p> 8341 8342<p> This feature is available in Postfix 2.2 and later. </p> 8343 8344<p> Notes: </p> 8345 8346<ul> 8347 8348<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 8349this action from being logged. </p> 8350 8351<li> <p> Use the smtp_discard_ehlo_keyword_address_maps feature to 8352discard EHLO keywords selectively. </p> 8353 8354</ul> 8355 8356%PARAM smtpd_discard_ehlo_keywords 8357 8358<p> A case insensitive list of EHLO keywords (pipelining, starttls, 8359auth, etc.) that the SMTP server will not send in the EHLO response 8360to a remote SMTP client. </p> 8361 8362<p> This feature is available in Postfix 2.2 and later. </p> 8363 8364<p> Notes: </p> 8365 8366<ul> 8367 8368<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 8369this action from being logged. </p> 8370 8371<li> <p> Use the smtpd_discard_ehlo_keyword_address_maps feature 8372to discard EHLO keywords selectively. </p> 8373 8374</ul> 8375 8376%PARAM smtp_discard_ehlo_keyword_address_maps 8377 8378<p> Lookup tables, indexed by the remote SMTP server address, with 8379case insensitive lists of EHLO keywords (pipelining, starttls, auth, 8380etc.) that the Postfix SMTP client will ignore in the EHLO response from a 8381remote SMTP server. See smtp_discard_ehlo_keywords for details. The 8382table is not indexed by hostname for consistency with 8383smtpd_discard_ehlo_keyword_address_maps. </p> 8384 8385<p> This feature is available in Postfix 2.2 and later. </p> 8386 8387%PARAM smtpd_discard_ehlo_keyword_address_maps 8388 8389<p> Lookup tables, indexed by the remote SMTP client address, with 8390case insensitive lists of EHLO keywords (pipelining, starttls, auth, 8391etc.) that the SMTP server will not send in the EHLO response to a 8392remote SMTP client. See smtpd_discard_ehlo_keywords for details. 8393The table is not searched by hostname for robustness reasons. </p> 8394 8395<p> This feature is available in Postfix 2.2 and later. </p> 8396 8397%PARAM connection_cache_service_name scache 8398 8399<p> The name of the scache(8) connection cache service. This service 8400maintains a limited pool of cached sessions. </p> 8401 8402<p> This feature is available in Postfix 2.2 and later. </p> 8403 8404%PARAM connection_cache_ttl_limit 2s 8405 8406<p> The maximal time-to-live value that the scache(8) connection 8407cache server 8408allows. Requests that specify a larger TTL will be stored with the 8409maximum allowed TTL. The purpose of this additional control is to 8410protect the infrastructure against careless people. The cache TTL 8411is already bounded by $max_idle. </p> 8412 8413%PARAM connection_cache_status_update_time 600s 8414 8415<p> How frequently the scache(8) server logs usage statistics with 8416connection cache hit and miss rates for logical destinations and for 8417physical endpoints. </p> 8418 8419%PARAM remote_header_rewrite_domain 8420 8421<p> Don't rewrite message headers from remote clients at all when 8422this parameter is empty; otherwise, rewrite message headers and 8423append the specified domain name to incomplete addresses. The 8424local_header_rewrite_clients parameter controls what clients Postfix 8425considers local. </p> 8426 8427<p> Examples: </p> 8428 8429<p> The safe setting: append "domain.invalid" to incomplete header 8430addresses from remote SMTP clients, so that those addresses cannot 8431be confused with local addresses. </p> 8432 8433<blockquote> 8434<pre> 8435remote_header_rewrite_domain = domain.invalid 8436</pre> 8437</blockquote> 8438 8439<p> The default, purist, setting: don't rewrite headers from remote 8440clients at all. </p> 8441 8442<blockquote> 8443<pre> 8444remote_header_rewrite_domain = 8445</pre> 8446</blockquote> 8447 8448%PARAM local_header_rewrite_clients permit_inet_interfaces 8449 8450<p> Rewrite message header addresses in mail from these clients and 8451update incomplete addresses with the domain name in $myorigin or 8452$mydomain; either don't rewrite message headers from other clients 8453at all, or rewrite message headers and update incomplete addresses 8454with the domain specified in the remote_header_rewrite_domain 8455parameter. </p> 8456 8457<p> See the append_at_myorigin and append_dot_mydomain parameters 8458for details of how domain names are appended to incomplete addresses. 8459</p> 8460 8461<p> Specify a list of zero or more of the following: </p> 8462 8463<dl> 8464 8465<dt><b>permit_inet_interfaces</b></dt> 8466 8467<dd> Append the domain name in $myorigin or $mydomain when the 8468client IP address matches $inet_interfaces. This is enabled by 8469default. </dd> 8470 8471<dt><b>permit_mynetworks</b></dt> 8472 8473<dd> Append the domain name in $myorigin or $mydomain when the 8474client IP address matches any network or network address listed in 8475$mynetworks. This setting will not prevent remote mail header 8476address rewriting when mail from a remote client is forwarded by 8477a neighboring system. </dd> 8478 8479<dt><b>permit_sasl_authenticated </b></dt> 8480 8481<dd> Append the domain name in $myorigin or $mydomain when the 8482client is successfully authenticated via the RFC 4954 (AUTH) 8483protocol. </dd> 8484 8485<dt><b>permit_tls_clientcerts </b></dt> 8486 8487<dd> Append the domain name in $myorigin or $mydomain when the 8488client TLS certificate fingerprint is listed in $relay_clientcerts. 8489The fingerprint digest algorithm is configurable via the 8490smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 8491Postfix version 2.5). </dd> 8492 8493<dt><b>permit_tls_all_clientcerts </b></dt> 8494 8495<dd> Append the domain name in $myorigin or $mydomain when the 8496client TLS certificate is successfully verified, regardless of 8497whether it is listed on the server, and regardless of the certifying 8498authority. </dd> 8499 8500<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 8501 8502<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 8503 8504<dd> Append the domain name in $myorigin or $mydomain when the 8505client IP address matches the specified lookup table. 8506The lookup result is ignored, and no subnet lookup is done. This 8507is suitable for, e.g., pop-before-smtp lookup tables. </dd> 8508 8509</dl> 8510 8511<p> Examples: </p> 8512 8513<p> The Postfix < 2.2 backwards compatible setting: always rewrite 8514message headers, and always append my own domain to incomplete 8515header addresses. </p> 8516 8517<blockquote> 8518<pre> 8519local_header_rewrite_clients = static:all 8520</pre> 8521</blockquote> 8522 8523<p> The purist (and default) setting: rewrite headers only in mail 8524from Postfix sendmail and in SMTP mail from this machine. </p> 8525 8526<blockquote> 8527<pre> 8528local_header_rewrite_clients = permit_inet_interfaces 8529</pre> 8530</blockquote> 8531 8532<p> The intermediate setting: rewrite header addresses and append 8533$myorigin or $mydomain information only with mail from Postfix 8534sendmail, from local clients, or from authorized SMTP clients. </p> 8535 8536<p> Note: this setting will not prevent remote mail header address 8537rewriting when mail from a remote client is forwarded by a neighboring 8538system. </p> 8539 8540<blockquote> 8541<pre> 8542local_header_rewrite_clients = permit_mynetworks, 8543 permit_sasl_authenticated permit_tls_clientcerts 8544 check_address_map hash:/etc/postfix/pop-before-smtp 8545</pre> 8546</blockquote> 8547 8548%PARAM smtpd_tls_cert_file 8549 8550<p> File with the Postfix SMTP server RSA certificate in PEM format. 8551This file may also contain the Postfix SMTP server private RSA key. </p> 8552 8553<p> Public Internet MX hosts without certificates signed by a "reputable" 8554CA must generate, and be prepared to present to most clients, a 8555self-signed or private-CA signed certificate. The client will not be 8556able to authenticate the server, but unless it is running Postfix 2.3 or 8557similar software, it will still insist on a server certificate. </p> 8558 8559<p> For servers that are <b>not</b> public Internet MX hosts, Postfix 85602.3 supports configurations with no certificates. This entails the 8561use of just the anonymous TLS ciphers, which are not supported by 8562typical SMTP clients. Since such clients will not, as a rule, fall 8563back to plain text after a TLS handshake failure, the server will 8564be unable to receive email from TLS enabled clients. To avoid 8565accidental configurations with no certificates, Postfix 2.3 enables 8566certificate-less operation only when the administrator explicitly 8567sets "smtpd_tls_cert_file = none". This ensures that new Postfix 8568configurations will not accidentally run with no certificates. </p> 8569 8570<p> Both RSA and DSA certificates are supported. When both types 8571are present, the cipher used determines which certificate will be 8572presented to the client. For Netscape and OpenSSL clients without 8573special cipher choices the RSA certificate is preferred. </p> 8574 8575<p> To enable a remote SMTP client to verify the Postfix SMTP server 8576certificate, the issuing CA certificates must be made available to the 8577client. You should include the required certificates in the server 8578certificate file, the server certificate first, then the issuing 8579CA(s) (bottom-up order). </p> 8580 8581<p> Example: the certificate for "server.example.com" was issued by 8582"intermediate CA" which itself has a certificate of "root CA". 8583Create the server.pem file with "cat server_cert.pem intermediate_CA.pem 8584root_CA.pem > server.pem". </p> 8585 8586<p> If you also want to verify client certificates issued by these 8587CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which 8588case it is not necessary to have them in the smtpd_tls_cert_file or 8589smtpd_tls_dcert_file. </p> 8590 8591<p> A certificate supplied here must be usable as an SSL server certificate 8592and hence pass the "openssl verify -purpose sslserver ..." test. </p> 8593 8594<p> Example: </p> 8595 8596<pre> 8597smtpd_tls_cert_file = /etc/postfix/server.pem 8598</pre> 8599 8600<p> This feature is available in Postfix 2.2 and later. </p> 8601 8602%PARAM smtpd_tls_key_file $smtpd_tls_cert_file 8603 8604<p> File with the Postfix SMTP server RSA private key in PEM format. 8605This file may be combined with the Postfix SMTP server RSA certificate 8606file specified with $smtpd_tls_cert_file. </p> 8607 8608<p> The private key must be accessible without a pass-phrase, i.e. it 8609must not be encrypted. File permissions should grant read-only 8610access to the system superuser account ("root"), and no access 8611to anyone else. </p> 8612 8613%PARAM smtpd_tls_dcert_file 8614 8615<p> File with the Postfix SMTP server DSA certificate in PEM format. 8616This file may also contain the Postfix SMTP server private DSA key. </p> 8617 8618<p> See the discussion under smtpd_tls_cert_file for more details. 8619</p> 8620 8621<p> Example: </p> 8622 8623<pre> 8624smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem 8625</pre> 8626 8627<p> This feature is available in Postfix 2.2 and later. </p> 8628 8629%PARAM smtpd_tls_dkey_file $smtpd_tls_dcert_file 8630 8631<p> File with the Postfix SMTP server DSA private key in PEM format. 8632This file may be combined with the Postfix SMTP server DSA certificate 8633file specified with $smtpd_tls_dcert_file. </p> 8634 8635<p> The private key must be accessible without a pass-phrase, i.e. it 8636must not be encrypted. File permissions should grant read-only 8637access to the system superuser account ("root"), and no access 8638to anyone else. </p> 8639 8640<p> This feature is available in Postfix 2.2 and later. </p> 8641 8642%PARAM smtpd_tls_CAfile 8643 8644<p> A file containing (PEM format) CA certificates of root CAs trusted 8645to sign either remote SMTP client certificates or intermediate CA 8646certificates. These are loaded into memory before the smtpd(8) server 8647enters the chroot jail. If the number of trusted roots is large, consider 8648using smtpd_tls_CApath instead, but note that the latter directory must 8649be present in the chroot jail if the smtpd(8) server is chrooted. This 8650file may also be used to augment the server certificate trust chain, 8651but it is best to include all the required certificates directly in the 8652server certificate file. </p> 8653 8654<p> Specify "tls_append_default_CA = no" to prevent Postfix from 8655appending the system-supplied default CAs and trusting third-party 8656certificates. </p> 8657 8658<p> By default (see smtpd_tls_ask_ccert), client certificates are not 8659requested, and smtpd_tls_CAfile should remain empty. If you do make use 8660of client certificates, the distinguished names (DNs) of the certificate 8661authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client 8662in the client certificate request message. MUAs with multiple client 8663certificates may use the list of preferred certificate authorities 8664to select the correct client certificate. You may want to put your 8665"preferred" CA or CAs in this file, and install other trusted CAs in 8666$smtpd_tls_CApath. </p> 8667 8668<p> Example: </p> 8669 8670<pre> 8671smtpd_tls_CAfile = /etc/postfix/CAcert.pem 8672</pre> 8673 8674<p> This feature is available in Postfix 2.2 and later. </p> 8675 8676%PARAM smtpd_tls_CApath 8677 8678<p> A directory containing (PEM format) CA certificates of root CAs 8679trusted to sign either remote SMTP client certificates or intermediate CA 8680certificates. Do not forget to create the necessary "hash" links with, 8681for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use 8682smtpd_tls_CApath in chroot mode, this directory (or a copy) must be 8683inside the chroot jail. </p> 8684 8685<p> Specify "tls_append_default_CA = no" to prevent Postfix from 8686appending the system-supplied default CAs and trusting third-party 8687certificates. </p> 8688 8689<p> By default (see smtpd_tls_ask_ccert), client certificates are 8690not requested, and smtpd_tls_CApath should remain empty. In contrast 8691to smtpd_tls_CAfile, DNs of certificate authorities installed 8692in $smtpd_tls_CApath are not included in the client certificate 8693request message. MUAs with multiple client certificates may use the 8694list of preferred certificate authorities to select the correct 8695client certificate. You may want to put your "preferred" CA or 8696CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in 8697$smtpd_tls_CApath. </p> 8698 8699<p> Example: </p> 8700 8701<pre> 8702smtpd_tls_CApath = /etc/postfix/certs 8703</pre> 8704 8705<p> This feature is available in Postfix 2.2 and later. </p> 8706 8707%PARAM smtpd_tls_loglevel 0 8708 8709<p> Enable additional Postfix SMTP server logging of TLS activity. 8710Each logging level also includes the information that is logged at 8711a lower logging level. </p> 8712 8713<dl compact> 8714 8715<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 8716 8717<dt> </dt> <dd> 1 Log TLS handshake and certificate information. </dd> 8718 8719<dt> </dt> <dd> 2 Log levels during TLS negotiation. </dd> 8720 8721<dt> </dt> <dd> 3 Log hexadecimal and ASCII dump of TLS negotiation 8722process. </dd> 8723 8724<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 8725transmission after STARTTLS. </dd> 8726 8727</dl> 8728 8729<p> Use "smtpd_tls_loglevel = 3" only in case of problems. Use of 8730loglevel 4 is strongly discouraged. </p> 8731 8732<p> This feature is available in Postfix 2.2 and later. </p> 8733 8734%PARAM smtpd_tls_received_header no 8735 8736<p> Request that the Postfix SMTP server produces Received: message 8737headers that include information about the protocol and cipher used, 8738as well as the client CommonName and client certificate issuer 8739CommonName. This is disabled by default, as the information may 8740be modified in transit through other mail servers. Only information 8741that was recorded by the final destination can be trusted. </p> 8742 8743<p> This feature is available in Postfix 2.2 and later. </p> 8744 8745%PARAM smtpd_use_tls no 8746 8747<p> Opportunistic TLS: announce STARTTLS support to SMTP clients, 8748but do not require that clients use TLS encryption. </p> 8749 8750<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 8751STARTTLS due to insufficient privileges to access the server private 8752key. This is intended behavior. </p> 8753 8754<p> This feature is available in Postfix 2.2 and later. With 8755Postfix 2.3 and later use smtpd_tls_security_level instead. </p> 8756 8757%PARAM smtpd_enforce_tls no 8758 8759<p> Mandatory TLS: announce STARTTLS support to SMTP clients, 8760and require that clients use TLS encryption. According to RFC 2487 8761this MUST NOT be applied in case of a publicly-referenced SMTP 8762server. This option is off by default and should be used only on 8763dedicated servers. </p> 8764 8765<p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p> 8766 8767<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 8768STARTTLS due to insufficient privileges to access the server private 8769key. This is intended behavior. </p> 8770 8771<p> This feature is available in Postfix 2.2 and later. With 8772Postfix 2.3 and later use smtpd_tls_security_level instead. </p> 8773 8774%PARAM smtpd_tls_wrappermode no 8775 8776<p> Run the Postfix SMTP server in the non-standard "wrapper" mode, 8777instead of using the STARTTLS command. </p> 8778 8779<p> If you want to support this service, enable a special port in 8780master.cf, and specify "-o smtpd_tls_wrappermode=yes" on the SMTP 8781server's command line. Port 465 (smtps) was once chosen for this 8782purpose. </p> 8783 8784<p> This feature is available in Postfix 2.2 and later. </p> 8785 8786%PARAM smtpd_tls_ask_ccert no 8787 8788<p> Ask a remote SMTP client for a client certificate. This 8789information is needed for certificate based mail relaying with, 8790for example, the permit_tls_clientcerts feature. </p> 8791 8792<p> Some clients such as Netscape will either complain if no 8793certificate is available (for the list of CAs in $smtpd_tls_CAfile) 8794or will offer multiple client certificates to choose from. This 8795may be annoying, so this option is "off" by default. </p> 8796 8797<p> This feature is available in Postfix 2.2 and later. </p> 8798 8799%PARAM smtpd_tls_req_ccert no 8800 8801<p> With mandatory TLS encryption, require a trusted remote SMTP client 8802certificate in order to allow TLS connections to proceed. This 8803option implies "smtpd_tls_ask_ccert = yes". </p> 8804 8805<p> When TLS encryption is optional, this setting is ignored with 8806a warning written to the mail log. </p> 8807 8808<p> This feature is available in Postfix 2.2 and later. </p> 8809 8810%PARAM smtpd_tls_ccert_verifydepth 9 8811 8812<p> The verification depth for remote SMTP client certificates. A 8813depth of 1 is sufficient if the issuing CA is listed in a local CA 8814file. </p> 8815 8816<p> The default verification depth is 9 (the OpenSSL default) for 8817compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 8818the default value was 5, but the limit was not actually enforced. If 8819you have set this to a lower non-default value, certificates with longer 8820trust chains may now fail to verify. Certificate chains with 1 or 2 8821CAs are common, deeper chains are more rare and any number between 5 8822and 9 should suffice in practice. You can choose a lower number if, 8823for example, you trust certificates directly signed by an issuing CA 8824but not any CAs it delegates to. </p> 8825 8826<p> This feature is available in Postfix 2.2 and later. </p> 8827 8828%PARAM smtpd_tls_auth_only no 8829 8830<p> When TLS encryption is optional in the Postfix SMTP server, do 8831not announce or accept SASL authentication over unencrypted 8832connections. </p> 8833 8834<p> This feature is available in Postfix 2.2 and later. </p> 8835 8836%PARAM smtpd_tls_session_cache_database 8837 8838<p> Name of the file containing the optional Postfix SMTP server 8839TLS session cache. Specify a database type that supports enumeration, 8840such as <b>btree</b> or <b>sdbm</b>; there is no need to support 8841concurrent access. The file is created if it does not exist. The smtpd(8) 8842daemon does not use this parameter directly, rather the cache is 8843implemented indirectly in the tlsmgr(8) daemon. This means that 8844per-smtpd-instance master.cf overrides of this parameter are not 8845effective. Note, that each of the cache databases supported by tlsmgr(8) 8846daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database 8847(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to be 8848stored separately. It is not at this time possible to store multiple 8849caches in a single database. </p> 8850 8851<p> Note: <b>dbm</b> databases are not suitable. TLS 8852session objects are too large. </p> 8853 8854<p> As of version 2.5, Postfix no longer uses root privileges when 8855opening this file. The file should now be stored under the Postfix-owned 8856data_directory. As a migration aid, an attempt to open the file 8857under a non-Postfix directory is redirected to the Postfix-owned 8858data_directory, and a warning is logged. </p> 8859 8860<p> Example: </p> 8861 8862<pre> 8863smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache 8864</pre> 8865 8866<p> This feature is available in Postfix 2.2 and later. </p> 8867 8868%PARAM smtpd_tls_session_cache_timeout 3600s 8869 8870<p> The expiration time of Postfix SMTP server TLS session cache 8871information. A cache cleanup is performed periodically 8872every $smtpd_tls_session_cache_timeout seconds. As with 8873$smtpd_tls_session_cache_database, this parameter is implemented in the 8874tlsmgr(8) daemon and therefore per-smtpd-instance master.cf overrides 8875are not possible. </p> 8876 8877<p> This feature is available in Postfix 2.2 and later. </p> 8878 8879%PARAM relay_clientcerts 8880 8881<p> List of tables with remote SMTP client-certificate fingerprints 8882for which the Postfix SMTP server will allow access with the 8883permit_tls_clientcerts feature. 8884The fingerprint digest algorithm is configurable via the 8885smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to 8886Postfix version 2.5). </p> 8887 8888<p> Postfix lookup tables are in the form of (key, value) pairs. 