1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "https://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Configuration Parameters </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 13<script type="text/javascript"> 14 15// Kludge for https://support.google.com/chrome/thread/11993079 16const isChrome = /Chrome/.test(navigator.userAgent) 17 && /Google Inc/.test(navigator.vendor); 18const hash = window.location.hash; 19if (hash && isChrome) { 20 setTimeout(function() { 21 window.location.hash = ""; 22 window.location.hash = hash; 23 }, 1000); 24} 25 26</script> 27 28</head> 29 30<body> 31 32<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">Postfix Configuration Parameters </h1> 33 34<hr> 35 36<h2> Postfix main.cf file format </h2> 37 38<p> The Postfix main.cf configuration file specifies a very small 39subset of all the parameters that control the operation of the 40Postfix mail system. Parameters not explicitly specified are left 41at their default values. </p> 42 43<p> The general format of the main.cf file is as follows: </p> 44 45<ul> 46 47<li> <p> Each logical line is in the form "parameter = value". 48Whitespace around the "=" is ignored, as is whitespace at the end 49of a logical line. </p> 50 51<li> <p> Empty lines and whitespace-only lines are ignored, as are 52lines whose first non-whitespace character is a `#'. </p> 53 54<li> <p> A logical line starts with non-whitespace text. A line 55that starts with whitespace continues a logical line. </p> 56 57<li> <p> A parameter value may refer to other parameters. </p> 58 59<ul> 60 61<li> <p> The expressions "$name" and "${name}" are recursively 62replaced with the value of the named parameter. The parameter name 63must contain only characters from the set [a-zA-Z0-9_]. 64An undefined parameter value is replaced with the empty value. </p> 65 66<li> <p> The expressions "${name?value}" and "${name?{value}}" are 67replaced with "value" when "$name" is non-empty. The parameter name 68must contain only characters from the set [a-zA-Z0-9_]. These forms are 69supported with Postfix versions ≥ 2.2 and ≥ 3.0, respectively. 70</p> 71 72<li> <p> The expressions "${name:value}" and "${name:{value}}" are 73replaced with "value" when "$name" is empty. The parameter name must 74contain only characters from the set [a-zA-Z0-9_]. These forms are 75supported with Postfix versions ≥ 2.2 and ≥ 3.0, respectively. 76</p> 77 78<li> <p> The expression "${name?{value1}:{value2}}" is replaced 79with "value1" when "$name" is non-empty, and with "value2" when 80"$name" is empty. The "{}" is required for "value1", optional for 81"value2". The parameter name must contain only characters from the 82set [a-zA-Z0-9_]. This form is supported with Postfix versions 83≥ 3.0. </p> 84 85<li> <p> The first item inside "${...}" may be a relational expression 86of the form: "{value3} == {value4}". Besides the "==" (equality) 87operator Postfix supports "!=" (inequality), "<", "≤", "≥", 88and ">". The comparison is numerical when both operands are all 89digits, otherwise the comparison is lexicographical. These forms 90are supported with Postfix versions ≥ 3.0. </p> 91 92<li> <p> Each "value" is subject to recursive named parameter and 93relational expression evaluation, except where noted. </p> 94 95<li> <p> Whitespace before or after each "{value}" is ignored. </p> 96 97<li> <p> Specify "$$" to produce a single "$" character. </p> 98 99<li> <p> The legacy form "$(...)" is equivalent to the preferred 100form "${...}". </p> 101 102</ul> 103 104<li> <p> When the same parameter is defined multiple times, only 105the last instance is remembered. </p> 106 107<li> <p> Otherwise, the order of main.cf parameter definitions does 108not matter. </p> 109 110</ul> 111 112<p> The remainder of this document is a description of all Postfix 113configuration parameters. Default values are shown after the 114parameter name in parentheses, and can be looked up with the 115"<b>postconf -d</b>" command. </p> 116 117<p> Note: this is not an invitation to make changes to Postfix 118configuration parameters. Unnecessary changes are likely to impair 119the operation of the mail system. </p> 120 121<dl> 122<DT><b><a name="2bounce_notice_recipient">2bounce_notice_recipient</a> 123(default: postmaster)</b></DT><DD> 124 125<p> The recipient of undeliverable mail that cannot be returned to 126the sender. This feature is enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 127parameter. </p> 128 129 130</DD> 131 132<DT><b><a name="access_map_defer_code">access_map_defer_code</a> 133(default: 450)</b></DT><DD> 134 135<p> 136The numerical Postfix SMTP server response code for 137an <a href="access.5.html">access(5)</a> map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" 138or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". Prior to Postfix 2.6, the response 139is hard-coded as "450". 140</p> 141 142<p> 143Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 144</p> 145 146<p> 147This feature is available in Postfix 2.6 and later. 148</p> 149 150 151</DD> 152 153<DT><b><a name="access_map_reject_code">access_map_reject_code</a> 154(default: 554)</b></DT><DD> 155 156<p> 157The numerical Postfix SMTP server response code for 158an <a href="access.5.html">access(5)</a> map "reject" action. 159</p> 160 161<p> 162Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 163</p> 164 165 166</DD> 167 168<DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> 169(default: 12h)</b></DT><DD> 170 171<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification 172database cleanup runs. This feature requires that the database 173supports the "delete" and "sequence" operators. Specify a zero 174interval to disable database cleanup. </p> 175 176<p> After each database cleanup run, the <a href="verify.8.html">verify(8)</a> daemon logs the 177number of entries that were retained and dropped. A cleanup run is 178logged as "partial" when the daemon terminates early after "<b>postfix 179reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 180seconds. </p> 181 182<p> Specify a non-negative time value (an integral value plus an optional 183one-letter suffix that specifies the time unit). Time units: s 184(seconds), m (minutes), h (hours), d (days), w (weeks). 185The default time unit is h (hours). </p> 186 187<p> This feature is available in Postfix 2.7. </p> 188 189 190</DD> 191 192<DT><b><a name="address_verify_default_transport">address_verify_default_transport</a> 193(default: $<a href="postconf.5.html#default_transport">default_transport</a>)</b></DT><DD> 194 195<p> 196Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address 197verification probes. 198</p> 199 200<p> 201This feature is available in Postfix 2.1 and later. 202</p> 203 204 205</DD> 206 207<DT><b><a name="address_verify_local_transport">address_verify_local_transport</a> 208(default: $<a href="postconf.5.html#local_transport">local_transport</a>)</b></DT><DD> 209 210<p> 211Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address 212verification probes. 213</p> 214 215<p> 216This feature is available in Postfix 2.1 and later. 217</p> 218 219 220</DD> 221 222<DT><b><a name="address_verify_map">address_verify_map</a> 223(default: see "postconf -d" output)</b></DT><DD> 224 225<p> 226Lookup table for persistent address verification status 227storage. The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and 228is opened before the process releases privileges. 229</p> 230 231<p> 232The lookup table is persistent by default (Postfix 2.7 and later). 233Specify an empty table name to keep the information in volatile 234memory which is lost after "<b>postfix reload</b>" or "<b>postfix 235stop</b>". This is the default with Postfix version 2.6 and earlier. 236</p> 237 238<p> 239Specify a location in a file system that will not fill up. If the 240database becomes corrupted, the world comes to an end. To recover, 241delete (NOT: truncate) the file and do "<b>postfix reload</b>". 242</p> 243 244<p> Postfix daemon processes do not use root privileges when opening 245this file (Postfix 2.5 and later). The file must therefore be 246stored under a Postfix-owned directory such as the <a href="postconf.5.html#data_directory">data_directory</a>. 247As a migration aid, an attempt to open the file under a non-Postfix 248directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 249warning is logged. </p> 250 251<p> 252Examples: 253</p> 254 255<pre> 256<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">hash</a>:/var/db/postfix/verify 257<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/verify 258</pre> 259 260<p> 261This feature is available in Postfix 2.1 and later. 262</p> 263 264 265</DD> 266 267<DT><b><a name="address_verify_negative_cache">address_verify_negative_cache</a> 268(default: yes)</b></DT><DD> 269 270<p> 271Enable caching of failed address verification probe results. When 272this feature is enabled, the cache may pollute quickly with garbage. 273When this feature is disabled, Postfix will generate an address 274probe for every lookup. 275</p> 276 277<p> 278This feature is available in Postfix 2.1 and later. 279</p> 280 281 282</DD> 283 284<DT><b><a name="address_verify_negative_expire_time">address_verify_negative_expire_time</a> 285(default: 3d)</b></DT><DD> 286 287<p> 288The time after which a failed probe expires from the address 289verification cache. 290</p> 291 292<p> Specify a non-zero time value (an integral value plus an optional 293one-letter suffix that specifies the time unit). Time units: s 294(seconds), m (minutes), h (hours), d (days), w (weeks). 295The default time unit is d (days). </p> 296 297<p> 298This feature is available in Postfix 2.1 and later. 299</p> 300 301 302</DD> 303 304<DT><b><a name="address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> 305(default: 3h)</b></DT><DD> 306 307<p> 308The time after which a failed address verification probe needs to 309be refreshed. 310</p> 311 312<p> Specify a non-zero time value (an integral value plus an optional 313one-letter suffix that specifies the time unit). Time units: s 314(seconds), m (minutes), h (hours), d (days), w (weeks). 315The default time unit is h (hours). </p> 316 317<p> 318This feature is available in Postfix 2.1 and later. 319</p> 320 321 322</DD> 323 324<DT><b><a name="address_verify_pending_request_limit">address_verify_pending_request_limit</a> 325(default: see "postconf -d" output)</b></DT><DD> 326 327<p> A safety limit that prevents address verification requests from 328overwhelming the Postfix queue. By default, the number of pending 329requests is limited to 1/4 of the <a href="QSHAPE_README.html#active_queue">active queue</a> maximum size 330(<a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a>). The queue manager enforces the limit 331by tempfailing requests that exceed the limit. This affects only 332unknown addresses and inactive addresses that have expired, because 333the <a href="verify.8.html">verify(8)</a> daemon automatically refreshes an active address 334before it expires. </p> 335 336<p> This feature is available in Postfix 3.1 and later. </p> 337 338 339</DD> 340 341<DT><b><a name="address_verify_poll_count">address_verify_poll_count</a> 342(default: normal: 3, <a href="STRESS_README.html">overload</a>: 1)</b></DT><DD> 343 344<p> 345How many times to query the <a href="verify.8.html">verify(8)</a> service for the completion 346of an address verification request in progress. 347</p> 348 349<p> By default, the Postfix SMTP server polls the <a href="verify.8.html">verify(8)</a> service 350up to three times under non-overload conditions, and only once when 351under overload. With Postfix version 2.5 and earlier, the SMTP 352server always polls the <a href="verify.8.html">verify(8)</a> service up to three times by 353default. </p> 354 355<p> 356Specify 1 to implement a crude form of greylisting, that is, always 357defer the first delivery request for a new address. 358</p> 359 360<p> 361Examples: 362</p> 363 364<pre> 365# Postfix ≤ 2.6 default 366<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 3 367# Poor man's greylisting 368<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 1 369</pre> 370 371<p> 372This feature is available in Postfix 2.1 and later. 373</p> 374 375 376</DD> 377 378<DT><b><a name="address_verify_poll_delay">address_verify_poll_delay</a> 379(default: 3s)</b></DT><DD> 380 381<p> 382The delay between queries for the completion of an address 383verification request in progress. 384</p> 385 386<p> 387The default polling delay is 3 seconds. 388</p> 389 390<p> Specify a non-zero time value (an integral value plus an optional 391one-letter suffix that specifies the time unit). Time units: s 392(seconds), m (minutes), h (hours), d (days), w (weeks). 393The default time unit is s (seconds). </p> 394 395<p> 396This feature is available in Postfix 2.1 and later. 397</p> 398 399 400</DD> 401 402<DT><b><a name="address_verify_positive_expire_time">address_verify_positive_expire_time</a> 403(default: 31d)</b></DT><DD> 404 405<p> 406The time after which a successful probe expires from the address 407verification cache. 408</p> 409 410<p> Specify a non-zero time value (an integral value plus an optional 411one-letter suffix that specifies the time unit). Time units: s 412(seconds), m (minutes), h (hours), d (days), w (weeks). 413The default time unit is d (days). </p> 414 415<p> 416This feature is available in Postfix 2.1 and later. 417</p> 418 419 420</DD> 421 422<DT><b><a name="address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> 423(default: 7d)</b></DT><DD> 424 425<p> 426The time after which a successful address verification probe needs 427to be refreshed. The address verification status is not updated 428when the probe fails (optimistic caching). 429</p> 430 431<p> Specify a non-zero time value (an integral value plus an optional 432one-letter suffix that specifies the time unit). Time units: s 433(seconds), m (minutes), h (hours), d (days), w (weeks). 434The default time unit is d (days). </p> 435 436<p> 437This feature is available in Postfix 2.1 and later. 438</p> 439 440 441</DD> 442 443<DT><b><a name="address_verify_relay_transport">address_verify_relay_transport</a> 444(default: $<a href="postconf.5.html#relay_transport">relay_transport</a>)</b></DT><DD> 445 446<p> 447Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address 448verification probes. 449</p> 450 451<p> 452This feature is available in Postfix 2.1 and later. 453</p> 454 455 456</DD> 457 458<DT><b><a name="address_verify_relayhost">address_verify_relayhost</a> 459(default: $<a href="postconf.5.html#relayhost">relayhost</a>)</b></DT><DD> 460 461<p> 462Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification 463probes. This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 464</p> 465 466<p> 467This feature is available in Postfix 2.1 and later. 468</p> 469 470 471</DD> 472 473<DT><b><a name="address_verify_sender">address_verify_sender</a> 474(default: $<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b></DT><DD> 475 476<p> The sender address to use in address verification probes; prior 477to Postfix 2.5 the default was "postmaster". To 478avoid problems with address probes that are sent in response to 479address probes, the Postfix SMTP server excludes the probe sender 480address from all SMTPD access blocks. </p> 481 482<p> 483Specify an empty value (<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> =) or <> if you want 484to use the null sender address. Beware, some sites reject mail from 485<>, even though RFCs require that such addresses be accepted. 486</p> 487 488<p> 489Examples: 490</p> 491 492<pre> 493<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = <> 494<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = postmaster@<a href="postconf.5.html#mydomain">mydomain</a> 495</pre> 496 497<p> 498This feature is available in Postfix 2.1 and later. 499</p> 500 501 502</DD> 503 504<DT><b><a name="address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> 505(default: $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b></DT><DD> 506 507<p> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter 508setting for address verification probes. </p> 509 510<p> This feature is available in Postfix 2.7 and later. </p> 511 512 513</DD> 514 515<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> 516(default: $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b></DT><DD> 517 518<p> 519Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address 520verification probes. 521</p> 522 523<p> 524This feature is available in Postfix 2.3 and later. 525</p> 526 527 528</DD> 529 530<DT><b><a name="address_verify_sender_ttl">address_verify_sender_ttl</a> 531(default: 0s)</b></DT><DD> 532 533<p> The time between changes in the time-dependent portion of address 534verification probe sender addresses. The time-dependent portion is 535appended to the localpart of the address specified with the 536<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> parameter. This feature is ignored when the 537probe sender addresses is the null sender, i.e. the <a href="postconf.5.html#address_verify_sender">address_verify_sender</a> 538value is empty or <>. </p> 539 540<p> Historically, the probe sender address was fixed. This has 541caused such addresses to end up on spammer mailing lists, and has 542resulted in wasted network and processing resources. </p> 543 544<p> To enable time-dependent probe sender addresses, specify a 545non-zero time value. Specify a value of at least several hours, 546to avoid problems with senders that use greylisting. Avoid nice 547TTL values, to make the result less predictable. </p> 548 549<p> Specify a non-negative time value (an integral value plus an optional 550one-letter suffix that specifies the time unit). Time units: s 551(seconds), m (minutes), h (hours), d (days), w (weeks). 552The default time unit is s (seconds). </p> 553 554<p> This feature is available in Postfix 2.9 and later. </p> 555 556 557</DD> 558 559<DT><b><a name="address_verify_service_name">address_verify_service_name</a> 560(default: verify)</b></DT><DD> 561 562<p> 563The name of the <a href="verify.8.html">verify(8)</a> address verification service. This service 564maintains the status of sender and/or recipient address verification 565probes, and generates probes on request by other Postfix processes. 566</p> 567 568 569</DD> 570 571<DT><b><a name="address_verify_transport_maps">address_verify_transport_maps</a> 572(default: $<a href="postconf.5.html#transport_maps">transport_maps</a>)</b></DT><DD> 573 574<p> 575Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address verification 576probes. 577</p> 578 579<p> 580This feature is available in Postfix 2.1 and later. 581</p> 582 583 584</DD> 585 586<DT><b><a name="address_verify_virtual_transport">address_verify_virtual_transport</a> 587(default: $<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b></DT><DD> 588 589<p> 590Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address 591verification probes. 592</p> 593 594<p> 595This feature is available in Postfix 2.1 and later. 596</p> 597 598 599</DD> 600 601<DT><b><a name="alias_database">alias_database</a> 602(default: see "postconf -d" output)</b></DT><DD> 603 604<p> 605The alias databases for <a href="local.8.html">local(8)</a> delivery that are updated with 606"<b>newaliases</b>" or with "<b>sendmail -bi</b>". 607</p> 608 609<p> 610This is a separate configuration parameter because not all the 611tables specified with $<a href="postconf.5.html#alias_maps">alias_maps</a> have to be local files. 612</p> 613 614<p> 615Examples: 616</p> 617 618<pre> 619<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases 620<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/mail/aliases 621</pre> 622 623 624</DD> 625 626<DT><b><a name="alias_maps">alias_maps</a> 627(default: see "postconf -d" output)</b></DT><DD> 628 629<p> 630Optional lookup tables that are searched only with an email address 631localpart (no domain) and that apply only to <a href="local.8.html">local(8)</a> recipients; 632this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that are often searched with a 633full email address (including domain) and that apply to all recipients: 634<a href="local.8.html">local(8)</a>, virtual, and remote. 635The <a href="postconf.5.html#alias_maps">alias_maps</a> table format and lookups are documented in <a href="aliases.5.html">aliases(5)</a>. 636For an overview of Postfix address manipulations see the 637<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. </p> 638 639<p> 640Specify zero or more "type:name" lookup tables, separated by 641whitespace or comma. Tables will be searched in the specified order 642until a match is found. 643Note: these lookups are recursive. 644</p> 645 646<p> 647The default list is system dependent. On systems with NIS, the 648default is to search the local alias database, then the NIS alias 649database. 650</p> 651 652<p> 653If you change the alias database, run "<b>postalias /etc/aliases</b>" 654(or wherever your system stores the mail alias file), or simply 655run "<b>newaliases</b>" to build the necessary DBM or DB file. 656</p> 657 658<p> 659The <a href="local.8.html">local(8)</a> delivery agent disallows regular expression substitution 660of $1 etc. in <a href="postconf.5.html#alias_maps">alias_maps</a>, because that would open a security hole. 661</p> 662 663<p> 664The <a href="local.8.html">local(8)</a> delivery agent will silently ignore requests to use 665the <a href="proxymap.8.html">proxymap(8)</a> server within <a href="postconf.5.html#alias_maps">alias_maps</a>. Instead it will open the 666table directly. Before Postfix version 2.2, the <a href="local.8.html">local(8)</a> delivery 667agent will terminate with a fatal error. 668</p> 669 670<p> 671Examples: 672</p> 673 674<pre> 675<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases, nis:mail.aliases 676<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases 677</pre> 678 679 680</DD> 681 682<DT><b><a name="allow_mail_to_commands">allow_mail_to_commands</a> 683(default: alias, forward)</b></DT><DD> 684 685<p> 686Restrict <a href="local.8.html">local(8)</a> mail delivery to external commands. The default 687is to disallow delivery to "|command" in :include: files (see 688<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 689</p> 690 691<p> 692Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 693in order to allow commands in <a href="aliases.5.html">aliases(5)</a>, .forward files or in 694:include: files, respectively. 695</p> 696 697<p> 698Example: 699</p> 700 701<pre> 702<a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> = alias,forward,include 703</pre> 704 705 706</DD> 707 708<DT><b><a name="allow_mail_to_files">allow_mail_to_files</a> 709(default: alias, forward)</b></DT><DD> 710 711<p> 712Restrict <a href="local.8.html">local(8)</a> mail delivery to external files. The default is 713to disallow "/file/name" destinations in :include: files (see 714<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 715</p> 716 717<p> 718Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 719in order to allow "/file/name" destinations in <a href="aliases.5.html">aliases(5)</a>, .forward 720files and in :include: files, respectively. 721</p> 722 723<p> 724Example: 725</p> 726 727<pre> 728<a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> = alias,forward,include 729</pre> 730 731 732</DD> 733 734<DT><b><a name="allow_min_user">allow_min_user</a> 735(default: no)</b></DT><DD> 736 737<p> 738Allow a sender or recipient address to have `-' as the first 739character. By 740default, this is not allowed, to avoid accidents with software that 741passes email addresses via the command line. Such software 742would not be able to distinguish a malicious address from a 743bona fide command-line option. Although this can be prevented by 744inserting a "--" option terminator into the command line, this is 745difficult to enforce consistently and globally. </p> 746 747<p> As of Postfix version 2.5, this feature is implemented by 748<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>. With earlier versions this feature was implemented 749by <a href="qmgr.8.html">qmgr(8)</a> and was limited to recipient addresses only. </p> 750 751 752</DD> 753 754<DT><b><a name="allow_percent_hack">allow_percent_hack</a> 755(default: yes)</b></DT><DD> 756 757<p> 758Enable the rewriting of the form "user%domain" to "user@domain". 759This is enabled by default. 760</p> 761 762<p> Note: as of Postfix version 2.2, message header address rewriting 763happens only when one of the following conditions is true: </p> 764 765<ul> 766 767<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 768 769<li> The message is received from a network client that matches 770$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 771 772<li> The message is received from the network, and the 773<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 774 775</ul> 776 777<p> To get the behavior before Postfix version 2.2, specify 778"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 779 780<p> 781Example: 782</p> 783 784<pre> 785<a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> = no 786</pre> 787 788 789</DD> 790 791<DT><b><a name="allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> 792(default: no)</b></DT><DD> 793 794<p> When SRV record lookup fails or no SRV record exists, fall back 795to MX or IP address lookup as if SRV record lookup was not enabled. <p> 796 797<p> This feature is available in Postfix 3.8 and later. </p> 798 799 800</DD> 801 802<DT><b><a name="allow_untrusted_routing">allow_untrusted_routing</a> 803(default: no)</b></DT><DD> 804 805<p> 806Forward mail with sender-specified routing (user[@%!]remote[@%!]site) 807from untrusted clients to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>. 808</p> 809 810<p> 811By default, this feature is turned off. This closes a nasty open 812relay loophole where a backup MX host can be tricked into forwarding 813junk mail to a primary MX host which then spams it out to the world. 814</p> 815 816<p> 817This parameter also controls if non-local addresses with sender-specified 818routing can match Postfix access tables. By default, such addresses 819cannot match Postfix access tables, because the address is ambiguous. 820</p> 821 822 823</DD> 824 825<DT><b><a name="alternate_config_directories">alternate_config_directories</a> 826(default: empty)</b></DT><DD> 827 828<p> 829A list of non-default Postfix configuration directories that may 830be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in the 831case of <a href="sendmail.1.html">sendmail(1)</a>, with the "-C" option), or via the MAIL_CONFIG 832environment parameter. 833</p> 834 835<p> 836This list must be specified in the default Postfix <a href="postconf.5.html">main.cf</a> file, 837and will be used by set-gid Postfix commands such as <a href="postqueue.1.html">postqueue(1)</a> 838and <a href="postdrop.1.html">postdrop(1)</a>. 