8889Since we only need the key, the value can be chosen freely, e.g. 8890the name of the user or host: 8891D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p> 8892 8893<p> Example: </p> 8894 8895<pre> 8896relay_clientcerts = hash:/etc/postfix/relay_clientcerts 8897</pre> 8898 8899<p>For more fine-grained control, use check_ccert_access to select 8900an appropriate access(5) policy for each client. 8901See RESTRICTION_CLASS_README.</p> 8902 8903<p>This feature is available with Postfix version 2.2.</p> 8904 8905%PARAM smtpd_tls_cipherlist 8906 8907<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS 8908cipher list. It is easy to create inter-operability problems by choosing 8909a non-default cipher list. Do not use a non-default TLS cipherlist for 8910MX hosts on the public Internet. Clients that begin the TLS handshake, 8911but are unable to agree on a common cipher, may not be able to send any 8912email to the SMTP server. Using a restricted cipher list may be more 8913appropriate for a dedicated MSA or an internal mailhub, where one can 8914exert some control over the TLS software and settings of the connecting 8915clients. </p> 8916 8917<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 8918 8919<p>This feature is available with Postfix version 2.2. It is not used with 8920Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. </p> 8921 8922%PARAM smtpd_tls_dh1024_param_file 8923 8924<p> File with DH parameters that the Postfix SMTP server should 8925use with EDH ciphers. </p> 8926 8927<p> Instead of using the exact same parameter sets as distributed 8928with other TLS packages, it is more secure to generate your own 8929set of parameters with something like the following command: </p> 8930 8931<blockquote> 8932<pre> 8933openssl gendh -out /etc/postfix/dh_1024.pem -2 1024 8934</pre> 8935</blockquote> 8936 8937<p> Your actual source for entropy may differ. Some systems have 8938/dev/random; on other system you may consider using the "Entropy 8939Gathering Daemon EGD", available at http://egd.sourceforge.net/ 8940</p> 8941 8942<p> Example: </p> 8943 8944<pre> 8945smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem 8946</pre> 8947 8948<p>This feature is available with Postfix version 2.2.</p> 8949 8950%PARAM smtpd_tls_dh512_param_file 8951 8952<p> File with DH parameters that the Postfix SMTP server should 8953use with EDH ciphers. </p> 8954 8955<p> See also the discussion under the smtpd_tls_dh1024_param_file 8956configuration parameter. </p> 8957 8958<p> Example: </p> 8959 8960<pre> 8961smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem 8962</pre> 8963 8964<p>This feature is available with Postfix version 2.2.</p> 8965 8966%PARAM smtpd_starttls_timeout 300s 8967 8968<p> The time limit for Postfix SMTP server write and read operations 8969during TLS startup and shutdown handshake procedures. </p> 8970 8971<p> This feature is available in Postfix 2.2 and later. </p> 8972 8973%PARAM smtp_tls_cert_file 8974 8975<p> File with the Postfix SMTP client RSA certificate in PEM format. 8976This file may also contain the Postfix SMTP client private RSA key, 8977and these may be the same as the Postfix SMTP server RSA certificate and key 8978file. </p> 8979 8980<p> Do not configure client certificates unless you <b>must</b> present 8981client TLS certificates to one or more servers. Client certificates are 8982not usually needed, and can cause problems in configurations that work 8983well without them. The recommended setting is to let the defaults stand: </p> 8984 8985<blockquote> 8986<pre> 8987smtp_tls_cert_file = 8988smtp_tls_key_file = 8989smtp_tls_dcert_file = 8990smtp_tls_dkey_file = 8991smtp_tls_eccert_file = 8992smtp_tls_eckey_file = 8993</pre> 8994</blockquote> 8995 8996<p> The best way to use the default settings is to comment out the above 8997parameters in main.cf if present. </p> 8998 8999<p> To enable remote SMTP servers to verify the Postfix SMTP client 9000certificate, the issuing CA certificates must be made available to the 9001server. You should include the required certificates in the client 9002certificate file, the client certificate first, then the issuing 9003CA(s) (bottom-up order). </p> 9004 9005<p> Example: the certificate for "client.example.com" was issued by 9006"intermediate CA" which itself has a certificate issued by "root CA". 9007Create the client.pem file with "cat client_cert.pem intermediate_CA.pem 9008root_CA.pem > client.pem". </p> 9009 9010<p> If you also want to verify remote SMTP server certificates issued by 9011these CAs, you can add the CA certificates to the smtp_tls_CAfile, in 9012which case it is not necessary to have them in the smtp_tls_cert_file, 9013smtp_tls_dcert_file or smtp_tls_eccert_file. </p> 9014 9015<p> A certificate supplied here must be usable as an SSL client certificate 9016and hence pass the "openssl verify -purpose sslclient ..." test. </p> 9017 9018<p> Example: </p> 9019 9020<pre> 9021smtp_tls_cert_file = /etc/postfix/client.pem 9022</pre> 9023 9024<p> This feature is available in Postfix 2.2 and later. </p> 9025 9026%PARAM smtp_tls_key_file $smtp_tls_cert_file 9027 9028<p> File with the Postfix SMTP client RSA private key in PEM format. 9029This file may be combined with the Postfix SMTP client RSA certificate 9030file specified with $smtp_tls_cert_file. </p> 9031 9032<p> The private key must be accessible without a pass-phrase, i.e. it 9033must not be encrypted. File permissions should grant read-only 9034access to the system superuser account ("root"), and no access 9035to anyone else. </p> 9036 9037<p> Example: </p> 9038 9039<pre> 9040smtp_tls_key_file = $smtp_tls_cert_file 9041</pre> 9042 9043<p> This feature is available in Postfix 2.2 and later. </p> 9044 9045%PARAM smtp_tls_CAfile 9046 9047<p> A file containing CA certificates of root CAs trusted to sign 9048either remote SMTP server certificates or intermediate CA certificates. 9049These are loaded into memory before the smtp(8) client enters the 9050chroot jail. If the number of trusted roots is large, consider using 9051smtp_tls_CApath instead, but note that the latter directory must be 9052present in the chroot jail if the smtp(8) client is chrooted. This 9053file may also be used to augment the client certificate trust chain, 9054but it is best to include all the required certificates directly in 9055$smtp_tls_cert_file. </p> 9056 9057<p> Specify "tls_append_default_CA = no" to prevent Postfix from 9058appending the system-supplied default CAs and trusting third-party 9059certificates. </p> 9060 9061<p> Example: </p> 9062 9063<pre> 9064smtp_tls_CAfile = /etc/postfix/CAcert.pem 9065</pre> 9066 9067<p> This feature is available in Postfix 2.2 and later. </p> 9068 9069%PARAM smtp_tls_CApath 9070 9071<p> Directory with PEM format certificate authority certificates 9072that the Postfix SMTP client uses to verify a remote SMTP server 9073certificate. Don't forget to create the necessary "hash" links 9074with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 9075</p> 9076 9077<p> To use this option in chroot mode, this directory (or a copy) 9078must be inside the chroot jail. </p> 9079 9080<p> Specify "tls_append_default_CA = no" to prevent Postfix from 9081appending the system-supplied default CAs and trusting third-party 9082certificates. </p> 9083 9084<p> Example: </p> 9085 9086<pre> 9087smtp_tls_CApath = /etc/postfix/certs 9088</pre> 9089 9090<p> This feature is available in Postfix 2.2 and later. </p> 9091 9092%PARAM smtp_tls_loglevel 0 9093 9094<p> Enable additional Postfix SMTP client logging of TLS activity. 9095Each logging level also includes the information that is logged at 9096a lower logging level. </p> 9097 9098<dl compact> 9099 9100<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 9101 9102<dt> </dt> <dd> 1 Log TLS handshake and certificate information. </dd> 9103 9104<dt> </dt> <dd> 2 Log levels during TLS negotiation. </dd> 9105 9106<dt> </dt> <dd> 3 Log hexadecimal and ASCII dump of TLS negotiation 9107process. </dd> 9108 9109<dt> </dt> <dd> 4 Log hexadecimal and ASCII dump of complete 9110transmission after STARTTLS. </dd> 9111 9112</dl> 9113 9114<p> Use "smtp_tls_loglevel = 3" only in case of problems. Use of 9115loglevel 4 is strongly discouraged. </p> 9116 9117<p> This feature is available in Postfix 2.2 and later. </p> 9118 9119%PARAM smtp_tls_session_cache_database 9120 9121<p> Name of the file containing the optional Postfix SMTP client 9122TLS session cache. Specify a database type that supports enumeration, 9123such as <b>btree</b> or <b>sdbm</b>; there is no need to support 9124concurrent access. The file is created if it does not exist. The smtp(8) 9125daemon does not use this parameter directly, rather the cache is 9126implemented indirectly in the tlsmgr(8) daemon. This means that 9127per-smtp-instance master.cf overrides of this parameter are not effective. 9128Note, that each of the cache databases supported by tlsmgr(8) daemon: 9129$smtpd_tls_session_cache_database, $smtp_tls_session_cache_database 9130(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to 9131be stored separately. It is not at this time possible to store multiple 9132caches in a single database. </p> 9133 9134<p> Note: <b>dbm</b> databases are not suitable. TLS 9135session objects are too large. </p> 9136 9137<p> As of version 2.5, Postfix no longer uses root privileges when 9138opening this file. The file should now be stored under the Postfix-owned 9139data_directory. As a migration aid, an attempt to open the file 9140under a non-Postfix directory is redirected to the Postfix-owned 9141data_directory, and a warning is logged. </p> 9142 9143<p> Example: </p> 9144 9145<pre> 9146smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache 9147</pre> 9148 9149<p> This feature is available in Postfix 2.2 and later. </p> 9150 9151%PARAM smtp_tls_session_cache_timeout 3600s 9152 9153<p> The expiration time of Postfix SMTP client TLS session cache 9154information. A cache cleanup is performed periodically 9155every $smtp_tls_session_cache_timeout seconds. As with 9156$smtp_tls_session_cache_database, this parameter is implemented in the 9157tlsmgr(8) daemon and therefore per-smtp-instance master.cf overrides 9158are not possible. </p> 9159 9160<p> This feature is available in Postfix 2.2 and later. </p> 9161 9162%PARAM smtp_use_tls no 9163 9164<p> Opportunistic mode: use TLS when a remote SMTP server announces 9165STARTTLS support, otherwise send the mail in the clear. Beware: 9166some SMTP servers offer STARTTLS even if it is not configured. With 9167Postfix < 2.3, if the TLS handshake fails, and no other server is 9168available, delivery is deferred and mail stays in the queue. If this 9169is a concern for you, use the smtp_tls_per_site feature instead. </p> 9170 9171<p> This feature is available in Postfix 2.2 and later. With 9172Postfix 2.3 and later use smtp_tls_security_level instead. </p> 9173 9174%PARAM smtp_enforce_tls no 9175 9176<p> Enforcement mode: require that remote SMTP servers use TLS 9177encryption, and never send mail in the clear. This also requires 9178that the remote SMTP server hostname matches the information in 9179the remote server certificate, and that the remote SMTP server 9180certificate was issued by a CA that is trusted by the Postfix SMTP 9181client. If the certificate doesn't verify or the hostname doesn't 9182match, delivery is deferred and mail stays in the queue. </p> 9183 9184<p> The server hostname is matched against all names provided as 9185dNSNames in the SubjectAlternativeName. If no dNSNames are specified, 9186the CommonName is checked. The behavior may be changed with the 9187smtp_tls_enforce_peername option. </p> 9188 9189<p> This option is useful only if you are definitely sure that you 9190will only connect to servers that support RFC 2487 _and_ that 9191provide valid server certificates. Typical use is for clients that 9192send all their email to a dedicated mailhub. </p> 9193 9194<p> This feature is available in Postfix 2.2 and later. With 9195Postfix 2.3 and later use smtp_tls_security_level instead. </p> 9196 9197%PARAM smtp_tls_enforce_peername yes 9198 9199<p> With mandatory TLS encryption, require that the remote SMTP 9200server hostname matches the information in the remote SMTP server 9201certificate. As of RFC 2487 the requirements for hostname checking 9202for MTA clients are not specified. </p> 9203 9204<p> This option can be set to "no" to disable strict peer name 9205checking. This setting has no effect on sessions that are controlled 9206via the smtp_tls_per_site table. </p> 9207 9208<p> Disabling the hostname verification can make sense in closed 9209environment where special CAs are created. If not used carefully, 9210this option opens the danger of a "man-in-the-middle" attack (the 9211CommonName of this attacker will be logged). </p> 9212 9213<p> This feature is available in Postfix 2.2 and later. With 9214Postfix 2.3 and later use smtp_tls_security_level instead. </p> 9215 9216%PARAM smtp_tls_per_site 9217 9218<p> Optional lookup tables with the Postfix SMTP client TLS usage 9219policy by next-hop destination and by remote SMTP server hostname. 9220When both lookups succeed, the more specific per-site policy (NONE, 9221MUST, etc) overrides the less specific one (MAY), and the more secure 9222per-site policy (MUST, etc) overrides the less secure one (NONE). 9223With Postfix 2.3 and later smtp_tls_per_site is strongly discouraged: 9224use smtp_tls_policy_maps instead. </p> 9225 9226<p> Use of the bare hostname as the per-site table lookup key is 9227discouraged. Always use the full destination nexthop (enclosed in 9228[] with a possible ":port" suffix). A recipient domain or MX-enabled 9229transport next-hop with no port suffix may look like a bare hostname, 9230but is still a suitable <i>destination</i>. </p> 9231 9232<p> Specify a next-hop destination or server hostname on the left-hand 9233side; no wildcards are allowed. The next-hop destination is either 9234the recipient domain, or the destination specified with a transport(5) 9235table, the relayhost parameter, or the relay_transport parameter. 9236On the right hand side specify one of the following keywords: </p> 9237 9238<dl> 9239 9240<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less 9241specific <b>MAY</b> lookup result from the alternate host or next-hop 9242lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls, 9243and smtp_tls_enforce_peername settings. </dd> 9244 9245<dt> MAY </dt> <dd> Try to use TLS if the server announces support, 9246otherwise use the unencrypted connection. This has less precedence 9247than a more specific result (including <b>NONE</b>) from the alternate 9248host or next-hop lookup key, and has less precedence than the more 9249specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername 9250= yes". </dd> 9251 9252<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not 9253require that the remote SMTP server hostname matches the information 9254in the remote SMTP server certificate, or that the server certificate 9255was issued by a trusted CA. This overrides a less secure <b>NONE</b> 9256or a less specific <b>MAY</b> lookup result from the alternate host 9257or next-hop lookup key, and overrides the global smtp_use_tls, 9258smtp_enforce_tls and smtp_tls_enforce_peername settings. </dd> 9259 9260<dt> MUST </dt> <dd> Require TLS encryption, require that the remote 9261SMTP server hostname matches the information in the remote SMTP 9262server certificate, and require that the remote SMTP server certificate 9263was issued by a trusted CA. This overrides a less secure <b>NONE</b> 9264and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup 9265result from the alternate host or next-hop lookup key, and overrides 9266the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername 9267settings. </dd> 9268 9269</dl> 9270 9271<p> The above keywords correspond to the "none", "may", "encrypt" and 9272"verify" security levels for the new smtp_tls_security_level parameter 9273introduced in Postfix 2.3. Starting with Postfix 2.3, and independently 9274of how the policy is specified, the smtp_tls_mandatory_ciphers and 9275smtp_tls_mandatory_protocols parameters apply when TLS encryption 9276is mandatory. Connections for which encryption is optional typically 9277enable all "export" grade and better ciphers (see smtp_tls_ciphers 9278and smtp_tls_protocols). </p> 9279 9280<p> As long as no secure DNS lookup mechanism is available, false 9281hostnames in MX or CNAME responses can change the server hostname 9282that Postfix uses for TLS policy lookup and server certificate 9283verification. Even with a perfect match between the server hostname and 9284the server certificate, there is no guarantee that Postfix is connected 9285to the right server. See TLS_README (Closing a DNS loophole with obsolete 9286per-site TLS policies) for a possible work-around. </p> 9287 9288<p> This feature is available in Postfix 2.2 and later. With 9289Postfix 2.3 and later use smtp_tls_policy_maps instead. </p> 9290 9291%PARAM smtp_tls_scert_verifydepth 9 9292 9293<p> The verification depth for remote SMTP server certificates. A depth 9294of 1 is sufficient if the issuing CA is listed in a local CA file. </p> 9295 9296<p> The default verification depth is 9 (the OpenSSL default) for 9297compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 9298the default value was 5, but the limit was not actually enforced. If 9299you have set this to a lower non-default value, certificates with longer 9300trust chains may now fail to verify. Certificate chains with 1 or 2 9301CAs are common, deeper chains are more rare and any number between 5 9302and 9 should suffice in practice. You can choose a lower number if, 9303for example, you trust certificates directly signed by an issuing CA 9304but not any CAs it delegates to. </p> 9305 9306<p> This feature is available in Postfix 2.2 and later. </p> 9307 9308%PARAM smtp_tls_note_starttls_offer no 9309 9310<p> Log the hostname of a remote SMTP server that offers STARTTLS, 9311when TLS is not already enabled for that server. </p> 9312 9313<p> The logfile record looks like: </p> 9314 9315<pre> 9316postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] 9317</pre> 9318 9319<p> This feature is available in Postfix 2.2 and later. </p> 9320 9321%PARAM smtp_tls_cipherlist 9322 9323<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 9324cipher list. As this feature applies to all TLS security levels, it is easy 9325to create inter-operability problems by choosing a non-default cipher 9326list. Do not use a non-default TLS cipher list on hosts that deliver email 9327to the public Internet: you will be unable to send email to servers that 9328only support the ciphers you exclude. Using a restricted cipher list 9329may be more appropriate for an internal MTA, where one can exert some 9330control over the TLS software and settings of the peer servers. </p> 9331 9332<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 9333 9334<p> This feature is available in Postfix version 2.2. It is not used with 9335Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead. </p> 9336 9337%PARAM smtp_starttls_timeout 300s 9338 9339<p> Time limit for Postfix SMTP client write and read operations 9340during TLS startup and shutdown handshake procedures. </p> 9341 9342<p> This feature is available in Postfix 2.2 and later. </p> 9343 9344%PARAM smtp_tls_dkey_file $smtp_tls_dcert_file 9345 9346<p> File with the Postfix SMTP client DSA private key in PEM format. 9347This file may be combined with the Postfix SMTP client DSA certificate 9348file specified with $smtp_tls_dcert_file. </p> 9349 9350<p> The private key must be accessible without a pass-phrase, i.e. it 9351must not be encrypted. File permissions should grant read-only 9352access to the system superuser account ("root"), and no access 9353to anyone else. </p> 9354 9355<p> This feature is available in Postfix 2.2 and later. </p> 9356 9357%PARAM smtp_tls_dcert_file 9358 9359<p> File with the Postfix SMTP client DSA certificate in PEM format. 9360This file may also contain the Postfix SMTP client private DSA key. </p> 9361 9362<p> See the discussion under smtp_tls_cert_file for more details. 9363</p> 9364 9365<p> Example: </p> 9366 9367<pre> 9368smtp_tls_dcert_file = /etc/postfix/client-dsa.pem 9369</pre> 9370 9371<p> This feature is available in Postfix 2.2 and later. </p> 9372 9373%PARAM tls_append_default_CA no 9374 9375<p> Append the system-supplied default certificate authority 9376certificates to the ones specified with *_tls_CApath or *_tls_CAfile. 