839</p> 840 841<p> 842Specify absolute pathnames, separated by comma or space. Note: $name 843expansion is not supported. 844</p> 845 846 847</DD> 848 849<DT><b><a name="always_add_missing_headers">always_add_missing_headers</a> 850(default: no)</b></DT><DD> 851 852<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers 853when not present. Postfix 2.6 and later add these headers only 854when clients match the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter 855setting. Earlier Postfix versions always add these headers; this 856may break DKIM signatures that cover non-existent headers. 857The <a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> parameter setting determines 858whether a To: header will be added. </p> 859 860 861</DD> 862 863<DT><b><a name="always_bcc">always_bcc</a> 864(default: empty)</b></DT><DD> 865 866<p> 867Optional address that receives a "blind carbon copy" of each message 868that is received by the Postfix mail system. 869</p> 870 871<p> 872Note: with Postfix 2.3 and later the BCC address is added as if it 873was specified with NOTIFY=NONE. The sender will not be notified 874when the BCC address is undeliverable, as long as all down-stream 875software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>. 876</p> 877 878<p> 879Note: with Postfix 2.2 and earlier the sender will be notified 880when the BCC address is undeliverable. 881</p> 882 883<p> Note: automatic BCC recipients are produced only for new mail. 884To avoid mailer loops, automatic BCC recipients are not generated 885after Postfix forwards mail internally, or after Postfix generates 886mail itself. </p> 887 888<p> Note: automatic BCC recipients are subject to address 889canonicalization (add missing domain), <a href="postconf.5.html#canonical_maps">canonical_maps</a>, <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>, 890and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p> 891 892 893</DD> 894 895<DT><b><a name="anvil_rate_time_unit">anvil_rate_time_unit</a> 896(default: 60s)</b></DT><DD> 897 898<p> 899The time unit over which client connection rates and other rates 900are calculated. 901</p> 902 903<p> 904This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available 905in Postfix version 2.2 and later. 906</p> 907 908<p> 909The default interval is relatively short. Because of the high 910frequency of updates, the <a href="anvil.8.html">anvil(8)</a> server uses volatile memory 911only. Thus, information is lost whenever the process terminates. 912</p> 913 914<p> Specify a non-zero time value (an integral value plus an optional 915one-letter suffix that specifies the time unit). Time units: s 916(seconds), m (minutes), h (hours), d (days), w (weeks). 917The default time unit is s (seconds). </p> 918 919 920</DD> 921 922<DT><b><a name="anvil_status_update_time">anvil_status_update_time</a> 923(default: 600s)</b></DT><DD> 924 925<p> 926How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate limiting server 927logs peak usage information. 928</p> 929 930<p> Specify a non-zero time value (an integral value plus an optional 931one-letter suffix that specifies the time unit). Time units: s 932(seconds), m (minutes), h (hours), d (days), w (weeks). 933The default time unit is s (seconds). </p> 934 935<p> 936This feature is available in Postfix 2.2 and later. 937</p> 938 939 940</DD> 941 942<DT><b><a name="append_at_myorigin">append_at_myorigin</a> 943(default: yes)</b></DT><DD> 944 945<p> 946With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail 947addresses without domain information. With remotely submitted mail, 948append the string "@$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" instead. 949</p> 950 951<p> 952Note 1: this feature is enabled by default and must not be turned off. 953Postfix does not support domain-less addresses. 954</p> 955 956<p> Note 2: with Postfix version 2.2, message header address rewriting 957happens only when one of the following conditions is true: </p> 958 959<ul> 960 961<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 962 963<li> The message is received from a network client that matches 964$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 965 966<li> The message is received from the network, and the 967<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 968 969</ul> 970 971<p> To get the behavior before Postfix version 2.2, specify 972"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 973 974 975</DD> 976 977<DT><b><a name="append_dot_mydomain">append_dot_mydomain</a> 978(default: Postfix ≥ 3.0: no, Postfix < 3.0: yes)</b></DT><DD> 979 980<p> 981With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to 982addresses that have no ".domain" information. With remotely submitted 983mail, append the string ".$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" 984instead. 985</p> 986 987<p> 988Note 1: When disabled (Postfix 3.0 and later), users will not be 989able to send mail to "user@partialdomainname" but will have to 990specify full domain names instead. 991</p> 992 993<p> Note 2: with Postfix version 2.2, message header address rewriting 994happens only when one of the following conditions is true: </p> 995 996<ul> 997 998<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 999 1000<li> The message is received from a network client that matches 1001$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 1002 1003<li> The message is received from the network, and the 1004<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 1005 1006</ul> 1007 1008<p> To get the behavior before Postfix version 2.2, specify 1009"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 1010 1011 1012</DD> 1013 1014<DT><b><a name="application_event_drain_time">application_event_drain_time</a> 1015(default: 100s)</b></DT><DD> 1016 1017<p> 1018How long the <a href="postkick.1.html">postkick(1)</a> command waits for a request to enter the 1019Postfix daemon process input buffer before giving up. 1020</p> 1021 1022<p> Specify a non-zero time value (an integral value plus an optional 1023one-letter suffix that specifies the time unit). Time units: s 1024(seconds), m (minutes), h (hours), d (days), w (weeks). 1025The default time unit is s (seconds). </p> 1026 1027<p> 1028This feature is available in Postfix 2.1 and later. 1029</p> 1030 1031 1032</DD> 1033 1034<DT><b><a name="authorized_flush_users">authorized_flush_users</a> 1035(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 1036 1037<p> 1038List of users who are authorized to flush the queue. 1039</p> 1040 1041<p> 1042By default, all users are allowed to flush the queue. Access is 1043always granted if the invoking user is the super-user or the 1044$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 1045up in the system password file, and access is granted only if the 1046corresponding login name is on the access list. The username 1047"unknown" is used for processes whose real UID is not found in the 1048password file. </p> 1049 1050<p> 1051Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 1052separated by commas and/or whitespace. The list is matched left to 1053right, and the search stops on the first match. A "/file/name" 1054pattern is replaced 1055by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 1056matches a lookup key (the lookup result is ignored). Continue long 1057lines by starting the next line with whitespace. Specify "!pattern" 1058to exclude a name from the list. The form "!/file/name" is supported 1059only in Postfix version 2.4 and later. </p> 1060 1061<p> 1062This feature is available in Postfix 2.2 and later. 1063</p> 1064 1065 1066</DD> 1067 1068<DT><b><a name="authorized_mailq_users">authorized_mailq_users</a> 1069(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 1070 1071<p> 1072List of users who are authorized to view the queue. 1073</p> 1074 1075<p> 1076By default, all users are allowed to view the queue. Access is 1077always granted if the invoking user is the super-user or the 1078$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 1079up in the system password file, and access is granted only if the 1080corresponding login name is on the access list. The username 1081"unknown" is used for processes whose real UID is not found in the 1082password file. </p> 1083 1084<p> 1085Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 1086separated by commas and/or whitespace. The list is matched left to 1087right, and the search stops on the first match. A "/file/name" 1088pattern is replaced 1089by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 1090matches a lookup key (the lookup result is ignored). Continue long 1091lines by starting the next line with whitespace. Specify "!pattern" 1092to exclude a user name from the list. The form "!/file/name" is 1093supported only in Postfix version 2.4 and later. </p> 1094 1095<p> 1096This feature is available in Postfix 2.2 and later. 1097</p> 1098 1099 1100</DD> 1101 1102<DT><b><a name="authorized_submit_users">authorized_submit_users</a> 1103(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 1104 1105<p> 1106List of users who are authorized to submit mail with the <a href="sendmail.1.html">sendmail(1)</a> 1107command (and with the privileged <a href="postdrop.1.html">postdrop(1)</a> helper command). 1108</p> 1109 1110<p> 1111By default, all users are allowed to submit mail. Otherwise, the 1112real UID of the process is looked up in the system password file, 1113and access is granted only if the corresponding login name is on 1114the access list. The username "unknown" is used for processes 1115whose real UID is not found in the password file. To deny mail 1116submission access to all users specify an empty list. </p> 1117 1118<p> 1119Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 1120separated by commas and/or whitespace. The list is matched left to right, 1121and the search stops on the first match. A "/file/name" pattern is 1122replaced by its contents; 1123a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup key 1124(the lookup result is ignored). Continue long lines by starting the 1125next line with whitespace. Specify "!pattern" to exclude a user 1126name from the list. The form "!/file/name" is supported only in 1127Postfix version 2.4 and later. </p> 1128 1129<p> 1130Example: 1131</p> 1132 1133<pre> 1134<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = !www, <a href="DATABASE_README.html#types">static</a>:all 1135</pre> 1136 1137<p> 1138This feature is available in Postfix 2.2 and later. 1139</p> 1140 1141 1142</DD> 1143 1144<DT><b><a name="authorized_verp_clients">authorized_verp_clients</a> 1145(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 1146 1147<p> What remote SMTP clients are allowed to specify the XVERP command. 1148This command requests that mail be delivered one recipient at a 1149time with a per recipient return address. </p> 1150 1151<p> By default, only trusted clients are allowed to specify XVERP. 1152</p> 1153 1154<p> This parameter was introduced with Postfix version 1.1. Postfix 1155version 2.1 renamed this parameter to <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 1156and changed the default to none. </p> 1157 1158<p> Specify a list of network/netmask patterns, separated by commas 1159and/or whitespace. The mask specifies the number of bits in the 1160network part of a host address. You can also specify hostnames or 1161.domain names (the initial dot causes the domain to match any name 1162below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 1163pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 1164is matched when a table entry matches a lookup string (the lookup 1165result is ignored). Continue long lines by starting the next line 1166with whitespace. Specify "!pattern" to exclude an address or network 1167block from the list. The form "!/file/name" is supported only in 1168Postfix version 2.4 and later. </p> 1169 1170<p> Note: IP version 6 address information must be specified inside 1171<tt>[]</tt> in the <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> value, and in files 1172specified with "/file/name". IP version 6 addresses contain the 1173":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 1174pattern. </p> 1175 1176 1177</DD> 1178 1179<DT><b><a name="backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> 1180(default: yes)</b></DT><DD> 1181 1182<p> 1183Produce additional <a href="bounce.8.html">bounce(8)</a> logfile records that can be read by 1184Postfix versions before 2.0. The current and more extensible "name = 1185value" format is needed in order to implement more sophisticated 1186functionality. 1187</p> 1188 1189<p> 1190This feature is available in Postfix 2.1 and later. 1191</p> 1192 1193 1194</DD> 1195 1196<DT><b><a name="berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> 1197(default: 16777216)</b></DT><DD> 1198 1199<p> 1200The per-table I/O buffer size for programs that create Berkeley DB 1201hash or btree tables. Specify a byte count. 1202</p> 1203 1204<p> 1205This feature is available in Postfix 2.0 and later. 1206</p> 1207 1208 1209</DD> 1210 1211<DT><b><a name="berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> 1212(default: 131072)</b></DT><DD> 1213 1214<p> 1215The per-table I/O buffer size for programs that read Berkeley DB 1216hash or btree tables. Specify a byte count. 1217</p> 1218 1219<p> 1220This feature is available in Postfix 2.0 and later. 1221</p> 1222 1223 1224</DD> 1225 1226<DT><b><a name="best_mx_transport">best_mx_transport</a> 1227(default: empty)</b></DT><DD> 1228 1229<p> 1230Where the Postfix SMTP client should deliver mail when it detects 1231a "mail loops back to myself" error condition. This happens when 1232the local MTA is the best SMTP mail exchanger for a destination 1233not listed in $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 1234$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. By default, 1235the Postfix SMTP client returns such mail as undeliverable. 1236</p> 1237 1238<p> 1239Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail 1240from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You 1241can specify 1242any message delivery "transport" or "transport:nexthop" that is 1243defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page 1244for the syntax and meaning of "transport" or "transport:nexthop". 1245</p> 1246 1247<p> 1248However, this feature is expensive because it ties up a Postfix 1249SMTP client process while the <a href="local.8.html">local(8)</a> delivery agent is doing its 1250work. It is more efficient (for Postfix) to list all <a href="VIRTUAL_README.html#canonical">hosted domains</a> 1251in a table or database. 1252</p> 1253 1254 1255</DD> 1256 1257<DT><b><a name="biff">biff</a> 1258(default: yes)</b></DT><DD> 1259 1260<p> 1261Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service. This service sends 1262"new mail" notifications to users who have requested new mail 1263notification with the UNIX command "<a href="postconf.5.html#biff">biff</a> y". 1264</p> 1265 1266<p> 1267For compatibility reasons this feature is on by default. On systems 1268with lots of interactive users, the <a href="postconf.5.html#biff">biff</a> service can be a performance 1269drain. Specify "<a href="postconf.5.html#biff">biff</a> = no" in <a href="postconf.5.html">main.cf</a> to disable. 1270</p> 1271 1272 1273</DD> 1274 1275<DT><b><a name="body_checks">body_checks</a> 1276(default: empty)</b></DT><DD> 1277 1278<p> Optional lookup tables for content inspection as specified in 1279the <a href="header_checks.5.html">body_checks(5)</a> manual page. </p> 1280 1281<p> Note: with Postfix versions before 2.0, these rules inspect 1282all content after the primary message headers. </p> 1283 1284 1285</DD> 1286 1287<DT><b><a name="body_checks_size_limit">body_checks_size_limit</a> 1288(default: 51200)</b></DT><DD> 1289 1290<p> 1291How much text in a message body segment (or attachment, if you 1292prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection. 1293The amount of text is limited to avoid scanning huge attachments. 1294</p> 1295 1296<p> 1297This feature is available in Postfix 2.0 and later. 1298</p> 1299 1300 1301</DD> 1302 1303<DT><b><a name="bounce_notice_recipient">bounce_notice_recipient</a> 1304(default: postmaster)</b></DT><DD> 1305 1306<p> 1307The recipient of postmaster notifications with the message headers 1308of mail that Postfix did not deliver and of SMTP conversation 1309transcripts of mail that Postfix did not receive. This feature is 1310enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter. </p> 1311 1312 1313</DD> 1314 1315<DT><b><a name="bounce_queue_lifetime">bounce_queue_lifetime</a> 1316(default: 5d)</b></DT><DD> 1317 1318<p> 1319Consider a bounce message as undeliverable, when delivery fails 1320with a temporary error, and the time in the queue has reached the 1321<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit. By default, this limit is the same 1322as for regular mail. 1323</p> 1324 1325<p> Specify a non-negative time value (an integral value plus an optional 1326one-letter suffix that specifies the time unit). Time units: s 1327(seconds), m (minutes), h (hours), d (days), w (weeks). 1328The default time unit is d (days). </p> 1329 1330<p> 1331Specify 0 when mail delivery should be tried only once. 1332</p> 1333 1334<p> 1335This feature is available in Postfix 2.1 and later. 1336</p> 1337 1338 1339</DD> 1340 1341<DT><b><a name="bounce_service_name">bounce_service_name</a> 1342(default: bounce)</b></DT><DD> 1343 1344<p> 1345The name of the <a href="bounce.8.html">bounce(8)</a> service. This service maintains a record 1346of failed delivery attempts and generates non-delivery notifications. 1347</p> 1348 1349<p> 1350This feature is available in Postfix 2.0 and later. 1351</p> 1352 1353 1354</DD> 1355 1356<DT><b><a name="bounce_size_limit">bounce_size_limit</a> 1357(default: 50000)</b></DT><DD> 1358 1359<p> The maximal amount of original message text that is sent in a 1360non-delivery notification. Specify a byte count. A message is 1361returned as either message/rfc822 (the complete original) or as 1362text/rfc822-headers (the headers only). With Postfix version 2.4 1363and earlier, a message is always returned as message/rfc822 and is 1364truncated when it exceeds the size limit. 1365</p> 1366 1367<p> Notes: </p> 1368 1369<ul> 1370 1371<li> <p> If you increase this limit, then you should increase the 1372<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p> 1373 1374<li> <p> Be careful when making changes. Excessively large values 1375will result in the loss of non-delivery notifications, when a bounce 1376message size exceeds a local or remote MTA's message size limit. 1377</p> 1378 1379</ul> 1380 1381 1382</DD> 1383 1384<DT><b><a name="bounce_template_file">bounce_template_file</a> 1385(default: empty)</b></DT><DD> 1386 1387<p> Pathname of a configuration file with bounce message templates. 1388These override the built-in templates of delivery status notification 1389(DSN) messages for undeliverable mail, delayed mail, successful 1390delivery, or delivery verification. The <a href="bounce.5.html">bounce(5)</a> manual page 1391describes how to edit and test template files. </p> 1392 1393<p> Template message body text may contain $name references to 1394Postfix configuration parameters. The result of $name expansion can 1395be previewed with "<b>postconf -b <i>file_name</i></b>" before the file 1396is placed into the Postfix configuration directory. </p> 1397 1398<p> This feature is available in Postfix 2.3 and later. </p> 1399 1400 1401</DD> 1402 1403<DT><b><a name="broken_sasl_auth_clients">broken_sasl_auth_clients</a> 1404(default: no)</b></DT><DD> 1405 1406<p> 1407Enable interoperability with remote SMTP clients that implement an obsolete 1408version of the AUTH command (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients 1409are MicroSoft Outlook Express version 4 and MicroSoft Exchange 1410version 5.0. 1411</p> 1412 1413<p> 1414Specify "<a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes" to have Postfix advertise 1415AUTH support in a non-standard way. 1416</p> 1417 1418 1419</DD> 1420 1421<DT><b><a name="canonical_classes">canonical_classes</a> 1422(default: envelope_sender, envelope_recipient, header_sender, header_recipient)</b></DT><DD> 1423 1424<p> What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping. 1425By default, <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping is applied to envelope 1426sender and recipient addresses, and to header sender and header 1427recipient addresses. </p> 1428 1429<p> Specify one or more of: envelope_sender, envelope_recipient, 1430header_sender, header_recipient </p> 1431 1432<p> This feature is available in Postfix 2.2 and later. </p> 1433 1434 1435</DD> 1436 1437<DT><b><a name="canonical_maps">canonical_maps</a> 1438(default: empty)</b></DT><DD> 1439 1440<p> 1441Optional address mapping lookup tables for message headers and 1442envelopes. The mapping is applied to both sender and recipient 1443addresses, in both envelopes and in headers, as controlled 1444with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used 1445to clean up dirty addresses from legacy mail systems, or to replace 1446login names by Firstname.Lastname. The table format and lookups 1447are documented in <a href="canonical.5.html">canonical(5)</a>. For an overview of Postfix address 1448manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 1449</p> 1450 1451<p> 1452Specify zero or more "type:name" lookup tables, separated by 1453whitespace or comma. Tables will be searched in the specified order 1454until a match is found. 1455Note: these lookups are recursive. 1456</p> 1457 1458<p> 1459If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to 1460build the necessary DBM or DB file after every change. The changes 1461will become visible after a minute or so. Use "<b>postfix reload</b>" 1462to eliminate the delay. 1463</p> 1464 1465<p> Note: with Postfix version 2.2, message header address mapping 1466happens only when message header address rewriting is enabled: </p> 1467 1468<ul> 1469 1470<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 1471 1472<li> The message is received from a network client that matches 1473$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 1474 1475<li> The message is received from the network, and the 1476<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 1477 1478</ul> 1479 1480<p> To get the behavior before Postfix version 2.2, specify 1481"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 1482 1483<p> 1484Examples: 1485</p> 1486 1487<pre> 1488<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/canonical 1489<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical 1490</pre> 1491 1492 1493</DD> 1494 1495<DT><b><a name="cleanup_replace_stray_cr_lf">cleanup_replace_stray_cr_lf</a> 1496(default: yes)</b></DT><DD> 1497 1498<p> Replace each stray <CR> or <LF> character in message 1499content with a space character, to prevent outbound SMTP smuggling, 1500and to make the evaluation of Postfix-added DKIM or other signatures 1501independent from how a remote mail server handles such characters. 1502</p> 1503 1504<p> SMTP does not allow such characters unless they are part of a 1505<CR><LF> sequence, and different mail systems handle 1506such stray characters in an implementation-dependent manner. Stray 1507<CR> or <LF> characters could be used for outbound 1508SMTP smuggling, where an attacker uses a Postfix server to send 1509message content with a non-standard End-of-DATA sequence that 1510triggers inbound SMTP smuggling at a remote SMTP server.</p> 1511 1512<p> The replacement happens before all other content management, 1513and before Postfix may add a DKIM etc. signature; if the signature 1514were created first, the replacement could invalidate the signature. 1515</p> 1516 1517<p> In addition to preventing SMTP smuggling, replacing stray 1518<CR> or <LF> characters ensures that the result of 1519signature validation by later mail system will not depend on how 1520that mail system handles those stray characters in an 1521implementation-dependent manner. </p> 1522 1523<p> Note: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> = 1524<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 1525 1526<p> This feature is available in Postfix ≥ 3.9, 3.8.5, 3.7.10, 15273.6.14, and 3.5.24. </p> 1528 1529 1530</DD> 1531 1532<DT><b><a name="cleanup_service_name">cleanup_service_name</a> 1533(default: cleanup)</b></DT><DD> 1534 1535<p> 1536The name of the <a href="cleanup.8.html">cleanup(8)</a> service. This service rewrites addresses 1537into the standard form, and performs <a href="canonical.5.html">canonical(5)</a> address mapping 1538and <a href="virtual.5.html">virtual(5)</a> aliasing. 1539</p> 1540 1541<p> 1542This feature is available in Postfix 2.0 and later. 1543</p> 1544 1545 1546</DD> 1547 1548<DT><b><a name="command_directory">command_directory</a> 1549(default: see "postconf -d" output)</b></DT><DD> 1550 1551<p> 1552The location of all postfix administrative commands. 1553</p> 1554 1555 1556</DD> 1557 1558<DT><b><a name="command_execution_directory">command_execution_directory</a> 1559(default: empty)</b></DT><DD> 1560 1561<p> The <a href="local.8.html">local(8)</a> delivery agent working directory for delivery to 1562external commands. Failure to change directory causes the delivery 1563to be deferred. </p> 1564 1565<p> The <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> value is not subject to Postfix 1566configuration parameter $name expansion. Instead, the following 1567$name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> before the 1568directory is used. Expansion happens in the context 1569of the delivery request. The result of $name expansion is filtered 1570with the character set that is specified with the 1571<a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> parameter. </p> 1572 1573<dl> 1574 1575<dt><b>$user</b></dt> 1576 1577<dd>The recipient's username. </dd> 1578 1579<dt><b>$shell</b></dt> 1580 1581<dd>The recipient's login shell pathname. </dd> 1582 1583<dt><b>$home</b></dt> 1584 1585<dd>The recipient's home directory. </dd> 1586 1587<dt><b>$recipient</b></dt> 1588 1589<dd>The full recipient address. </dd> 1590 1591<dt><b>$extension</b></dt> 1592 1593<dd>The optional recipient address extension. </dd> 1594 1595<dt><b>$domain</b></dt> 1596 1597<dd>The recipient domain. </dd> 1598 1599<dt><b>$local</b></dt> 1600 1601<dd>The entire recipient localpart. </dd> 1602 1603<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 1604 1605<dd>The address extension delimiter that was found in the recipient 1606address (Postfix 2.11 and later), or the system-wide recipient 1607address extension delimiter (Postfix 2.10 and earlier). </dd> 1608 1609<dt><b>${name?value}</b></dt> 1610 1611<dt><b>${name?{value}}</b> (Postfix ≥ 3.0)</dt> 1612 1613<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1614 1615<dt><b>${name:value}</b></dt> 1616 1617<dt><b>${name:{value}}</b> (Postfix ≥ 3.0)</dt> 1618 1619<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1620 1621<dt><b>${name?{value1}:{value2}}</b> (Postfix ≥ 3.0)</dt> 1622 1623<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty, 1624<i>value2</i> otherwise. </dd> 1625 1626</dl> 1627 1628<p> 1629Instead of $name you can also specify ${name} or $(name). 1630</p> 1631 1632<p> This feature is available in Postfix 2.2 and later. </p> 1633 1634 1635</DD> 1636 1637<DT><b><a name="command_expansion_filter">command_expansion_filter</a> 1638(default: see "postconf -d" output)</b></DT><DD> 1639 1640<p> 1641Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 1642$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. 1643Characters outside the 1644allowed set are replaced by underscores. 1645</p> 1646 1647 1648</DD> 1649 1650<DT><b><a name="command_time_limit">command_time_limit</a> 1651(default: 1000s)</b></DT><DD> 1652 1653<p> 1654Time limit for delivery to external commands. This limit is used 1655by the <a href="local.8.html">local(8)</a> delivery agent, and is the default time limit for 1656delivery by the <a href="pipe.8.html">pipe(8)</a> delivery agent. 1657</p> 1658 1659<p> 1660Note: if you set this time limit to a large value you must update the 1661global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter as well. 1662</p> 1663 1664 1665</DD> 1666 1667<DT><b><a name="compatibility_level">compatibility_level</a> 1668(default: 0)</b></DT><DD> 1669 1670<p> A safety net that causes Postfix to run with backwards-compatible 1671default settings after an upgrade to a newer Postfix version. </p> 1672 1673<p> With backwards compatibility turned on (the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#compatibility_level">compatibility_level</a> 1674value is less than the Postfix built-in value), Postfix looks for 1675settings that are left at their implicit default value, and logs a 1676message when a backwards-compatible default setting is required. 1677</p> 1678 1679<blockquote> 1680<pre> 1681using backwards-compatible default setting <i>name=value</i> 1682 to [accept a specific client request] 1683 1684using backwards-compatible default setting <i>name=value</i> 1685 to [enable specific Postfix behavior] 1686</pre> 1687</blockquote> 1688 1689<p> See <a href="COMPATIBILITY_README.html">COMPATIBILITY_README</a> for specific message details. If such 1690a message is logged in the context of a legitimate request, the 1691system administrator should make the backwards-compatible setting 1692permanent in <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a>, for example: </p> 1693 1694<blockquote> 1695<pre> 1696# <b>postconf</b> <i>name=value</i> 1697# <b>postfix reload</b> 1698</pre> 1699</blockquote> 1700 1701<p> When no more backwards-compatible settings need to be made 1702permanent, the administrator should turn off backwards compatibility 1703by updating the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting in <a href="postconf.5.html">main.cf</a>:</p> 1704 1705<blockquote> 1706<pre> 1707# <b>postconf <a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>N</i></b> 1708# <b>postfix reload</b> 1709</pre> 1710</blockquote> 1711 1712<p> For <i>N</i> specify the number that is logged in your <a href="postfix.1.html">postfix(1)</a> 1713warning message: </p> 1714 1715<blockquote> 1716<pre> 1717warning: To disable backwards compatibility use "postconf 1718 <a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>N</i>" and "postfix reload" 1719</pre> 1720</blockquote> 1721 1722<p> Starting with Postfix version 3.6, the compatibility level in 1723the above warning message is the Postfix version that introduced 1724the last incompatible change. The level is formatted as 1725<i>major.minor.patch</i>, where <i>patch</i> is usually omitted and 1726defaults to zero. Earlier compatibility levels are 0, 1 and 2. </p> 1727 1728<p> NOTE: this also introduces support for the "<level", 1729"<=level", and other operators to compare compatibility levels. 1730With the standard operators "<", "<=", etc., compatibility 1731level "3.10" would be smaller than "3.9" which is undesirable. </p> 1732 1733<p> This feature is available in Postfix 3.0 and later. </p> 1734 1735 1736</DD> 1737 1738<DT><b><a name="config_directory">config_directory</a> 1739(default: see "postconf -d" output)</b></DT><DD> 1740 1741<p> The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> 1742configuration files. This can be overruled via the following 1743mechanisms: </p> 1744 1745<ul> 1746 1747<li> <p> The MAIL_CONFIG environment variable (daemon processes 1748and commands). </p> 1749 1750<li> <p> The "-c" command-line option (commands only). </p> 1751 1752</ul> 1753 1754<p> With Postfix commands that run with set-gid privileges, a 1755<a href="postconf.5.html#config_directory">config_directory</a> override either requires root privileges, or it 1756requires that the directory is listed with the <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> 1757parameter in the default <a href="postconf.5.html">main.cf</a> file. </p> 1758 1759 1760</DD> 1761 1762<DT><b><a name="confirm_delay_cleared">confirm_delay_cleared</a> 1763(default: no)</b></DT><DD> 1764 1765<p> After sending a "your message is delayed" notification, inform 1766the sender when the delay clears up. This can result in a sudden 1767burst of notifications at the end of a prolonged network outage, 1768and is therefore disabled by default. </p> 1769 1770<p> See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>. </p> 1771 1772<p> This feature is available in Postfix 3.0 and later. </p> 1773 1774 1775</DD> 1776 1777<DT><b><a name="connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> 1778(default: 5s)</b></DT><DD> 1779 1780<p> Time limit for connection cache connect, send or receive 1781operations. The time limit is enforced in the client. </p> 1782 1783<p> This feature is available in Postfix 2.3 and later. </p> 1784 1785 1786</DD> 1787 1788<DT><b><a name="connection_cache_service_name">connection_cache_service_name</a> 1789(default: scache)</b></DT><DD> 1790 1791<p> The name of the <a href="scache.8.html">scache(8)</a> connection cache service. This service 1792maintains a limited pool of cached sessions. </p> 1793 1794<p> This feature is available in Postfix 2.2 and later. </p> 1795 1796 1797</DD> 1798 1799<DT><b><a name="connection_cache_status_update_time">connection_cache_status_update_time</a> 1800(default: 600s)</b></DT><DD> 1801 1802<p> How frequently the <a href="scache.8.html">scache(8)</a> server logs usage statistics with 1803connection cache hit and miss rates for logical destinations and for 1804physical endpoints. </p> 1805 1806 1807</DD> 1808 1809<DT><b><a name="connection_cache_ttl_limit">connection_cache_ttl_limit</a> 1810(default: 2s)</b></DT><DD> 1811 1812<p> The maximal time-to-live value that the <a href="scache.8.html">scache(8)</a> connection 1813cache server 1814allows. Requests that specify a larger TTL will be stored with the 1815maximum allowed TTL. The purpose of this additional control is to 1816protect the infrastructure against careless people. The cache TTL 1817is already bounded by $<a href="postconf.5.html#max_idle">max_idle</a>. </p> 1818 1819 1820</DD> 1821 1822<DT><b><a name="content_filter">content_filter</a> 1823(default: empty)</b></DT><DD> 1824 1825<p> After the message is queued, send the entire message to the 1826specified <i>transport:destination</i>. The <i>transport</i> name 1827specifies the first field of a mail delivery agent definition in 1828<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described 1829in the manual page of the corresponding delivery agent. More 1830information about external content filters is in the Postfix 1831<a href="FILTER_README.html">FILTER_README</a> file. </p> 1832 1833<p> Notes: </p> 1834 1835<ul> 1836 1837<li> <p> This setting has lower precedence than a FILTER action 1838that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a> 1839table. </p> 1840 1841<li> <p> The meaning of an empty next-hop filter <i>destination</i> 1842is version dependent. Postfix 2.7 and later will use the recipient 1843domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify 1844"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix 18452.6 or earlier, or specify a <a href="postconf.5.html#content_filter">content_filter</a> value with an explicit 1846next-hop <i>destination</i>. </p> 1847 1848</ul> 1849 1850 1851</DD> 1852 1853<DT><b><a name="cyrus_sasl_config_path">cyrus_sasl_config_path</a> 1854(default: empty)</b></DT><DD> 1855 1856<p> Search path for Cyrus SASL application configuration files, 1857currently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file. 1858Specify zero or more directories separated by a colon character, 1859or an empty value to use Cyrus SASL's built-in search path. </p> 1860 1861<p> Note: some Debian-based Postfix distributions ignore the 1862"<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter setting, and force Postfix to 1863open the file <code>/etc/postfix/sasl/smtpd.conf</code>. </p> 1864 1865<p> This feature is available in Postfix 2.5 and later when compiled 1866with Cyrus SASL 2.1.22 or later. </p> 1867 1868 1869</DD> 1870 1871<DT><b><a name="daemon_directory">daemon_directory</a> 1872(default: see "postconf -d" output)</b></DT><DD> 1873 1874<p> 1875The directory with Postfix support programs and daemon programs. 1876These should not be invoked directly by humans. The directory must 1877be owned by root. 1878</p> 1879 1880 1881</DD> 1882 1883<DT><b><a name="daemon_table_open_error_is_fatal">daemon_table_open_error_is_fatal</a> 1884(default: no)</b></DT><DD> 1885 1886<p> How a Postfix daemon process handles errors while opening lookup 1887tables: gradual degradation or immediate termination. </p> 1888 1889<dl> 1890 1891<dt> <b> no </b> (default) </dt> <dd> <p> Gradual degradation: a 1892daemon process logs a message of type "error" and continues execution 1893with reduced functionality. Features that do not depend on the 1894unavailable table will work normally, while features that depend 1895on the table will result in a type "warning" message. <br> When 1896the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter value contains the "data" class, the 1897Postfix SMTP server and client will report transcripts of sessions 1898with an error because a table is unavailable. </p> </dd> 1899 1900<dt> <b> yes </b> (historical behavior) </dt> <dd> <p> Immediate 1901termination: a daemon process logs a type "fatal" message and 1902terminates immediately. This option reduces the number of possible 1903code paths through Postfix, and may therefore be slightly more 1904secure than the default. </p> </dd> 1905 1906</dl> 1907 1908<p> For the sake of sanity, the number of type "error" messages is 1909limited to 13 over the lifetime of a daemon process. </p> 1910 1911<p> This feature is available in Postfix 2.9 and later. </p> 1912 1913 1914</DD> 1915 1916<DT><b><a name="daemon_timeout">daemon_timeout</a> 1917(default: 18000s)</b></DT><DD> 1918 1919<p> How much time a Postfix daemon process may take to handle a 1920request before it is terminated by a built-in watchdog timer. </p> 1921 1922<p> Specify a non-zero time value (an integral value plus an optional 1923one-letter suffix that specifies the time unit). Time units: s 1924(seconds), m (minutes), h (hours), d (days), w (weeks). 1925The default time unit is s (seconds). </p> 1926 1927 1928</DD> 1929 1930<DT><b><a name="data_directory">data_directory</a> 1931(default: see "postconf -d" output)</b></DT><DD> 1932 1933<p> The directory with Postfix-writable data files (for example: 1934caches, pseudo-random numbers). This directory must be owned by 1935the <a href="postconf.5.html#mail_owner">mail_owner</a> account, and must not be shared with non-Postfix 1936software. </p> 1937 1938<p> This feature is available in Postfix 2.5 and later. </p> 1939 1940 1941</DD> 1942 1943<DT><b><a name="debug_peer_level">debug_peer_level</a> 1944(default: 2)</b></DT><DD> 1945 1946<p> The increment in verbose logging level when a nexthop destination, 1947remote client or server name or network address matches a pattern 1948given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p> 1949 1950<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p> 1951 1952 1953</DD> 1954 1955<DT><b><a name="debug_peer_list">debug_peer_list</a> 1956(default: empty)</b></DT><DD> 1957 1958<p> Optional list of nexthop destination, remote client or server 1959name or network address patterns that, if matched, cause the verbose 1960logging level to increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. 1961</p> 1962 1963<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p> 1964 1965<p> Specify domain names, network/netmask patterns, "/file/name" 1966patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result 1967from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. </p> 1968 1969<p> Pattern matching of domain names is controlled by the presence 1970or absence of "<a href="postconf.5.html#debug_peer_list">debug_peer_list</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 1971parameter value. </p> 1972 1973<p> 1974Examples: 1975</p> 1976 1977<pre> 1978<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1 1979<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = example.com 1980</pre> 1981 1982 1983</DD> 1984 1985<DT><b><a name="debugger_command">debugger_command</a> 1986(default: empty)</b></DT><DD> 1987 1988<p> 1989The external command to execute when a Postfix daemon program is 1990invoked with the -D option. 1991</p> 1992 1993<p> 1994Use "command .. & sleep 5" so that the debugger can attach before 1995the process marches on. If you use an X-based debugger, be sure to 1996set up your XAUTHORITY environment variable before starting Postfix. 1997</p> 1998 1999<p> 2000Note: the command is subject to $name expansion, before it is 2001passed to the default command interpreter. Specify "$$" to 2002produce a single "$" character. 2003</p> 2004 2005<p> 2006Example: 2007</p> 2008 2009<pre> 2010<a href="postconf.5.html#debugger_command">debugger_command</a> = 2011 PATH=/usr/bin:/usr/X11R6/bin 2012 ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> & sleep 5 2013</pre> 2014 2015 2016</DD> 2017 2018<DT><b><a name="default_database_type">default_database_type</a> 2019(default: see "postconf -d" output)</b></DT><DD> 2020 2021<p> 2022The default database type for use in <a href="newaliases.1.html">newaliases(1)</a>, <a href="postalias.1.html">postalias(1)</a> 2023and <a href="postmap.1.html">postmap(1)</a> commands. On many UNIX systems the default type is 2024either <b>dbm</b> or <b>hash</b>. The default setting is frozen 2025when the Postfix system is built. 2026</p> 2027 2028<p> 2029Examples: 2030</p> 2031 2032<pre> 2033<a href="postconf.5.html#default_database_type">default_database_type</a> = hash 2034<a href="postconf.5.html#default_database_type">default_database_type</a> = dbm 2035</pre> 2036 2037 2038</DD> 2039 2040<DT><b><a name="default_delivery_slot_cost">default_delivery_slot_cost</a> 2041(default: 5)</b></DT><DD> 2042 2043<p> 2044How often the Postfix queue manager's scheduler is allowed to 2045preempt delivery of one message with another. 2046</p> 2047 2048<p> 2049Each transport maintains a so-called "available delivery slot counter" 2050for each message. One message can be preempted by another one when 2051the other message can be delivered using no more delivery slots 2052(i.e., invocations of delivery agents) than the current message 2053counter has accumulated (or will eventually accumulate - see about 2054slot loans below). This parameter controls how often the counter is 2055incremented - it happens after each <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 2056recipients have been delivered. 2057</p> 2058 2059<p> 2060The cost of 0 is used to disable the preempting scheduling completely. 2061The minimum value the scheduling algorithm can use is 2 - use it 2062if you want to maximize the message throughput rate. Although there 2063is no maximum, it doesn't make much sense to use values above say 206450. 2065</p> 2066 2067<p> 2068The only reason why the value of 2 is not the default is the way 2069this parameter affects the delivery of mailing-list mail. In the 2070worst case, delivery can take somewhere between (cost+1/cost) 2071and (cost/cost-1) times more than if the preemptive scheduler was 2072disabled. The default value of 5 turns out to provide reasonable 2073message response times while making sure the mailing-list deliveries 2074are not extended by more than 20-25 percent even in the worst case. 2075</p> 2076 2077<p> Use <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> to specify a 2078transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2079name of the message delivery transport. 2080</p> 2081 2082<p> 2083Examples: 2084</p> 2085 2086<pre> 2087<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 0 2088<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 2 2089</pre> 2090 2091 2092</DD> 2093 2094<DT><b><a name="default_delivery_slot_discount">default_delivery_slot_discount</a> 2095(default: 50)</b></DT><DD> 2096 2097<p> 2098The default value for transport-specific _delivery_slot_discount 2099settings. 2100</p> 2101 2102<p> 2103This parameter speeds up the moment when a message preemption can 2104happen. Instead of waiting until the full amount of delivery slots 2105required is available, the preemption can happen when 2106<a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> percent of the required amount 2107plus <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> still remains to be accumulated. 2108Note that the full amount will still have to be accumulated before 2109another preemption can take place later. 2110</p> 2111 2112<p> Use <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> to specify a 2113transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2114name of the message delivery transport. 2115</p> 2116 2117 2118</DD> 2119 2120<DT><b><a name="default_delivery_slot_loan">default_delivery_slot_loan</a> 2121(default: 3)</b></DT><DD> 2122 2123<p> 2124The default value for transport-specific _delivery_slot_loan 2125settings. 2126</p> 2127 2128<p> 2129This parameter speeds up the moment when a message preemption can 2130happen. Instead of waiting until the full amount of delivery slots 2131required is available, the preemption can happen when 2132<a href="postconf.5.html#transport_delivery_slot_discount">transport_delivery_slot_discount</a> percent of the required amount 2133plus <a href="postconf.5.html#transport_delivery_slot_loan">transport_delivery_slot_loan</a> still remains to be accumulated. 2134Note that the full amount will still have to be accumulated before 2135another preemption can take place later. 2136</p> 2137 2138<p> Use <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> to specify a 2139transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2140name of the message delivery transport. 2141</p> 2142 2143 2144</DD> 2145 2146<DT><b><a name="default_delivery_status_filter">default_delivery_status_filter</a> 2147(default: empty)</b></DT><DD> 2148 2149<p> Optional filter in Postfix delivery agents, to replace the 2150delivery status code or explanatory text of successful or unsuccessful 2151deliveries. This allows the replacement of a temporary error status 2152code (4.X.X) with a permanent error status code (5.X.X) or vice 2153versa, but does not allow 2154the replacement of a successful status code (2.X.X) with an 2155unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p> 2156 2157<p> Note: the (smtp|lmtp)_delivery_status_filter is applied only 2158once per recipient: when delivery is successful, when delivery is 2159rejected with 5XX, or when there are no more alternate MX or A 2160destinations. Use <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> or <a href="postconf.5.html#lmtp_reply_filter">lmtp_reply_filter</a> to inspect 2161responses for all delivery attempts. </p> 2162 2163<p> The following parameters can be used to implement a filter for 2164specific delivery agents: <a href="postconf.5.html#lmtp_delivery_status_filter">lmtp_delivery_status_filter</a>, 2165<a href="postconf.5.html#local_delivery_status_filter">local_delivery_status_filter</a>, <a href="postconf.5.html#pipe_delivery_status_filter">pipe_delivery_status_filter</a>, 2166<a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> or <a href="postconf.5.html#virtual_delivery_status_filter">virtual_delivery_status_filter</a>. These 2167parameters support the same filter syntax as described here. </p> 2168 2169<p> Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup table names, separated 2170by comma or whitespace. For each successful or unsuccessful delivery 2171to a recipient, the tables are queried in the specified order with 2172one line of text that is structured as follows: </p> 2173 2174<blockquote> 2175enhanced-status-code SPACE explanatory-text 2176</blockquote> 2177 2178<p> The first table match wins. The lookup result must have the 2179same structure as the query, a successful status code (2.X.X) must 2180be replaced with a successful status code, an unsuccessful status 2181code (4.X.X or 5.X.X) must be replaced with an unsuccessful status 2182code, and the explanatory text field must be non-empty. Other results 2183will result in a warning. </p> 2184 2185<p> Example 1: convert specific soft TLS errors into hard errors, 2186by overriding the first number in the enhanced status code. </p> 2187 2188<blockquote> 2189<pre> 2190/etc/postfix/<a href="postconf.5.html">main.cf</a>: 2191 <a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_dsn_filter 2192</pre> 2193</blockquote> 2194 2195<blockquote> 2196<pre> 2197/etc/postfix/smtp_dsn_filter: 2198 /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 2199 5$1 2200 /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 2201 5$1 2202 # Do not change the following into hard bounces. They may 2203 # result from a local configuration problem. 2204 # 4.\d+.\d+ TLS is required, but our TLS engine is unavailable 2205 # 4.\d+.\d+ TLS is required, but unavailable 2206 # 4.\d+.\d+ Cannot start TLS: handshake failure 2207</pre> 2208</blockquote> 2209 2210<p> Example 2: censor the per-recipient delivery status text so 2211that it does not reveal the destination command or filename 2212when a remote sender requests confirmation of successful delivery. 2213</p> 2214 2215<blockquote> 2216<pre> 2217/etc/postfix/<a href="postconf.5.html">main.cf</a>: 2218 <a href="postconf.5.html#local_delivery_status_filter">local_delivery_status_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/local_dsn_filter 2219</pre> 2220</blockquote> 2221 2222<blockquote> 2223<pre> 2224/etc/postfix/local_dsn_filter: 2225 /^(2\S+ delivered to file).+/ $1 2226 /^(2\S+ delivered to command).+/ $1 2227</pre> 2228</blockquote> 2229 2230<p> Notes: </p> 2231 2232<ul> 2233 2234<li> <p> This feature will NOT override the <a href="postconf.5.html#soft_bounce">soft_bounce</a> safety net. </p> 2235 2236<li> <p> This feature will change the enhanced status code and text 2237that is logged to the maillog file, and that is reported to the 2238sender in delivery confirmation or non-delivery notifications. 2239</p> 2240 2241</ul> 2242 2243<p> This feature is available in Postfix 3.0 and later. </p> 2244 2245 2246</DD> 2247 2248<DT><b><a name="default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 2249(default: 1)</b></DT><DD> 2250 2251<p> How many pseudo-cohorts must suffer connection or handshake 2252failure before a specific destination is considered unavailable 2253(and further delivery is suspended). Specify zero to disable this 2254feature. A destination's pseudo-cohort failure count is reset each 2255time a delivery completes without connection or handshake failure 2256for that specific destination. </p> 2257 2258<p> A pseudo-cohort is the number of deliveries equal to a destination's 2259delivery concurrency. </p> 2260 2261<p> Use <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> to specify 2262a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2263name of the message delivery transport. </p> 2264 2265<p> This feature is available in Postfix 2.5. The default setting 2266is compatible with earlier Postfix versions. </p> 2267 2268 2269</DD> 2270 2271<DT><b><a name="default_destination_concurrency_limit">default_destination_concurrency_limit</a> 2272(default: 20)</b></DT><DD> 2273 2274<p> 2275The default maximal number of parallel deliveries to the same 2276destination. This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, 2277<a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 2278With a per-destination recipient limit > 1, a destination is a domain, 2279otherwise it is a recipient. 2280</p> 2281 2282<p> Use <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> to specify a 2283transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2284name of the message delivery transport. 2285</p> 2286 2287 2288</DD> 2289 2290<DT><b><a name="default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> 2291(default: 1)</b></DT><DD> 2292 2293<p> The per-destination amount of delivery concurrency negative 2294feedback, after a delivery completes with a connection or handshake 2295failure. Feedback values are in the range 0..1 inclusive. With 2296negative feedback, concurrency is decremented at the beginning of 2297a sequence of length 1/feedback. This is unlike positive feedback, 2298where concurrency is incremented at the end of a sequence of length 22991/feedback. </p> 2300 2301<p> As of Postfix version 2.5, negative feedback cannot reduce 2302delivery concurrency to zero. Instead, a destination is marked 2303dead (further delivery suspended) after the failed pseudo-cohort 2304count reaches $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 2305(or $<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>). 2306To make the scheduler completely immune to connection or handshake 2307failures, specify a zero feedback value and a zero failed pseudo-cohort 2308limit. </p> 2309 2310<p> Specify one of the following forms: </p> 2311 2312<dl> 2313 2314<dt> <b><i>number</i> </b> </dt> 2315 2316<dt> <b><i>number</i> / <i>number</i> </b> </dt> 2317 2318<dd> Constant feedback. The value must be in the range 0..1 inclusive. 