9377The default is "no"; this prevents Postfix from trusting third-party 9378certificates and giving them relay permission with 9379permit_tls_all_clientcerts. </p> 9380 9381<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, 93822.7.2 and later versions. Specify "tls_append_default_CA = yes" for 9383backwards compatibility, to avoid breaking certificate verification 9384with sites that don't use permit_tls_all_clientcerts. </p> 9385 9386%PARAM tls_random_exchange_name see "postconf -d" output 9387 9388<p> Name of the pseudo random number generator (PRNG) state file 9389that is maintained by tlsmgr(8). The file is created when it does 9390not exist, and its length is fixed at 1024 bytes. </p> 9391 9392<p> As of version 2.5, Postfix no longer uses root privileges when 9393opening this file, and the default file location was changed from 9394${config_directory}/prng_exch to ${data_directory}/prng_exch. As 9395a migration aid, an attempt to open the file under a non-Postfix 9396directory is redirected to the Postfix-owned data_directory, and a 9397warning is logged. </p> 9398 9399<p> This feature is available in Postfix 2.2 and later. </p> 9400 9401%PARAM tls_random_source see "postconf -d" output 9402 9403<p> The external entropy source for the in-memory tlsmgr(8) pseudo 9404random number generator (PRNG) pool. Be sure to specify a non-blocking 9405source. If this source is not a regular file, the entropy source 9406type must be prepended: egd:/path/to/egd_socket for a source with 9407EGD compatible socket interface, or dev:/path/to/device for a 9408device file. </p> 9409 9410<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom 9411gives timeout errors. </p> 9412 9413<p> This feature is available in Postfix 2.2 and later. </p> 9414 9415%PARAM tls_random_bytes 32 9416 9417<p> The number of bytes that tlsmgr(8) reads from $tls_random_source 9418when (re)seeding the in-memory pseudo random number generator (PRNG) 9419pool. The default of 32 bytes (256 bits) is good enough for 128bit 9420symmetric keys. If using EGD or a device file, a maximum of 255 9421bytes is read. </p> 9422 9423<p> This feature is available in Postfix 2.2 and later. </p> 9424 9425%PARAM tls_random_reseed_period 3600s 9426 9427<p> The maximal time between attempts by tlsmgr(8) to re-seed the 9428in-memory pseudo random number generator (PRNG) pool from external 9429sources. The actual time between re-seeding attempts is calculated 9430using the PRNG, and is between 0 and the time specified. </p> 9431 9432<p> This feature is available in Postfix 2.2 and later. </p> 9433 9434%PARAM tls_random_prng_update_period 3600s 9435 9436<p> The time between attempts by tlsmgr(8) to save the state of 9437the pseudo random number generator (PRNG) to the file specified 9438with $tls_random_exchange_name. </p> 9439 9440<p> This feature is available in Postfix 2.2 and later. </p> 9441 9442%PARAM tls_daemon_random_bytes 32 9443 9444<p> The number of pseudo-random bytes that an smtp(8) or smtpd(8) 9445process requests from the tlsmgr(8) server in order to seed its 9446internal pseudo random number generator (PRNG). The default of 32 9447bytes (equivalent to 256 bits) is sufficient to generate a 128bit 9448(or 168bit) session key. </p> 9449 9450<p> This feature is available in Postfix 2.2 and later. </p> 9451 9452%PARAM smtp_sasl_tls_security_options $smtp_sasl_security_options 9453 9454<p> The SASL authentication security options that the Postfix SMTP 9455client uses for TLS encrypted SMTP sessions. </p> 9456 9457<p> This feature is available in Postfix 2.2 and later. </p> 9458 9459%PARAM smtpd_sasl_tls_security_options $smtpd_sasl_security_options 9460 9461<p> The SASL authentication security options that the Postfix SMTP 9462server uses for TLS encrypted SMTP sessions. </p> 9463 9464<p> This feature is available in Postfix 2.2 and later. </p> 9465 9466%PARAM smtp_generic_maps 9467 9468<p> Optional lookup tables that perform address rewriting in the 9469SMTP client, typically to transform a locally valid address into 9470a globally valid address when sending mail across the Internet. 9471This is needed when the local machine does not have its own Internet 9472domain name, but uses something like <i>localdomain.local</i> 9473instead. </p> 9474 9475<p> The table format and lookups are documented in generic(5); 9476examples are shown in the ADDRESS_REWRITING_README and 9477STANDARD_CONFIGURATION_README documents. </p> 9478 9479<p> This feature is available in Postfix 2.2 and later. </p> 9480 9481%PARAM message_reject_characters 9482 9483<p> The set of characters that Postfix will reject in message 9484content. The usual C-like escape sequences are recognized: <tt>\a 9485\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 9486<tt>\\</tt>. </p> 9487 9488<p> Example: </p> 9489 9490<pre> 9491message_reject_characters = \0 9492</pre> 9493 9494<p> This feature is available in Postfix 2.3 and later. </p> 9495 9496%PARAM message_strip_characters 9497 9498<p> The set of characters that Postfix will remove from message 9499content. The usual C-like escape sequences are recognized: <tt>\a 9500\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 9501<tt>\\</tt>. </p> 9502 9503<p> Example: </p> 9504 9505<pre> 9506message_strip_characters = \0 9507</pre> 9508 9509<p> This feature is available in Postfix 2.3 and later. </p> 9510 9511%PARAM frozen_delivered_to yes 9512 9513<p> Update the local(8) delivery agent's idea of the Delivered-To: 9514address (see prepend_delivered_header) only once, at the start of 9515a delivery attempt; do not update the Delivered-To: address while 9516expanding aliases or .forward files. </p> 9517 9518<p> This feature is available in Postfix 2.3 and later. With older 9519Postfix releases, the behavior is as if this parameter is set to 9520"no". The old setting can be expensive with deeply nested aliases 9521or .forward files. When an alias or .forward file changes the 9522Delivered-To: address, it ties up one queue file and one cleanup 9523process instance while mail is being forwarded. </p> 9524 9525%PARAM smtpd_peername_lookup yes 9526 9527<p> Attempt to look up the remote SMTP client hostname, and verify that 9528the name matches the client IP address. A client name is set to 9529"unknown" when it cannot be looked up or verified, or when name 9530lookup is disabled. Turning off name lookup reduces delays due to 9531DNS lookup and increases the maximal inbound delivery rate. </p> 9532 9533<p> This feature is available in Postfix 2.3 and later. </p> 9534 9535%PARAM delay_logging_resolution_limit 2 9536 9537<p> The maximal number of digits after the decimal point when logging 9538sub-second delay values. Specify a number in the range 0..6. </p> 9539 9540<p> Large delay values are rounded off to an integral number seconds; 9541delay values below the delay_logging_resolution_limit are logged 9542as "0", and small delay values are logged with at most two-digit 9543precision. </p> 9544 9545<p> The format of the "delays=a/b/c/d" logging is as follows: </p> 9546 9547<ul> 9548 9549<li> a = time from message arrival to last active queue entry 9550 9551<li> b = time from last active queue entry to connection setup 9552 9553<li> c = time in connection setup, including DNS, EHLO and STARTTLS 9554 9555<li> d = time in message transmission 9556 9557</ul> 9558 9559<p> This feature is available in Postfix 2.3 and later. </p> 9560 9561%PARAM bounce_template_file 9562 9563<p> Pathname of a configuration file with bounce message templates. 9564These override the built-in templates of delivery status notification 9565(DSN) messages for undeliverable mail, for delayed mail, successful 9566delivery, or delivery verification. The bounce(5) manual page 9567describes how to edit and test template files. </p> 9568 9569<p> Template message body text may contain $name references to 9570Postfix configuration parameters. The result of $name expansion can 9571be previewed with "<b>postconf -b <i>file_name</i></b>" before the file 9572is placed into the Postfix configuration directory. </p> 9573 9574<p> This feature is available in Postfix 2.3 and later. </p> 9575 9576%PARAM sender_dependent_relayhost_maps 9577 9578<p> A sender-dependent override for the global relayhost parameter 9579setting. The tables are searched by the envelope sender address and 9580@domain. A lookup result of DUNNO terminates the search without 9581overriding the global relayhost parameter setting (Postfix 2.6 and 9582later). This information is overruled with relay_transport, 9583sender_dependent_default_transport_maps, default_transport and with 9584the transport(5) table. </p> 9585 9586<p> For safety reasons, this feature does not allow $number 9587substitutions in regular expression maps. </p> 9588 9589<p> 9590This feature is available in Postfix 2.3 and later. 9591</p> 9592 9593%PARAM empty_address_relayhost_maps_lookup_key <> 9594 9595<p> The sender_dependent_relayhost_maps search string that will be 9596used instead of the null sender address. </p> 9597 9598<p> This feature is available in Postfix 2.5 and later. With 9599earlier versions, sender_dependent_relayhost_maps lookups were 9600skipped for the null sender address. </p> 9601 9602%PARAM address_verify_sender_dependent_relayhost_maps $sender_dependent_relayhost_maps 9603 9604<p> 9605Overrides the sender_dependent_relayhost_maps parameter setting for address 9606verification probes. 9607</p> 9608 9609<p> 9610This feature is available in Postfix 2.3 and later. 9611</p> 9612 9613%PARAM smtp_sender_dependent_authentication no 9614 9615<p> 9616Enable sender-dependent authentication in the Postfix SMTP client; this is 9617available only with SASL authentication, and disables SMTP connection 9618caching to ensure that mail from different senders will use the 9619appropriate credentials. </p> 9620 9621<p> 9622This feature is available in Postfix 2.3 and later. 9623</p> 9624 9625%PARAM lmtp_lhlo_name $myhostname 9626 9627<p> 9628The hostname to send in the LMTP LHLO command. 9629</p> 9630 9631<p> 9632The default value is the machine hostname. Specify a hostname or 9633[ip.add.re.ss]. 9634</p> 9635 9636<p> 9637This information can be specified in the main.cf file for all LMTP 9638clients, or it can be specified in the master.cf file for a specific 9639client, for example: 9640</p> 9641 9642<blockquote> 9643<pre> 9644/etc/postfix/master.cf: 9645 mylmtp ... lmtp -o lmtp_lhlo_name=foo.bar.com 9646</pre> 9647</blockquote> 9648 9649<p> 9650This feature is available in Postfix 2.3 and later. 9651</p> 9652 9653%PARAM lmtp_discard_lhlo_keyword_address_maps 9654 9655<p> Lookup tables, indexed by the remote LMTP server address, with 9656case insensitive lists of LHLO keywords (pipelining, starttls, 9657auth, etc.) that the LMTP client will ignore in the LHLO response 9658from a remote LMTP server. See lmtp_discard_lhlo_keywords for 9659details. The table is not indexed by hostname for consistency with 9660smtpd_discard_ehlo_keyword_address_maps. </p> 9661 9662<p> This feature is available in Postfix 2.3 and later. </p> 9663 9664%PARAM lmtp_discard_lhlo_keywords 9665 9666<p> A case insensitive list of LHLO keywords (pipelining, starttls, 9667auth, etc.) that the LMTP client will ignore in the LHLO response 9668from a remote LMTP server. </p> 9669 9670<p> This feature is available in Postfix 2.3 and later. </p> 9671 9672<p> Notes: </p> 9673 9674<ul> 9675 9676<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 9677this action from being logged. </p> 9678 9679<li> <p> Use the lmtp_discard_lhlo_keyword_address_maps feature to 9680discard LHLO keywords selectively. </p> 9681 9682</ul> 9683 9684%PARAM lmtp_lhlo_timeout 300s 9685 9686<p> The LMTP client time limit for sending the LHLO command, and 9687for receiving the initial server response. </p> 9688 9689<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 9690(weeks). The default time unit is s (seconds). </p> 9691 9692%PARAM lmtp_sasl_tls_security_options $lmtp_sasl_security_options 9693 9694<p> The LMTP-specific version of the smtp_sasl_tls_security_options 9695configuration parameter. See there for details. </p> 9696 9697<p> This feature is available in Postfix 2.3 and later. </p> 9698 9699%PARAM lmtp_sasl_mechanism_filter 9700 9701<p> The LMTP-specific version of the smtp_sasl_mechanism_filter 9702configuration parameter. See there for details. </p> 9703 9704<p> This feature is available in Postfix 2.3 and later. </p> 9705 9706%PARAM lmtp_bind_address 9707 9708<p> The LMTP-specific version of the smtp_bind_address configuration 9709parameter. See there for details. </p> 9710 9711<p> This feature is available in Postfix 2.3 and later. </p> 9712 9713%PARAM lmtp_bind_address6 9714 9715<p> The LMTP-specific version of the smtp_bind_address6 configuration 9716parameter. See there for details. </p> 9717 9718<p> This feature is available in Postfix 2.3 and later. </p> 9719 9720%PARAM lmtp_host_lookup dns 9721 9722<p> The LMTP-specific version of the smtp_host_lookup configuration 9723parameter. See there for details. </p> 9724 9725<p> This feature is available in Postfix 2.3 and later. </p> 9726 9727%PARAM lmtp_connection_cache_destinations 9728 9729<p> The LMTP-specific version of the smtp_connection_cache_destinations 9730configuration parameter. See there for details. </p> 9731 9732<p> This feature is available in Postfix 2.3 and later. </p> 9733 9734%PARAM lmtp_tls_per_site 9735 9736<p> The LMTP-specific version of the smtp_tls_per_site configuration 9737parameter. See there for details. </p> 9738 9739<p> This feature is available in Postfix 2.3 and later. </p> 9740 9741%PARAM lmtp_generic_maps 9742 9743<p> The LMTP-specific version of the smtp_generic_maps configuration 9744parameter. See there for details. </p> 9745 9746<p> This feature is available in Postfix 2.3 and later. </p> 9747 9748%PARAM lmtp_pix_workaround_threshold_time 500s 9749 9750<p> The LMTP-specific version of the smtp_pix_workaround_threshold_time 9751configuration parameter. See there for details. </p> 9752 9753<p> This feature is available in Postfix 2.3 and later. </p> 9754 9755%PARAM lmtp_pix_workaround_delay_time 10s 9756 9757<p> The LMTP-specific version of the smtp_pix_workaround_delay_time 9758configuration parameter. See there for details. </p> 9759 9760<p> This feature is available in Postfix 2.3 and later. </p> 9761 9762%PARAM lmtp_connection_reuse_time_limit 300s 9763 9764<p> The LMTP-specific version of the smtp_connection_reuse_time_limit 9765configuration parameter. See there for details. </p> 9766 9767<p> This feature is available in Postfix 2.3 and later. </p> 9768 9769%PARAM lmtp_starttls_timeout 300s 9770 9771<p> The LMTP-specific version of the smtp_starttls_timeout configuration 9772parameter. See there for details. </p> 9773 9774<p> This feature is available in Postfix 2.3 and later. </p> 9775 9776%PARAM lmtp_line_length_limit 990 9777 9778<p> The LMTP-specific version of the smtp_line_length_limit 9779configuration parameter. See there for details. </p> 9780 9781<p> This feature is available in Postfix 2.3 and later. </p> 9782 9783%PARAM lmtp_mx_address_limit 5 9784 9785<p> The LMTP-specific version of the smtp_mx_address_limit configuration 9786parameter. See there for details. </p> 9787 9788<p> This feature is available in Postfix 2.3 and later. </p> 9789 9790%PARAM lmtp_mx_session_limit 2 9791 9792<p> The LMTP-specific version of the smtp_mx_session_limit configuration 9793parameter. See there for details. </p> 9794 9795<p> This feature is available in Postfix 2.3 and later. </p> 9796 9797%PARAM lmtp_tls_scert_verifydepth 9 9798 9799<p> The LMTP-specific version of the smtp_tls_scert_verifydepth 9800configuration parameter. See there for details. </p> 9801 9802<p> This feature is available in Postfix 2.3 and later. </p> 9803 9804%PARAM lmtp_skip_5xx_greeting yes 9805 9806<p> The LMTP-specific version of the smtp_skip_5xx_greeting 9807configuration parameter. See there for details. </p> 9808 9809<p> This feature is available in Postfix 2.3 and later. </p> 9810 9811%PARAM lmtp_randomize_addresses yes 9812 9813<p> The LMTP-specific version of the smtp_randomize_addresses 9814configuration parameter. See there for details. </p> 9815 9816<p> This feature is available in Postfix 2.3 and later. </p> 9817 9818%PARAM lmtp_quote_rfc821_envelope yes 9819 9820<p> The LMTP-specific version of the smtp_quote_rfc821_envelope 9821configuration parameter. See there for details. </p> 9822 9823<p> This feature is available in Postfix 2.3 and later. </p> 9824 9825%PARAM lmtp_defer_if_no_mx_address_found no 9826 9827<p> The LMTP-specific version of the smtp_defer_if_no_mx_address_found 9828configuration parameter. See there for details. </p> 9829 9830<p> This feature is available in Postfix 2.3 and later. </p> 9831 9832%PARAM lmtp_connection_cache_on_demand yes 9833 9834<p> The LMTP-specific version of the smtp_connection_cache_on_demand 9835configuration parameter. See there for details. </p> 9836 9837<p> This feature is available in Postfix 2.3 and later. </p> 9838 9839%PARAM lmtp_use_tls no 9840 9841<p> The LMTP-specific version of the smtp_use_tls configuration 9842parameter. See there for details. </p> 9843 9844<p> This feature is available in Postfix 2.3 and later. </p> 9845 9846%PARAM lmtp_enforce_tls no 9847 9848<p> The LMTP-specific version of the smtp_enforce_tls configuration 9849parameter. See there for details. </p> 9850 9851<p> This feature is available in Postfix 2.3 and later. </p> 9852 9853%PARAM lmtp_tls_security_level 9854 9855<p> The LMTP-specific version of the smtp_tls_security_level configuration 9856parameter. See there for details. </p> 9857 9858<p> This feature is available in Postfix 2.3 and later. </p> 9859 9860%PARAM lmtp_tls_enforce_peername yes 9861 9862<p> The LMTP-specific version of the smtp_tls_enforce_peername 9863configuration parameter. See there for details. </p> 9864 9865<p> This feature is available in Postfix 2.3 and later. </p> 9866 9867%PARAM lmtp_tls_note_starttls_offer no 9868 9869<p> The LMTP-specific version of the smtp_tls_note_starttls_offer 9870configuration parameter. See there for details. </p> 9871 9872<p> This feature is available in Postfix 2.3 and later. </p> 9873 9874%PARAM lmtp_sender_dependent_authentication no 9875 9876<p> The LMTP-specific version of the smtp_sender_dependent_authentication 9877configuration parameter. See there for details. </p> 9878 9879<p> This feature is available in Postfix 2.3 and later. </p> 9880 9881%PARAM connection_cache_protocol_timeout 5s 9882 9883<p> Time limit for connection cache connect, send or receive 9884operations. The time limit is enforced in the client. </p> 9885 9886<p> This feature is available in Postfix 2.3 and later. </p> 9887 9888%PARAM smtpd_sasl_type cyrus 9889 9890<p> The SASL plug-in type that the Postfix SMTP server should use 9891for authentication. The available types are listed with the 9892"<b>postconf -a</b>" command. </p> 9893 9894<p> This feature is available in Postfix 2.3 and later. </p> 9895 9896%PARAM smtp_sasl_type cyrus 9897 9898<p> The SASL plug-in type that the Postfix SMTP client should use 9899for authentication. The available types are listed with the 9900"<b>postconf -A</b>" command. </p> 9901 9902<p> This feature is available in Postfix 2.3 and later. </p> 9903 9904 9905%PARAM lmtp_sasl_type cyrus 9906 9907<p> The SASL plug-in type that the Postfix LMTP client should use 9908for authentication. The available types are listed with the 9909"<b>postconf -A</b>" command. </p> 9910 9911<p> This feature is available in Postfix 2.3 and later. </p> 9912 9913%PARAM smtpd_sasl_path smtpd 9914 9915<p> Implementation-specific information that the Postfix SMTP server 9916passes through to 9917the SASL plug-in implementation that is selected with 9918<b>smtpd_sasl_type</b>. Typically this specifies the name of a 9919configuration file or rendezvous point. </p> 9920 9921<p> This feature is available in Postfix 2.3 and later. In earlier 9922releases it was called <b>smtpd_sasl_application_name</b>. </p> 9923 9924%PARAM cyrus_sasl_config_path 9925 9926<p> Search path for Cyrus SASL application configuration files, 9927currently used only to locate the $smtpd_sasl_path.conf file. 9928Specify zero or more directories separated by a colon character, 9929or an empty value to use Cyrus SASL's built-in search path. </p> 9930 9931<p> This feature is available in Postfix 2.5 and later when compiled 9932with Cyrus SASL 2.1.22 or later. </p> 9933 9934%PARAM smtp_sasl_path 9935 9936<p> Implementation-specific information that the Postfix SMTP client 9937passes through to 9938the SASL plug-in implementation that is selected with 9939<b>smtp_sasl_type</b>. Typically this specifies the name of a 9940configuration file or rendezvous point. </p> 9941 9942<p> This feature is available in Postfix 2.3 and later. </p> 9943 9944%PARAM lmtp_sasl_path 9945 9946<p> Implementation-specific information that is passed through to 9947the SASL plug-in implementation that is selected with 9948<b>lmtp_sasl_type</b>. Typically this specifies the name of a 9949configuration file or rendezvous point. </p> 9950 9951<p> This feature is available in Postfix 2.3 and later. </p> 9952 9953%PARAM plaintext_reject_code 450 9954 9955<p> 9956The numerical Postfix SMTP server response code when a request 9957is rejected by the <b>reject_plaintext_session</b> restriction. 9958</p> 9959 9960<p> This feature is available in Postfix 2.3 and later. </p> 9961 9962%PARAM resolve_numeric_domain no 9963 9964<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of 9965rejecting the address as invalid. </p> 9966 9967<p> This feature is available in Postfix 2.3 and later. 9968 9969%PARAM mailbox_transport_maps 9970 9971<p> Optional lookup tables with per-recipient message delivery 9972transports to use for local(8) mailbox delivery, whether or not the 9973recipients are found in the UNIX passwd database. </p> 9974 9975<p> The precedence of local(8) delivery features from high to low 9976is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 9977mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 9978fallback_transport_maps, fallback_transport and luser_relay. </p> 9979 9980<p> For safety reasons, this feature does not allow $number 9981substitutions in regular expression maps. </p> 9982 9983<p> This feature is available in Postfix 2.3 and later. </p> 9984 9985%PARAM fallback_transport_maps 9986 9987<p> Optional lookup tables with per-recipient message delivery 9988transports for recipients that the local(8) delivery agent could 9989not find in the aliases(5) or UNIX password database. </p> 9990 9991<p> The precedence of local(8) delivery features from high to low 9992is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, 9993mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, 9994fallback_transport_maps, fallback_transport and luser_relay. </p> 9995 9996<p> For safety reasons, this feature does not allow $number 9997substitutions in regular expression maps. </p> 9998 9999<p> This feature is available in Postfix 2.3 and later. </p> 10000 10001%PARAM smtp_cname_overrides_servername version dependent 10002 10003<p> Allow DNS CNAME records to override the servername that the 10004Postfix SMTP client uses for logging, SASL password lookup, TLS 10005policy decisions, or TLS certificate verification. The value "no" 10006hardens Postfix smtp_tls_per_site hostname-based policies against 10007false hostname information in DNS CNAME records, and makes SASL 10008password file lookups more predictable. This is the default setting 10009as of Postfix 2.3. </p> 10010 10011<p> This feature is available in Postfix 2.2.9 and later. </p> 10012 10013%PARAM lmtp_cname_overrides_servername yes 10014 10015<p> The LMTP-specific version of the smtp_cname_overrides_servername 10016configuration parameter. See there for details. </p> 10017 10018<p> This feature is available in Postfix 2.3 and later. </p> 10019 10020%PARAM smtp_sasl_tls_verified_security_options $smtp_sasl_tls_security_options 10021 10022<p> The SASL authentication security options that the Postfix SMTP 10023client uses for TLS encrypted SMTP sessions with a verified server 10024certificate. </p> 10025 10026<p> When mail is sent to the public MX host for the recipient's 10027domain, server certificates are by default optional, and delivery 10028proceeds even if certificate verification fails. For delivery via 10029a submission service that requires SASL authentication, it may be 10030appropriate to send plaintext passwords only when the connection 10031to the server is strongly encrypted <b>and</b> the server identity 10032is verified. </p> 10033 10034<p> The smtp_sasl_tls_verified_security_options parameter makes it 10035possible to only enable plaintext mechanisms when a secure connection 10036to the server is available. Submission servers subject to this 10037policy must either have verifiable certificates or offer suitable 10038non-plaintext SASL mechanisms. </p> 10039 10040<p> This feature is available in Postfix 2.6 and later. </p> 10041 10042%PARAM lmtp_sasl_tls_verified_security_options $lmtp_sasl_tls_security_options 10043 10044<p> The LMTP-specific version of the 10045smtp_sasl_tls_verified_security_options configuration parameter. 10046See there for details. </p> 10047 10048<p> This feature is available in Postfix 2.3 and later. </p> 10049 10050%PARAM lmtp_connection_cache_time_limit 2s 10051 10052<p> The LMTP-specific version of the 10053smtp_connection_cache_time_limit configuration parameter. 10054See there for details. </p> 10055 10056<p> This feature is available in Postfix 2.3 and later. </p> 10057 10058%PARAM smtpd_delay_open_until_valid_rcpt yes 10059 10060<p> Postpone the start of an SMTP mail transaction until a valid 10061RCPT TO command is received. Specify "no" to create a mail transaction 10062as soon as the SMTP server receives a valid MAIL FROM command. </p> 10063 10064<p> With sites that reject lots of mail, the default setting reduces 10065the use of 10066disk, CPU and memory resources. The downside is that rejected 10067recipients are logged with NOQUEUE instead of a mail transaction 10068ID. This complicates the logfile analysis of multi-recipient mail. 10069</p> 10070 10071<p> This feature is available in Postfix 2.3 and later. </p> 10072 10073%PARAM lmtp_tls_cert_file 10074 10075<p> The LMTP-specific version of the smtp_tls_cert_file 10076configuration parameter. See there for details. </p> 10077 10078<p> This feature is available in Postfix 2.3 and later. </p> 10079 10080%PARAM lmtp_tls_key_file $lmtp_tls_cert_file 10081 10082<p> The LMTP-specific version of the smtp_tls_key_file 10083configuration parameter. See there for details. </p> 10084 10085<p> This feature is available in Postfix 2.3 and later. </p> 10086 10087%PARAM lmtp_tls_dcert_file 10088 10089<p> The LMTP-specific version of the smtp_tls_dcert_file 10090configuration parameter. See there for details. </p> 10091 10092<p> This feature is available in Postfix 2.3 and later. </p> 10093 10094%PARAM lmtp_tls_dkey_file $lmtp_tls_dcert_file 10095 10096<p> The LMTP-specific version of the smtp_tls_dkey_file 10097configuration parameter. See there for details. </p> 10098 10099<p> This feature is available in Postfix 2.3 and later. </p> 10100 10101%PARAM lmtp_tls_CAfile 10102 10103<p> The LMTP-specific version of the smtp_tls_CAfile 10104configuration parameter. See there for details. </p> 10105 10106<p> This feature is available in Postfix 2.3 and later. </p> 10107 10108%PARAM lmtp_tls_CApath 10109 10110<p> The LMTP-specific version of the smtp_tls_CApath 10111configuration parameter. See there for details. </p> 10112 10113<p> This feature is available in Postfix 2.3 and later. </p> 10114 10115%PARAM lmtp_tls_loglevel 0 10116 10117<p> The LMTP-specific version of the smtp_tls_loglevel 10118configuration parameter. See there for details. </p> 10119 10120<p> This feature is available in Postfix 2.3 and later. </p> 10121 10122%PARAM lmtp_tls_session_cache_database 10123 10124<p> The LMTP-specific version of the smtp_tls_session_cache_database 10125configuration parameter. See there for details. </p> 10126 10127<p> This feature is available in Postfix 2.3 and later. </p> 10128 10129%PARAM lmtp_tls_session_cache_timeout 3600s 10130 10131<p> The LMTP-specific version of the smtp_tls_session_cache_timeout 10132configuration parameter. See there for details. </p> 10133 10134<p> This feature is available in Postfix 2.3 and later. </p> 10135 10136%PARAM smtp_tls_policy_maps 10137 10138<p> Optional lookup tables with the Postfix SMTP client TLS security 10139policy by next-hop destination; when a non-empty value is specified, 10140this overrides the obsolete smtp_tls_per_site parameter. See 10141TLS_README for a more detailed discussion of TLS security levels. 10142</p> 10143 10144<p> The TLS policy table is indexed by the full next-hop destination, 10145which is either the recipient domain, or the verbatim next-hop 10146specified in the transport table, $local_transport, $virtual_transport, 10147$relay_transport or $default_transport. This includes any enclosing 10148square brackets and any non-default destination server port suffix. The 10149LMTP socket type prefix (inet: or unix:) is not included in the lookup 10150key. </p> 10151 10152<p> Only the next-hop domain, or $myhostname with LMTP over UNIX-domain 10153sockets, is used as the nexthop name for certificate verification. The 10154port and any enclosing square brackets are used in the table lookup key, 10155but are not used for server name verification. </p> 10156 10157<p> When the lookup key is a domain name without enclosing square brackets 10158or any <i>:port</i> suffix (typically the recipient domain), and the full 10159domain is not found in the table, just as with the transport(5) table, 10160the parent domain starting with a leading "." is matched recursively. This 10161allows one to specify a security policy for a recipient domain and all 10162its sub-domains. </p> 10163 10164<p> The lookup result is a security level, followed by an optional list 10165of whitespace and/or comma separated name=value attributes that override 10166related main.cf settings. The TLS security levels in order of increasing 10167security are: </p> 10168 10169<dl> 10170 10171<dt><b>none</b></dt> 10172<dd>No TLS. No additional attributes are supported at this level. </dd> 10173 10174<dt><b>may</b></dt> 10175<dd>Opportunistic TLS. Since sending in the clear is acceptable, 10176demanding stronger than default TLS security merely reduces 10177inter-operability. The optional "ciphers", "exclude" and "protocols" 10178attributes (available for opportunistic TLS with Postfix ≥ 2.6) 10179override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and 10180"smtp_tls_protocols" configuration parameters. When opportunistic TLS 10181handshakes fail, Postfix retries the connection with TLS disabled. 10182This allows mail delivery to sites with non-interoperable TLS 10183implementations.</dd> 10184 10185<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level 10186and higher, the optional "protocols" attribute overrides the main.cf 10187smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute 10188overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the 10189optional "exclude" attribute (Postfix ≥ 2.6) overrides the main.cf 10190smtp_tls_mandatory_exclude_ciphers parameter. In the policy table, 10191multiple protocols or excluded ciphers must be separated by colons, 10192as attribute values may not contain whitespace or commas. </dd> 10193 10194<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint 10195verification. Available with Postfix 2.5 and later. At this security 10196level, there are no trusted certificate authorities. The certificate 10197trust chain, expiration date, ... are not checked. Instead, 10198the optional <b>match</b> attribute, or else the main.cf 10199<b>smtp_tls_fingerprint_cert_match</b> parameter, lists the 10200valid "fingerprints" of the server certificate. The digest 10201algorithm used to calculate the fingerprint is selected by the 10202<b>smtp_tls_fingerprint_digest</b> parameter. Multiple fingerprints can 10203be combined with a "|" delimiter in a single match attribute, or multiple 10204match attributes can be employed. The ":" character is not used as a 10205delimiter as it occurs between each pair of fingerprint (hexadecimal) 10206digits. </dd> 10207 10208<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security 10209level, DNS MX lookups are trusted to be secure enough, and the name 10210verified in the server certificate is usually obtained indirectly via 10211unauthenticated DNS MX lookups. The optional "match" attribute overrides 10212the main.cf smtp_tls_verify_cert_match parameter. In the policy table, 10213multiple match patterns and strategies must be separated by colons. 10214In practice explicit control over matching is more common with the 10215"secure" policy, described below. </dd> 10216 10217<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level, DNS 10218MX lookups, though potentially used to determine the candidate next-hop 10219gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS 10220peername verification. Instead, the default name verified in the server 10221certificate is obtained directly from the next-hop, or is explicitly 10222specified via the optional <b>match</b> attribute which overrides the 10223main.cf smtp_tls_secure_cert_match parameter. In the policy table, 10224multiple match patterns and strategies must be separated by colons. 10225The match attribute is most useful when multiple domains are supported by 10226common server, the policy entries for additional domains specify matching 10227rules for the primary domain certificate. While transport table overrides 10228routing the secondary domains to the primary nexthop also allow secure 10229verification, they risk delivery to the wrong destination when domains 10230change hands or are re-assigned to new gateways. With the "match" 10231attribute approach, routing is not perturbed, and mail is deferred if 10232verification of a new MX host fails. </dd> 10233 10234</dl> 10235 10236<p> 10237Example: 10238</p> 10239 10240<pre> 10241/etc/postfix/main.cf: 10242 smtp_tls_policy_maps = hash:/etc/postfix/tls_policy 10243 # Postfix 2.5 and later 10244 smtp_tls_fingerprint_digest = md5 10245</pre> 10246 10247<pre> 10248/etc/postfix/tls_policy: 10249 example.edu none 10250 example.mil may 10251 example.gov encrypt protocols=TLSv1 10252 example.com verify ciphers=high 10253 example.net secure 10254 .example.net secure match=.example.net:example.net 10255 [mail.example.org]:587 secure match=nexthop 10256 # Postfix 2.5 and later 10257 [thumb.example.org] fingerprint 10258 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 10259 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 10260</pre> 10261 10262<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default 10263setting of smtp_tls_secure_cert_match or in the <b>match</b> attribute 10264in the policy table can render the <b>secure</b> level vulnerable to 10265DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel 10266configurations in environments where DNS security is not assured. </p> 10267 10268<p> This feature is available in Postfix 2.3 and later. </p> 10269 10270%PARAM smtp_tls_mandatory_protocols SSLv3, TLSv1 10271 10272<p> List of SSL/TLS protocols that the Postfix SMTP client will use with 10273mandatory TLS encryption. In main.cf the values are separated by 10274whitespace, commas or colons. In the policy table "protocols" attribute 10275(see smtp_tls_policy_maps) the only valid separator is colon. An 10276empty value means allow all protocols. The valid protocol names, (see 10277<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". </p> 10278 10279<p> With Postfix ≥ 2.5 the parameter syntax is expanded to support 10280protocol exclusions. One can now explicitly exclude SSLv2 by setting 10281"smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and 10282SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing 10283the protocols to include, rather than protocols to exclude, is still 10284supported; use the form you find more intuitive. </p> 10285 10286<p> Since SSL version 2 has known protocol weaknesses and is now 10287deprecated, the default setting excludes "SSLv2". This means that by 10288default, SSL version 2 will not be used at the "encrypt" security level 10289and higher. </p> 10290 10291<p> See the documentation of the smtp_tls_policy_maps parameter and 10292TLS_README for more information about security levels. </p> 10293 10294<p> Example: </p> 10295 10296<pre> 10297smtp_tls_mandatory_protocols = TLSv1 10298# Alternative form with Postfix ≥ 2.5: 10299smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 10300</pre> 10301 10302<p> This feature is available in Postfix 2.3 and later. </p> 10303 10304%PARAM smtp_tls_verify_cert_match hostname 10305 10306<p> The server certificate peername verification method for the 10307"verify" TLS security level. In a "verify" TLS policy table 10308($smtp_tls_policy_maps) entry the optional "match" attribute 10309overrides this main.cf setting. </p> 10310 10311<p> This parameter specifies one or more patterns or strategies separated 10312by commas, whitespace or colons. In the policy table the only valid 10313separator is the colon character. </p> 10314 10315<p> Patterns specify domain names, or domain name suffixes: </p> 10316 10317<dl> 10318 10319<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain, 10320i.e. one of the names the server certificate must be <i>example.com</i>, 10321upper and lower case distinctions are ignored. </dd> 10322 10323<dt><i>.example.com</i></dt> 10324<dd> Match subdomains of the <i>example.com</i> domain, i.e. match 10325a name in the server certificate that consists of a non-zero number of 10326labels followed by a <i>.example.com</i> suffix. Case distinctions are 10327ignored.</dd> 10328 10329</dl> 10330 10331<p> Strategies specify a transformation from the next-hop domain 10332to the expected name in the server certificate: </p> 10333 10334<dl> 10335 10336<dt>nexthop</dt> 10337<dd> Match against the next-hop domain, which is either the recipient 10338domain, or the transport next-hop configured for the domain stripped of 10339any optional socket type prefix, enclosing square brackets and trailing 10340port. When MX lookups are not suppressed, this is the original nexthop 10341domain prior to the MX lookup, not the result of the MX lookup. For 10342LMTP delivery via UNIX-domain sockets, the verified next-hop name is 10343$myhostname. This strategy is suitable for use with the "secure" 10344policy. Case is ignored.</dd> 10345 10346<dt>dot-nexthop</dt> 10347<dd> As above, but match server certificate names that are subdomains 10348of the next-hop domain. Case is ignored.</dd> 10349 10350<dt>hostname</dt> <dd> Match against the hostname of the server, often 10351obtained via an unauthenticated DNS MX lookup. For LMTP delivery via 10352UNIX-domain sockets, the verified name is $myhostname. This matches 10353the verification strategy of the "MUST" keyword in the obsolete 10354smtp_tls_per_site table, and is suitable for use with the "verify" 10355security level. When the next-hop name is enclosed in square brackets 10356to suppress MX lookups, the "hostname" strategy is the same as the 10357"nexthop" strategy. Case is ignored.</dd> 10358 10359</dl> 10360 10361<p> 10362Sample main.cf setting: 10363</p> 10364 10365<pre> 10366smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop 10367</pre> 10368 10369<p> 10370Sample policy table override: 10371</p> 10372 10373<pre> 10374example.com verify match=hostname:nexthop 10375.example.com verify match=example.com:.example.com:hostname 10376</pre> 10377 10378<p> This feature is available in Postfix 2.3 and later. </p> 10379 10380%PARAM smtp_tls_secure_cert_match nexthop, dot-nexthop 10381 10382<p> The server certificate peername verification method for the 10383"secure" TLS security level. In a "secure" TLS policy table 10384($smtp_tls_policy_maps) entry the optional "match" attribute 10385overrides this main.cf setting. </p> 10386 10387<p> This parameter specifies one or more patterns or strategies separated 10388by commas, whitespace or colons. In the policy table the only valid 10389separator is the colon character. </p> 10390 10391<p> For a description of the pattern and strategy syntax see the 10392smtp_tls_verify_cert_match parameter. The "hostname" strategy should 10393be avoided in this context, as in the absence of a secure global DNS, using 10394the results of MX lookups in certificate verification is not immune to active 10395(man-in-the-middle) attacks on DNS. </p> 10396 10397<p> 10398Sample main.cf setting: 10399</p> 10400 10401<blockquote> 10402<pre> 10403smtp_tls_secure_cert_match = nexthop 10404</pre> 10405</blockquote> 10406 10407<p> 10408Sample policy table override: 10409</p> 10410 10411<blockquote> 10412<pre> 10413example.net secure match=example.com:.example.com 10414.example.net secure match=example.com:.example.com 10415</pre> 10416</blockquote> 10417 10418<p> This feature is available in Postfix 2.3 and later. </p> 10419 10420%PARAM lmtp_tls_policy_maps 10421 10422<p> The LMTP-specific version of the smtp_tls_policy_maps 10423configuration parameter. See there for details. </p> 10424 10425<p> This feature is available in Postfix 2.3 and later. </p> 10426 10427%PARAM lmtp_tls_mandatory_protocols SSLv3, TLSv1 10428 10429<p> The LMTP-specific version of the smtp_tls_mandatory_protocols 10430configuration parameter. See there for details. </p> 10431 10432<p> This feature is available in Postfix 2.3 and later. </p> 10433 10434%PARAM lmtp_tls_verify_cert_match hostname 10435 10436<p> The LMTP-specific version of the smtp_tls_verify_cert_match 10437configuration parameter. See there for details. </p> 10438 10439<p> This feature is available in Postfix 2.3 and later. </p> 10440 10441%PARAM lmtp_tls_secure_cert_match nexthop 10442 10443<p> The LMTP-specific version of the smtp_tls_secure_cert_match 10444configuration parameter. See there for details. </p> 10445 10446<p> This feature is available in Postfix 2.3 and later. </p> 10447 10448%PARAM smtpd_tls_mandatory_protocols SSLv3, TLSv1 10449 10450<p> The SSL/TLS protocols accepted by the Postfix SMTP server with 10451mandatory TLS encryption. If the list is empty, the server supports all 10452available SSL/TLS protocol versions. A non-empty value is a list 10453of protocol 10454names separated by whitespace, commas or colons. The supported protocol 10455names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p> 10456 10457<p> With Postfix ≥ 2.5 the parameter syntax is expanded to support 10458protocol exclusions. One can now explicitly exclude SSLv2 by setting 10459"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and 10460SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing 10461the protocols to include, rather than protocols to exclude, is still 10462supported, use the form you find more intuitive. </p> 10463 10464<p> Since SSL version 2 has known protocol weaknesses and is now 10465deprecated, the default setting excludes "SSLv2". This means that 10466by default, SSL version 2 will not be used at the "encrypt" security 10467level. </p> 10468 10469<p> Example: </p> 10470 10471<pre> 10472smtpd_tls_mandatory_protocols = TLSv1 10473# Alternative form with Postfix ≥ 2.5: 10474smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 10475</pre> 10476 10477<p> This feature is available in Postfix 2.3 and later. </p> 10478 10479%PARAM smtp_tls_security_level 10480 10481<p> The default SMTP TLS security level for the Postfix SMTP client; 10482when a non-empty value is specified, this overrides the obsolete 10483parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 10484</p> 10485 10486<p> Specify one of the following security levels: </p> 10487 10488<dl> 10489 10490<dt><b>none</b></dt> <dd> TLS will not be used unless enabled for specific 10491destinations via smtp_tls_policy_maps. </dd> 10492 10493<dt><b>may</b></dt> 10494<dd> Opportunistic TLS. Use TLS if this is supported by the remote 10495SMTP server, otherwise use plaintext. Since 10496sending in the clear is acceptable, demanding stronger than default TLS 10497security merely reduces inter-operability. 10498The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6) 10499configuration parameters provide control over the protocols and 10500cipher grade used with opportunistic TLS. With earlier releases the 10501opportunistic TLS cipher grade is always "export" and no protocols 10502are disabled. 10503When TLS handshakes fail, the connection is retried with TLS disabled. 