2319The default setting of "1" is compatible with Postfix versions 2320before 2.5, where a destination's delivery concurrency is throttled 2321down to zero (and further delivery suspended) after a single failed 2322pseudo-cohort. </dd> 2323 2324<dt> <b><i>number</i> / concurrency </b> </dt> 2325 2326<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 2327The <i>number</i> must be in the range 0..1 inclusive. With 2328<i>number</i> equal to "1", a destination's delivery concurrency 2329is decremented by 1 after each failed pseudo-cohort. </dd> 2330 2331</dl> 2332 2333<p> A pseudo-cohort is the number of deliveries equal to a destination's 2334delivery concurrency. </p> 2335 2336<p> Use <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 2337to specify a transport-specific override, where <i>transport</i> 2338is the <a href="master.5.html">master.cf</a> 2339name of the message delivery transport. </p> 2340 2341<p> This feature is available in Postfix 2.5. The default setting 2342is compatible with earlier Postfix versions. </p> 2343 2344 2345</DD> 2346 2347<DT><b><a name="default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> 2348(default: 1)</b></DT><DD> 2349 2350<p> The per-destination amount of delivery concurrency positive 2351feedback, after a delivery completes without connection or handshake 2352failure. Feedback values are in the range 0..1 inclusive. The 2353concurrency increases until it reaches the per-destination maximal 2354concurrency limit. With positive feedback, concurrency is incremented 2355at the end of a sequence with length 1/feedback. This is unlike 2356negative feedback, where concurrency is decremented at the start 2357of a sequence of length 1/feedback. </p> 2358 2359<p> Specify one of the following forms: </p> 2360 2361<dl> 2362 2363<dt> <b><i>number</i> </b> </dt> 2364 2365<dt> <b><i>number</i> / <i>number</i> </b> </dt> 2366 2367<dd> Constant feedback. The value must be in the range 0..1 2368inclusive. The default setting of "1" is compatible with Postfix 2369versions before 2.5, where a destination's delivery concurrency 2370doubles after each successful pseudo-cohort. </dd> 2371 2372<dt> <b><i>number</i> / concurrency </b> </dt> 2373 2374<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 2375The <i>number</i> must be in the range 0..1 inclusive. With 2376<i>number</i> equal to "1", a destination's delivery concurrency 2377is incremented by 1 after each successful pseudo-cohort. </dd> 2378 2379</dl> 2380 2381<p> A pseudo-cohort is the number of deliveries equal to a destination's 2382delivery concurrency. </p> 2383 2384<p> Use <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 2385to specify a transport-specific override, where <i>transport</i> 2386is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p> 2387 2388<p> This feature is available in Postfix 2.5 and later. </p> 2389 2390 2391</DD> 2392 2393<DT><b><a name="default_destination_rate_delay">default_destination_rate_delay</a> 2394(default: 0s)</b></DT><DD> 2395 2396<p> The default amount of delay that is inserted between individual 2397message deliveries to the same destination and over the same message 2398delivery transport. Specify a non-zero value to rate-limit those 2399message deliveries to at most one per $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>. 2400</p> 2401 2402<p> The resulting behavior depends on the value of the corresponding 2403per-destination recipient limit. 2404 2405</p> 2406 2407<ul> 2408 2409<li> <p> With a corresponding per-destination recipient limit > 24101, the rate delay specifies the time between deliveries to the 2411<i>same domain</i>. Different domains are delivered in parallel, 2412subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p> 2413 2414<li> <p> With a corresponding per-destination recipient limit equal 2415to 1, the rate delay specifies the time between deliveries to the 2416<i>same recipient</i>. Different recipients are delivered in 2417parallel, subject to the process limits specified in <a href="master.5.html">master.cf</a>. 2418</p> 2419 2420</ul> 2421 2422<p> To enable the delay, specify a non-zero time value (an integral 2423value plus an optional one-letter suffix that specifies the time 2424unit). </p> 2425 2426<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 2427(weeks). The default time unit is s (seconds). </p> 2428 2429<p> NOTE: the delay is enforced by the queue manager. The delay 2430timer state does not survive "<b>postfix reload</b>" or "<b>postfix 2431stop</b>". 2432</p> 2433 2434<p> Use <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> to specify a 2435transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2436name of the message delivery transport. 2437</p> 2438 2439<p> NOTE: with a non-zero _destination_rate_delay, specify a 2440<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> of 10 2441or more to prevent Postfix from deferring all mail for the same 2442destination after only one connection or handshake error. </p> 2443 2444<p> This feature is available in Postfix 2.5 and later. </p> 2445 2446 2447</DD> 2448 2449<DT><b><a name="default_destination_recipient_limit">default_destination_recipient_limit</a> 2450(default: 50)</b></DT><DD> 2451 2452<p> 2453The default maximal number of recipients per message delivery. 2454This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, <a href="pipe.8.html">pipe(8)</a>, 2455<a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 2456</p> 2457 2458<p> Setting this parameter to a value of 1 affects email deliveries 2459as follows:</p> 2460 2461<ul> 2462 2463<li> <p> It changes the meaning of the corresponding per-destination 2464concurrency limit, from concurrency of deliveries to the <i>same 2465domain</i> into concurrency of deliveries to the <i>same recipient</i>. 2466Different recipients are delivered in parallel, subject to the 2467process limits specified in <a href="master.5.html">master.cf</a>. </p> 2468 2469<li> <p> It changes the meaning of the corresponding per-destination 2470rate delay, from the delay between deliveries to the <i>same 2471domain</i> into the delay between deliveries to the <i>same 2472recipient</i>. Again, different recipients are delivered in parallel, 2473subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p> 2474 2475<li> <p> It changes the meaning of other corresponding per-destination 2476settings in a similar manner, from settings for delivery to the 2477<i>same domain</i> into settings for delivery to the <i>same 2478recipient</i>. 2479 2480</ul> 2481 2482<p> Use <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> to specify a 2483transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2484name of the message delivery transport. 2485</p> 2486 2487 2488</DD> 2489 2490<DT><b><a name="default_extra_recipient_limit">default_extra_recipient_limit</a> 2491(default: 1000)</b></DT><DD> 2492 2493<p> 2494The default value for the extra per-transport limit imposed on the 2495number of in-memory recipients. This extra recipient space is 2496reserved for the cases when the Postfix queue manager's scheduler 2497preempts one message with another and suddenly needs some extra 2498recipient slots for the chosen message in order to avoid performance 2499degradation. 2500</p> 2501 2502<p> Use <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> to specify a 2503transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2504name of the message delivery transport. 2505</p> 2506 2507 2508</DD> 2509 2510<DT><b><a name="default_filter_nexthop">default_filter_nexthop</a> 2511(default: empty)</b></DT><DD> 2512 2513<p> When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit 2514next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when 2515that value is empty, use the domain in the recipient address. 2516Specify "<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility 2517with Postfix version 2.6 and earlier, or specify an explicit next-hop 2518destination with each <a href="postconf.5.html#content_filter">content_filter</a> value or FILTER action. </p> 2519 2520<p> This feature is available in Postfix 2.7 and later. </p> 2521 2522 2523</DD> 2524 2525<DT><b><a name="default_minimum_delivery_slots">default_minimum_delivery_slots</a> 2526(default: 3)</b></DT><DD> 2527 2528<p> 2529How many recipients a message must have in order to invoke the 2530Postfix queue manager's scheduling algorithm at all. Messages 2531which would never accumulate at least this many delivery slots 2532(subject to slot cost parameter as well) are never preempted. 2533</p> 2534 2535<p> Use <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> to specify a 2536transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2537name of the message delivery transport. 2538</p> 2539 2540 2541</DD> 2542 2543<DT><b><a name="default_privs">default_privs</a> 2544(default: nobody)</b></DT><DD> 2545 2546<p> 2547The default rights used by the <a href="local.8.html">local(8)</a> delivery agent for delivery 2548to an external file or command. These rights are used when delivery 2549is requested from an <a href="aliases.5.html">aliases(5)</a> file that is owned by <b>root</b>, or 2550when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A 2551PRIVILEGED USER OR THE POSTFIX OWNER</b>. 2552</p> 2553 2554 2555</DD> 2556 2557<DT><b><a name="default_process_limit">default_process_limit</a> 2558(default: 100)</b></DT><DD> 2559 2560<p> 2561The default maximal number of Postfix child processes that provide 2562a given service. This limit can be overruled for specific services 2563in the <a href="master.5.html">master.cf</a> file. 2564</p> 2565 2566 2567</DD> 2568 2569<DT><b><a name="default_rbl_reply">default_rbl_reply</a> 2570(default: see "postconf -d" output)</b></DT><DD> 2571 2572<p> 2573The default Postfix SMTP server response template for a request that is 2574rejected by an RBL-based restriction. This template can be overruled 2575by specific entries in the optional <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> lookup table. 2576</p> 2577 2578<p> 2579This feature is available in Postfix 2.0 and later. 2580</p> 2581 2582<p> 2583The template does not support Postfix configuration parameter $name 2584substitution. Instead, it supports exactly one level of $name 2585substitution for the following attributes: 2586</p> 2587 2588<dl> 2589 2590<dt><b>$client</b></dt> 2591 2592<dd>The client hostname and IP address, formatted as name[address]. </dd> 2593 2594<dt><b>$client_address</b></dt> 2595 2596<dd>The client IP address. </dd> 2597 2598<dt><b>$client_name</b></dt> 2599 2600<dd>The client hostname or "unknown". See <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 2601for more details. </dd> 2602 2603<dt><b>$reverse_client_name</b></dt> 2604 2605<dd>The client hostname from address->name lookup, or "unknown". 2606See <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> for more details. </dd> 2607 2608<dt><b>$helo_name</b></dt> 2609 2610<dd>The hostname given in HELO or EHLO command or empty string. </dd> 2611 2612<dt><b>$rbl_class</b></dt> 2613 2614<dd>The denylisted entity type: Client host, Helo command, Sender 2615address, or Recipient address. </dd> 2616 2617<dt><b>$rbl_code</b></dt> 2618 2619<dd>The numerical SMTP response code, as specified with the 2620<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical 2621SMTP response code is required, and must appear at the start of the 2622reply. With Postfix version 2.3 and later this information may be followed 2623by an <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd> 2624 2625<dt><b>$rbl_domain</b></dt> 2626 2627<dd>The RBL domain (without any <i>=address-filter</i>) where 2628$rbl_what is denylisted. </dd> 2629 2630<dt><b>$rbl_reason</b></dt> 2631 2632<dd>The reason why $rbl_what is denylisted, or an empty string. </dd> 2633 2634<dt><b>$rbl_what</b></dt> 2635 2636<dd>The entity that is denylisted (an IP address, a hostname, a domain 2637name, or an email address whose domain was denylisted). </dd> 2638 2639<dt><b>$recipient</b></dt> 2640 2641<dd>The recipient address or <> in case of the null address. </dd> 2642 2643<dt><b>$recipient_domain</b></dt> 2644 2645<dd>The recipient domain or empty string. </dd> 2646 2647<dt><b>$recipient_name</b></dt> 2648 2649<dd>The recipient address localpart or <> in case of null address. </dd> 2650 2651<dt><b>$sender</b></dt> 2652 2653<dd>The sender address or <> in case of the null address. </dd> 2654 2655<dt><b>$sender_domain</b></dt> 2656 2657<dd>The sender domain or empty string. </dd> 2658 2659<dt><b>$sender_name</b></dt> 2660 2661<dd>The sender address localpart or <> in case of the null address. </dd> 2662 2663<dt><b>${name?value}</b></dt> 2664 2665<dt><b>${name?{value}}</b> (Postfix ≥ 3.0)</dt> 2666 2667<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 2668 2669<dt><b>${name:value}</b></dt> 2670 2671<dt><b>${name:{value}}</b> (Postfix ≥ 3.0)</dt> 2672 2673<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 2674 2675<dt><b>${name?{value1}:{value2}}</b> (Postfix ≥ 3.0)</dt> 2676 2677<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty, 2678<i>value2</i> otherwise. </dd> 2679 2680</dl> 2681 2682<p> 2683Instead of $name you can also specify ${name} or $(name). 2684</p> 2685 2686<p> Note: when an enhanced status code is specified in an RBL reply 2687template, it is subject to modification. The following transformations 2688are needed when the same RBL response template is used for client, 2689helo, sender, or recipient access restrictions. </p> 2690 2691<ul> 2692 2693<li> <p> When rejecting a sender address, the Postfix SMTP server 2694will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the 2695corresponding sender DSN status, and vice versa. </p> 2696 2697<li> <p> When rejecting non-address information (such as the HELO 2698command argument or the client hostname/address), the Postfix SMTP 2699server will transform a sender or recipient DSN status into a generic 2700non-address DSN status (e.g., 4.0.0). </p> 2701 2702</ul> 2703 2704 2705</DD> 2706 2707<DT><b><a name="default_recipient_limit">default_recipient_limit</a> 2708(default: 20000)</b></DT><DD> 2709 2710<p> 2711The default per-transport upper limit on the number of in-memory 2712recipients. These limits take priority over the global 2713<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> after the message has been assigned 2714to the respective transports. See also <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 2715and <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>. 2716</p> 2717 2718<p> Use <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> to specify a 2719transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2720name of the message delivery transport. 2721</p> 2722 2723 2724</DD> 2725 2726<DT><b><a name="default_recipient_refill_delay">default_recipient_refill_delay</a> 2727(default: 5s)</b></DT><DD> 2728 2729<p> 2730The default per-transport maximum delay between refilling recipients. 2731When not all message recipients fit into memory at once, keep loading 2732more of them at least once every this many seconds. This is used to 2733make sure the recipients are refilled in a timely manner even when 2734$<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> is too high for too slow deliveries. 2735</p> 2736 2737<p> Use <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> to specify a 2738transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2739name of the message delivery transport. 2740</p> 2741 2742<p> This feature is available in Postfix 2.4 and later. </p> 2743 2744 2745</DD> 2746 2747<DT><b><a name="default_recipient_refill_limit">default_recipient_refill_limit</a> 2748(default: 100)</b></DT><DD> 2749 2750<p> 2751The default per-transport limit on the number of recipients refilled at 2752once. When not all message recipients fit into memory at once, keep 2753loading more of them in batches of at least this many at a time. See also 2754$<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>, which may result in recipient batches 2755lower than this when this limit is too high for too slow deliveries. 2756</p> 2757 2758<p> Use <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> to specify a 2759transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2760name of the message delivery transport. 2761</p> 2762 2763<p> This feature is available in Postfix 2.4 and later. </p> 2764 2765 2766</DD> 2767 2768<DT><b><a name="default_transport">default_transport</a> 2769(default: smtp)</b></DT><DD> 2770 2771<p> 2772The default mail delivery transport and next-hop destination for 2773the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> class: recipient domains that do not match 2774$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, 2775$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, 2776or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information will not be used when 2777<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> returns a result, and may 2778be overridden with the <a href="transport.5.html">transport(5)</a> table. </p> 2779 2780<p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> class: <p> 2781 2782<ul> 2783 2784<li> <p> In order of decreasing precedence, the delivery transport 2785is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) 2786$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. 2787</p> 2788 2789<li> <p> In order of decreasing precedence, the nexthop destination 2790is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) 2791$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>, 3) 2792$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient 2793domain. </p> 2794 2795</ul> 2796 2797<p> 2798Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 2799is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 2800The <i>:nexthop</i> destination is optional; its syntax is documented 2801in the manual page of the corresponding delivery agent. In the case of 2802SMTP or LMTP, specify one or more destinations separated by comma or 2803whitespace (with Postfix 3.5 and later). 2804</p> 2805 2806<p> 2807Example: 2808</p> 2809 2810<pre> 2811<a href="postconf.5.html#default_transport">default_transport</a> = uucp:relayhostname 2812</pre> 2813 2814 2815</DD> 2816 2817<DT><b><a name="default_transport_rate_delay">default_transport_rate_delay</a> 2818(default: 0s)</b></DT><DD> 2819 2820<p> The default amount of delay that is inserted between individual 2821message deliveries over the same message delivery transport, 2822regardless of destination. Specify a non-zero value to rate-limit 2823those message deliveries to at most one per $<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>. 2824</p> 2825 2826<p>Use <a href="postconf.5.html#transport_transport_rate_delay"><i>transport</i>_transport_rate_delay</a> to specify a 2827transport-specific override, where the initial <i>transport</i> is 2828the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p> 2829 2830<p> Example: throttle outbound SMTP mail to at most 3 deliveries 2831per minute. </p> 2832 2833<pre> 2834/etc/postfix/<a href="postconf.5.html">main.cf</a>: 2835 smtp_transport_rate_delay = 20s 2836</pre> 2837 2838<p> To enable the delay, specify a non-zero time value (an integral 2839value plus an optional one-letter suffix that specifies the time 2840unit). </p> 2841 2842<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 2843(weeks). The default time unit is s (seconds). </p> 2844 2845<p> NOTE: the delay is enforced by the queue manager. </p> 2846 2847<p> This feature is available in Postfix 3.1 and later. </p> 2848 2849 2850</DD> 2851 2852<DT><b><a name="default_verp_delimiters">default_verp_delimiters</a> 2853(default: +=)</b></DT><DD> 2854 2855<p> The two default VERP delimiter characters. These are used when 2856no explicit delimiters are specified with the SMTP XVERP command 2857or with the "<b>sendmail -XV</b>" command-line option (Postfix 2.2 2858and earlier: <b>-V</b>). Specify characters that are allowed by the 2859<a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> setting. 2860</p> 2861 2862<p> 2863This feature is available in Postfix 1.1 and later. 2864</p> 2865 2866 2867</DD> 2868 2869<DT><b><a name="defer_code">defer_code</a> 2870(default: 450)</b></DT><DD> 2871 2872<p> 2873The numerical Postfix SMTP server response code when a remote SMTP 2874client request is rejected by the "defer" restriction. 2875</p> 2876 2877<p> 2878Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 2879</p> 2880 2881 2882</DD> 2883 2884<DT><b><a name="defer_service_name">defer_service_name</a> 2885(default: defer)</b></DT><DD> 2886 2887<p> 2888The name of the defer service. This service is implemented by the 2889<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 2890of failed delivery attempts and generates non-delivery notifications. 2891</p> 2892 2893<p> 2894This feature is available in Postfix 2.0 and later. 2895</p> 2896 2897 2898</DD> 2899 2900<DT><b><a name="defer_transports">defer_transports</a> 2901(default: empty)</b></DT><DD> 2902 2903<p> 2904The names of message delivery transports that should not deliver mail 2905unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero 2906or more mail delivery transport names that appear in the 2907first field of <a href="master.5.html">master.cf</a>. 2908</p> 2909 2910<p> 2911Example: 2912</p> 2913 2914<pre> 2915<a href="postconf.5.html#defer_transports">defer_transports</a> = smtp 2916</pre> 2917 2918 2919</DD> 2920 2921<DT><b><a name="delay_logging_resolution_limit">delay_logging_resolution_limit</a> 2922(default: 2)</b></DT><DD> 2923 2924<p> The maximal number of digits after the decimal point when logging 2925delay values. Specify a number in the range 0..6. </p> 2926 2927<p> To improve readability, delays are logged with only a limited 2928number of significant digits: </p> 2929 2930<ul> 2931 2932<li> Delays ≥ 100s are rounded off to an integral number of 2933seconds. 2934 2935<li> Delays < 10<sup>-$<a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a></sup> are 2936rounded off to "0". 2937 2938<li> Other delays are rounded off to two significant digits, or 2939fewer if the result would exceed the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a>. 2940 2941</ul> 2942 2943<p> The format of the "delays=a/b/c/d" logging is as follows: </p> 2944 2945<ul> 2946 2947<li> a = Time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry. 2948 2949<li> b = Time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to the beginning of 2950connection setup. 2951 2952<li> c = Time in connection setup. With SMTP, that is the time 2953before sending the MAIL FROM command: with a new connection, that 2954includes DNS lookups, and protocol handshakes with TCP, EHLO, and 2955STARTTLS; with a reused connection, that includes DNS lookups, 2956connection cache lookup by domain or IP address, and a liveness 2957probe with RSET. 2958 2959<li> d = Time in message transmission. With SMTP, that starts with 2960sending MAIL FROM. 2961 2962</ul> 2963 2964<p> This feature is available in Postfix 2.3 and later. </p> 2965 2966 2967</DD> 2968 2969<DT><b><a name="delay_notice_recipient">delay_notice_recipient</a> 2970(default: postmaster)</b></DT><DD> 2971 2972<p> 2973The recipient of postmaster notifications with the message headers 2974of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time 2975units. </p> 2976 2977<p> 2978See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>. 2979</p> 2980 2981 2982</DD> 2983 2984<DT><b><a name="delay_warning_time">delay_warning_time</a> 2985(default: 0h)</b></DT><DD> 2986 2987<p> 2988The time after which the sender receives a copy of the message 2989headers of mail that is still queued. The <a href="postconf.5.html#confirm_delay_cleared">confirm_delay_cleared</a> 2990parameter controls sender notification when the delay clears up. 2991</p> 2992 2993<p> 2994To enable this feature, specify a non-zero time value (an integral 2995value plus an optional one-letter suffix that specifies the time 2996unit). 2997</p> 2998 2999<p> 3000Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3001The default time unit is h (hours). 3002</p> 3003 3004<p> 3005See also: <a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>, <a href="postconf.5.html#confirm_delay_cleared">confirm_delay_cleared</a>. 3006</p> 3007 3008 3009</DD> 3010 3011<DT><b><a name="deliver_lock_attempts">deliver_lock_attempts</a> 3012(default: 20)</b></DT><DD> 3013 3014<p> 3015The maximal number of attempts to acquire an exclusive lock on a 3016mailbox file or <a href="bounce.8.html">bounce(8)</a> logfile. 3017</p> 3018 3019 3020</DD> 3021 3022<DT><b><a name="deliver_lock_delay">deliver_lock_delay</a> 3023(default: 1s)</b></DT><DD> 3024 3025<p> 3026The time between attempts to acquire an exclusive lock on a mailbox 3027file or <a href="bounce.8.html">bounce(8)</a> logfile. 3028</p> 3029 3030<p> Specify a non-zero time value (an integral value plus an optional 3031one-letter suffix that specifies the time unit). Time units: s 3032(seconds), m (minutes), h (hours), d (days), w (weeks). 3033The default time unit is s (seconds). </p> 3034 3035 3036</DD> 3037 3038<DT><b><a name="destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> 3039(default: no)</b></DT><DD> 3040 3041<p> Make the queue manager's feedback algorithm verbose for performance 3042analysis purposes. </p> 3043 3044<p> This feature is available in Postfix 2.5 and later. </p> 3045 3046 3047</DD> 3048 3049<DT><b><a name="detect_8bit_encoding_header">detect_8bit_encoding_header</a> 3050(default: yes)</b></DT><DD> 3051 3052<p> Automatically detect 8BITMIME body content by looking at 3053Content-Transfer-Encoding: message headers; historically, this 3054behavior was hard-coded to be "always on". </p> 3055 3056<p> This feature is available in Postfix 2.5 and later. </p> 3057 3058 3059</DD> 3060 3061<DT><b><a name="disable_dns_lookups">disable_dns_lookups</a> 3062(default: no)</b></DT><DD> 3063 3064<p> 3065Disable DNS lookups in the Postfix SMTP and LMTP clients. When 3066disabled, hosts are looked up with the getaddrinfo() system 3067library routine which normally also looks in /etc/hosts. As of 3068Postfix 2.11, this parameter is deprecated; use <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> 3069instead. 3070</p> 3071 3072<p> 3073DNS lookups are enabled by default. 3074</p> 3075 3076 3077</DD> 3078 3079<DT><b><a name="disable_mime_input_processing">disable_mime_input_processing</a> 3080(default: no)</b></DT><DD> 3081 3082<p> 3083Turn off MIME processing while receiving mail. This means that no 3084special treatment is given to Content-Type: message headers, and 3085that all text after the initial message headers is considered to 3086be part of the message body. 3087</p> 3088 3089<p> 3090This feature is available in Postfix 2.0 and later. 3091</p> 3092 3093<p> 3094Mime input processing is enabled by default, and is needed in order 3095to recognize MIME headers in message content. 3096</p> 3097 3098 3099</DD> 3100 3101<DT><b><a name="disable_mime_output_conversion">disable_mime_output_conversion</a> 3102(default: no)</b></DT><DD> 3103 3104<p> 3105Disable the conversion of 8BITMIME format to 7BIT format. Mime 3106output conversion is needed when the destination does not advertise 31078BITMIME support. 3108</p> 3109 3110<p> 3111This feature is available in Postfix 2.0 and later. 3112</p> 3113 3114 3115</DD> 3116 3117<DT><b><a name="disable_verp_bounces">disable_verp_bounces</a> 3118(default: no)</b></DT><DD> 3119 3120<p> 3121Disable sending one bounce report per recipient. 3122</p> 3123 3124<p> 3125The default, one per recipient, is what ezmlm needs. 3126</p> 3127 3128<p> 3129This feature is available in Postfix 1.1 and later. 3130</p> 3131 3132 3133</DD> 3134 3135<DT><b><a name="disable_vrfy_command">disable_vrfy_command</a> 3136(default: no)</b></DT><DD> 3137 3138<p> 3139Disable the SMTP VRFY command. This stops some techniques used to 3140harvest email addresses. 3141</p> 3142 3143<p> 3144Example: 3145</p> 3146 3147<pre> 3148<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> = no 3149</pre> 3150 3151 3152</DD> 3153 3154<DT><b><a name="dns_ncache_ttl_fix_enable">dns_ncache_ttl_fix_enable</a> 3155(default: no)</b></DT><DD> 3156 3157<p> Enable a workaround for future libc incompatibility. The Postfix 3158implementation of <a href="https://tools.ietf.org/html/rfc2308">RFC 2308</a> negative reply caching relies on the 3159promise that res_query() and res_search() invoke res_send(), which 3160returns the server response in an application buffer even if the 3161requested record does not exist. If this promise is broken, specify 3162"yes" to enable a workaround for DNS reputation lookups. </p> 3163 3164<p> 3165This feature is available in Postfix 3.1 and later. 3166</p> 3167 3168 3169</DD> 3170 3171<DT><b><a name="dnsblog_reply_delay">dnsblog_reply_delay</a> 3172(default: 0s)</b></DT><DD> 3173 3174<p> A debugging aid to artificially delay DNS responses. </p> 3175 3176<p> This feature is available in Postfix 2.8. </p> 3177 3178 3179</DD> 3180 3181<DT><b><a name="dnsblog_service_name">dnsblog_service_name</a> 3182(default: dnsblog)</b></DT><DD> 3183 3184<p> The name of the <a href="dnsblog.8.html">dnsblog(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 3185service performs DNS allow/denylist lookups. </p> 3186 3187<p> This feature is available in Postfix 2.8 and later. </p> 3188 3189 3190</DD> 3191 3192<DT><b><a name="dnssec_probe">dnssec_probe</a> 3193(default: ns:.)</b></DT><DD> 3194 3195<p> The DNS query type (default: "ns") and DNS query name (default: 3196".") that Postfix may use to determine whether DNSSEC validation 3197is available. 3198</p> 3199 3200<p> Background: DNSSEC validation is needed for Postfix DANE support; 3201this ensures that Postfix receives TLSA records with secure TLS 3202server certificate info. When DNSSEC validation is unavailable, 3203mail deliveries using <i>opportunistic</i> DANE will not be protected 3204by server certificate info in TLSA records, and mail deliveries 3205using <i>mandatory</i> DANE will not be made at all. </p> 3206 3207<p> By default, a Postfix process will send a DNSSEC probe after 32081) the process made a DNS query that requested DNSSEC validation, 32092) the process did not receive a DNSSEC validated response to this 3210query or to an earlier query, and 3) the process did not already 3211send a DNSSEC probe. <p> 3212 3213<p> When the DNSSEC probe has no response, or when the response is 3214not DNSSEC validated, Postfix logs a warning that DNSSEC validation 3215may be unavailable. </p> 3216 3217<p> Example: </p> 3218 3219<pre> 3220warning: DNSSEC validation may be unavailable 3221warning: reason: <a href="postconf.5.html#dnssec_probe">dnssec_probe</a> 'ns:.' received a response that is not DNSSEC validated 3222warning: reason: <a href="postconf.5.html#dnssec_probe">dnssec_probe</a> 'ns:.' received no response: Server failure 3223</pre> 3224 3225<p> Possible reasons why DNSSEC validation may be unavailable: </p> 3226 3227<ul> 3228 3229<li> The local /etc/resolv.conf file specifies a DNS resolver that 3230does not validate DNSSEC signatures (that's 3231$<a href="postconf.5.html#queue_directory">queue_directory</a>/etc/resolv.conf when a Postfix daemon runs in a 3232chroot jail). 3233 3234<li> The local system library does not pass on the "DNSSEC validated" 3235bit to Postfix, or Postfix does not know how to ask the library to 3236do that. 3237 3238</ul> 3239 3240<p> By default, the DNSSEC probe asks for the DNS root zone NS 3241records, because resolvers should always have that information 3242cached. If Postfix runs on a network where the DNS root zone is not 3243reachable, specify a different probe, or specify an empty <a href="postconf.5.html#dnssec_probe">dnssec_probe</a> 3244value to disable the feature. </p> 3245 3246<p> This feature is available in Postfix 3.6 and later. It was backported 3247to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21. </p> 3248 3249 3250</DD> 3251 3252<DT><b><a name="dont_remove">dont_remove</a> 3253(default: 0)</b></DT><DD> 3254 3255<p> 3256Don't remove queue files and save them to the "saved" mail queue. 3257This is a debugging aid. To inspect the envelope information and 3258content of a Postfix queue file, use the <a href="postcat.1.html">postcat(1)</a> command. 3259</p> 3260 3261 3262</DD> 3263 3264<DT><b><a name="double_bounce_sender">double_bounce_sender</a> 3265(default: double-bounce)</b></DT><DD> 3266 3267<p> The sender address of postmaster notifications that are generated 3268by the mail system. All mail to this address is silently discarded, 3269in order to terminate mail bounce loops. </p> 3270 3271 3272</DD> 3273 3274<DT><b><a name="duplicate_filter_limit">duplicate_filter_limit</a> 3275(default: 1000)</b></DT><DD> 3276 3277<p> The maximal number of addresses remembered by the address 3278duplicate filter for <a href="aliases.5.html">aliases(5)</a> or <a href="virtual.5.html">virtual(5)</a> alias expansion, or 3279for <a href="showq.8.html">showq(8)</a> queue displays. </p> 3280 3281 3282</DD> 3283 3284<DT><b><a name="empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a> 3285(default: <>)</b></DT><DD> 3286 3287<p> The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that 3288will be used instead of the null sender address. </p> 3289 3290<p> This feature is available in Postfix 2.7 and later. </p> 3291 3292 3293</DD> 3294 3295<DT><b><a name="empty_address_local_login_sender_maps_lookup_key">empty_address_local_login_sender_maps_lookup_key</a> 3296(default: <>)</b></DT><DD> 3297 3298<p> 3299The lookup key to be used in <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> tables, instead 3300of the null sender address. 3301</p> 3302 3303<p> This feature is available in Postfix 3.6 and later. </p> 3304 3305 3306</DD> 3307 3308<DT><b><a name="empty_address_recipient">empty_address_recipient</a> 3309(default: MAILER-DAEMON)</b></DT><DD> 3310 3311<p> 3312The recipient of mail addressed to the null address. Postfix does 3313not accept such addresses in SMTP commands, but they may still be 3314created locally as the result of configuration or software error. 3315</p> 3316 3317 3318</DD> 3319 3320<DT><b><a name="empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a> 3321(default: <>)</b></DT><DD> 3322 3323<p> The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be 3324used instead of the null sender address. </p> 3325 3326<p> This feature is available in Postfix 2.5 and later. With 3327earlier versions, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> lookups were 3328skipped for the null sender address. </p> 3329 3330 3331</DD> 3332 3333<DT><b><a name="enable_errors_to">enable_errors_to</a> 3334(default: no)</b></DT><DD> 3335 3336<p> Report mail delivery errors to the address specified with the 3337non-standard Errors-To: message header, instead of the envelope 3338sender address (this feature is removed with Postfix version 2.2, is 3339turned off by default with Postfix version 2.1, and is always turned on 3340with older Postfix versions). </p> 3341 3342 3343</DD> 3344 3345<DT><b><a name="enable_idna2003_compatibility">enable_idna2003_compatibility</a> 3346(default: no)</b></DT><DD> 3347 3348<p> Enable 'transitional' compatibility between IDNA2003 and IDNA2008, 3349when converting UTF-8 domain names to/from the ASCII form that is 3350used for DNS lookups. Specify "yes" for compatibility with Postfix 3351≤ 3.1 (not recommended). This affects the conversion of domain 3352names that contain for example the German sz and the Greek zeta. 3353See <a href="https://unicode.org/cldr/utility/idna.jsp">https://unicode.org/cldr/utility/idna.jsp</a> for more examples. 3354</p> 3355 3356<p> This feature is available in Postfix 3.2 and later. </p> 3357 3358 3359</DD> 3360 3361<DT><b><a name="enable_long_queue_ids">enable_long_queue_ids</a> 3362(default: no)</b></DT><DD> 3363 3364<p> Enable long, non-repeating, queue IDs (queue file names). The 3365benefit of non-repeating names is simpler logfile analysis and 3366easier queue migration (there is no need to run "postsuper" to 3367change queue file names that don't match their message file inode 3368number). </p> 3369 3370<p> Note: see below for how to convert long queue file names to 3371Postfix ≤ 2.8. </p> 3372 3373<p> Changing the parameter value to "yes" has the following effects: 3374</p> 3375 3376<ul> 3377 3378<li> <p> Existing queue file names are not affected. </p> 3379 3380<li> <p> New queue files are created with names such as 3Pt2mN2VXxznjll. 3381These are encoded in a 52-character alphabet that contains digits 3382(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For 3383safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. 3384The name format is: 6 or more characters for the time in seconds, 33854 characters for the time in microseconds, the 'z'; the remainder 3386is the file inode number encoded in the first 51 characters of the 338752-character alphabet. </p> 3388 3389<li> <p> New messages have a Message-ID header with 3390<i>queueID</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>. </p> 3391 3392<li> <p> The mailq (postqueue -p) output has a wider Queue ID column. 3393The number of whitespace-separated fields is not changed. <p> 3394 3395<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 3396of the queue file creation time in microseconds, after conversion 3397into hexadecimal representation. This produces the same queue hashing 3398behavior as if the queue file name was created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> 3399= no". </p> 3400 3401</ul> 3402 3403<p> Changing the parameter value to "no" has the following effects: 3404</p> 3405 3406<ul> 3407 3408<li> <p> Existing long queue file names are renamed to the short 3409form (while running "postfix reload" or "postsuper"). </p> 3410 3411<li> <p> New queue files are created with names such as C3CD21F3E90 3412from a hexadecimal alphabet that contains digits (0-9) and upper-case 3413letters (A-F). The name format is: 5 characters for the time in 3414microseconds; the remainder is the file inode number. </p> 3415 3416<li> <p> New messages have a Message-ID header with 3417<i>YYYYMMDDHHMMSS.queueid</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>, where 3418<i>YYYYMMDDHHMMSS</i> are the year, month, day, hour, minute and 3419second. 3420 3421<li> <p> The mailq (postqueue -p) output has the same format as 3422with Postfix ≤ 2.8. <p> 3423 3424<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 3425of the queue file name, with the hexadecimal representation of the 3426file creation time in microseconds. </p> 3427 3428</ul> 3429 3430<p> Before migration to Postfix ≤ 2.8, the following commands 3431are required to convert long queue file names into short names: </p> 3432 3433<pre> 3434# postfix stop 3435# postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no 3436# postsuper 3437</pre> 3438 3439<p> Repeat the postsuper command until it reports no more queue file 3440name changes. </p> 3441 3442<p> This feature is available in Postfix 2.9 and later. </p> 3443 3444 3445</DD> 3446 3447<DT><b><a name="enable_original_recipient">enable_original_recipient</a> 3448(default: yes)</b></DT><DD> 3449 3450<p> Enable support for the original recipient address after an 3451address is rewritten to a different address (for example with 3452aliasing or with canonical mapping). </p> 3453 3454<p> The original recipient address is used as follows: </p> 3455 3456<dl> 3457 3458<dt> Final delivery </dt> <dd> With "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = 3459yes", the original recipient address is stored in the <b>X-Original-To</b> 3460message header. This header may be used to distinguish between 3461different recipients that share the same mailbox. </dd> 3462 3463<dt> Recipient deduplication </dt> <dd> With "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> 3464= yes", the <a href="cleanup.8.html">cleanup(8)</a> daemon performs duplicate recipient elimination 3465based on the content of (original recipient, maybe-rewritten 3466recipient) pairs. Otherwise, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs duplicate 3467recipient elimination based only on the maybe-rewritten recipient 3468address. </dd> 3469 3470</dl> 3471 3472<p> Note: with Postfix ≤ 3.2 the "setting <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> 3473= <b>no</b>" breaks address verification for addresses that are 3474aliased or otherwise rewritten (Postfix is unable to store the 3475address verification result under the original probe destination 3476address; instead, it can store the result only under the rewritten 3477address). </p> 3478 3479<p> This feature is available in Postfix 2.1 and later. Postfix 3480version 2.0 behaves as if this parameter is always set to <b>yes</b>. 3481Postfix versions before 2.0 have no support for the original recipient 3482address. </p> 3483 3484 3485</DD> 3486 3487<DT><b><a name="enable_threaded_bounces">enable_threaded_bounces</a> 3488(default: no)</b></DT><DD> 3489 3490<p> Enable non-delivery, success, and delay notifications that link 3491to the original message by including a References: and In-Reply-To: 3492header with the original Message-ID value. There are advantages and 3493disadvantages to consider. </p> 3494 3495<dl> 3496 3497<dt> <b> advantage </b> </dt> <dd> This allows mail readers to present 3498a delivery status notification in the same email thread as the original 3499message. </dd> 3500 3501<dt> <b> disadvantage </b> </dt> <dd> This makes it easy for users to 3502mistakenly delete the whole email thread (all related messages), 3503instead of deleting only the non-delivery notification. </dd> 3504 3505</dl> 3506 3507<p> This feature is available in Postfix 3.6 and later. </p> 3508 3509 3510</DD> 3511 3512<DT><b><a name="error_notice_recipient">error_notice_recipient</a> 3513(default: postmaster)</b></DT><DD> 3514 3515<p> The recipient of postmaster notifications about mail delivery 3516problems that are caused by policy, resource, software or protocol 3517errors. These notifications are enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 3518parameter. </p> 3519 3520 3521</DD> 3522 3523<DT><b><a name="error_service_name">error_service_name</a> 3524(default: error)</b></DT><DD> 3525 3526<p> 3527The name of the <a href="error.8.html">error(8)</a> pseudo delivery agent. This service always 3528returns mail as undeliverable. 3529</p> 3530 3531<p> 3532This feature is available in Postfix 2.0 and later. 3533</p> 3534 3535 3536</DD> 3537 3538<DT><b><a name="execution_directory_expansion_filter">execution_directory_expansion_filter</a> 3539(default: see "postconf -d" output)</b></DT><DD> 3540 3541<p> Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows 3542in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. Characters 3543outside the allowed set are replaced by underscores. </p> 3544 3545<p> This feature is available in Postfix 2.2 and later. </p> 3546 3547 3548</DD> 3549 3550<DT><b><a name="expand_owner_alias">expand_owner_alias</a> 3551(default: no)</b></DT><DD> 3552 3553<p> 3554When delivering to an alias "<i>aliasname</i>" that has an 3555"owner-<i>aliasname</i>" companion alias, set the envelope sender 3556address to the expansion of the "owner-<i>aliasname</i>" alias. 3557Normally, Postfix sets the envelope sender address to the name of 3558the "owner-<i>aliasname</i>" alias. 3559</p> 3560 3561 3562</DD> 3563 3564<DT><b><a name="export_environment">export_environment</a> 3565(default: see "postconf -d" output)</b></DT><DD> 3566 3567<p> 3568The list of environment variables that a Postfix process will export 3569to non-Postfix processes. The TZ variable is needed for sane 3570time keeping on System-V-ish systems. 3571</p> 3572 3573<p> 3574Specify a list of names and/or name=value pairs, separated by 3575whitespace or comma. Specify "{ name=value }" to protect whitespace 3576or comma in parameter values (whitespace after the opening "{" and 3577before the closing "}" 3578is ignored). The form name=value is supported with Postfix version 35792.1 and later; the use of {} is supported with Postfix 3.0 and 3580later. </p> 3581 3582<p> 3583Example: 3584</p> 3585 3586<pre> 3587<a href="postconf.5.html#export_environment">export_environment</a> = TZ PATH=/bin:/usr/bin 3588</pre> 3589 3590 3591</DD> 3592 3593<DT><b><a name="extract_recipient_limit">extract_recipient_limit</a> 3594(default: 10240)</b></DT><DD> 3595 3596<p> 3597The maximal number of recipient addresses that Postfix will extract 3598from message headers when mail is submitted with "<b>sendmail -t</b>". 3599</p> 3600 3601<p> 3602This feature was removed in Postfix version 2.1. 3603</p> 3604 3605 3606</DD> 3607 3608<DT><b><a name="fallback_relay">fallback_relay</a> 3609(default: empty)</b></DT><DD> 3610 3611<p> 3612Optional list of relay hosts for SMTP destinations that can't be 3613found or that are unreachable. With Postfix 2.3 this parameter 3614is renamed to <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a>. </p> 3615 3616<p> 3617By default, mail is returned to the sender when a destination is 3618not found, and delivery is deferred when a destination is unreachable. 3619</p> 3620 3621<p> The fallback relays must be SMTP destinations. Specify a domain, 3622host, host:port, [host]:port, [address] or [address]:port; the form 3623[host] turns off MX lookups. If you specify multiple SMTP 3624destinations, Postfix will try them in the specified order. </p> 3625 3626<p> Note: before Postfix 2.2, do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 3627when relaying mail 3628for a backup or primary MX domain. Mail would loop between the 3629Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination 3630is unavailable. </p> 3631 3632<ul> 3633 3634<li> In <a href="postconf.5.html">main.cf</a> specify "<a href="postconf.5.html#relay_transport">relay_transport</a> = relay", 3635 3636<li> In <a href="master.5.html">master.cf</a> specify "-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =" (i.e., empty) at 3637the end of the <tt>relay</tt> entry. 3638 3639<li> In transport maps, specify "relay:<i>nexthop...</i>" 3640as the right-hand side for backup or primary MX domain entries. 3641 3642</ul> 3643 3644<p> Postfix version 2.2 and later will not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 3645for destinations that it is MX host for. 3646</p> 3647 3648 3649</DD> 3650 3651<DT><b><a name="fallback_transport">fallback_transport</a> 3652(default: empty)</b></DT><DD> 3653 3654<p> 3655Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 3656agent should use for names that are not found in the <a href="aliases.5.html">aliases(5)</a> 3657or UNIX password database. 3658</p> 3659 3660<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3661is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3662<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3663<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3664 3665 3666</DD> 3667 3668<DT><b><a name="fallback_transport_maps">fallback_transport_maps</a> 3669(default: empty)</b></DT><DD> 3670 3671<p> Optional lookup tables with per-recipient message delivery 3672transports for recipients that the <a href="local.8.html">local(8)</a> delivery agent could 3673not find in the <a href="aliases.5.html">aliases(5)</a> or UNIX password database. </p> 3674 3675<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3676is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3677<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3678<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3679 3680<p> For safety reasons, this feature does not allow $number 3681substitutions in regular expression maps. </p> 3682 3683<p> This feature is available in Postfix 2.3 and later. </p> 3684 3685 3686</DD> 3687 3688<DT><b><a name="fast_flush_domains">fast_flush_domains</a> 3689(default: $<a href="postconf.5.html#relay_domains">relay_domains</a>)</b></DT><DD> 3690 3691<p> 3692Optional list of destinations that are eligible for per-destination 3693logfiles with mail that is queued to those destinations. 3694</p> 3695 3696<p> 3697By default, Postfix maintains "fast flush" logfiles only for 3698destinations that the Postfix SMTP server is willing to relay to 3699(i.e. the default is: "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>"; see 3700the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter in the <a href="postconf.5.html">postconf(5)</a> manual). 3701</p> 3702 3703<p> Specify a list of hosts or domains, "/file/name" patterns or 3704"<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 3705Continue long lines by starting the next line with whitespace. A 3706"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 3707lookup table is matched when the domain or its parent domain appears 3708as lookup key. </p> 3709 3710<p> Pattern matching of domain names is controlled by the presence 3711or absence of "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 3712parameter value. </p> 3713 3714<p> 3715Specify "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =" (i.e., empty) to disable the feature 3716altogether. 3717</p> 3718 3719 3720</DD> 3721 3722<DT><b><a name="fast_flush_purge_time">fast_flush_purge_time</a> 3723(default: 7d)</b></DT><DD> 3724 3725<p> 3726The time after which an empty per-destination "fast flush" logfile 3727is deleted. 3728</p> 3729 3730<p> 3731You can specify the time as a number, or as a number followed by 3732a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3733d=days, w=weeks. The default time unit is days. 3734</p> 3735 3736 3737</DD> 3738 3739<DT><b><a name="fast_flush_refresh_time">fast_flush_refresh_time</a> 3740(default: 12h)</b></DT><DD> 3741 3742<p> 3743The time after which a non-empty but unread per-destination "fast 3744flush" logfile needs to be refreshed. The contents of a logfile 3745are refreshed by requesting delivery of all messages listed in the 3746logfile. 3747</p> 3748 3749<p> 3750You can specify the time as a number, or as a number followed by 3751a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3752d=days, w=weeks. The default time unit is hours. 3753</p> 3754 3755 3756</DD> 3757 3758<DT><b><a name="fault_injection_code">fault_injection_code</a> 3759(default: 0)</b></DT><DD> 3760 3761<p> 3762Force specific internal tests to fail, to test the handling of 3763errors that are difficult to reproduce otherwise. 3764</p> 3765 3766 3767</DD> 3768 3769<DT><b><a name="flush_service_name">flush_service_name</a> 3770(default: flush)</b></DT><DD> 3771 3772<p> 3773The name of the <a href="flush.8.html">flush(8)</a> service. This service maintains per-destination 3774logfiles with the queue file names of mail that is queued for those 3775destinations. 3776</p> 3777 3778<p> 3779This feature is available in Postfix 2.0 and later. 3780</p> 3781 3782 3783</DD> 3784 3785<DT><b><a name="force_mime_input_conversion">force_mime_input_conversion</a> 3786(default: no)</b></DT><DD> 3787 3788<p> Convert body content that claims to be 8-bit into quoted-printable, 3789before <a href="postconf.5.html#header_checks">header_checks</a>, <a href="postconf.5.html#body_checks">body_checks</a>, Milters, and before after-queue 3790content filters. This feature does not affect messages that are 3791sent into <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>. </p> 3792 3793<p> The typical use case is an MTA that applies this conversion 3794before signing outbound messages, so that the signatures will remain 3795valid when a message is later delivered to an MTA that does not 3796announce 8BITMIME support, or when a message line exceeds the SMTP 3797length limit. </p> 3798 3799<p> This feature is available in Postfix ≥ 3.9. </p> 3800 3801 3802</DD> 3803 3804<DT><b><a name="fork_attempts">fork_attempts</a> 3805(default: 5)</b></DT><DD> 3806 3807<p> The maximal number of attempts to fork() a child process. </p> 3808 3809 3810</DD> 3811 3812<DT><b><a name="fork_delay">fork_delay</a> 3813(default: 1s)</b></DT><DD> 3814 3815<p> The delay between attempts to fork() a child process. </p> 3816 3817<p> Specify a non-zero time value (an integral value plus an optional 3818one-letter suffix that specifies the time unit). Time units: s 3819(seconds), m (minutes), h (hours), d (days), w (weeks). 3820The default time unit is s (seconds). </p> 3821 3822 3823</DD> 3824 3825<DT><b><a name="forward_expansion_filter">forward_expansion_filter</a> 3826(default: see "postconf -d" output)</b></DT><DD> 3827 3828<p> 3829Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 3830$name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>. Characters outside the 3831allowed set are replaced by underscores. 3832</p> 3833 3834 3835</DD> 3836 3837<DT><b><a name="forward_path">forward_path</a> 3838(default: see "postconf -d" output)</b></DT><DD> 3839 3840<p> The <a href="local.8.html">local(8)</a> delivery agent search list for finding a .forward 3841file with user-specified delivery methods. The first file that is 3842found is used. </p> 3843 3844<p> The <a href="postconf.5.html#forward_path">forward_path</a> value is not subject to Postfix configuration 3845parameter $name expansion. Instead, the following $name expansions 3846are done on <a href="postconf.5.html#forward_path">forward_path</a> before the search actually happens. 3847The result of $name expansion is 3848filtered with the character set that is specified with the 3849<a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> parameter. </p> 3850 3851<dl> 3852 3853<dt><b>$user</b></dt> 3854 3855<dd>The recipient's username. </dd> 3856 3857<dt><b>$shell</b></dt> 3858 3859<dd>The recipient's login shell pathname. </dd> 3860 3861<dt><b>$home</b></dt> 3862 3863<dd>The recipient's home directory. </dd> 3864 3865<dt><b>$recipient</b></dt> 3866 3867<dd>The full recipient address. </dd> 3868 3869<dt><b>$extension</b></dt> 3870 3871<dd>The optional recipient address extension. </dd> 3872 3873<dt><b>$domain</b></dt> 3874 3875<dd>The recipient domain. </dd> 3876 3877<dt><b>$local</b></dt> 3878 3879<dd>The entire recipient localpart. </dd> 3880 3881<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 3882 3883<dd>The address extension delimiter that was found in the recipient 3884address (Postfix 2.11 and later), or the 'first' delimiter specified 3885with the system-wide recipient address extension delimiter (Postfix 38863.