10504This allows mail delivery to sites with non-interoperable TLS 10505implementations. </dd> 10506 10507<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Since a minimum 10508level of security is intended, it is reasonable to be specific about 10509sufficiently secure protocol versions and ciphers. At this security level 10510and higher, the main.cf parameters smtp_tls_mandatory_protocols and 10511smtp_tls_mandatory_ciphers specify the TLS protocols and minimum 10512cipher grade which the administrator considers secure enough for 10513mandatory encrypted sessions. This security level is not an appropriate 10514default for systems delivering mail to the Internet. </dd> 10515 10516<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint 10517verification. Available with Postfix 2.5 and later. At this security 10518level, there are no trusted certificate authorities. The certificate 10519trust chain, expiration date, ... are not checked. Instead, 10520the <b>smtp_tls_fingerprint_cert_match</b> parameter lists 10521the valid "fingerprints" of the server certificate. The digest 10522algorithm used to calculate the fingerprint is selected by the 10523<b>smtp_tls_fingerprint_digest</b> parameter. </dd> 10524 10525<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security 10526level, DNS MX lookups are trusted to be secure enough, and the name 10527verified in the server certificate is usually obtained indirectly 10528via unauthenticated DNS MX lookups. The smtp_tls_verify_cert_match 10529parameter controls how the server name is verified. In practice explicit 10530control over matching is more common at the "secure" level, described 10531below. This security level is not an appropriate default for systems 10532delivering mail to the Internet. </dd> 10533 10534<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level, 10535DNS MX lookups, though potentially used to determine the candidate 10536next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough 10537for TLS peername verification. Instead, the default name verified in 10538the server certificate is obtained from the next-hop domain as specified 10539in the smtp_tls_secure_cert_match configuration parameter. The default 10540matching rule is that a server certificate matches when its name is equal 10541to or is a sub-domain of the nexthop domain. This security level is not 10542an appropriate default for systems delivering mail to the Internet. </dd> 10543 10544</dl> 10545 10546<p> 10547Examples: 10548</p> 10549 10550<pre> 10551# No TLS. Formerly: smtp_use_tls=no and smtp_enforce_tls=no. 10552smtp_tls_security_level = none 10553</pre> 10554 10555<pre> 10556# Opportunistic TLS. 10557smtp_tls_security_level = may 10558# Postfix ≥ 2.6: 10559# Do not tweak opportunistic ciphers or protocol unless it is essential 10560# to do so (if a security vulnerability is found in the SSL library that 10561# can be mitigated by disabling a particular protocol or raising the 10562# cipher grade from "export" to "low" or "medium"). 10563smtp_tls_ciphers = export 10564smtp_tls_protocols = !SSLv2 10565</pre> 10566 10567<pre> 10568# Mandatory (high-grade) TLS encryption. 10569smtp_tls_security_level = encrypt 10570smtp_tls_mandatory_ciphers = high 10571</pre> 10572 10573<pre> 10574# Mandatory TLS verification of hostname or nexthop domain. 10575smtp_tls_security_level = verify 10576smtp_tls_mandatory_ciphers = high 10577smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop 10578</pre> 10579 10580<pre> 10581# Secure channel TLS with exact nexthop name match. 10582smtp_tls_security_level = secure 10583smtp_tls_mandatory_protocols = TLSv1 10584smtp_tls_mandatory_ciphers = high 10585smtp_tls_secure_cert_match = nexthop 10586</pre> 10587 10588<pre> 10589# Certificate fingerprint verification (Postfix ≥ 2.5). 10590# The CA-less "fingerprint" security level only scales to a limited 10591# number of destinations. As a global default rather than a per-site 10592# setting, this is practical when mail for all recipients is sent 10593# to a central mail hub. 10594relayhost = [mailhub.example.com] 10595smtp_tls_security_level = fingerprint 10596smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 10597smtp_tls_mandatory_ciphers = high 10598smtp_tls_fingerprint_cert_match = 10599 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 10600 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 10601</pre> 10602 10603<p> This feature is available in Postfix 2.3 and later. </p> 10604 10605%PARAM smtpd_milters 10606 10607<p> A list of Milter (mail filter) applications for new mail that 10608arrives via the Postfix smtpd(8) server. See the MILTER_README 10609document for details. </p> 10610 10611<p> This feature is available in Postfix 2.3 and later. </p> 10612 10613%PARAM non_smtpd_milters 10614 10615<p> A list of Milter (mail filter) applications for new mail that 10616does not arrive via the Postfix smtpd(8) server. This includes local 10617submission via the sendmail(1) command line, new mail that arrives 10618via the Postfix qmqpd(8) server, and old mail that is re-injected 10619into the queue with "postsuper -r". See the MILTER_README document 10620for details. </p> 10621 10622<p> This feature is available in Postfix 2.3 and later. </p> 10623 10624%PARAM milter_protocol 6 10625 10626<p> The mail filter protocol version and optional protocol extensions 10627for communication with a Milter application; prior to Postfix 2.6 10628the default protocol is 2. Postfix 10629sends this version number during the initial protocol handshake. 10630It should match the version number that is expected by the mail 10631filter application (or by its Milter library). </p> 10632 10633<p>Protocol versions: </p> 10634 10635<dl compact> 10636 10637<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default 10638with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 .. 106392.5).</dd> 10640 10641<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd> 10642 10643<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd> 10644 10645<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default 10646with Sendmail version 8.14 and Postfix version 2.6).</dd> 10647 10648</dl> 10649 10650<p>Protocol extensions: </p> 10651 10652<dl compact> 10653 10654<dt>no_header_reply</dt> <dd> Specify this when the Milter application 10655will not reply for each individual message header.</dd> 10656 10657</dl> 10658 10659<p> This feature is available in Postfix 2.3 and later. </p> 10660 10661%PARAM milter_default_action tempfail 10662 10663<p> The default action when a Milter (mail filter) application is 10664unavailable or mis-configured. Specify one of the following: </p> 10665 10666<dl compact> 10667 10668<dt>accept</dt> <dd>Proceed as if the mail filter was not present. 10669</dd> 10670 10671<dt>reject</dt> <dd>Reject all further commands in this session 10672with a permanent status code.</dd> 10673 10674<dt>tempfail</dt> <dd>Reject all further commands in this session 10675with a temporary status code. </dd> 10676 10677<dt>quarantine</dt> <dd>Like "accept", but freeze the message in 10678the "hold" queue. Available with Postfix 2.6 and later. </dd> 10679 10680</dl> 10681 10682<p> This feature is available in Postfix 2.3 and later. </p> 10683 10684%PARAM milter_connect_timeout 30s 10685 10686<p> The time limit for connecting to a Milter (mail filter) 10687application, and for negotiating protocol options. </p> 10688 10689<p> Specify a non-zero time value (an integral value plus an optional 10690one-letter suffix that specifies the time unit). </p> 10691 10692<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 10693(weeks). The default time unit is s (seconds). </p> 10694 10695<p> This feature is available in Postfix 2.3 and later. </p> 10696 10697%PARAM milter_command_timeout 30s 10698 10699<p> The time limit for sending an SMTP command to a Milter (mail 10700filter) application, and for receiving the response. </p> 10701 10702<p> Specify a non-zero time value (an integral value plus an optional 10703one-letter suffix that specifies the time unit). </p> 10704 10705<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 10706(weeks). The default time unit is s (seconds). </p> 10707 10708<p> This feature is available in Postfix 2.3 and later. </p> 10709 10710%PARAM milter_content_timeout 300s 10711 10712<p> The time limit for sending message content to a Milter (mail 10713filter) application, and for receiving the response. </p> 10714 10715<p> Specify a non-zero time value (an integral value plus an optional 10716one-letter suffix that specifies the time unit). </p> 10717 10718<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 10719(weeks). The default time unit is s (seconds). </p> 10720 10721<p> This feature is available in Postfix 2.3 and later. </p> 10722 10723%PARAM milter_connect_macros see "postconf -d" output 10724 10725<p> The macros that are sent to Milter (mail filter) applications 10726after completion of an SMTP connection. See MILTER_README 10727for a list of available macro names and their meanings. </p> 10728 10729<p> This feature is available in Postfix 2.3 and later. </p> 10730 10731%PARAM milter_helo_macros see "postconf -d" output 10732 10733<p> The macros that are sent to Milter (mail filter) applications 10734after the SMTP HELO or EHLO command. See 10735MILTER_README for a list of available macro names and their meanings. 10736</p> 10737 10738<p> This feature is available in Postfix 2.3 and later. </p> 10739 10740%PARAM milter_mail_macros see "postconf -d" output 10741 10742<p> The macros that are sent to Milter (mail filter) applications 10743after the SMTP MAIL FROM command. See MILTER_README 10744for a list of available macro names and their meanings. </p> 10745 10746<p> This feature is available in Postfix 2.3 and later. </p> 10747 10748%PARAM milter_rcpt_macros see "postconf -d" output 10749 10750<p> The macros that are sent to Milter (mail filter) applications 10751after the SMTP RCPT TO command. See MILTER_README 10752for a list of available macro names and their meanings. </p> 10753 10754<p> This feature is available in Postfix 2.3 and later. </p> 10755 10756%PARAM milter_data_macros see "postconf -d" output 10757 10758<p> The macros that are sent to version 4 or higher Milter (mail 10759filter) applications after the SMTP DATA command. See MILTER_README 10760for a list of available macro names and their meanings. </p> 10761 10762<p> This feature is available in Postfix 2.3 and later. </p> 10763 10764%PARAM milter_end_of_header_macros see "postconf -d" output 10765 10766<p> The macros that are sent to Milter (mail filter) applications 10767after the end of the message header. See MILTER_README for a list 10768of available macro names and their meanings. </p> 10769 10770<p> This feature is available in Postfix 2.5 and later. </p> 10771 10772%PARAM milter_end_of_data_macros see "postconf -d" output 10773 10774<p> The macros that are sent to Milter (mail filter) applications 10775after the message end-of-data. See MILTER_README for a list of 10776available macro names and their meanings. </p> 10777 10778<p> This feature is available in Postfix 2.3 and later. </p> 10779 10780%PARAM milter_unknown_command_macros see "postconf -d" output 10781 10782<p> The macros that are sent to version 3 or higher Milter (mail 10783filter) applications after an unknown SMTP command. See MILTER_README 10784for a list of available macro names and their meanings. </p> 10785 10786<p> This feature is available in Postfix 2.3 and later. </p> 10787 10788%PARAM milter_macro_daemon_name $myhostname 10789 10790<p> The {daemon_name} macro value for Milter (mail filter) applications. 10791See MILTER_README for a list of available macro names and their 10792meanings. </p> 10793 10794<p> This feature is available in Postfix 2.3 and later. </p> 10795 10796%PARAM milter_macro_v $mail_name $mail_version 10797 10798<p> The {v} macro value for Milter (mail filter) applications. 10799See MILTER_README for a list of available macro names and their 10800meanings. </p> 10801 10802<p> This feature is available in Postfix 2.3 and later. </p> 10803 10804%PARAM smtpd_tls_mandatory_ciphers medium 10805 10806<p> The minimum TLS cipher grade that the Postfix SMTP server will 10807use with mandatory TLS encryption. The default grade ("medium") is 10808sufficiently strong that any benefit from globally restricting TLS 10809sessions to a more stringent grade is likely negligible, especially 10810given the fact that many implementations still do not offer any stronger 10811("high" grade) ciphers, while those that do, will always use "high" 10812grade ciphers. So insisting on "high" grade ciphers is generally 10813counter-productive. Allowing "export" or "low" ciphers is typically 10814not a good idea, as systems limited to just these are limited to 10815obsolete browsers. No known SMTP clients fail to support at least 10816one "medium" or "high" grade cipher. </p> 10817 10818<p> The following cipher grades are supported: </p> 10819 10820<dl> 10821<dt><b>export</b></dt> 10822<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. 10823This is the most appropriate setting for public MX hosts, and is always 10824used with opportunistic TLS encryption. The underlying cipherlist 10825is specified via the tls_export_cipherlist configuration parameter, 10826which you are strongly encouraged to not change. </dd> 10827 10828<dt><b>low</b></dt> 10829<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The 10830underlying cipherlist is specified via the tls_low_cipherlist 10831configuration parameter, which you are strongly encouraged to 10832not change. </dd> 10833 10834<dt><b>medium</b></dt> 10835<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit 10836or longer symmetric bulk-encryption keys. This is the default minimum 10837strength for mandatory TLS encryption. The underlying cipherlist is 10838specified via the tls_medium_cipherlist configuration parameter, which 10839you are strongly encouraged to not change. </dd> 10840 10841<dt><b>high</b></dt> 10842<dd> Enable only "HIGH" grade OpenSSL ciphers. The 10843underlying cipherlist is specified via the tls_high_cipherlist 10844configuration parameter, which you are strongly encouraged to 10845not change. </dd> 10846 10847<dt><b>null</b></dt> 10848<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 10849without encryption. This setting is only appropriate in the rare 10850case that all clients are prepared to use NULL ciphers (not normally 10851enabled in TLS clients). The underlying cipherlist is specified via the 10852tls_null_cipherlist configuration parameter, which you are strongly 10853encouraged to not change. </dd> 10854 10855</dl> 10856 10857<p> Cipher types listed in 10858smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are 10859excluded from the base definition of the selected cipher grade. See 10860smtpd_tls_ciphers for cipher controls that apply to opportunistic 10861TLS. </p> 10862 10863<p> The underlying cipherlists for grades other than "null" include 10864anonymous ciphers, but these are automatically filtered out if the 10865server is configured to ask for client certificates. You are very 10866unlikely to need to take any steps to exclude anonymous ciphers, they 10867are excluded automatically as required. If you must exclude anonymous 10868ciphers even when Postfix does not need or use peer certificates, set 10869"smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only 10870when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers = aNULL". </p> 10871 10872<p> This feature is available in Postfix 2.3 and later. </p> 10873 10874%PARAM smtpd_tls_exclude_ciphers 10875 10876<p> List of ciphers or cipher types to exclude from the SMTP server 10877cipher list at all TLS security levels. Excluding valid ciphers 10878can create interoperability problems. DO NOT exclude ciphers unless it 10879is essential to do so. This is not an OpenSSL cipherlist; it is a simple 10880list separated by whitespace and/or commas. The elements are a single 10881cipher, or one or more "+" separated cipher properties, in which case 10882only ciphers matching <b>all</b> the properties are excluded. </p> 10883 10884<p> Examples (some of these will cause problems): </p> 10885 10886<blockquote> 10887<pre> 10888smtpd_tls_exclude_ciphers = aNULL 10889smtpd_tls_exclude_ciphers = MD5, DES 10890smtpd_tls_exclude_ciphers = DES+MD5 10891smtpd_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5 10892smtpd_tls_exclude_ciphers = kEDH+aRSA 10893</pre> 10894</blockquote> 10895 10896<p> The first setting disables anonymous ciphers. The next setting 10897disables ciphers that use the MD5 digest algorithm or the (single) DES 10898encryption algorithm. The next setting disables ciphers that use MD5 and 10899DES together. The next setting disables the two ciphers "AES256-SHA" 10900and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 10901key exchange with RSA authentication. </p> 10902 10903<p> This feature is available in Postfix 2.3 and later. </p> 10904 10905%PARAM smtpd_tls_mandatory_exclude_ciphers 10906 10907<p> Additional list of ciphers or cipher types to exclude from the 10908SMTP server cipher list at mandatory TLS security levels. This list 10909works in addition to the exclusions listed with smtpd_tls_exclude_ciphers 10910(see there for syntax details). </p> 10911 10912<p> This feature is available in Postfix 2.3 and later. </p> 10913 10914%PARAM smtp_tls_mandatory_ciphers medium 10915 10916<p> The minimum TLS cipher grade that the Postfix SMTP client will 10917use with 10918mandatory TLS encryption. The default value "medium" is suitable 10919for most destinations with which you may want to enforce TLS, and 10920is beyond the reach of today's cryptanalytic methods. See 10921smtp_tls_policy_maps for information on how to configure ciphers 10922on a per-destination basis. </p> 10923 10924<p> The following cipher grades are supported: </p> 10925 10926<dl> 10927<dt><b>export</b></dt> 10928<dd> Enable "EXPORT" grade or better OpenSSL 10929ciphers. This is the default for opportunistic encryption. It is 10930not recommended for mandatory encryption unless you must enforce TLS 10931with "crippled" peers. The underlying cipherlist is specified via the 10932tls_export_cipherlist configuration parameter, which you are strongly 10933encouraged to not change. </dd> 10934 10935<dt><b>low</b></dt> 10936<dd> Enable "LOW" grade or better OpenSSL ciphers. This 10937setting is only appropriate for internal mail servers. The underlying 10938cipherlist is specified via the tls_low_cipherlist configuration 10939parameter, which you are strongly encouraged to not change. </dd> 10940 10941<dt><b>medium</b></dt> 10942<dd> Enable "MEDIUM" grade or better OpenSSL ciphers. 10943The underlying cipherlist is specified via the tls_medium_cipherlist 10944configuration parameter, which you are strongly encouraged to not change. 10945</dd> 10946 10947<dt><b>high</b></dt> 10948<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may 10949be appropriate when all mandatory TLS destinations (e.g. when all 10950mail is routed to a suitably capable relayhost) support at least one 10951"HIGH" grade cipher. The underlying cipherlist is specified via the 10952tls_high_cipherlist configuration parameter, which you are strongly 10953encouraged to not change. </dd> 10954 10955<dt><b>null</b></dt> 10956<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 10957without encryption. This setting is only appropriate in the rare case 10958that all servers are prepared to use NULL ciphers (not normally enabled 10959in TLS servers). A plausible use-case is an LMTP server listening on a 10960UNIX-domain socket that is configured to support "NULL" ciphers. The 10961underlying cipherlist is specified via the tls_null_cipherlist 10962configuration parameter, which you are strongly encouraged to not 10963change. </dd> 10964 10965</dl> 10966 10967<p> The underlying cipherlists for grades other than "null" include 10968anonymous ciphers, but these are automatically filtered out if the 10969Postfix SMTP client is configured to verify server certificates. 10970You are very unlikely to need to take any steps to exclude anonymous 10971ciphers, they are excluded automatically as necessary. If you must 10972exclude anonymous ciphers at the "may" or "encrypt" security levels, 10973when the Postfix SMTP client does not need or use peer certificates, set 10974"smtp_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only when 10975TLS is enforced, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </p> 10976 10977<p> This feature is available in Postfix 2.3 and later. </p> 10978 10979%PARAM smtp_tls_exclude_ciphers 10980 10981<p> List of ciphers or cipher types to exclude from the Postfix 10982SMTP client cipher 10983list at all TLS security levels. This is not an OpenSSL cipherlist, it is 10984a simple list separated by whitespace and/or commas. The elements are a 10985single cipher, or one or more "+" separated cipher properties, in which 10986case only ciphers matching <b>all</b> the properties are excluded. </p> 10987 10988<p> Examples (some of these will cause problems): </p> 10989 10990<blockquote> 10991<pre> 10992smtp_tls_exclude_ciphers = aNULL 10993smtp_tls_exclude_ciphers = MD5, DES 10994smtp_tls_exclude_ciphers = DES+MD5 10995smtp_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5 10996smtp_tls_exclude_ciphers = kEDH+aRSA 10997</pre> 10998</blockquote> 10999 11000<p> The first setting, disables anonymous ciphers. The next setting 11001disables ciphers that use the MD5 digest algorithm or the (single) DES 11002encryption algorithm. The next setting disables ciphers that use MD5 and 11003DES together. The next setting disables the two ciphers "AES256-SHA" 11004and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 11005key exchange with RSA authentication. </p> 11006 11007<p> This feature is available in Postfix 2.3 and later. </p> 11008 11009%PARAM smtp_tls_mandatory_exclude_ciphers 11010 11011<p> Additional list of ciphers or cipher types to exclude from the 11012SMTP client cipher list at mandatory TLS security levels. This list 11013works in addition to the exclusions listed with smtp_tls_exclude_ciphers 11014(see there for syntax details). </p> 11015 11016<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be 11017specified on a per-destination basis via the TLS policy "exclude" 11018attribute. See smtp_tls_policy_maps for notes and examples. </p> 11019 11020<p> This feature is available in Postfix 2.3 and later. </p> 11021 11022%PARAM tls_high_cipherlist ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH 11023 11024<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines 11025the meaning of the "high" setting in smtpd_tls_mandatory_ciphers, 11026smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are 11027strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 11028later the cipherlist may start with an "aNULL:" prefix, which restores 11029the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 11030list when they are enabled. This prefix is not needed with previous 11031OpenSSL releases. </p> 11032 11033<p> This feature is available in Postfix 2.3 and later. </p> 11034 11035%PARAM tls_medium_cipherlist ALL:!EXPORT:!LOW:+RC4:@STRENGTH 11036 11037<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This 11038defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers, 11039smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is 11040the