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was 3887always the system-wide recipient 3888address extension delimiter (Postfix 2.10 and earlier). </dd> 3889 3890<dt><b>${name?value}</b></dt> 3891 3892<dt><b>${name?{value}}</b> (Postfix ≥ 3.0)</dt> 3893 3894<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 3895 3896<dt><b>${name:value}</b></dt> 3897 3898<dt><b>${name:{value}}</b> (Postfix ≥ 3.0)</dt> 3899 3900<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 3901 3902<dt><b>${name?{value1}:{value2}}</b> (Postfix ≥ 3.0)</dt> 3903 3904<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty, 3905<i>value2</i> otherwise. </dd> 3906 3907</dl> 3908 3909<p> 3910Instead of $name you can also specify ${name} or $(name). 3911</p> 3912 3913<p> 3914Examples: 3915</p> 3916 3917<pre> 3918<a href="postconf.5.html#forward_path">forward_path</a> = /var/forward/$user 3919<a href="postconf.5.html#forward_path">forward_path</a> = 3920 /var/forward/$user/.forward$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>$extension, 3921 /var/forward/$user/.forward 3922</pre> 3923 3924 3925</DD> 3926 3927<DT><b><a name="frozen_delivered_to">frozen_delivered_to</a> 3928(default: yes)</b></DT><DD> 3929 3930<p> Update the <a href="local.8.html">local(8)</a> delivery agent's idea of the Delivered-To: 3931address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start of 3932a delivery attempt; do not update the Delivered-To: address while 3933expanding aliases or .forward files. </p> 3934 3935<p> This feature is available in Postfix 2.3 and later. With older 3936Postfix releases, the behavior is as if this parameter is set to 3937"no". The old setting can be expensive with deeply nested aliases 3938or .forward files. When an alias or .forward file changes the 3939Delivered-To: address, it ties up one queue file and one cleanup 3940process instance while mail is being forwarded. </p> 3941 3942 3943</DD> 3944 3945<DT><b><a name="full_name_encoding_charset">full_name_encoding_charset</a> 3946(default: utf-8)</b></DT><DD> 3947 3948<p> The character set name (also called "charset") that Postfix 3949will output when it automatically generates an <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> encoded 3950full name. Encoding non-ASCII full names can avoid the need to use 3951SMTPUTF8, and therefore can avoid incompatibility with sites that 3952do not support SMTPUTF8. </p> 3953 3954<p> The encoded names look like "=?charset?q?gibberish?=" with 3955quoted-printable encoding, or "=?charset?b?gibberish?=" with base64 3956encoding. Postfix uses quoted-printable encoding for a full name 3957that is short or mostly printable ASCII, and uses base64 otherwise. 3958</p> 3959 3960<p> Background: when a message without a From: header is submitted 3961with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, the Postfix <a href="cleanup.8.html">cleanup(8)</a> daemon 3962will add a From: header and will try to use the sender's full name 3963specified with the Postfix <a href="sendmail.1.html">sendmail(1)</a> "-F" option, with the Postfix 3964<a href="sendmail.1.html">sendmail(1)</a> "NAME" environment variable, or with the GECOS field 3965in the UNIX password database. In the latter case, Postfix will 3966replace the "&" character with the login name, with a lowercase 3967ASCII first character converted to uppercase. </p> 3968 3969<p> NOTE: Postfix does not convert between character sets. The 3970<a href="postconf.5.html#full_name_encoding_charset">full_name_encoding_charset</a> parameter specifies the character set 3971of the full name in the Postfix sendmail "-F" option, in the Postfix 3972sendmail "NAME" environment variable, or in the GECOS field of the 3973UNIX password database. The parameter value is also part of the 3974encoded full name, and informs a Mail User Agent how to display the 3975decoded gibberish. </p> 3976 3977<p> Specify a valid character set name such as "utf-8" or "iso-8859-1 3978(specify the latter for full names that use the Latin1 encoding). 3979The character set name is case insensitive. When a character set 3980name violates <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> syntax, Postfix will log a warning and will 3981skip the full name. </p> 3982 3983<p> This feature is available in Postfix ≥ 3.10. </p> 3984 3985 3986</DD> 3987 3988<DT><b><a name="hash_queue_depth">hash_queue_depth</a> 3989(default: 1)</b></DT><DD> 3990 3991<p> 3992The number of subdirectory levels for queue directories listed with 3993the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter. Queue hashing is implemented by 3994creating one or more levels of directories with one-character names. 3995Originally, these directory names were equal to the first characters 3996of the queue file name, with the hexadecimal representation of the 3997file creation time in microseconds. </p> 3998 3999<p> With long queue file names, queue hashing produces the same 4000results as with short names. The file creation time in microseconds 4001is converted into hexadecimal form before the result is used for 4002queue hashing. The base 16 encoding gives finer control over the 4003number of subdirectories than is possible with the base 52 encoding 4004of long queue file names. </p> 4005 4006<p> 4007After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 4008execute the command "<b>postfix reload</b>". 4009</p> 4010 4011 4012</DD> 4013 4014<DT><b><a name="hash_queue_names">hash_queue_names</a> 4015(default: deferred, defer)</b></DT><DD> 4016 4017<p> 4018The names of queue directories that are split across multiple 4019subdirectory levels. 4020</p> 4021 4022<p> Before Postfix version 2.2, the default list of hashed queues 4023was significantly larger. Claims about improvements in file system 4024technology suggest that hashing of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a> 4025is no longer needed. Fewer hashed directories speed up the time 4026needed to restart Postfix. </p> 4027 4028<p> 4029After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 4030execute the command "<b>postfix reload</b>". 4031</p> 4032 4033 4034</DD> 4035 4036<DT><b><a name="header_address_token_limit">header_address_token_limit</a> 4037(default: 10240)</b></DT><DD> 4038 4039<p> 4040The maximal number of address tokens are allowed in an address 4041message header. Information that exceeds the limit is discarded. 4042The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 4043</p> 4044 4045 4046</DD> 4047 4048<DT><b><a name="header_checks">header_checks</a> 4049(default: empty)</b></DT><DD> 4050 4051<p> 4052Optional lookup tables for content inspection of primary non-MIME 4053message headers, as specified in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 4054</p> 4055 4056 4057</DD> 4058 4059<DT><b><a name="header_from_format">header_from_format</a> 4060(default: standard)</b></DT><DD> 4061 4062<p> The format of the Postfix-generated <b>From:</b> header. This 4063setting affects the appearance of 'full name' information when a 4064local program such as /bin/mail submits a message without a From: 4065header through the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. </p> 4066 4067<p> Specify one of the following: </p> 4068 4069<dl> 4070 4071<dt><b>standard</b> (default)</dt> <dd> Produce a header formatted 4072as "<b>From:</b> <i>name</i><b> <</b><i>address</i><b>></b>". 4073This is the default as of Postfix 3.3.</dd> 4074 4075<dt><b>obsolete</b></dt> <dd>Produce a header formatted as "<b>From:</b> 4076<i>address</i> <b>(</b><i>name</i><b>)</b>". This is the behavior 4077prior to Postfix 3.3. </dd> 4078 4079</dl> 4080 4081<p> Notes: </p> 4082 4083<ul> 4084 4085<li> <p> Postfix generates the format "<b>From:</b> <i>address</i>" 4086when <i>name</i> information is unavailable or the envelope sender 4087address is empty. This is the same behavior as prior to Postfix 40883.3. </p> 4089 4090<li> <p> In the <b>standard</b> form, the <i>name</i> will be quoted 4091if it contains <b>specials</b> as defined in <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a>, or the "!%" 4092address operators. </p> 4093 4094<li> <p> The Postfix <a href="sendmail.1.html">sendmail(1)</a> command gets <i>name</i> information 4095from the <b>-F</b> command-line option, from the <b>NAME</b> 4096environment variable, or from the UNIX password file. </p> 4097 4098</ul> 4099 4100<p> This feature is available in Postfix 3.3 and later. </p> 4101 4102 4103</DD> 4104 4105<DT><b><a name="header_size_limit">header_size_limit</a> 4106(default: 102400)</b></DT><DD> 4107 4108<p> 4109The maximal amount of memory in bytes for storing a message header. 4110If a header is larger, the excess is discarded. The limit is 4111enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 4112</p> 4113 4114 4115</DD> 4116 4117<DT><b><a name="helpful_warnings">helpful_warnings</a> 4118(default: yes)</b></DT><DD> 4119 4120<p> 4121Log warnings about problematic configuration settings, and provide 4122helpful suggestions. 4123</p> 4124 4125<p> 4126This feature is available in Postfix 2.0 and later. 4127</p> 4128 4129 4130</DD> 4131 4132<DT><b><a name="home_mailbox">home_mailbox</a> 4133(default: empty)</b></DT><DD> 4134 4135<p> 4136Optional pathname of a mailbox file relative to a <a href="local.8.html">local(8)</a> user's 4137home directory. 4138</p> 4139 4140<p> 4141Specify a pathname ending in "/" for qmail-style delivery. 4142</p> 4143 4144<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 4145is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 4146<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 4147<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 4148 4149<p> 4150Examples: 4151</p> 4152 4153<pre> 4154<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Mailbox 4155<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Maildir/ 4156</pre> 4157 4158 4159</DD> 4160 4161<DT><b><a name="hopcount_limit">hopcount_limit</a> 4162(default: 50)</b></DT><DD> 4163 4164<p> 4165The maximal number of Received: message headers that is allowed 4166in the primary message headers. A message that exceeds the limit 4167is bounced, in order to stop a mailer loop. 4168</p> 4169 4170 4171</DD> 4172 4173<DT><b><a name="html_directory">html_directory</a> 4174(default: see "postconf -d" output)</b></DT><DD> 4175 4176<p> 4177The location of Postfix HTML files that describe how to build, 4178configure or operate a specific Postfix subsystem or feature. 4179</p> 4180 4181 4182</DD> 4183 4184<DT><b><a name="ignore_mx_lookup_error">ignore_mx_lookup_error</a> 4185(default: no)</b></DT><DD> 4186 4187<p> Ignore DNS MX lookups that produce no response. By default, 4188the Postfix SMTP client defers delivery and tries again after some 4189delay. This behavior is required by the SMTP standard. </p> 4190 4191<p> 4192Specify "<a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> = yes" to force a DNS A record 4193lookup instead. This violates the SMTP standard and can result in 4194mis-delivery of mail. 4195</p> 4196 4197 4198</DD> 4199 4200<DT><b><a name="ignore_srv_lookup_error">ignore_srv_lookup_error</a> 4201(default: no)</b></DT><DD> 4202 4203<p> When SRV record lookup fails, fall back to MX or IP address 4204lookup as if SRV record lookup was not enabled. </p> 4205 4206<p> This feature is available in Postfix 3.8 and later. </p> 4207 4208 4209</DD> 4210 4211<DT><b><a name="import_environment">import_environment</a> 4212(default: see "postconf -d" output)</b></DT><DD> 4213 4214<p> The list of environment variables that a privileged Postfix 4215process will import from a non-Postfix parent process, or name=value 4216environment overrides. Unprivileged utilities will enforce the 4217name=value overrides, but otherwise will not change their process 4218environment. Examples of relevant environment variables: </p> 4219 4220<dl> 4221 4222<dt><b>TZ</b></dt> 4223 4224<dd>May be needed for sane time keeping on most System-V-ish systems. 4225</dd> 4226 4227<dt><b>DISPLAY</b></dt> 4228 4229<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 4230 4231<dt><b>XAUTHORITY</b></dt> 4232 4233<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 4234 4235<dt><b>MAIL_CONFIG</b></dt> 4236 4237<dd>Needed to make "<b>postfix -c</b>" work. </dd> 4238 4239<dt><b>POSTLOG_SERVICE</b></dt> 4240 4241<dd>Needed to make "<b><a href="postconf.5.html#maillog_file">maillog_file</a></b>" work during daemon 4242process initialization. </dd> 4243 4244<dt><b>POSTLOG_HOSTNAME</b></dt> 4245 4246<dd>Needed to make "<b><a href="postconf.5.html#maillog_file">maillog_file</a></b>" work during daemon 4247process initialization. </dd> 4248 4249</dl> 4250 4251<p> Specify a list of names and/or name=value pairs, separated by 4252whitespace or comma. Specify "{ name=value }" to protect whitespace 4253or comma in environment variable values (whitespace after the opening "{" and 4254before the closing "}" 4255is ignored). The form name=value is supported with Postfix version 42562.1 and later; the use of {} is supported with Postfix 3.0 and 4257later. </p> 4258 4259 4260</DD> 4261 4262<DT><b><a name="in_flow_delay">in_flow_delay</a> 4263(default: 1s)</b></DT><DD> 4264 4265<p> Time to pause before accepting a new message, when the message 4266arrival rate exceeds the message delivery rate. This feature is 4267turned on by default (it's disabled on SCO UNIX due to an SCO bug). 4268</p> 4269 4270<p> 4271With the default 100 Postfix SMTP server process limit, "<a href="postconf.5.html#in_flow_delay">in_flow_delay</a> 4272= 1s" limits the mail inflow to 100 messages per second above the 4273number of messages delivered per second. 4274</p> 4275 4276<p> 4277Specify 0 to disable the feature. Valid delays are 0..10. 4278</p> 4279 4280 4281</DD> 4282 4283<DT><b><a name="inet_interfaces">inet_interfaces</a> 4284(default: all)</b></DT><DD> 4285 4286<p> The local network interface addresses that this mail system 4287receives mail on. Specify "all" to receive mail on all network 4288interfaces (default), "loopback-only" to receive mail on loopback 4289network interfaces only (Postfix version 2.2 and later), or zero 4290or more IPv4 or IPv6 addresses (IPv6 is supported in Postfix version 42912.2 and later). The parameter also controls whether Postfix will 4292accept mail for <tt>user@[ip.address]</tt>, and prevents Postfix 4293from delivering mail to a host that has equal or larger MX preference. 4294Specify an empty value if Postfix does not receive mail over the 4295network, or if all network listeners have an explicit IP address 4296in <a href="master.5.html">master.cf</a>. </p> 4297 4298<p> 4299Note 1: you need to stop and start Postfix when this parameter changes. 4300</p> 4301 4302<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 4303but this form is not required here. </p> 4304 4305<p> When <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> and/or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> are not 4306specified, the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> setting may constrain the source IP 4307address for an outbound SMTP or LMTP connection as described below. 4308</p> 4309 4310<p> The following text is specific to SMTP and IPv4. The same 4311reasoning applies to the IPv6 protocol, and to the Postfix LMTP 4312client. To disable IPv4 or IPv6 support in the Postfix SMTP and 4313LMTP client, use <a href="postconf.5.html#inet_protocols">inet_protocols</a>. </p> 4314 4315<ul> 4316 4317<li> <p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies one IPv4 address, and that 4318is not a loopback address, the Postfix SMTP client uses that as the 4319source address for outbound IPv4 connections. </p> 4320 4321<li> <p> Otherwise, the Postfix SMTP client does not constrain the 4322source IPv4 address, and connects using a system-chosen source IPv4 4323address. This includes the cases where <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> is empty, 4324where it specifies <b>all</b>, or where it contains no IPv4 address, 4325one IPv4 address that is a loopback address, or multiple IPv4 4326addresses. </p> 4327 4328</ul> 4329 4330<p> A Postfix SMTP client may fail to reach some remote SMTP servers 4331when the client source IP address is constrained explicitly with 4332<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>, or implicitly with 4333<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This can happen when Postfix runs on a multi-homed 4334system such as a firewall, the Postfix SMTP source client IP address 4335is constrained to one specific network interface, and the remote 4336SMTP server must be reached through a different interface. Setting 4337<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for IPv4, 4338and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem for IPv6. 4339</p> 4340 4341<p> 4342A better solution for multi-homed systems is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 4343at the default value and instead use explicit IP addresses in 4344the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix 4345SMTP client's 4346loop detection, by ensuring that each side of the firewall knows that the 4347other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a 4348single IPv4 and/or IPV6 address is primarily useful with virtual 4349hosting of domains on 4350secondary IP addresses, when each IP address serves a different domain 4351(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p> 4352 4353<p> 4354See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that 4355are forwarded to Postfix by way of a proxy or address translator. 4356</p> 4357 4358<p> 4359Examples: 4360</p> 4361 4362<pre> 4363<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT) 4364<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix version 2.2 and later) 4365<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1 4366<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix version 2.2 and later) 4367<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1 4368</pre> 4369 4370 4371</DD> 4372 4373<DT><b><a name="inet_protocols">inet_protocols</a> 4374(default: see 'postconf -d' output)</b></DT><DD> 4375 4376<p> The Internet protocols Postfix will attempt to use when making 4377or accepting connections. Specify one or more of "ipv4" 4378or "ipv6", separated by whitespace or commas. The form 4379"all" is equivalent to "ipv4, ipv6" or "ipv4", depending 4380on whether the operating system implements IPv6. </p> 4381 4382<p> With Postfix 2.8 and earlier the default is "ipv4". For backwards 4383compatibility with these releases, the Postfix 2.9 and later upgrade 4384procedure appends an explicit "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" setting to 4385<a href="postconf.5.html">main.cf</a> when no explicit setting is present. This compatibility 4386workaround will be phased out as IPv6 deployment becomes more common. 4387</p> 4388 4389<p> This feature is available in Postfix 2.2 and later. </p> 4390 4391<p> Note: you MUST stop and start Postfix after changing this 4392parameter. </p> 4393 4394<p> On systems that pre-date IPV6_V6ONLY support (<a href="https://tools.ietf.org/html/rfc3493">RFC 3493</a>), an 4395IPv6 server will also accept IPv4 connections, even when IPv4 is 4396turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with 4397IPV6_V6ONLY support, Postfix will use separate server sockets for 4398IPv6 and IPv4, and each will accept only connections for the 4399corresponding protocol. </p> 4400 4401<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 4402Postfix will look up DNS type A records, and will convert 4403IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original 4404IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date 4405IPV6_V6ONLY support (<a href="https://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p> 4406 4407<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 4408Postfix will do DNS type AAAA record lookups. </p> 4409 4410<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP 4411client will choose the protocol as specified with the 4412<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. Postfix versions before 2.8 4413attempt to connect via IPv6 before attempting to use IPv4. </p> 4414 4415<p> 4416Examples: 4417</p> 4418 4419<pre> 4420<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 4421<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (DEFAULT) 4422<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 4423<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 4424</pre> 4425 4426 4427</DD> 4428 4429<DT><b><a name="info_log_address_format">info_log_address_format</a> 4430(default: external)</b></DT><DD> 4431 4432<p> The email address form that will be used in non-debug logging 4433(info, warning, etc.). As of Postfix 3.5 when an address localpart 4434contains spaces or other special characters, the localpart will be 4435quoted, for example: </p> 4436 4437<blockquote> 4438<pre> 4439 from=<"name with spaces"@example.com> 4440</pre> 4441</blockquote> 4442 4443<p> Older Postfix versions would log the internal (unquoted) form: </p> 4444 4445<blockquote> 4446<pre> 4447 from=<name with spaces@example.com> 4448</pre> 4449</blockquote> 4450 4451<p> The external and internal forms are identical for the vast 4452majority of email addresses that contain no spaces or other special 4453characters in the localpart. </p> 4454 4455<p> The logging in external form is consistent with the address 4456form that Postfix 3.2 and later prefer for most table lookups. This 4457is therefore the more useful form for non-debug logging. </p> 4458 4459<p> Specify "<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> = internal</b>" for backwards 4460compatibility. </p> 4461 4462<p> Postfix uses the unquoted form internally, because an attacker 4463can specify an email address in different forms by playing games 4464with quotes and backslashes. An attacker should not be able to use 4465such games to circumvent Postfix access policies. </p> 4466 4467<p> This feature is available in Postfix 3.5 and later. </p> 4468 4469 4470</DD> 4471 4472<DT><b><a name="initial_destination_concurrency">initial_destination_concurrency</a> 4473(default: 5)</b></DT><DD> 4474 4475<p> 4476The initial per-destination concurrency level for parallel delivery 4477to the same destination. 4478With per-destination recipient limit > 1, a destination is a domain, 4479otherwise it is a recipient. 4480</p> 4481 4482<p> Use <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> to specify 4483a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 4484name of the message delivery transport (Postfix 2.5 and later). </p> 4485 4486<p> 4487Warning: with concurrency of 1, one bad message can be enough to 4488block all mail to a site. 4489</p> 4490 4491 4492</DD> 4493 4494<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a> 4495(default: empty)</b></DT><DD> 4496 4497<p> What categories of Postfix-generated mail are subject to 4498before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> 4499and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated 4500by whitespace or comma. </p> 4501 4502<dl> 4503 4504<dt><b>bounce</b></dt> <dd> Inspect the content of delivery 4505status notifications. </dd> 4506 4507<dt><b>notify</b></dt> <dd> Inspect the content of postmaster 4508notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd> 4509 4510</dl> 4511 4512<p> NOTE: It's generally not safe to enable content inspection of 4513Postfix-generated email messages. The user is warned. </p> 4514 4515<p> This feature is available in Postfix 2.3 and later. </p> 4516 4517 4518</DD> 4519 4520<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a> 4521(default: 501)</b></DT><DD> 4522 4523<p> 4524The numerical Postfix SMTP server response code when the client 4525HELO or EHLO command parameter is rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 4526restriction. 4527</p> 4528 4529<p> 4530Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 4531</p> 4532 4533 4534</DD> 4535 4536<DT><b><a name="ipc_idle">ipc_idle</a> 4537(default: version dependent)</b></DT><DD> 4538 4539<p> 4540The time after which a client closes an idle internal communication 4541channel. The purpose is to allow Postfix daemon processes to 4542terminate voluntarily after they become idle. This is used, for 4543example, by the Postfix address resolving and rewriting clients. 4544</p> 4545 4546<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p> 4547 4548<p> Specify a non-zero time value (an integral value plus an optional 4549one-letter suffix that specifies the time unit). Time units: s 4550(seconds), m (minutes), h (hours), d (days), w (weeks). 4551The default time unit is s (seconds). </p> 4552 4553 4554</DD> 4555 4556<DT><b><a name="ipc_timeout">ipc_timeout</a> 4557(default: 3600s)</b></DT><DD> 4558 4559<p> 4560The time limit for sending or receiving information over an internal 4561communication channel. The purpose is to break out of deadlock 4562situations. If the time limit is exceeded the software aborts with a 4563fatal error. 4564</p> 4565 4566<p> Specify a non-zero time value (an integral value plus an optional 4567one-letter suffix that specifies the time unit). Time units: s 4568(seconds), m (minutes), h (hours), d (days), w (weeks). 4569The default time unit is s (seconds). </p> 4570 4571 4572</DD> 4573 4574<DT><b><a name="ipc_ttl">ipc_ttl</a> 4575(default: 1000s)</b></DT><DD> 4576 4577<p> 4578The time after which a client closes an active internal communication 4579channel. The purpose is to allow Postfix daemon processes to 4580terminate voluntarily 4581after reaching their client limit. This is used, for example, by 4582the Postfix address resolving and rewriting clients. 4583</p> 4584 4585<p> Specify a non-zero time value (an integral value plus an optional 4586one-letter suffix that specifies the time unit). Time units: s 4587(seconds), m (minutes), h (hours), d (days), w (weeks). 4588The default time unit is s (seconds). </p> 4589 4590<p> 4591This feature is available in Postfix 2.1 and later. 4592</p> 4593 4594 4595</DD> 4596 4597<DT><b><a name="known_tcp_ports">known_tcp_ports</a> 4598(default: lmtp=24, smtp=25, smtps=submissions=465, submission=587)</b></DT><DD> 4599 4600<p> Optional setting that avoids lookups in the services(5) database. 4601This feature was implemented to address inconsistencies in the name 4602of the port "465" service. The ABNF is: 4603</p> 4604 4605<blockquote> 4606<p> 4607<a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> = empty | name-to-port *("," name-to-port) <br> 4608name-to-port = 1*(service-name "=') port-number 4609</p> 4610</blockquote> 4611 4612<p> The comma is required. Whitespace is optional but it cannot appear 4613inside a service name or port number. </p> 4614 4615<p> This feature is available in Postfix 3.6 and later. </p> 4616 4617 4618</DD> 4619 4620<DT><b><a name="line_length_limit">line_length_limit</a> 4621(default: 2048)</b></DT><DD> 4622 4623<p> Upon input, long lines are chopped up into pieces of at most 4624this length; upon delivery, long lines are reconstructed. </p> 4625 4626 4627</DD> 4628 4629<DT><b><a name="lmdb_map_size">lmdb_map_size</a> 4630(default: 16777216)</b></DT><DD> 4631 4632<p> 4633The initial OpenLDAP LMDB database size limit in bytes. Each time 4634a database becomes full, its size limit is doubled. 