default cipherlist for mandatory TLS encryption in the TLS 11041client (with anonymous ciphers disabled when verifying server 11042certificates). You are strongly encouraged to not change this 11043setting. With OpenSSL 1.0.0 and later the cipherlist may start with an 11044"aNULL:" prefix, which restores the 0.9.8-compatible ordering of the 11045aNULL ciphers to the top of the list when they are enabled. This prefix 11046is not needed with previous OpenSSL releases. </p> 11047 11048<p> This feature is available in Postfix 2.3 and later. </p> 11049 11050%PARAM tls_low_cipherlist ALL:!EXPORT:+RC4:@STRENGTH 11051 11052<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines 11053the meaning of the "low" setting in smtpd_tls_mandatory_ciphers, 11054smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are 11055strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 11056later the cipherlist may start with an "aNULL:" prefix, which restores 11057the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 11058list when they are enabled. This prefix is not needed with previous 11059OpenSSL releases. </p> 11060 11061<p> This feature is available in Postfix 2.3 and later. </p> 11062 11063%PARAM tls_export_cipherlist ALL:+RC4:@STRENGTH 11064 11065<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This 11066defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers, 11067smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is 11068the cipherlist for the opportunistic ("may") TLS client security 11069level and is the default cipherlist for the SMTP server. You are 11070strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 11071later the cipherlist may start with an "aNULL:" prefix, which restores 11072the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 11073list when they are enabled. This prefix is not needed with previous 11074OpenSSL releases. </p> 11075 11076<p> This feature is available in Postfix 2.3 and later. </p> 11077 11078%PARAM tls_null_cipherlist eNULL:!aNULL 11079 11080<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide 11081authentication without encryption. This defines the meaning of the "null" 11082setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and 11083lmtp_tls_mandatory_ciphers. You are strongly encouraged to not 11084change this setting. </p> 11085 11086<p> This feature is available in Postfix 2.3 and later. </p> 11087 11088%PARAM lmtp_tls_mandatory_ciphers 11089 11090<p> The LMTP-specific version of the smtp_tls_mandatory_ciphers 11091configuration parameter. See there for details. </p> 11092 11093<p> This feature is available in Postfix 2.3 and later. </p> 11094 11095%PARAM lmtp_tls_exclude_ciphers 11096 11097<p> The LMTP-specific version of the smtp_tls_exclude_ciphers 11098configuration parameter. See there for details. </p> 11099 11100<p> This feature is available in Postfix 2.3 and later. </p> 11101 11102%PARAM lmtp_tls_mandatory_exclude_ciphers 11103 11104<p> The LMTP-specific version of the smtp_tls_mandatory_exclude_ciphers 11105configuration parameter. See there for details. </p> 11106 11107<p> This feature is available in Postfix 2.3 and later. </p> 11108 11109%PARAM smtpd_tls_security_level 11110 11111<p> The SMTP TLS security level for the Postfix SMTP server; when 11112a non-empty value is specified, this overrides the obsolete parameters 11113smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with 11114"smtpd_tls_wrappermode = yes". </p> 11115 11116<p> Specify one of the following security levels: </p> 11117 11118<dl> 11119 11120<dt><b>none</b></dt> <dd> TLS will not be used. </dd> 11121 11122<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support 11123to SMTP clients, but do not require that clients use TLS encryption. 11124</dd> 11125 11126<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce 11127STARTTLS support to SMTP clients, and require that clients use TLS 11128encryption. According to RFC 2487 this MUST NOT be applied in case 11129of a publicly-referenced SMTP server. Instead, this option should 11130be used only on dedicated servers. </dd> 11131 11132</dl> 11133 11134<p> Note 1: the "fingerprint", "verify" and "secure" levels are not 11135supported here. 11136The Postfix SMTP server logs a warning and uses "encrypt" instead. 11137To verify SMTP client certificates, see TLS_README for a discussion 11138of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts 11139features. </p> 11140 11141<p> Note 2: The parameter setting "smtpd_tls_security_level = 11142encrypt" implies "smtpd_tls_auth_only = yes".</p> 11143 11144<p> Note 3: when invoked via "sendmail -bs", Postfix will never 11145offer STARTTLS due to insufficient privileges to access the server 11146private key. This is intended behavior.</p> 11147 11148<p> This feature is available in Postfix 2.3 and later. </p> 11149 11150%PARAM internal_mail_filter_classes 11151 11152<p> What categories of Postfix-generated mail are subject to 11153before-queue content inspection by non_smtpd_milters, header_checks 11154and body_checks. Specify zero or more of the following, separated 11155by whitespace or comma. </p> 11156 11157<dl> 11158 11159<dt><b>bounce</b></dt> <dd> Inspect the content of delivery 11160status notifications. </dd> 11161 11162<dt><b>notify</b></dt> <dd> Inspect the content of postmaster 11163notifications by the smtp(8) and smtpd(8) processes. </dd> 11164 11165</dl> 11166 11167<p> NOTE: It's generally not safe to enable content inspection of 11168Postfix-generated email messages. The user is warned. </p> 11169 11170<p> This feature is available in Postfix 2.3 and later. </p> 11171 11172%PARAM smtpd_tls_always_issue_session_ids yes 11173 11174<p> Force the Postfix SMTP server to issue a TLS session id, even 11175when TLS session caching is turned off (smtpd_tls_session_cache_database 11176is empty). This behavior is compatible with Postfix < 2.3. </p> 11177 11178<p> With Postfix 2.3 and later the Postfix SMTP server can disable 11179session id generation when TLS session caching is turned off. This 11180keeps clients from caching sessions that almost certainly cannot 11181be re-used. </p> 11182 11183<p> By default, the Postfix SMTP server always generates TLS session 11184ids. This works around a known defect in mail client applications 11185such as MS Outlook, and may also prevent interoperability issues 11186with other MTAs. </p> 11187 11188<p> Example: </p> 11189 11190<pre> 11191smtpd_tls_always_issue_session_ids = no 11192</pre> 11193 11194<p> This feature is available in Postfix 2.3 and later. </p> 11195 11196%PARAM smtp_pix_workarounds disable_esmtp, delay_dotcrlf 11197 11198<p> A list that specifies zero or more workarounds for CISCO PIX 11199firewall bugs. These workarounds are implemented by the Postfix 11200SMTP client. Workaround names are separated by comma or space, and 11201are case insensitive. This parameter setting can be overruled with 11202per-destination smtp_pix_workaround_maps settings. </p> 11203 11204<dl> 11205 11206<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending 11207".<CR><LF>" after the end of the message content. The 11208delay is subject to the smtp_pix_workaround_delay_time and 11209smtp_pix_workaround_threshold_time parameter settings. </dd> 11210 11211<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands: 11212send HELO instead of EHLO. </dd> 11213 11214</dl> 11215 11216<p> This feature is available in Postfix 2.4 and later. The default 11217settings are backwards compatible with earlier Postfix versions. 11218</p> 11219 11220%PARAM smtp_pix_workaround_maps 11221 11222<p> Lookup tables, indexed by the remote SMTP server address, with 11223per-destination workarounds for CISCO PIX firewall bugs. The table 11224is not indexed by hostname for consistency with 11225smtp_discard_ehlo_keyword_address_maps. </p> 11226 11227<p> This feature is available in Postfix 2.4 and later. </p> 11228 11229%PARAM lmtp_pix_workarounds 11230 11231<p> The LMTP-specific version of the smtp_pix_workaround 11232configuration parameter. See there for details. </p> 11233 11234<p> This feature is available in Postfix 2.4 and later. </p> 11235 11236%PARAM smtp_tls_fingerprint_digest md5 11237 11238<p> The message digest algorithm used to construct remote SMTP server 11239certificate fingerprints. At the "fingerprint" TLS security level 11240(<b>smtp_tls_security_level</b> = fingerprint), the server certificate is 11241verified by directly matching its <i>fingerprint</i>. The fingerprint 11242is the message digest of the server certificate using the selected 11243algorithm. With a digest algorithm resistant to "second pre-image" 11244attacks, it is not feasible to create a new public key and a matching 11245certificate that has the same fingerprint. </p> 11246 11247<p> The default algorithm is <b>md5</b>; this is consistent with 11248the backwards compatible setting of the digest used to verify client 11249certificates in the SMTP server. </p> 11250 11251<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash 11252function cryptanalysis have led to md5 being deprecated in favor of sha1. 11253However, as long as there are no known "second pre-image" attacks 11254against md5, its use in this context can still be considered safe. 11255</p> 11256 11257<p> While additional digest algorithms are often available with OpenSSL's 11258libcrypto, only those used by libssl in SSL cipher suites are available to 11259Postfix. For now this means just md5 or sha1. </p> 11260 11261<p> To find the fingerprint of a specific certificate file, with a 11262specific digest algorithm, run: 11263</p> 11264 11265<blockquote> 11266<pre> 11267$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 11268</pre> 11269</blockquote> 11270 11271<p> The text to the right of "=" sign is the desired fingerprint. 11272For example: </p> 11273 11274<blockquote> 11275<pre> 11276$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 11277SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 11278</pre> 11279</blockquote> 11280 11281<p> This feature is available in Postfix 2.5 and later. </p> 11282 11283%PARAM smtp_tls_fingerprint_cert_match 11284 11285<p> List of acceptable remote SMTP server certificate fingerprints 11286for the "fingerprint" TLS security level (<b>smtp_tls_security_level</b> = 11287fingerprint). At this security level, certificate authorities are 11288not used, and certificate expiration times are ignored. Instead, 11289server certificates are verified directly via their "fingerprint". The 11290fingerprint is a message digest of the server certificate. The digest 11291algorithm is selected via the <b>smtp_tls_fingerprint_digest</b> 11292parameter. </p> 11293 11294<p> When an <b>smtp_tls_policy_maps</b> table entry specifies the 11295"fingerprint" security level, any "match" attributes in that entry specify 11296the list of valid fingerprints for the corresponding destination. Multiple 11297fingerprints can be combined with a "|" delimiter in a single match 11298attribute, or multiple match attributes can be employed. </p> 11299 11300<p> Example: Certificate fingerprint verification with internal mailhub. 11301Two matching fingerprints are listed. The relayhost may be multiple 11302physical hosts behind a load-balancer, each with its own private/public 11303key and self-signed certificate. Alternatively, a single relayhost may 11304be in the process of switching from one set of private/public keys to 11305another, and both keys are trusted just prior to the transition. </p> 11306 11307<blockquote> 11308<pre> 11309relayhost = [mailhub.example.com] 11310smtp_tls_security_level = fingerprint 11311smtp_tls_fingerprint_digest = md5 11312smtp_tls_fingerprint_cert_match = 11313 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11314 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11315</pre> 11316</blockquote> 11317 11318<p> Example: Certificate fingerprint verification with selected destinations. 11319As in the example above, we show two matching fingerprints: </p> 11320 11321<blockquote> 11322<pre> 11323/etc/postfix/main.cf: 11324 smtp_tls_policy_maps = hash:/etc/postfix/tls_policy 11325 smtp_tls_fingerprint_digest = md5 11326</pre> 11327</blockquote> 11328 11329<blockquote> 11330<pre> 11331/etc/postfix/tls_policy: 11332 example.com fingerprint 11333 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11334 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11335</pre> 11336</blockquote> 11337 11338<p> This feature is available in Postfix 2.5 and later. </p> 11339 11340%PARAM lmtp_tls_fingerprint_cert_match 11341 11342<p> The LMTP-specific version of the smtp_tls_fingerprint_cert_match 11343configuration parameter. See there for details. </p> 11344 11345<p> This feature is available in Postfix 2.5 and later. </p> 11346 11347%PARAM lmtp_tls_fingerprint_digest md5 11348 11349<p> The LMTP-specific version of the smtp_tls_fingerprint_digest 11350configuration parameter. See there for details. </p> 11351 11352<p> This feature is available in Postfix 2.5 and later. </p> 11353 11354%PARAM smtpd_tls_fingerprint_digest md5 11355 11356<p> The message digest algorithm used to construct client-certificate 11357fingerprints for <b>check_ccert_access</b> and 11358<b>permit_tls_clientcerts</b>. The default algorithm is <b>md5</b>, 11359for backwards compatibility with Postfix releases prior to 2.5. 11360</p> 11361 11362<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash 11363function cryptanalysis have led to md5 being deprecated in favor of sha1. 11364However, as long as there are no known "second pre-image" attacks 11365against md5, its use in this context can still be considered safe. 11366</p> 11367 11368<p> While additional digest algorithms are often available with OpenSSL's 11369libcrypto, only those used by libssl in SSL cipher suites are available to 11370Postfix. For now this means just md5 or sha1. </p> 11371 11372<p> To find the fingerprint of a specific certificate file, with a 11373specific digest algorithm, run: </p> 11374 11375<blockquote> 11376<pre> 11377$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 11378</pre> 11379</blockquote> 11380 11381<p> The text to the right of "=" sign is the desired fingerprint. 11382For example: </p> 11383 11384<blockquote> 11385<pre> 11386$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 11387SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 11388</pre> 11389</blockquote> 11390 11391<p> Example: client-certificate access table, with sha1 fingerprints: </p> 11392 11393<blockquote> 11394<pre> 11395/etc/postfix/main.cf: 11396 smtpd_tls_fingerprint_digest = sha1 11397 smtpd_client_restrictions = 11398 check_ccert_access hash:/etc/postfix/access, 11399 reject 11400</pre> 11401<pre> 11402/etc/postfix/access: 11403 # Action folded to next line... 11404 AF:88:7C:AD:51:95:6F:36:96:F6:01:FB:2E:48:CD:AB:49:25:A2:3B 11405 OK 11406 85:16:78:FD:73:6E:CE:70:E0:31:5F:0D:3C:C8:6D:C4:2C:24:59:E1 11407 permit_auth_destination 11408</pre> 11409</blockquote> 11410 11411<p> This feature is available in Postfix 2.5 and later. </p> 11412 11413%PARAM lmtp_pix_workaround_maps 11414 11415<p> The LMTP-specific version of the smtp_pix_workaround_maps 11416configuration parameter. See there for details. </p> 11417 11418<p> This feature is available in Postfix 2.4 and later. </p> 11419 11420%PARAM detect_8bit_encoding_header yes 11421 11422<p> Automatically detect 8BITMIME body content by looking at 11423Content-Transfer-Encoding: message headers; historically, this 11424behavior was hard-coded to be "always on". </p> 11425 11426<p> This feature is available in Postfix 2.5 and later. </p> 11427 11428%PARAM send_cyrus_sasl_authzid no 11429 11430<p> When authenticating to a remote SMTP or LMTP server with the 11431default setting "no", send no SASL authoriZation ID (authzid); send 11432only the SASL authentiCation ID (authcid) plus the authcid's password. 11433</p> 11434 11435<p> The non-default setting "yes" enables the behavior of older 11436Postfix versions. These always send a SASL authzid that is equal 11437to the SASL authcid, but this causes inter-operability problems 11438with some SMTP servers. </p> 11439 11440<p> This feature is available in Postfix 2.4.4 and later. </p> 11441 11442%PARAM smtpd_client_port_logging no 11443 11444<p> Enable logging of the remote SMTP client port in addition to 11445the hostname and IP address. The logging format is "host[address]:port". 11446</p> 11447 11448<p> This feature is available in Postfix 2.5 and later. </p> 11449 11450%PARAM qmqpd_client_port_logging no 11451 11452<p> Enable logging of the remote QMQP client port in addition to 11453the hostname and IP address. The logging format is "host[address]:port". 11454</p> 11455 11456<p> This feature is available in Postfix 2.5 and later. </p> 11457 11458%PARAM smtp_tls_protocols !SSLv2 11459 11460<p> List of TLS protocols that the Postfix SMTP client will exclude or 11461include with opportunistic TLS encryption. Starting with Postfix 2.6, 11462the Postfix SMTP client will by default not use the obsolete SSLv2 11463protocol. </p> 11464 11465<p> In main.cf the values are separated by whitespace, commas or 11466colons. In the policy table (see smtp_tls_policy_maps) the only valid 11467separator is colon. An empty value means allow all protocols. The valid 11468protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" 11469and "TLSv1". </p> 11470 11471<p> To include a protocol list its name, to exclude it, prefix the name 11472with a "!" character. To exclude SSLv2 even for opportunistic TLS set 11473"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 11474"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to 11475include, is supported, but not recommended. OpenSSL provides no mechanisms 11476for excluding protocols not known at compile-time. If Postfix is linked 11477against an OpenSSL library that supports additional protocol versions, 11478they cannot be excluded using either syntax. </p> 11479 11480<p> Example: </p> 11481<pre> 11482# TLSv1 only! 11483smtp_tls_protocols = !SSLv2, !SSLv3 11484</pre> 11485 11486<p> This feature is available in Postfix 2.6 and later. </p> 11487 11488%PARAM smtpd_tls_protocols 11489 11490<p> List of TLS protocols that the Postfix SMTP server will exclude 11491or include with opportunistic TLS encryption. This parameter SHOULD be 11492left at its default empty value, allowing all protocols to be used with 11493opportunistic TLS. </p> 11494 11495<p> In main.cf the values are separated by whitespace, commas or 11496colons. An empty value means allow all protocols. The valid protocol 11497names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and 11498"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute 11499values are separated by a colon. </p> 11500 11501<p> To include a protocol list its name, to exclude it, prefix the name 11502with a "!" character. To exclude SSLv2 even for opportunistic TLS set 11503"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 11504"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to 11505include, is supported, but not recommended. OpenSSL provides no mechanisms 11506for excluding protocols not known at compile-time. If Postfix is linked 11507against an OpenSSL library that supports additional protocol versions, 11508they cannot be excluded using either syntax. </p> 11509 11510<p> Example: </p> 11511<pre> 11512smtpd_tls_protocols = !SSLv2 11513</pre> 11514 11515<p> This feature is available in Postfix 2.6 and later. </p> 11516 11517%PARAM lmtp_tls_protocols 11518 11519<p> The LMTP-specific version of the smtp_tls_protocols configuration 11520parameter. See there for details. </p> 11521 11522<p> This feature is available in Postfix 2.6 and later. </p> 11523 11524%PARAM smtp_tls_ciphers export 11525 11526<p> The minimum TLS cipher grade that the Postfix SMTP client 11527will use with opportunistic TLS encryption. Cipher types listed in 11528smtp_tls_exclude_ciphers are excluded from the base definition of 11529the selected cipher grade. The default value "export" ensures maximum 11530inter-operability. Because encryption is optional, stronger controls 11531are not appropriate, and this setting SHOULD NOT be changed unless the 11532change is essential. </p> 11533 11534<p> When TLS is mandatory the cipher grade is chosen via the 11535smtp_tls_mandatory_ciphers configuration parameter, see there for syntax 11536details. See smtp_tls_policy_maps for information on how to configure 11537ciphers on a per-destination basis. </p> 11538 11539<p> Example: </p> 11540<pre> 11541smtp_tls_ciphers = export 11542</pre> 11543 11544<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 11545releases only the smtp_tls_mandatory_ciphers parameter is implemented, 11546and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 11547 11548%PARAM smtpd_tls_ciphers export 11549 11550<p> The minimum TLS cipher grade that the Postfix SMTP server 11551will use with opportunistic TLS encryption. Cipher types listed in 11552smtpd_tls_exclude_ciphers are excluded from the base definition of 11553the selected cipher grade. The default value "export" ensures maximum 11554inter-operability. Because encryption is optional, stronger controls 11555are not appropriate, and this setting SHOULD NOT be changed unless the 11556change is essential. </p> 11557 11558<p> When TLS is mandatory the cipher grade is chosen via the 11559smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax 11560details. </p> 11561 11562<p> Example: </p> 11563<pre> 11564smtpd_tls_ciphers = export 11565</pre> 11566 11567<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 11568releases only the smtpd_tls_mandatory_ciphers parameter is implemented, 11569and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 11570 11571%PARAM lmtp_tls_ciphers export 11572 11573<p> The LMTP-specific version of the smtp_tls_ciphers configuration 11574parameter. See there for details. </p> 11575 11576<p> This feature is available in Postfix 2.6 and later. </p> 11577 11578%PARAM tls_eecdh_strong_curve prime256v1 11579 11580<p> The elliptic curve used by the SMTP server for sensibly strong 11581ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 11582server when "smtpd_tls_eecdh_grade = strong". The phrase "sensibly 11583strong" means approximately 128-bit security based on best known 11584attacks. The selected curve must be implemented by OpenSSL (as 11585reported by ecparam(1) with the "-list_curves" option) and be one 11586of the curves listed in Section 5.1.1 of RFC 4492. You should not 11587generally change this setting. </p> 11588 11589<p> This default curve is specified in NSA "Suite B" Cryptography 11590(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for 11591information classified as SECRET. </p> 11592 11593<p> Note: elliptic curve names are poorly standardized; different 11594standards groups are assigning different names to the same underlying 11595curves. The curve with the X9.62 name "prime256v1" is also known 11596under the SECG name "secp256r1", but OpenSSL does not recognize the 11597latter name. </p> 11598 11599<p> This feature is available in Postfix 2.6 and later, when it is 11600compiled and linked with OpenSSL 1.0.0 or later. </p> 11601 11602%PARAM tls_eecdh_ultra_curve secp384r1 11603 11604<p> The elliptic curve used by the SMTP server for maximally strong 11605ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 11606server when "smtpd_tls_eecdh_grade = ultra". The phrase "maximally 11607strong" means approximately 192-bit security based on best known attacks. 