4635</p> 4636 4637<p> 4638This feature is available in Postfix 2.11 and later. 4639</p> 4640 4641 4642</DD> 4643 4644<DT><b><a name="lmtp_address_preference">lmtp_address_preference</a> 4645(default: ipv6)</b></DT><DD> 4646 4647<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> 4648configuration parameter. See there for details. </p> 4649 4650<p> This feature is available in Postfix 2.8 and later. </p> 4651 4652 4653</DD> 4654 4655<DT><b><a name="lmtp_address_verify_target">lmtp_address_verify_target</a> 4656(default: rcpt)</b></DT><DD> 4657 4658<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> 4659configuration parameter. See there for details. </p> 4660 4661<p> This feature is available in Postfix 3.0 and later. </p> 4662 4663 4664</DD> 4665 4666<DT><b><a name="lmtp_assume_final">lmtp_assume_final</a> 4667(default: no)</b></DT><DD> 4668 4669<p> When a remote LMTP server announces no DSN support, assume that 4670the 4671server performs final delivery, and send "delivered" delivery status 4672notifications instead of "relayed". The default setting is backwards 4673compatible to avoid the infinitesimal possibility of breaking 4674existing LMTP-based content filters. </p> 4675 4676 4677</DD> 4678 4679<DT><b><a name="lmtp_balance_inet_protocols">lmtp_balance_inet_protocols</a> 4680(default: yes)</b></DT><DD> 4681 4682<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> 4683configuration parameter. See there for details. </p> 4684 4685<p> This feature is available in Postfix 3.3 and later. </p> 4686 4687 4688</DD> 4689 4690<DT><b><a name="lmtp_bind_address">lmtp_bind_address</a> 4691(default: empty)</b></DT><DD> 4692 4693<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> configuration 4694parameter. See there for details. </p> 4695 4696<p> This feature is available in Postfix 2.3 and later. </p> 4697 4698 4699</DD> 4700 4701<DT><b><a name="lmtp_bind_address6">lmtp_bind_address6</a> 4702(default: empty)</b></DT><DD> 4703 4704<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> configuration 4705parameter. See there for details. </p> 4706 4707<p> This feature is available in Postfix 2.3 and later. </p> 4708 4709 4710</DD> 4711 4712<DT><b><a name="lmtp_bind_address_enforce">lmtp_bind_address_enforce</a> 4713(default: empty)</b></DT><DD> 4714 4715<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> 4716configuration parameter. See there for details. </p> 4717 4718<p> This feature is available in Postfix 3.7 and later. </p> 4719 4720 4721</DD> 4722 4723<DT><b><a name="lmtp_body_checks">lmtp_body_checks</a> 4724(default: empty)</b></DT><DD> 4725 4726<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> configuration 4727parameter. See there for details. </p> 4728 4729<p> This feature is available in Postfix 2.5 and later. </p> 4730 4731 4732</DD> 4733 4734<DT><b><a name="lmtp_cache_connection">lmtp_cache_connection</a> 4735(default: yes)</b></DT><DD> 4736 4737<p> 4738Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> 4739seconds. When the LMTP client receives a request for the same 4740connection the connection is reused. 4741</p> 4742 4743<p> This parameter is available in Postfix version 2.2 and earlier. 4744With Postfix version 2.3 and later, see <a href="postconf.5.html#lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>, 4745<a href="postconf.5.html#lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>, or <a href="postconf.5.html#lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>. 4746</p> 4747 4748<p> 4749The effectiveness of cached connections will be determined by the 4750number of remote LMTP servers in use, and the concurrency limit specified 4751for the Postfix LMTP client. Cached connections are closed under any of 4752the following conditions: 4753</p> 4754 4755<ul> 4756 4757<li> The Postfix LMTP client idle time limit is reached. This limit is 4758specified with the Postfix <a href="postconf.5.html#max_idle">max_idle</a> configuration parameter. 4759 4760<li> A delivery request specifies a different destination than the 4761one currently cached. 4762 4763<li> The per-process limit on the number of delivery requests is 4764reached. This limit is specified with the Postfix <a href="postconf.5.html#max_use">max_use</a> 4765configuration parameter. 4766 4767<li> Upon the onset of another delivery request, the remote LMTP server 4768associated with the current session does not respond to the RSET 4769command. 4770 4771</ul> 4772 4773<p> 4774Most of these limitations have been with the Postfix 4775connection cache that is shared among multiple LMTP client 4776programs. 4777</p> 4778 4779 4780</DD> 4781 4782<DT><b><a name="lmtp_cname_overrides_servername">lmtp_cname_overrides_servername</a> 4783(default: yes)</b></DT><DD> 4784 4785<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 4786configuration parameter. See there for details. </p> 4787 4788<p> This feature is available in Postfix 2.3 and later. </p> 4789 4790 4791</DD> 4792 4793<DT><b><a name="lmtp_connect_timeout">lmtp_connect_timeout</a> 4794(default: 0s)</b></DT><DD> 4795 4796<p> The Postfix LMTP client time limit for completing a TCP connection, or 4797zero (use the operating system built-in time limit). When no 4798connection can be made within the deadline, the LMTP client tries 4799the next address on the mail exchanger list. </p> 4800 4801<p> Specify a non-negative time value (an integral value plus an optional 4802one-letter suffix that specifies the time unit). Time units: s 4803(seconds), m (minutes), h (hours), d (days), w (weeks). 4804The default time unit is s (seconds). </p> 4805 4806<p> 4807Example: 4808</p> 4809 4810<pre> 4811<a href="postconf.5.html#lmtp_connect_timeout">lmtp_connect_timeout</a> = 30s 4812</pre> 4813 4814 4815</DD> 4816 4817<DT><b><a name="lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a> 4818(default: empty)</b></DT><DD> 4819 4820<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 4821configuration parameter. See there for details. </p> 4822 4823<p> This feature is available in Postfix 2.3 and later. </p> 4824 4825 4826</DD> 4827 4828<DT><b><a name="lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a> 4829(default: yes)</b></DT><DD> 4830 4831<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 4832configuration parameter. See there for details. </p> 4833 4834<p> This feature is available in Postfix 2.3 and later. </p> 4835 4836 4837</DD> 4838 4839<DT><b><a name="lmtp_connection_cache_time_limit">lmtp_connection_cache_time_limit</a> 4840(default: 2s)</b></DT><DD> 4841 4842<p> The LMTP-specific version of the 4843<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> configuration parameter. 4844See there for details. </p> 4845 4846<p> This feature is available in Postfix 2.3 and later. </p> 4847 4848 4849</DD> 4850 4851<DT><b><a name="lmtp_connection_reuse_count_limit">lmtp_connection_reuse_count_limit</a> 4852(default: 0)</b></DT><DD> 4853 4854<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> 4855configuration parameter. See there for details. </p> 4856 4857<p> This feature is available in Postfix 2.11 and later. </p> 4858 4859 4860</DD> 4861 4862<DT><b><a name="lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a> 4863(default: 300s)</b></DT><DD> 4864 4865<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 4866configuration parameter. See there for details. </p> 4867 4868<p> This feature is available in Postfix 2.3 and later. </p> 4869 4870 4871</DD> 4872 4873<DT><b><a name="lmtp_data_done_timeout">lmtp_data_done_timeout</a> 4874(default: 600s)</b></DT><DD> 4875 4876<p> The Postfix LMTP client time limit for sending the LMTP ".", 4877and for receiving the remote LMTP server response. When no response 4878is received within the deadline, a warning is logged that the mail 4879may be delivered multiple times. </p> 4880 4881<p> Specify a non-zero time value (an integral value plus an optional 4882one-letter suffix that specifies the time unit). Time units: s 4883(seconds), m (minutes), h (hours), d (days), w (weeks). 4884The default time unit is s (seconds). </p> 4885 4886 4887</DD> 4888 4889<DT><b><a name="lmtp_data_init_timeout">lmtp_data_init_timeout</a> 4890(default: 120s)</b></DT><DD> 4891 4892<p> 4893The Postfix LMTP client time limit for sending the LMTP DATA command, 4894and 4895for receiving the remote LMTP server response. 4896</p> 4897 4898<p> Specify a non-zero time value (an integral value plus an optional 4899one-letter suffix that specifies the time unit). Time units: s 4900(seconds), m (minutes), h (hours), d (days), w (weeks). 4901The default time unit is s (seconds). </p> 4902 4903 4904</DD> 4905 4906<DT><b><a name="lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 4907(default: 180s)</b></DT><DD> 4908 4909<p> 4910The Postfix LMTP client time limit for sending the LMTP message 4911content. 4912When the connection stalls for more than $<a href="postconf.5.html#lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 4913the LMTP client terminates the transfer. 4914</p> 4915 4916<p> Specify a non-zero time value (an integral value plus an optional 4917one-letter suffix that specifies the time unit). Time units: s 4918(seconds), m (minutes), h (hours), d (days), w (weeks). 4919The default time unit is s (seconds). </p> 4920 4921 4922</DD> 4923 4924<DT><b><a name="lmtp_defer_if_no_mx_address_found">lmtp_defer_if_no_mx_address_found</a> 4925(default: no)</b></DT><DD> 4926 4927<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 4928configuration parameter. See there for details. </p> 4929 4930<p> This feature is available in Postfix 2.3 and later. </p> 4931 4932 4933</DD> 4934 4935<DT><b><a name="lmtp_delivery_status_filter">lmtp_delivery_status_filter</a> 4936(default: empty)</b></DT><DD> 4937 4938<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> 4939configuration parameter. See there for details. </p> 4940 4941<p> This feature is available in Postfix 3.0 and later. </p> 4942 4943 4944</DD> 4945 4946<DT><b><a name="lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> 4947(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 4948 4949<p> The maximal number of parallel deliveries to the same destination 4950via the lmtp message delivery transport. This limit is enforced by 4951the queue manager. The message delivery transport name is the first 4952field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 4953 4954 4955</DD> 4956 4957<DT><b><a name="lmtp_destination_recipient_limit">lmtp_destination_recipient_limit</a> 4958(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 4959 4960<p> The maximal number of recipients per message for the lmtp 4961message delivery transport. This limit is enforced by the queue 4962manager. The message delivery transport name is the first field in 4963the entry in the <a href="master.5.html">master.cf</a> file. </p> 4964 4965<p> Setting this parameter to a value of 1 changes the meaning of 4966<a href="postconf.5.html#lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> from concurrency per domain into 4967concurrency per recipient. </p> 4968 4969 4970</DD> 4971 4972<DT><b><a name="lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> 4973(default: empty)</b></DT><DD> 4974 4975<p> Lookup tables, indexed by the remote LMTP server address, with 4976case insensitive lists of LHLO keywords (pipelining, starttls, 4977auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4978response 4979from a remote LMTP server. See <a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> for 4980details. The table is not indexed by hostname for consistency with 4981<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 4982 4983<p> This feature is available in Postfix 2.3 and later. </p> 4984 4985 4986</DD> 4987 4988<DT><b><a name="lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> 4989(default: empty)</b></DT><DD> 4990 4991<p> A case insensitive list of LHLO keywords (pipelining, starttls, 4992auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4993response 4994from a remote LMTP server. </p> 4995 4996<p> This feature is available in Postfix 2.3 and later. </p> 4997 4998<p> Notes: </p> 4999 5000<ul> 5001 5002<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 5003this action from being logged. </p> 5004 5005<li> <p> Use the <a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> feature to 5006discard LHLO keywords selectively. </p> 5007 5008</ul> 5009 5010 5011</DD> 5012 5013<DT><b><a name="lmtp_dns_reply_filter">lmtp_dns_reply_filter</a> 5014(default: empty)</b></DT><DD> 5015 5016<p> Optional filter for Postfix LMTP client DNS lookup results. 5017See <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> for details including an example. </p> 5018 5019<p> This feature is available in Postfix 3.0 and later. </p> 5020 5021 5022</DD> 5023 5024<DT><b><a name="lmtp_dns_resolver_options">lmtp_dns_resolver_options</a> 5025(default: empty)</b></DT><DD> 5026 5027<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> 5028configuration parameter. See there for details. </p> 5029 5030<p> This feature is available in Postfix 2.8 and later. </p> 5031 5032 5033</DD> 5034 5035<DT><b><a name="lmtp_dns_support_level">lmtp_dns_support_level</a> 5036(default: empty)</b></DT><DD> 5037 5038<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> 5039configuration parameter. See there for details. </p> 5040 5041<p> This feature is available in Postfix 2.11 and later. </p> 5042 5043 5044</DD> 5045 5046<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a> 5047(default: no)</b></DT><DD> 5048 5049<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> configuration 5050parameter. See there for details. </p> 5051 5052<p> This feature is deprecated as of Postfix 3.9. Specify 5053<a href="postconf.5.html#lmtp_tls_security_level">lmtp_tls_security_level</a> instead. </p> 5054 5055<p> This feature is available in Postfix 2.3 and later. </p> 5056 5057 5058</DD> 5059 5060<DT><b><a name="lmtp_fallback_relay">lmtp_fallback_relay</a> 5061(default: empty)</b></DT><DD> 5062 5063<p> Optional list of relay hosts for LMTP destinations that can't be 5064found or that are unreachable. In <a href="postconf.5.html">main.cf</a> elements are separated by 5065whitespace or commas. </p> 5066 5067<p> By default, mail is returned to the sender when a destination is not 5068found, and delivery is deferred when a destination is unreachable. </p> 5069 5070<p> The fallback relays must be TCP destinations, specified without 5071a leading "inet:" prefix. Specify a host or host:port. Since MX 5072lookups do not apply with LMTP, there is no need to use the "[host]" or 5073"[host]:port" forms. If you specify multiple LMTP destinations, Postfix 5074will try them in the specified order. </p> 5075 5076<p> 5077This feature is available in Postfix 3.1 and later. 5078</p> 5079 5080 5081</DD> 5082 5083<DT><b><a name="lmtp_generic_maps">lmtp_generic_maps</a> 5084(default: empty)</b></DT><DD> 5085 5086<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> configuration 5087parameter. See there for details. </p> 5088 5089<p> This feature is available in Postfix 2.3 and later. </p> 5090 5091 5092</DD> 5093 5094<DT><b><a name="lmtp_header_checks">lmtp_header_checks</a> 5095(default: empty)</b></DT><DD> 5096 5097<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> configuration 5098parameter. See there for details. </p> 5099 5100<p> This feature is available in Postfix 2.5 and later. </p> 5101 5102 5103</DD> 5104 5105<DT><b><a name="lmtp_host_lookup">lmtp_host_lookup</a> 5106(default: dns)</b></DT><DD> 5107 5108<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> configuration 5109parameter. See there for details. </p> 5110 5111<p> This feature is available in Postfix 2.3 and later. </p> 5112 5113 5114</DD> 5115 5116<DT><b><a name="lmtp_lhlo_name">lmtp_lhlo_name</a> 5117(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 5118 5119<p> 5120The hostname to send in the LMTP LHLO command. 5121</p> 5122 5123<p> 5124The default value is the machine hostname. Specify a hostname or 5125[ip.add.re.ss] or [ip:v6:add:re::ss]. 5126</p> 5127 5128<p> 5129This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all LMTP 5130clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 5131client, for example: 5132</p> 5133 5134<blockquote> 5135<pre> 5136/etc/postfix/<a href="master.5.html">master.cf</a>: 5137 mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a>=foo.bar.com 5138</pre> 5139</blockquote> 5140 5141<p> 5142This feature is available in Postfix 2.3 and later. 5143</p> 5144 5145 5146</DD> 5147 5148<DT><b><a name="lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> 5149(default: 300s)</b></DT><DD> 5150 5151<p> The Postfix LMTP client time limit for sending the LHLO command, 5152and for receiving the initial remote LMTP server response. </p> 5153 5154<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 5155(weeks). The default time unit is s (seconds). </p> 5156 5157 5158</DD> 5159 5160<DT><b><a name="lmtp_line_length_limit">lmtp_line_length_limit</a> 5161(default: 998)</b></DT><DD> 5162 5163<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> 5164configuration parameter. See there for details. </p> 5165 5166<p> This feature is available in Postfix 2.3 and later. </p> 5167 5168 5169</DD> 5170 5171<DT><b><a name="lmtp_mail_timeout">lmtp_mail_timeout</a> 5172(default: 300s)</b></DT><DD> 5173 5174<p> 5175The Postfix LMTP client time limit for sending the MAIL FROM command, 5176and for receiving the remote LMTP server response. 5177</p> 5178 5179<p> Specify a non-zero time value (an integral value plus an optional 5180one-letter suffix that specifies the time unit). Time units: s 5181(seconds), m (minutes), h (hours), d (days), w (weeks). 5182The default time unit is s (seconds). </p> 5183 5184 5185</DD> 5186 5187<DT><b><a name="lmtp_mime_header_checks">lmtp_mime_header_checks</a> 5188(default: empty)</b></DT><DD> 5189 5190<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> 5191configuration parameter. See there for details. </p> 5192 5193<p> This feature is available in Postfix 2.5 and later. </p> 5194 5195 5196</DD> 5197 5198<DT><b><a name="lmtp_min_data_rate">lmtp_min_data_rate</a> 5199(default: 500)</b></DT><DD> 5200 5201<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> configuration 5202parameter. See there for details. </p> 5203 5204<p> This feature is available in Postfix 3.7 and later. </p> 5205 5206 5207</DD> 5208 5209<DT><b><a name="lmtp_mx_address_limit">lmtp_mx_address_limit</a> 5210(default: 5)</b></DT><DD> 5211 5212<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> configuration 5213parameter. See there for details. </p> 5214 5215<p> This feature is available in Postfix 2.3 and later. </p> 5216 5217 5218</DD> 5219 5220<DT><b><a name="lmtp_mx_session_limit">lmtp_mx_session_limit</a> 5221(default: 2)</b></DT><DD> 5222 5223<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> configuration 5224parameter. See there for details. </p> 5225 5226<p> This feature is available in Postfix 2.3 and later. </p> 5227 5228 5229</DD> 5230 5231<DT><b><a name="lmtp_nested_header_checks">lmtp_nested_header_checks</a> 5232(default: empty)</b></DT><DD> 5233 5234<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> 5235configuration parameter. See there for details. </p> 5236 5237<p> This feature is available in Postfix 2.5 and later. </p> 5238 5239 5240</DD> 5241 5242<DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a> 5243(default: no)</b></DT><DD> 5244 5245<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> 5246configuration parameter. See there for details. </p> 5247 5248<p> This feature is available in Postfix 2.9 and later. </p> 5249 5250 5251</DD> 5252 5253<DT><b><a name="lmtp_per_request_deadline">lmtp_per_request_deadline</a> 5254(default: no)</b></DT><DD> 5255 5256<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> 5257configuration parameter. See there for details. </p> 5258 5259<p> This feature is available in Postfix 3.7 and later. </p> 5260 5261 5262</DD> 5263 5264<DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a> 5265(default: 10s)</b></DT><DD> 5266 5267<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 5268configuration parameter. See there for details. </p> 5269 5270<p> This feature is available in Postfix 2.3 and later. </p> 5271 5272 5273</DD> 5274 5275<DT><b><a name="lmtp_pix_workaround_maps">lmtp_pix_workaround_maps</a> 5276(default: empty)</b></DT><DD> 5277 5278<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 5279configuration parameter. See there for details. </p> 5280 5281<p> This feature is available in Postfix 2.4 and later. </p> 5282 5283 5284</DD> 5285 5286<DT><b><a name="lmtp_pix_workaround_threshold_time">lmtp_pix_workaround_threshold_time</a> 5287(default: 500s)</b></DT><DD> 5288 5289<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 5290configuration parameter. See there for details. </p> 5291 5292<p> This feature is available in Postfix 2.3 and later. </p> 5293 5294 5295</DD> 5296 5297<DT><b><a name="lmtp_pix_workarounds">lmtp_pix_workarounds</a> 5298(default: empty)</b></DT><DD> 5299 5300<p> The LMTP-specific version of the smtp_pix_workaround 5301configuration parameter. See there for details. </p> 5302 5303<p> This feature is available in Postfix 2.4 and later. </p> 5304 5305 5306</DD> 5307 5308<DT><b><a name="lmtp_quit_timeout">lmtp_quit_timeout</a> 5309(default: 300s)</b></DT><DD> 5310 5311<p> 5312The Postfix LMTP client time limit for sending the QUIT command, 5313and for receiving the remote LMTP server response. 5314</p> 5315 5316<p> Specify a non-zero time value (an integral value plus an optional 5317one-letter suffix that specifies the time unit). Time units: s 5318(seconds), m (minutes), h (hours), d (days), w (weeks). 5319The default time unit is s (seconds). </p> 5320 5321 5322</DD> 5323 5324<DT><b><a name="lmtp_quote_rfc821_envelope">lmtp_quote_rfc821_envelope</a> 5325(default: yes)</b></DT><DD> 5326 5327<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 5328configuration parameter. See there for details. </p> 5329 5330<p> This feature is available in Postfix 2.3 and later. </p> 5331 5332 5333</DD> 5334 5335<DT><b><a name="lmtp_randomize_addresses">lmtp_randomize_addresses</a> 5336(default: yes)</b></DT><DD> 5337 5338<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> 5339configuration parameter. See there for details. </p> 5340 5341<p> This feature is available in Postfix 2.3 and later. </p> 5342 5343 5344</DD> 5345 5346<DT><b><a name="lmtp_rcpt_timeout">lmtp_rcpt_timeout</a> 5347(default: 300s)</b></DT><DD> 5348 5349<p> 5350The Postfix LMTP client time limit for sending the RCPT TO command, 5351and for receiving the remote LMTP server response. 5352</p> 5353 5354<p> Specify a non-zero time value (an integral value plus an optional 5355one-letter suffix that specifies the time unit). Time units: s 5356(seconds), m (minutes), h (hours), d (days), w (weeks). 5357The default time unit is s (seconds). </p> 5358 5359 5360</DD> 5361 5362<DT><b><a name="lmtp_reply_filter">lmtp_reply_filter</a> 5363(default: empty)</b></DT><DD> 5364 5365<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> 5366configuration parameter. See there for details. </p> 5367 5368<p> This feature is available in Postfix 2.7 and later. </p> 5369 5370 5371</DD> 5372 5373<DT><b><a name="lmtp_rset_timeout">lmtp_rset_timeout</a> 5374(default: 20s)</b></DT><DD> 5375 5376<p> The Postfix LMTP client time limit for sending the RSET command, 5377and for receiving the remote LMTP server response. The LMTP client 5378sends RSET in 5379order to finish a recipient address probe, or to verify that a 5380cached connection is still alive. </p> 5381 5382<p> Specify a non-zero time value (an integral value plus an optional 5383one-letter suffix that specifies the time unit). Time units: s 5384(seconds), m (minutes), h (hours), d (days), w (weeks). 5385The default time unit is s (seconds). </p> 5386 5387 5388</DD> 5389 5390<DT><b><a name="lmtp_sasl_auth_cache_name">lmtp_sasl_auth_cache_name</a> 5391(default: empty)</b></DT><DD> 5392 5393<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 5394configuration parameter. See there for details. </p> 5395 5396<p> This feature is available in Postfix 2.5 and later. </p> 5397 5398 5399</DD> 5400 5401<DT><b><a name="lmtp_sasl_auth_cache_time">lmtp_sasl_auth_cache_time</a> 5402(default: 90d)</b></DT><DD> 5403 5404<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 5405configuration parameter. See there for details. </p> 5406 5407<p> This feature is available in Postfix 2.5 and later. </p> 5408 5409 5410</DD> 5411 5412<DT><b><a name="lmtp_sasl_auth_enable">lmtp_sasl_auth_enable</a> 5413(default: no)</b></DT><DD> 5414 5415<p> 5416Enable SASL authentication in the Postfix LMTP client. 