11608This additional strength comes at a significant computational cost, most 11609users should instead set "smtpd_tls_eecdh_grade = strong". The selected 11610curve must be implemented by OpenSSL (as reported by ecparam(1) with the 11611"-list_curves" option) and be one of the curves listed in Section 5.1.1 11612of RFC 4492. You should not generally change this setting. </p> 11613 11614<p> This default "ultra" curve is specified in NSA "Suite B" Cryptography 11615(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for information 11616classified as TOP SECRET. </p> 11617 11618<p> This feature is available in Postfix 2.6 and later, when it is 11619compiled and linked with OpenSSL 1.0.0 or later. </p> 11620 11621%PARAM smtpd_tls_eecdh_grade see "postconf -d" output 11622 11623<p> The Postfix SMTP server security grade for ephemeral elliptic-curve 11624Diffie-Hellman (EECDH) key exchange. </p> 11625 11626<p> The available choices are: </p> 11627 11628<dl> 11629 11630<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key 11631exchange will be disabled. This is the default in official Postfix 11632releases (mail_version = major.minor.patchlevel). </dd> 11633 11634<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128 11635bits of security at a reasonable computational cost. This is the 11636current best-practice trade-off between security and computational 11637efficiency. This is the default in Postfix snapshot releases 11638(mail_version = major.minor-releasedate). </dd> 11639 11640<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of 11641security at computational cost that is approximately twice as high 11642as 128 bit strength ECC. Barring significant progress in attacks on 11643elliptic curve crypto-systems, the "strong" curve is sufficient for most 11644users. </dd> 11645 11646</dl> 11647 11648<p> This feature is available in Postfix 2.6 and later, when it is 11649compiled and linked with OpenSSL 1.0.0 or later. </p> 11650 11651%PARAM smtpd_tls_eccert_file 11652 11653<p> File with the Postfix SMTP server ECDSA certificate in PEM format. 11654This file may also contain the Postfix SMTP server private ECDSA key. </p> 11655 11656<p> See the discussion under smtpd_tls_cert_file for more details. </p> 11657 11658<p> Example: </p> 11659 11660<pre> 11661smtpd_tls_eccert_file = /etc/postfix/ecdsa-scert.pem 11662</pre> 11663 11664<p> This feature is available in Postfix 2.6 and later, when Postfix is 11665compiled and linked with OpenSSL 1.0.0 or later. </p> 11666 11667%PARAM smtpd_tls_eckey_file $smtpd_tls_eccert_file 11668 11669<p> File with the Postfix SMTP server ECDSA private key in PEM format. 11670This file may be combined with the Postfix SMTP server ECDSA certificate 11671file specified with $smtpd_tls_eccert_file. </p> 11672 11673<p> The private key must be accessible without a pass-phrase, i.e. it 11674must not be encrypted. File permissions should grant read-only 11675access to the system superuser account ("root"), and no access 11676to anyone else. </p> 11677 11678<p> This feature is available in Postfix 2.6 and later, when Postfix is 11679compiled and linked with OpenSSL 1.0.0 or later. </p> 11680 11681%PARAM smtp_tls_eccert_file 11682 11683<p> File with the Postfix SMTP client ECDSA certificate in PEM format. 11684This file may also contain the Postfix SMTP client ECDSA private key. </p> 11685 11686<p> See the discussion under smtp_tls_cert_file for more details. 11687</p> 11688 11689<p> Example: </p> 11690 11691<pre> 11692smtp_tls_eccert_file = /etc/postfix/ecdsa-ccert.pem 11693</pre> 11694 11695<p> This feature is available in Postfix 2.6 and later, when Postfix is 11696compiled and linked with OpenSSL 1.0.0 or later. </p> 11697 11698%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file 11699 11700<p> File with the Postfix SMTP client ECDSA private key in PEM format. 11701This file may be combined with the Postfix SMTP client ECDSA 11702certificate file specified with $smtp_tls_eccert_file. </p> 11703 11704<p> The private key must be accessible without a pass-phrase, i.e. it 11705must not be encrypted. File permissions should grant read-only 11706access to the system superuser account ("root"), and no access 11707to anyone else. </p> 11708 11709<p> This feature is available in Postfix 2.6 and later, when Postfix is 11710compiled and linked with OpenSSL 1.0.0 or later. </p> 11711 11712%PARAM lmtp_tls_eccert_file 11713 11714<p> The LMTP-specific version of the smtp_tls_eccert_file configuration 11715parameter. See there for details. </p> 11716 11717<p> This feature is available in Postfix 2.6 and later, when Postfix is 11718compiled and linked with OpenSSL 1.0.0 or later. </p> 11719 11720%PARAM lmtp_tls_eckey_file 11721 11722<p> The LMTP-specific version of the smtp_tls_eckey_file configuration 11723parameter. See there for details. </p> 11724 11725<p> This feature is available in Postfix 2.6 and later, when Postfix is 11726compiled and linked with OpenSSL 1.0.0 or later. </p> 11727 11728%PARAM smtp_header_checks 11729 11730<p> Restricted header_checks(5) tables for the Postfix SMTP client. 11731These tables are searched while mail is being delivered. Actions 11732that change the delivery time or destination are not available. 11733</p> 11734 11735<p> This feature is available in Postfix 2.5 and later. </p> 11736 11737%PARAM smtp_mime_header_checks 11738 11739<p> Restricted mime_header_checks(5) tables for the Postfix SMTP 11740client. These tables are searched while mail is being delivered. 11741Actions that change the delivery time or destination are not 11742available. </p> 11743 11744<p> This feature is available in Postfix 2.5 and later. </p> 11745 11746%PARAM smtp_nested_header_checks 11747 11748<p> Restricted nested_header_checks(5) tables for the Postfix SMTP 11749client. These tables are searched while mail is being delivered. 11750Actions that change the delivery time or destination are not 11751available. </p> 11752 11753<p> This feature is available in Postfix 2.5 and later. </p> 11754 11755%PARAM smtp_body_checks 11756 11757<p> Restricted body_checks(5) tables for the Postfix SMTP client. 11758These tables are searched while mail is being delivered. Actions 11759that change the delivery time or destination are not available. 11760</p> 11761 11762<p> This feature is available in Postfix 2.5 and later. </p> 11763 11764%PARAM destination_concurrency_feedback_debug no 11765 11766<p> Make the queue manager's feedback algorithm verbose for performance 11767analysis purposes. </p> 11768 11769<p> This feature is available in Postfix 2.5 and later. </p> 11770 11771%PARAM default_destination_concurrency_failed_cohort_limit 1 11772 11773<p> How many pseudo-cohorts must suffer connection or handshake 11774failure before a specific destination is considered unavailable 11775(and further delivery is suspended). Specify zero to disable this 11776feature. A destination's pseudo-cohort failure count is reset each 11777time a delivery completes without connection or handshake failure 11778for that specific destination. </p> 11779 11780<p> A pseudo-cohort is the number of deliveries equal to a destination's 11781delivery concurrency. </p> 11782 11783<p> Use <i>transport</i>_destination_concurrency_failed_cohort_limit to specify 11784a transport-specific override, where <i>transport</i> is the master.cf 11785name of the message delivery transport. </p> 11786 11787<p> This feature is available in Postfix 2.5. The default setting 11788is compatible with earlier Postfix versions. </p> 11789 11790%PARAM default_destination_concurrency_negative_feedback 1 11791 11792<p> The per-destination amount of delivery concurrency negative 11793feedback, after a delivery completes with a connection or handshake 11794failure. Feedback values are in the range 0..1 inclusive. With 11795negative feedback, concurrency is decremented at the beginning of 11796a sequence of length 1/feedback. This is unlike positive feedback, 11797where concurrency is incremented at the end of a sequence of length 117981/feedback. </p> 11799 11800<p> As of Postfix version 2.5, negative feedback cannot reduce 11801delivery concurrency to zero. Instead, a destination is marked 11802dead (further delivery suspended) after the failed pseudo-cohort 11803count reaches $default_destination_concurrency_failed_cohort_limit 11804(or $<i>transport</i>_destination_concurrency_failed_cohort_limit). 11805To make the scheduler completely immune to connection or handshake 11806failures, specify a zero feedback value and a zero failed pseudo-cohort 11807limit. </p> 11808 11809<p> Specify one of the following forms: </p> 11810 11811<dl> 11812 11813<dt> <b><i>number</i> </b> </dt> 11814 11815<dt> <b><i>number</i> / <i>number</i> </b> </dt> 11816 11817<dd> Constant feedback. The value must be in the range 0..1 inclusive. 11818The default setting of "1" is compatible with Postfix versions 11819before 2.5, where a destination's delivery concurrency is throttled 11820down to zero (and further delivery suspended) after a single failed 11821pseudo-cohort. </dd> 11822 11823<dt> <b><i>number</i> / concurrency </b> </dt> 11824 11825<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 11826The <i>number</i> must be in the range 0..1 inclusive. With 11827<i>number</i> equal to "1", a destination's delivery concurrency 11828is decremented by 1 after each failed pseudo-cohort. </dd> 11829 11830<!-- 11831 11832<dt> <b><i>number</i> / sqrt_concurrency </b> </dt> 11833 11834<dd> Variable feedback of "<i>number</i> / sqrt(delivery concurrency)". 11835The <i>number</i> must be in the range 0..1 inclusive. This setting 11836may be removed in a future version. </dd> 11837 11838--> 11839 11840</dl> 11841 11842<p> A pseudo-cohort is the number of deliveries equal to a destination's 11843delivery concurrency. </p> 11844 11845<p> Use <i>transport</i>_destination_concurrency_negative_feedback 11846to specify a transport-specific override, where <i>transport</i> 11847is the master.cf 11848name of the message delivery transport. </p> 11849 11850<p> This feature is available in Postfix 2.5. The default setting 11851is compatible with earlier Postfix versions. </p> 11852 11853%PARAM default_destination_concurrency_positive_feedback 1 11854 11855<p> The per-destination amount of delivery concurrency positive 11856feedback, after a delivery completes without connection or handshake 11857failure. Feedback values are in the range 0..1 inclusive. The 11858concurrency increases until it reaches the per-destination maximal 11859concurrency limit. With positive feedback, concurrency is incremented 11860at the end of a sequence with length 1/feedback. This is unlike 11861negative feedback, where concurrency is decremented at the start 11862of a sequence of length 1/feedback. </p> 11863 11864<p> Specify one of the following forms: </p> 11865 11866<dl> 11867 11868<dt> <b><i>number</i> </b> </dt> 11869 11870<dt> <b><i>number</i> / <i>number</i> </b> </dt> 11871 11872<dd> Constant feedback. The value must be in the range 0..1 11873inclusive. The default setting of "1" is compatible with Postfix 11874versions before 2.5, where a destination's delivery concurrency 11875doubles after each successful pseudo-cohort. </dd> 11876 11877<dt> <b><i>number</i> / concurrency </b> </dt> 11878 11879<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 11880The <i>number</i> must be in the range 0..1 inclusive. With 11881<i>number</i> equal to "1", a destination's delivery concurrency 11882is incremented by 1 after each successful pseudo-cohort. </dd> 11883 11884<!-- 11885 11886<dt> <b><i>number</i> / sqrt_concurrency </b> </dt> 11887 11888<dd> Variable feedback of "<i>number</i> / sqrt(delivery concurrency)". 11889The <i>number</i> must be in the range 0..1 inclusive. This setting 11890may be removed in a future version. </dd> 11891 11892--> 11893 11894</dl> 11895 11896<p> A pseudo-cohort is the number of deliveries equal to a destination's 11897delivery concurrency. </p> 11898 11899<p> Use <i>transport</i>_destination_concurrency_positive_feedback 11900to specify a transport-specific override, where <i>transport</i> 11901is the master.cf name of the message delivery transport. </p> 11902 11903<p> This feature is available in Postfix 2.5 and later. </p> 11904 11905%PARAM transport_destination_concurrency_failed_cohort_limit $default_destination_concurrency_failed_cohort_limit 11906 11907<p> A transport-specific override for the 11908default_destination_concurrency_failed_cohort_limit parameter value, 11909where <i>transport</i> is the master.cf name of the message delivery 11910transport. </p> 11911 11912<p> This feature is available in Postfix 2.5 and later. </p> 11913 11914%PARAM transport_destination_concurrency_positive_feedback $default_destination_concurrency_positive_feedback 11915 11916<p> A transport-specific override for the 11917default_destination_concurrency_positive_feedback parameter value, 11918where <i>transport</i> is the master.cf name of the message delivery 11919transport. </p> 11920 11921<p> This feature is available in Postfix 2.5 and later. </p> 11922 11923%PARAM transport_destination_concurrency_negative_feedback $default_destination_concurrency_negative_feedback 11924 11925<p> A transport-specific override for the 11926default_destination_concurrency_negative_feedback parameter value, 11927where <i>transport</i> is the master.cf name of the message delivery 11928transport. </p> 11929 11930<p> This feature is available in Postfix 2.5 and later. </p> 11931 11932%PARAM transport_initial_destination_concurrency $initial_destination_concurrency 11933 11934<p> A transport-specific override for the initial_destination_concurrency 11935parameter value, where <i>transport</i> is the master.cf name of 11936the message delivery transport. </p> 11937 11938<p> This feature is available in Postfix 2.5 and later. </p> 11939 11940%PARAM transport_destination_concurrency_limit $default_destination_concurrency_limit 11941 11942<p> A transport-specific override for the 11943default_destination_concurrency_limit parameter value, where 11944<i>transport</i> is the master.cf name of the message delivery 11945transport. </p> 11946 11947%PARAM transport_destination_recipient_limit $default_destination_recipient_limit 11948 11949<p> A transport-specific override for the 11950default_destination_recipient_limit parameter value, where 11951<i>transport</i> is the master.cf name of the message delivery 11952transport. </p> 11953 11954%PARAM transport_time_limit $command_time_limit 11955 11956<p> A transport-specific override for the command_time_limit parameter 11957value, where <i>transport</i> is the master.cf name of the message 11958delivery transport. </p> 11959 11960%PARAM transport_delivery_slot_cost $default_delivery_slot_cost 11961 11962<p> A transport-specific override for the default_delivery_slot_cost 11963parameter value, where <i>transport</i> is the master.cf name of 11964the message delivery transport. </p> 11965 11966%PARAM transport_delivery_slot_loan $default_delivery_slot_loan 11967 11968<p> A transport-specific override for the default_delivery_slot_loan 11969parameter value, where <i>transport</i> is the master.cf name of 11970the message delivery transport. </p> 11971 11972%PARAM transport_delivery_slot_discount $default_delivery_slot_discount 11973 11974<p> A transport-specific override for the default_delivery_slot_discount 11975parameter value, where <i>transport</i> is the master.cf name of 11976the message delivery transport. </p> 11977 11978%PARAM transport_minimum_delivery_slots $default_minimum_delivery_slots 11979 11980<p> A transport-specific override for the default_minimum_delivery_slots 11981parameter value, where <i>transport</i> is the master.cf name of 11982the message delivery transport. </p> 11983 11984%PARAM transport_recipient_limit $default_recipient_limit 11985 11986<p> A transport-specific override for the default_recipient_limit 11987parameter value, where <i>transport</i> is the master.cf name of 11988the message delivery transport. </p> 11989 11990%PARAM transport_extra_recipient_limit $default_extra_recipient_limit 11991 11992<p> A transport-specific override for the default_extra_recipient_limit 11993parameter value, where <i>transport</i> is the master.cf name of 11994the message delivery transport. </p> 11995 11996%PARAM transport_recipient_refill_limit $default_recipient_refill_limit 11997 11998<p> A transport-specific override for the default_recipient_refill_limit 11999parameter value, where <i>transport</i> is the master.cf name of 12000the message delivery transport. </p> 12001 12002<p> This feature is available in Postfix 2.4 and later. </p> 12003 12004%PARAM transport_recipient_refill_delay $default_recipient_refill_delay 12005 12006<p> A transport-specific override for the default_recipient_refill_delay 12007parameter value, where <i>transport</i> is the master.cf name of 12008the message delivery transport. </p> 12009 12010<p> This feature is available in Postfix 2.4 and later. </p> 12011 12012%PARAM default_destination_rate_delay 0s 12013 12014<p> The default amount of delay that is inserted between individual 12015deliveries to the same destination; with per-destination recipient 12016limit > 1, a destination is a domain, otherwise it is a recipient. 12017</p> 12018 12019<p> To enable the delay, specify a non-zero time value (an integral 12020value plus an optional one-letter suffix that specifies the time 12021unit). </p> 12022 12023<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 12024(weeks). The default time unit is s (seconds). </p> 12025 12026<p> NOTE: the delay is enforced by the queue manager. The delay 12027timer state does not survive "<b>postfix reload</b>" or "<b>postfix 12028stop</b>". 12029</p> 12030 12031<p> Use <i>transport</i>_destination_rate_delay to specify a 12032transport-specific override, where <i>transport</i> is the master.cf 12033name of the message delivery transport. 12034</p> 12035 12036<p> This feature is available in Postfix 2.5 and later. </p> 12037 12038%PARAM transport_destination_rate_delay $default_destination_rate_delay 12039 12040<p> A transport-specific override for the default_destination_rate_delay 12041parameter value, where <i>transport</i> is the master.cf name of 12042the message delivery transport. </p> 12043 12044<p> This feature is available in Postfix 2.5 and later. </p> 12045 12046%PARAM data_directory see "postconf -d" output 12047 12048<p> The directory with Postfix-writable data files (for example: 12049caches, pseudo-random numbers). This directory must be owned by 12050the mail_owner account, and must not be shared with non-Postfix 12051software. </p> 12052 12053<p> This feature is available in Postfix 2.5 and later. </p> 12054 12055%PARAM stress 12056 12057<p> This feature is documented in the STRESS_README document. </p> 12058 12059<p> This feature is available in Postfix 2.5 and later. </p> 12060 12061%PARAM smtp_sasl_auth_soft_bounce yes 12062 12063<p> When a remote SMTP server rejects a SASL authentication request 12064with a 535 reply code, defer mail delivery instead of returning 12065mail as undeliverable. The latter behavior was hard-coded prior to 12066Postfix version 2.5. </p> 12067 12068<p> Note: the setting "yes" overrides the global soft_bounce 12069parameter, but the setting "no" does not. </p> 12070 12071<p> Example: </p> 12072 12073<pre> 12074# Default as of Postfix 2.5 12075smtp_sasl_auth_soft_bounce = yes 12076# The old hard-coded default 12077smtp_sasl_auth_soft_bounce = no 12078</pre> 12079 12080<p> This feature is available in Postfix 2.5 and later. </p> 12081 12082%PARAM smtp_sasl_auth_cache_name 12083 12084<p> An optional table to prevent repeated SASL authentication 12085failures with the same remote SMTP server hostname, username and 12086password. Each table (key, value) pair contains a server name, a 12087username and password, and the full server response. This information 12088is stored when a remote SMTP server rejects an authentication attempt 12089with a 535 reply code. As long as the smtp_sasl_password_maps 12090information does no change, and as long as the smtp_sasl_auth_cache_name 12091information does not expire (see smtp_sasl_auth_cache_time) the 12092Postfix SMTP client avoids SASL authentication attempts with the 12093same server, username and password, and instead bounces or defers 12094mail as controlled with the smtp_sasl_auth_soft_bounce configuration 12095parameter. </p> 12096 12097<p> Use a per-destination delivery concurrency of 1 (for example, 12098"smtp_destination_concurrency_limit = 1", 12099"relay_destination_concurrency_limit = 1", etc.), otherwise multiple 12100delivery agents may experience a login failure at the same time. 12101</p> 12102 12103<p> The table must be accessed via the proxywrite service, i.e. the 12104map name must start with "proxy:". The table should be stored under 12105the directory specified with the data_directory parameter. </p> 12106 12107<p> This feature uses cryptographic hashing to protect plain-text 12108passwords, and requires that Postfix is compiled with TLS support. 12109</p> 12110 12111<p> Example: </p> 12112 12113<pre> 12114smtp_sasl_auth_cache_name = proxy:btree:/var/db/postfix/sasl_auth_cache 12115</pre> 12116 12117<p> This feature is available in Postfix 2.5 and later. </p> 12118 12119%PARAM smtp_sasl_auth_cache_time 90d 12120 12121<p> The maximal age of an smtp_sasl_auth_cache_name entry before it 12122is removed. </p> 12123 12124<p> This feature is available in Postfix 2.5 and later. </p> 12125 12126%PARAM lmtp_sasl_auth_soft_bounce yes 12127 12128<p> The LMTP-specific version of the smtp_sasl_auth_soft_bounce 12129configuration parameter. See there for details. </p> 12130 12131<p> This feature is available in Postfix 2.5 and later. </p> 12132 12133%PARAM lmtp_sasl_auth_cache_name 12134 12135<p> The LMTP-specific version of the smtp_sasl_auth_cache_name 12136configuration parameter. See there for details. </p> 12137 12138<p> This feature is available in Postfix 2.5 and later. </p> 12139 12140%PARAM lmtp_sasl_auth_cache_time 90d 12141 12142<p> The LMTP-specific version of the smtp_sasl_auth_cache_time 12143configuration parameter. See there for details. </p> 12144 12145<p> This feature is available in Postfix 2.5 and later. </p> 12146 12147%PARAM unverified_sender_reject_reason 12148 12149<p> The Postfix SMTP server's reply when rejecting mail with 12150reject_unverified_sender. Do not include the numeric SMTP reply 12151code or the enhanced status code. By default, the response includes 12152actual address verification details. 12153 12154<p> Example: </p> 12155 12156<pre> 12157unverified_sender_reject_reason = Sender address lookup failed 12158</pre> 12159 12160<p> This feature is available in Postfix 2.6 and later. </p> 12161 12162%PARAM unverified_recipient_reject_reason 12163 12164<p> The Postfix SMTP server's reply when rejecting mail with 12165reject_unverified_recipient. Do not include the numeric SMTP reply 12166code or the enhanced status code. By default, the response includes 12167actual address verification details. 12168 12169<p> Example: </p> 12170 12171<pre> 12172unverified_recipient_reject_reason = Recipient address lookup failed 12173</pre> 12174 12175<p> This feature is available in Postfix 2.6 and later. </p> 12176 12177%PARAM strict_mailbox_ownership yes 12178 12179<p> Defer delivery when a mailbox file is not owned by its recipient. 12180The default setting is not backwards compatible. </p> 12181 12182<p> This feature is available in Postfix 2.5.3 and later. </p> 12183 12184%PARAM proxymap_service_name proxymap 12185 12186<p> The name of the proxymap read-only table lookup service. This 12187service is normally implemented by the proxymap(8) daemon. </p> 12188 12189<p> This feature is available in Postfix 2.6 and later. </p> 12190 12191%PARAM proxywrite_service_name proxywrite 12192 12193<p> The name of the proxywrite read-write table lookup service. 12194This service is normally implemented by the proxymap(8) daemon. 12195</p> 12196 12197<p> This feature is available in Postfix 2.6 and later. </p> 12198 12199%PARAM master_service_disable 12200 12201<p> Selectively disable master(8) listener ports by service type 12202or by service name and type. Specify a list of service types 12203("inet", "unix", "fifo", or "pass") or "name.type" tuples, where 12204"name" is the first field of a master.cf entry and "type" is a 12205service type. As with other Postfix matchlists, a search stops at 12206the first match. Specify "!pattern" to exclude a service from the 12207list. By default, all master(8) listener ports are enabled. </p> 12208 12209<p> Note: this feature does not support "/file/name" or "type:table" 12210patterns, nor does it support wildcards such as "*" or "all". This 12211is intentional. </p> 12212 12213<p> Examples: </p> 12214 12215<pre> 12216# Turn on all master(8) listener ports (the default). 12217master_service_disable = 12218# Turn off only the main SMTP listener port. 12219master_service_disable = smtp.inet 12220# Turn off all TCP/IP listener ports. 12221master_service_disable = inet 12222# Turn off all TCP/IP listener ports except "foo". 12223master_service_disable = !foo.inet, inet 12224</pre> 12225 12226<p> This feature is available in Postfix 2.6 and later. </p> 12227 12228%PARAM tcp_windowsize 0 12229 12230<p> An optional workaround for routers that break TCP window scaling. 12231Specify a value > 0 and < 65536 to enable this feature. With 12232Postfix TCP servers (smtpd(8), qmqpd(8)), this feature is implemented 12233by the Postfix master(8) daemon. </p> 12234 12235<p> To change this parameter without stopping Postfix, you need to 12236first terminate all Postfix TCP servers: </p> 12237 12238<blockquote> 12239<pre> 12240# postconf -e master_service_disable=inet 12241# postfix reload 12242</pre> 12243</blockquote> 12244 12245<p> This immediately terminates all processes that accept network 12246connections. Next, you enable Postfix TCP servers with the updated 12247tcp_windowsize setting: </p> 12248 12249<blockquote> 12250<pre> 12251# postconf -e tcp_windowsize=65535 master_service_disable= 12252# postfix reload 12253</pre> 12254</blockquote> 12255 12256<p> If you skip these steps with a running Postfix system, then the 12257tcp_windowsize change will work only for Postfix TCP clients (smtp(8), 12258lmtp(8)). </p> 12259 12260<p> This feature is available in Postfix 2.6 and later. </p> 12261 12262%PARAM multi_instance_directories 12263 12264<p> An optional list of non-default Postfix configuration directories; 12265these directories belong to additional Postfix instances that share 12266the Postfix executable files and documentation with the default 12267Postfix instance, and that are started, stopped, etc., together 12268with the default Postfix instance. Specify a list of pathnames 12269separated by comma or whitespace. </p> 12270 12271<p> When $multi_instance_directories is empty, the postfix(1) command 12272runs in single-instance mode and operates on a single Postfix 12273instance only. Otherwise, the postfix(1) command runs in multi-instance 12274mode and invokes the multi-instance manager specified with the 12275multi_instance_wrapper parameter. The multi-instance manager in 12276turn executes postfix(1) commands for the default instance and for 12277all Postfix instances in $multi_instance_directories. </p> 12278 12279<p> Currently, this parameter setting is ignored except for the 12280default main.cf file. </p> 12281 12282<p> This feature is available in Postfix 2.6 and later. </p> 12283 12284%PARAM multi_instance_wrapper 12285 12286<p> The pathname of a multi-instance manager command that the 12287postfix(1) command invokes when the multi_instance_directories 12288parameter value is non-empty. The pathname may be followed by 12289initial command arguments separated by whitespace; shell 12290metacharacters such as quotes are not supported in this context. 12291</p> 12292 12293<p> The postfix(1) command invokes the manager command with the 12294postfix(1) non-option command arguments on the manager command line, 12295and with all installation configuration parameters exported into 12296the manager command process environment. The manager command in 12297turn invokes the postfix(1) command for individual Postfix instances 12298as "postfix -c <i>config_directory</i> <i>command</i>". </p> 12299 12300<p> This feature is available in Postfix 2.6 and later. </p> 12301 12302%PARAM multi_instance_group 12303 12304<p> The optional instance group name of this Postfix instance. A 12305group identifies closely-related Postfix instances that the 12306multi-instance manager can start, stop, etc., as a unit. This 12307parameter is reserved for the multi-instance manager. </p> 12308 12309<p> This feature is available in Postfix 2.6 and later. </p> 12310 12311%PARAM multi_instance_name 12312 12313<p> The optional instance name of this Postfix instance. This name 12314becomes also the default value for the syslog_name parameter. </p> 12315 12316<p> This feature is available in Postfix 2.6 and later. </p> 12317 12318%PARAM multi_instance_enable no 12319 12320<p> Allow this Postfix instance to be started, stopped, etc., by a 12321multi-instance manager. By default, new instances are created in 12322a safe state that prevents them from being started inadvertently. 12323This parameter is reserved for the multi-instance manager. </p> 12324 12325<p> This feature is available in Postfix 2.6 and later. </p> 12326 12327%PARAM reject_tempfail_action defer_if_permit 12328 12329<p> The Postfix SMTP server's action when a reject-type restriction 12330fails due to a temporary error condition. Specify "defer" to defer 12331the remote SMTP client request immediately. With the default 12332"defer_if_permit" action, the Postfix SMTP server continues to look 12333for opportunities to reject mail, and defers the client request 12334only if it would otherwise be accepted. </p> 12335 12336<p> For finer control, see: unverified_recipient_tempfail_action, 12337unverified_sender_tempfail_action, unknown_address_tempfail_action, 12338and unknown_helo_hostname_tempfail_action. </p> 12339 12340<p> This feature is available in Postfix 2.6 and later. </p> 12341 12342%PARAM unverified_recipient_tempfail_action $reject_tempfail_action 12343 12344<p> The Postfix SMTP server's action when reject_unverified_recipient 12345fails due to a temporary error condition. Specify "defer" to defer 12346the remote SMTP client request immediately. With the default 12347"defer_if_permit" action, the Postfix SMTP server continues to look 12348for opportunities to reject mail, and defers the client request 12349only if it would otherwise be accepted. </p> 12350 12351<p> This feature is available in Postfix 2.6 and later. </p> 12352 12353%PARAM unverified_sender_tempfail_action $reject_tempfail_action 12354 12355<p> The Postfix SMTP server's action when reject_unverified_sender 12356fails due to a temporary error condition. Specify "defer" to defer 12357the remote SMTP client request immediately. With the default 12358"defer_if_permit" action, the Postfix SMTP server continues to look 12359for opportunities to reject mail, and defers the client request 12360only if it would otherwise be accepted. </p> 12361 12362<p> This feature is available in Postfix 2.6 and later. </p> 12363 12364%PARAM unknown_address_tempfail_action $reject_tempfail_action 12365 12366<p> The Postfix SMTP server's action when reject_unknown_sender_domain 12367or reject_unknown_recipient_domain fail due to a temporary error 12368condition. Specify "defer" to defer the remote SMTP client request 12369immediately. With the default "defer_if_permit" action, the Postfix 12370SMTP server continues to look for opportunities to reject mail, and 12371defers the client request only if it would otherwise be accepted. 12372</p> 12373 12374<p> This feature is available in Postfix 2.6 and later. </p> 12375 12376%PARAM unknown_helo_hostname_tempfail_action $reject_tempfail_action 12377 12378<p> The Postfix SMTP server's action when reject_unknown_helo_hostname 12379fails due to an temporary error condition. Specify "defer" to defer 12380the remote SMTP client request immediately. With the default 12381"defer_if_permit" action, the Postfix SMTP server continues to look 12382for opportunities to reject mail, and defers the client request 12383only if it would otherwise be accepted. </p> 12384 12385<p> This feature is available in Postfix 2.6 and later. </p> 12386 12387%PARAM postmulti_start_commands start 12388 12389<p> The postfix(1) commands that the postmulti(1) instance manager treats 12390as "start" commands. For these commands, disabled instances are "checked" 12391rather than "started", and failure to "start" a member instance of an 12392instance group will abort the start-up of later instances. </p> 12393 12394<p> This feature is available in Postfix 2.6 and later. </p> 12395 12396%PARAM postmulti_stop_commands see "postconf -d" output 12397 12398<p> The postfix(1) commands that the postmulti(1) instance manager treats 12399as "stop" commands. For these commands, disabled instances are skipped, 12400and enabled instances are processed in reverse order. </p> 12401 12402<p> This feature is available in Postfix 2.6 and later. </p> 12403 12404%PARAM postmulti_control_commands reload flush 12405 12406<p> The postfix(1) commands that the postmulti(1) instance manager 12407treats as "control" commands, that operate on running instances. For 12408these commands, disabled instances are skipped. </p> 12409 12410<p> This feature is available in Postfix 2.6 and later. </p> 12411 12412%PARAM lmtp_assume_final no 12413 12414<p> When an LMTP server announces no DSN support, assume that the 12415server performs final delivery, and send "delivered" delivery status 12416notifications instead of "relayed". The default setting is backwards 12417compatible to avoid the infinetisimal possibility of breaking 12418existing LMTP-based content filters. </p> 12419 12420%PARAM always_add_missing_headers no 12421 12422<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers 12423when not present. Postfix 2.6 and later add these headers only 12424when clients match the local_header_rewrite_clients parameter 12425setting. Earlier Postfix versions always add these headers; this 12426may break DKIM signatures that cover non-existent headers. </p> 12427 12428%PARAM lmtp_header_checks 12429 12430<p> The LMTP-specific version of the smtp_header_checks configuration 12431parameter. See there for details. </p> 12432 12433<p> This feature is available in Postfix 2.5 and later. </p> 12434 12435%PARAM lmtp_mime_header_checks 12436 12437<p> The LMTP-specific version of the smtp_mime_header_checks 12438configuration parameter. See there for details. </p> 12439 12440<p> This feature is available in Postfix 2.5 and later. </p> 12441 12442%PARAM lmtp_nested_header_checks 12443 12444<p> The LMTP-specific version of the smtp_nested_header_checks 12445configuration parameter. See there for details. </p> 12446 12447<p> This feature is available in Postfix 2.5 and later. </p> 12448 12449%PARAM lmtp_body_checks 12450 12451<p> The LMTP-specific version of the smtp_body_checks configuration 12452parameter. See there for details. </p> 12453 12454<p> This feature is available in Postfix 2.5 and later. </p> 12455 12456%PARAM milter_header_checks 12457 12458<p> Optional lookup tables for content inspection of message headers 12459that are produced by Milter applications. See the header_checks(5) 12460manual page available actions. Currently, PREPEND is not implemented. 12461</p> 12462 12463<p> The following example sends all mail that is marked as SPAM to 12464a spam handling machine. Note that matches are case-insensitive 12465by default. </p> 12466 12467<pre> 12468/etc/postfix/main.cf: 12469 milter_header_checks = pcre:/etc/postfix/milter_header_checks 12470</pre> 12471 12472<pre> 12473/etc/postfix/milter_header_checks: 12474 /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25 12475</pre> 12476 12477<p> The milter_header_checks mechanism could also be used for 12478whitelisting. For example it could be used to skip heavy content 12479inspection for DKIM-signed mail from known friendly domains. </p> 12480 12481<p> This feature is available in Postfix 2.7, and as an optional 12482patch for Postfix 2.6. </p> 12483 12484%PARAM smtpd_command_filter 12485 12486<p> A mechanism to transform commands from remote SMTP clients. 12487This is a last-resort tool to work around client commands that break 12488inter-operability with the Postfix SMTP server. Other uses involve 12489fault injection to test Postfix's handling of invalid commands. 12490</p> 12491 12492<p> Specify the name of a "type:table" lookup table. The search 12493string is the SMTP command as received from the remote SMTP client, 12494except that initial whitespace and the trailing <CR><LF> 12495are removed. The result value is executed by the Postfix SMTP 12496server. </p> 12497 12498<p> Postfix already implements a number of workarounds for malformed 12499client commands. </p> 12500 12501<ul> 12502 12503<li> <p> Use "resolve_numeric_domain = yes" to accept 12504"<i>user@ipaddress</i>". </p> 12505 12506<li> <p> Postfix already accepts the correct form 12507"<i>user@[ipaddress]</i>". </p> 12508 12509<li> <p> Use "strict_rfc821_envelopes = no" to accept "<i>User Name 12510<user@example.com></i>". Postfix will ignore the "User Name" 12511part before delivering the mail. </p> 12512 12513</ul> 12514 12515<p> Examples: </p> 12516 12517<pre> 12518/etc/postfix/main.cf: 12519 smtpd_command_filter = pcre:/etc/postfix/command_filter 12520</pre> 12521 12522<pre> 12523/etc/postfix/command_filter: 12524 # Work around clients that send malformed HELO commands. 12525 /^HELO\s*$/ HELO domain.invalid 12526</pre> 12527 12528<pre> 12529 # Work around clients that send empty lines. 12530 /^\s*$/ NOOP 12531</pre> 12532 12533<pre> 12534 # Work around clients that send RCPT TO:<'user@domain'>. 12535 # WARNING: do not lose the parameters that follow the address. 12536 /^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2 12537</pre> 12538 12539<p> This feature is available in Postfix 2.7. </p> 12540 12541%PARAM smtp_reply_filter 12542 12543<p> A mechanism to transform replies from remote SMTP servers one 12544line at a time. This is a last-resort tool to work around server 12545replies that break inter-operability with the Postfix SMTP client. 12546Other uses involve fault injection to test Postfix's handling of 12547invalid responses. </p> 12548 12549<p> Notes: </p> 12550 12551<ul> 12552 12553<li> <p> In the case of a multi-line reply, the Postfix SMTP client 12554uses the final reply line's numerical SMTP reply code and enhanced 12555status code. </p> 12556 12557<li> <p> The numerical SMTP reply code (XYZ) takes precedence over 12558the enhanced status code (X.Y.Z). When the enhanced status code 12559initial digit differs from the SMTP reply code initial digit, or 12560when no enhanced status code is present, the Postfix SMTP client 12561uses a generic enhanced status code (X.0.0) instead. </p> 12562 12563</ul> 12564 12565<p> Specify the name of a "type:table" lookup table. The search 12566string is a single SMTP reply line as received from the remote SMTP 12567server, except that the trailing <CR><LF> are removed. </p> 12568 12569<p> Examples: </p> 12570 12571<pre> 12572/etc/postfix/main.cf: 12573 smtp_reply_filter = pcre:/etc/postfix/reply_filter 12574</pre> 12575 12576<pre> 12577/etc/postfix/reply_filter: 12578 # Transform garbage into "250-filler..." so that it looks like 12579 # one line from a multi-line reply. It does not matter what we 12580 # substitute here as long it has the right syntax. The Postfix 12581 # SMTP client will use the final line's numerical SMTP reply 12582 # code and enhanced status code. 12583 !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage 12584</pre> 12585 12586<p> This feature is available in Postfix 2.7. </p> 12587 12588%PARAM lmtp_reply_filter 12589 12590<p> The LMTP-specific version of the smtp_reply_filter 12591configuration parameter. See there for details. </p> 12592 12593<p> This feature is available in Postfix 2.7 and later. </p> 12594 12595%PARAM smtp_tls_block_early_mail_reply no 12596 12597<p> Try to detect a mail hijacking attack based on a TLS protocol 12598vulnerability (CVE-2009-3555), where an attacker prepends malicious 12599HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 12600The attack would succeed with non-Postfix SMTP servers that reply 12601to the malicious HELO, MAIL, RCPT, DATA commands after negotiating 12602the Postfix SMTP client TLS session. </p> 12603 12604<p> This feature is available in Postfix 2.7. </p> 12605 12606%PARAM lmtp_tls_block_early_mail_reply 12607 12608<p> The LMTP-specific version of the smtp_tls_block_early_mail_reply 12609configuration parameter. See there for details. </p> 12610 12611<p> This feature is available in Postfix 2.7 and later. </p> 12612 12613%PARAM empty_address_default_transport_maps_lookup_key <> 12614 12615<p> The sender_dependent_default_transport_maps search string that 12616will be used instead of the null sender address. </p> 12617 12618<p> This feature is available in Postfix 2.7 and later. </p> 12619 12620%PARAM sender_dependent_default_transport_maps 12621 12622<p> A sender-dependent override for the global default_transport 12623parameter setting. The tables are searched by the envelope sender 12624address and @domain. A lookup result of DUNNO terminates the search 12625without overriding the global default_transport parameter setting. 12626This information is overruled with the transport(5) table. </p> 12627 12628<p> Note: this overrides default_transport, not transport_maps, and 12629therefore the expected syntax is that of default_transport, not the 12630syntax of transport_maps. Specifically, this does not support the 12631transport_maps syntax for null transport, null nexthop, or null 12632email addresses. </p> 12633 12634<p> For safety reasons, this feature does not allow $number 12635substitutions in regular expression maps. </p> 12636 12637<p> This feature is available in Postfix 2.7 and later. </p> 12638 12639%PARAM address_verify_sender_dependent_default_transport_maps $sender_dependent_default_transport_maps 12640 12641<p> Overrides the sender_dependent_default_transport_maps parameter 12642setting for address verification probes. </p> 12643 12644<p> This feature is available in Postfix 2.7 and later. </p> 12645 12646%PARAM default_filter_nexthop 12647 12648<p> When a content_filter or FILTER request specifies no explicit 12649next-hop destination, use $default_filter_nexthop instead; when 12650that value is empty, use the domain in the recipient address. 12651Specify "default_filter_nexthop = $myhostname" for compatibility 12652with Postfix version 2.6 and earlier, or specify an explicit next-hop 12653destination with each content_filter value or FILTER action. </p> 12654 12655<p> This feature is available in Postfix 2.7 and later. </p> 12656 12657