5417</p> 5418 5419 5420</DD> 5421 5422<DT><b><a name="lmtp_sasl_auth_soft_bounce">lmtp_sasl_auth_soft_bounce</a> 5423(default: yes)</b></DT><DD> 5424 5425<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 5426configuration parameter. See there for details. </p> 5427 5428<p> This feature is available in Postfix 2.5 and later. </p> 5429 5430 5431</DD> 5432 5433<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a> 5434(default: empty)</b></DT><DD> 5435 5436<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 5437configuration parameter. See there for details. </p> 5438 5439<p> This feature is available in Postfix 2.3 and later. </p> 5440 5441 5442</DD> 5443 5444<DT><b><a name="lmtp_sasl_password_maps">lmtp_sasl_password_maps</a> 5445(default: empty)</b></DT><DD> 5446 5447<p> 5448Optional Postfix LMTP client lookup tables with one username:password entry 5449per host or domain. If a remote host or domain has no username:password 5450entry, then the Postfix LMTP client will not attempt to authenticate 5451to the remote host. 5452</p> 5453 5454 5455</DD> 5456 5457<DT><b><a name="lmtp_sasl_password_result_delimiter">lmtp_sasl_password_result_delimiter</a> 5458(default: :)</b></DT><DD> 5459 5460<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> 5461configuration parameter. See there for details. </p> 5462 5463 5464</DD> 5465 5466<DT><b><a name="lmtp_sasl_path">lmtp_sasl_path</a> 5467(default: empty)</b></DT><DD> 5468 5469<p> Implementation-specific information that is passed through to 5470the SASL plug-in implementation that is selected with 5471<b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. Typically this specifies the name of a 5472configuration file or rendezvous point. </p> 5473 5474<p> This feature is available in Postfix 2.3 and later. </p> 5475 5476 5477</DD> 5478 5479<DT><b><a name="lmtp_sasl_security_options">lmtp_sasl_security_options</a> 5480(default: noplaintext, noanonymous)</b></DT><DD> 5481 5482<p> SASL security options; as of Postfix 2.3 the list of available 5483features depends on the SASL client implementation that is selected 5484with <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. </p> 5485 5486<p> The following security features are defined for the <b>cyrus</b> 5487client SASL implementation: </p> 5488 5489<dl> 5490 5491<dt><b>noplaintext</b></dt> 5492 5493<dd>Disallow authentication methods that use plaintext passwords. </dd> 5494 5495<dt><b>noactive</b></dt> 5496 5497<dd>Disallow authentication methods that are vulnerable to non-dictionary 5498active attacks. </dd> 5499 5500<dt><b>nodictionary</b></dt> 5501 5502<dd>Disallow authentication methods that are vulnerable to passive 5503dictionary attacks. </dd> 5504 5505<dt><b>noanonymous</b></dt> 5506 5507<dd>Disallow anonymous logins. </dd> 5508 5509</dl> 5510 5511<p> 5512Example: 5513</p> 5514 5515<pre> 5516<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a> = noplaintext 5517</pre> 5518 5519 5520</DD> 5521 5522<DT><b><a name="lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a> 5523(default: $<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a>)</b></DT><DD> 5524 5525<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 5526configuration parameter. See there for details. </p> 5527 5528<p> This feature is available in Postfix 2.3 and later. </p> 5529 5530 5531</DD> 5532 5533<DT><b><a name="lmtp_sasl_tls_verified_security_options">lmtp_sasl_tls_verified_security_options</a> 5534(default: $<a href="postconf.5.html#lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>)</b></DT><DD> 5535 5536<p> The LMTP-specific version of the 5537<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> configuration parameter. 5538See there for details. </p> 5539 5540<p> This feature is available in Postfix 2.3 and later. </p> 5541 5542 5543</DD> 5544 5545<DT><b><a name="lmtp_sasl_type">lmtp_sasl_type</a> 5546(default: cyrus)</b></DT><DD> 5547 5548<p> The SASL plug-in type that the Postfix LMTP client should use 5549for authentication. The available types are listed with the 5550"<b>postconf -A</b>" command. </p> 5551 5552<p> This feature is available in Postfix 2.3 and later. </p> 5553 5554 5555</DD> 5556 5557<DT><b><a name="lmtp_send_dummy_mail_auth">lmtp_send_dummy_mail_auth</a> 5558(default: no)</b></DT><DD> 5559 5560<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 5561configuration parameter. See there for details. </p> 5562 5563<p> This feature is available in Postfix 2.9 and later. </p> 5564 5565 5566</DD> 5567 5568<DT><b><a name="lmtp_send_xforward_command">lmtp_send_xforward_command</a> 5569(default: no)</b></DT><DD> 5570 5571<p> 5572Send an XFORWARD command to the remote LMTP server when the LMTP LHLO 5573server response announces XFORWARD support. This allows an <a href="lmtp.8.html">lmtp(8)</a> 5574delivery agent, used for content filter message injection, to 5575forward the name, address, protocol and HELO name of the original 5576client to the content filter and downstream LMTP server. 5577Before you change the value to yes, it is best to make sure that 5578your content filter supports this command. 5579</p> 5580 5581<p> 5582This feature is available in Postfix 2.1 and later. 5583</p> 5584 5585 5586</DD> 5587 5588<DT><b><a name="lmtp_sender_dependent_authentication">lmtp_sender_dependent_authentication</a> 5589(default: no)</b></DT><DD> 5590 5591<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 5592configuration parameter. See there for details. </p> 5593 5594<p> This feature is available in Postfix 2.3 and later. </p> 5595 5596 5597</DD> 5598 5599<DT><b><a name="lmtp_skip_5xx_greeting">lmtp_skip_5xx_greeting</a> 5600(default: yes)</b></DT><DD> 5601 5602<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 5603configuration parameter. See there for details. </p> 5604 5605<p> This feature is available in Postfix 2.3 and later. </p> 5606 5607 5608</DD> 5609 5610<DT><b><a name="lmtp_skip_quit_response">lmtp_skip_quit_response</a> 5611(default: no)</b></DT><DD> 5612 5613<p> 5614Wait for the response to the LMTP QUIT command. 5615</p> 5616 5617 5618</DD> 5619 5620<DT><b><a name="lmtp_starttls_timeout">lmtp_starttls_timeout</a> 5621(default: 300s)</b></DT><DD> 5622 5623<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> configuration 5624parameter. See there for details. </p> 5625 5626<p> This feature is available in Postfix 2.3 and later. </p> 5627 5628 5629</DD> 5630 5631<DT><b><a name="lmtp_tcp_port">lmtp_tcp_port</a> 5632(default: 24)</b></DT><DD> 5633 5634<p> 5635The default TCP port that the Postfix LMTP client connects to. 5636Specify a symbolic name (see services(5)) or a numeric port. 5637</p> 5638 5639 5640</DD> 5641 5642<DT><b><a name="lmtp_tls_CAfile">lmtp_tls_CAfile</a> 5643(default: empty)</b></DT><DD> 5644 5645<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> 5646configuration parameter. See there for details. </p> 5647 5648<p> This feature is available in Postfix 2.3 and later. </p> 5649 5650 5651</DD> 5652 5653<DT><b><a name="lmtp_tls_CApath">lmtp_tls_CApath</a> 5654(default: empty)</b></DT><DD> 5655 5656<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> 5657configuration parameter. See there for details. </p> 5658 5659<p> This feature is available in Postfix 2.3 and later. </p> 5660 5661 5662</DD> 5663 5664<DT><b><a name="lmtp_tls_block_early_mail_reply">lmtp_tls_block_early_mail_reply</a> 5665(default: empty)</b></DT><DD> 5666 5667<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 5668configuration parameter. See there for details. </p> 5669 5670<p> This feature is available in Postfix 2.7 and later. </p> 5671 5672 5673</DD> 5674 5675<DT><b><a name="lmtp_tls_cert_file">lmtp_tls_cert_file</a> 5676(default: empty)</b></DT><DD> 5677 5678<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 5679configuration parameter. See there for details. </p> 5680 5681<p> This feature is available in Postfix 2.3 and later. </p> 5682 5683 5684</DD> 5685 5686<DT><b><a name="lmtp_tls_chain_files">lmtp_tls_chain_files</a> 5687(default: empty)</b></DT><DD> 5688 5689<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> configuration 5690parameter. See there for details. </p> 5691 5692<p> This feature is available in Postfix 3.4 and later. </p> 5693 5694 5695</DD> 5696 5697<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a> 5698(default: medium)</b></DT><DD> 5699 5700<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> configuration 5701parameter. See there for details. </p> 5702 5703<p> This feature is available in Postfix 2.6 and later. </p> 5704 5705 5706</DD> 5707 5708<DT><b><a name="lmtp_tls_connection_reuse">lmtp_tls_connection_reuse</a> 5709(default: no)</b></DT><DD> 5710 5711<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> configuration 5712parameter. See there for details. </p> 5713 5714<p> This feature is available in Postfix 3.4 and later. </p> 5715 5716 5717</DD> 5718 5719<DT><b><a name="lmtp_tls_dcert_file">lmtp_tls_dcert_file</a> 5720(default: empty)</b></DT><DD> 5721 5722<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> 5723configuration parameter. See there for details. </p> 5724 5725<p> This feature is available in Postfix 2.3 and later. </p> 5726 5727 5728</DD> 5729 5730<DT><b><a name="lmtp_tls_dkey_file">lmtp_tls_dkey_file</a> 5731(default: $<a href="postconf.5.html#lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>)</b></DT><DD> 5732 5733<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> 5734configuration parameter. See there for details. </p> 5735 5736<p> This feature is available in Postfix 2.3 and later. </p> 5737 5738 5739</DD> 5740 5741<DT><b><a name="lmtp_tls_eccert_file">lmtp_tls_eccert_file</a> 5742(default: empty)</b></DT><DD> 5743 5744<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> configuration 5745parameter. See there for details. </p> 5746 5747<p> This feature is available in Postfix 2.6 and later, when Postfix is 5748compiled and linked with OpenSSL 1.0.0 or later. </p> 5749 5750 5751</DD> 5752 5753<DT><b><a name="lmtp_tls_eckey_file">lmtp_tls_eckey_file</a> 5754(default: empty)</b></DT><DD> 5755 5756<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> configuration 5757parameter. See there for details. </p> 5758 5759<p> This feature is available in Postfix 2.6 and later, when Postfix is 5760compiled and linked with OpenSSL 1.0.0 or later. </p> 5761 5762 5763</DD> 5764 5765<DT><b><a name="lmtp_tls_enable_rpk">lmtp_tls_enable_rpk</a> 5766(default: yes)</b></DT><DD> 5767 5768<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> 5769configuration parameter. See there for details. </p> 5770 5771<p> This feature is available in Postfix 3.9 and later. </p> 5772 5773 5774</DD> 5775 5776<DT><b><a name="lmtp_tls_enforce_peername">lmtp_tls_enforce_peername</a> 5777(default: yes)</b></DT><DD> 5778 5779<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 5780configuration parameter. See there for details. </p> 5781 5782<p> This feature is available in Postfix 2.3 and later. </p> 5783 5784 5785</DD> 5786 5787<DT><b><a name="lmtp_tls_exclude_ciphers">lmtp_tls_exclude_ciphers</a> 5788(default: empty)</b></DT><DD> 5789 5790<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 5791configuration parameter. See there for details. </p> 5792 5793<p> This feature is available in Postfix 2.3 and later. </p> 5794 5795 5796</DD> 5797 5798<DT><b><a name="lmtp_tls_fingerprint_cert_match">lmtp_tls_fingerprint_cert_match</a> 5799(default: empty)</b></DT><DD> 5800 5801<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 5802configuration parameter. See there for details. </p> 5803 5804<p> This feature is available in Postfix 2.5 and later. </p> 5805 5806 5807</DD> 5808 5809<DT><b><a name="lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a> 5810(default: see "postconf -d" output)</b></DT><DD> 5811 5812<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 5813configuration parameter. See there for details. </p> 5814 5815<p> This feature is available in Postfix 2.5 and later. </p> 5816 5817 5818</DD> 5819 5820<DT><b><a name="lmtp_tls_force_insecure_host_tlsa_lookup">lmtp_tls_force_insecure_host_tlsa_lookup</a> 5821(default: no)</b></DT><DD> 5822 5823<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> 5824configuration parameter. See there for details. </p> 5825 5826<p> This feature is available in Postfix 2.11 and later. </p> 5827 5828 5829</DD> 5830 5831<DT><b><a name="lmtp_tls_key_file">lmtp_tls_key_file</a> 5832(default: $<a href="postconf.5.html#lmtp_tls_cert_file">lmtp_tls_cert_file</a>)</b></DT><DD> 5833 5834<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> 5835configuration parameter. See there for details. </p> 5836 5837<p> This feature is available in Postfix 2.3 and later. </p> 5838 5839 5840</DD> 5841 5842<DT><b><a name="lmtp_tls_loglevel">lmtp_tls_loglevel</a> 5843(default: 0)</b></DT><DD> 5844 5845<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> 5846configuration parameter. See there for details. </p> 5847 5848<p> This feature is available in Postfix 2.3 and later. </p> 5849 5850 5851</DD> 5852 5853<DT><b><a name="lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a> 5854(default: medium)</b></DT><DD> 5855 5856<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 5857configuration parameter. See there for details. </p> 5858 5859<p> This feature is available in Postfix 2.3 and later. </p> 5860 5861 5862</DD> 5863 5864<DT><b><a name="lmtp_tls_mandatory_exclude_ciphers">lmtp_tls_mandatory_exclude_ciphers</a> 5865(default: empty)</b></DT><DD> 5866 5867<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 5868configuration parameter. See there for details. </p> 5869 5870<p> This feature is available in Postfix 2.3 and later. </p> 5871 5872 5873</DD> 5874 5875<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a> 5876(default: see 'postconf -d' output)</b></DT><DD> 5877 5878<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 5879configuration parameter. See there for details. </p> 5880 5881<p> This feature is available in Postfix 2.3 and later. </p> 5882 5883 5884</DD> 5885 5886<DT><b><a name="lmtp_tls_note_starttls_offer">lmtp_tls_note_starttls_offer</a> 5887(default: no)</b></DT><DD> 5888 5889<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 5890configuration parameter. See there for details. </p> 5891 5892<p> This feature is available in Postfix 2.3 and later. </p> 5893 5894 5895</DD> 5896 5897<DT><b><a name="lmtp_tls_per_site">lmtp_tls_per_site</a> 5898(default: empty)</b></DT><DD> 5899 5900<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> configuration 5901parameter. See there for details. </p> 5902 5903<p> This feature is deprecated as of Postfix 3.9. Specify 5904<a href="postconf.5.html#lmtp_tls_policy_maps">lmtp_tls_policy_maps</a> instead. </p> 5905 5906<p> This feature is available in Postfix 2.3 and later. </p> 5907 5908 5909</DD> 5910 5911<DT><b><a name="lmtp_tls_policy_maps">lmtp_tls_policy_maps</a> 5912(default: empty)</b></DT><DD> 5913 5914<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> 5915configuration parameter. See there for details. </p> 5916 5917<p> This feature is available in Postfix 2.3 and later. </p> 5918 5919 5920</DD> 5921 5922<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a> 5923(default: see 'postconf -d' output)</b></DT><DD> 5924 5925<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration 5926parameter. See there for details. </p> 5927 5928<p> This feature is available in Postfix 2.6 and later. </p> 5929 5930 5931</DD> 5932 5933<DT><b><a name="lmtp_tls_scert_verifydepth">lmtp_tls_scert_verifydepth</a> 5934(default: 9)</b></DT><DD> 5935 5936<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 5937configuration parameter. See there for details. </p> 5938 5939<p> This feature is available in Postfix 2.3 and later. </p> 5940 5941 5942</DD> 5943 5944<DT><b><a name="lmtp_tls_secure_cert_match">lmtp_tls_secure_cert_match</a> 5945(default: nexthop)</b></DT><DD> 5946 5947<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 5948configuration parameter. See there for details. </p> 5949 5950<p> This feature is available in Postfix 2.3 and later. </p> 5951 5952 5953</DD> 5954 5955<DT><b><a name="lmtp_tls_security_level">lmtp_tls_security_level</a> 5956(default: empty)</b></DT><DD> 5957 5958<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> configuration 5959parameter. See there for details. </p> 5960 5961<p> This feature is available in Postfix 2.3 and later. </p> 5962 5963 5964</DD> 5965 5966<DT><b><a name="lmtp_tls_servername">lmtp_tls_servername</a> 5967(default: empty)</b></DT><DD> 5968 5969<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> configuration 5970parameter. See there for details. </p> 5971 5972<p> This feature is available in Postfix 3.4 and later. </p> 5973 5974 5975</DD> 5976 5977<DT><b><a name="lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a> 5978(default: empty)</b></DT><DD> 5979 5980<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 5981configuration parameter. See there for details. </p> 5982 5983<p> This feature is available in Postfix 2.3 and later. </p> 5984 5985 5986</DD> 5987 5988<DT><b><a name="lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a> 5989(default: 3600s)</b></DT><DD> 5990 5991<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 5992configuration parameter. See there for details. </p> 5993 5994<p> This feature is available in Postfix 2.3 and later. </p> 5995 5996 5997</DD> 5998 5999<DT><b><a name="lmtp_tls_trust_anchor_file">lmtp_tls_trust_anchor_file</a> 6000(default: empty)</b></DT><DD> 6001 6002<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> 6003configuration parameter. See there for details. </p> 6004 6005<p> This feature is available in Postfix 2.11 and later. </p> 6006 6007 6008</DD> 6009 6010<DT><b><a name="lmtp_tls_verify_cert_match">lmtp_tls_verify_cert_match</a> 6011(default: hostname)</b></DT><DD> 6012 6013<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 6014configuration parameter. See there for details. </p> 6015 6016<p> This feature is available in Postfix 2.3 and later. </p> 6017 6018 6019</DD> 6020 6021<DT><b><a name="lmtp_tls_wrappermode">lmtp_tls_wrappermode</a> 6022(default: no)</b></DT><DD> 6023 6024<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> configuration 6025parameter. See there for details. </p> 6026 6027<p> This feature is available in Postfix 3.0 and later. </p> 6028 6029 6030</DD> 6031 6032<DT><b><a name="lmtp_use_tls">lmtp_use_tls</a> 6033(default: no)</b></DT><DD> 6034 6035<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> configuration 6036parameter. See there for details. </p> 6037 6038<p> This feature is deprecated as of Postfix 3.9. Specify 6039<a href="postconf.5.html#lmtp_tls_security_level">lmtp_tls_security_level</a> instead. </p> 6040 6041<p> This feature is available in Postfix 2.3 and later. </p> 6042 6043 6044</DD> 6045 6046<DT><b><a name="lmtp_xforward_timeout">lmtp_xforward_timeout</a> 6047(default: 300s)</b></DT><DD> 6048 6049<p> 6050The Postfix LMTP client time limit for sending the XFORWARD command, 6051and for receiving the remote LMTP server response. 6052</p> 6053 6054<p> 6055In case of problems the client does NOT try the next address on 6056the mail exchanger list. 6057</p> 6058 6059<p> Specify a non-zero time value (an integral value plus an optional 6060one-letter suffix that specifies the time unit). Time units: s 6061(seconds), m (minutes), h (hours), d (days), w (weeks). 6062The default time unit is s (seconds). </p> 6063 6064<p> 6065This feature is available in Postfix 2.1 and later. 6066</p> 6067 6068 6069</DD> 6070 6071<DT><b><a name="local_command_shell">local_command_shell</a> 6072(default: empty)</b></DT><DD> 6073 6074<p> 6075Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix commands. 6076By default, non-Postfix commands are executed directly; commands 6077are given to the default shell (typically, /bin/sh) only when they 6078contain shell meta characters or shell built-in commands. 6079</p> 6080 6081<p> "sendmail's restricted shell" (smrsh) is what most people will 6082use in order to restrict what programs can be run from e.g. .forward 6083files (smrsh is part of the Sendmail distribution). </p> 6084 6085<p> Note: when a shell program is specified, it is invoked even 6086when the command contains no shell built-in commands or meta 6087characters. </p> 6088 6089<p> 6090Example: 6091</p> 6092 6093<pre> 6094<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /some/where/smrsh -c 6095<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /bin/bash -c 6096</pre> 6097 6098 6099</DD> 6100 6101<DT><b><a name="local_delivery_status_filter">local_delivery_status_filter</a> 6102(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD> 6103 6104<p> Optional filter for the <a href="local.8.html">local(8)</a> delivery agent to change the 6105status code or explanatory text of successful or unsuccessful 6106deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p> 6107 6108<p> This feature is available in Postfix 3.0 and later. </p> 6109 6110 6111</DD> 6112 6113<DT><b><a name="local_destination_concurrency_limit">local_destination_concurrency_limit</a> 6114(default: 2)</b></DT><DD> 6115 6116<p> The maximal number of parallel deliveries via the local mail 6117delivery transport to the same recipient (when 6118"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or the maximal number of 6119parallel deliveries to the same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when 6120"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> > 1"). This limit is enforced by 6121the queue manager. The message delivery transport name is the first 6122field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 6123 6124<p> A low limit of 2 is recommended, just in case someone has an 6125expensive shell command in a .forward file or in an alias (e.g., 6126a mailing list manager). You don't want to run lots of those at 6127the same time. </p> 6128 6129 6130</DD> 6131 6132<DT><b><a name="local_destination_recipient_limit">local_destination_recipient_limit</a> 6133(default: 1)</b></DT><DD> 6134 6135<p> The maximal number of recipients per message delivery via the 6136local mail delivery transport. This limit is enforced by the queue 6137manager. The message delivery transport name is the first field in 6138the entry in the <a href="master.5.html">master.cf</a> file. </p> 6139 6140<p> Setting this parameter to a value > 1 changes the meaning of 6141<a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> from concurrency per recipient 6142into concurrency per domain. </p> 6143 6144 6145</DD> 6146 6147<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a> 6148(default: <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b></DT><DD> 6149 6150<p> Rewrite or add message headers in mail from these clients, 6151updating incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or 6152$<a href="postconf.5.html#mydomain">mydomain</a>, and adding missing headers. </p> 6153 6154<p> See the <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> and <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameters 6155for details of how domain names are appended to incomplete addresses. 6156</p> 6157 6158<p> See <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> to optionally rewrite or add 6159message headers in mail from other clients. </p> 6160 6161<p> Specify a list of zero or more of the following: </p> 6162 6163<dl> 6164 6165<dt><b><a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 6166 6167<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 6168client IP address matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This is enabled by 6169default. </dd> 6170 6171<dt><b><a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a></b></dt> 6172 6173<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 6174client IP address matches any network or network address listed in 6175$<a href="postconf.5.html#mynetworks">mynetworks</a>. This setting will not prevent remote mail header 6176address rewriting when mail from a remote client is forwarded by 6177a neighboring system. </dd> 6178 6179<dt><b><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt> 6180 6181<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 6182client is successfully authenticated via the <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) 6183protocol. </dd> 6184 6185<dt><b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt> 6186 6187<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 6188remote SMTP client TLS certificate fingerprint or public key fingerprint 6189(Postfix 2.9 and later) is listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 6190The fingerprint digest algorithm is configurable via the 6191<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 6192Postfix version 2.5). </dd> 6193 6194<dd> The default algorithm is <b>sha256</b> with Postfix ≥ 3.6 6195and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix 6196≤ 3.5, the default algorithm is <b>md5</b>. The best-practice 6197algorithm is now <b>sha256</b>. Recent advances in hash function 6198cryptanalysis have led to md5 and sha1 being deprecated in favor of 6199sha256. However, as long as there are no known "second pre-image" 6200attacks against the older algorithms, their use in this context, though 6201not recommended, is still likely safe. </dd> 6202 6203<dt><b><a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </b></dt> 6204 6205<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 6206remote SMTP client TLS certificate is successfully verified, regardless of 6207whether it is listed on the server, and regardless of the certifying 6208authority. </dd> 6209 6210<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 6211 6212<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 6213 6214<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 6215client IP address matches the specified lookup table. 6216The lookup result is ignored, and no subnet lookup is done. This 6217is suitable for, e.g., pop-before-smtp lookup tables. </dd> 6218 6219</dl> 6220 6221<p> Examples: </p> 6222 6223<p> The Postfix < 2.2 backwards compatible setting: always rewrite 6224message headers, and always append my own domain to incomplete 6225header addresses. </p> 6226 6227<blockquote> 6228<pre> 6229<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all 6230</pre> 6231</blockquote> 6232 6233<p> The purist (and default) setting: rewrite headers only in mail 6234from Postfix sendmail and in SMTP mail from this machine. </p> 6235 6236<blockquote> 6237<pre> 6238<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a> 6239</pre> 6240</blockquote> 6241 6242<p> The intermediate setting: rewrite header addresses and append 6243$<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> information only with mail from Postfix 6244sendmail, from local clients, or from authorized SMTP clients. </p> 6245 6246<p> Note: this setting will not prevent remote mail header address 6247rewriting when mail from a remote client is forwarded by a neighboring 6248system. </p> 6249 6250<blockquote> 6251<pre> 6252<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 6253 <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 6254 <a href="postconf.5.html#check_address_map">check_address_map</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/pop-before-smtp 6255</pre> 6256</blockquote> 6257 6258 6259</DD> 6260 6261<DT><b><a name="local_login_sender_maps">local_login_sender_maps</a> 6262(default: <a href="DATABASE_README.html#types">static</a>:*)</b></DT><DD> 6263 6264<p> A list of lookup tables that are searched by the UNIX login name, 6265and that return a list of allowed envelope sender patterns separated 6266by space or comma. These sender patterns are enforced by the Postfix 6267<a href="postdrop.1.html">postdrop(1)</a> command. The default is backwards-compatible: 6268every user may specify any sender envelope address. </p> 6269 6270<p> When no UNIX login name is available, the <a href="postdrop.1.html">postdrop(1)</a> command will 6271prepend "<b>uid:</b>" to the numerical UID and use that instead. </p> 6272 6273<p> This feature ignores address extensions in the user-specified 6274envelope sender address. </p> 6275 6276<p> Note: to enforce that the From: header address matches the envelope 6277sender (MAIL FROM) address, specify an external filter such as a Milter, 6278with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> parameter. For example: 6279<a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>. </p> 6280 6281<p> The following sender patterns are special; these cannot be used 6282as part of a longer pattern. </p> 6283 6284<dl compact> 6285 6286<dt> <b> * </b> <dd> This pattern allows any envelope sender address. 6287</dd> 6288 6289<dt> <b> <> </b> </dt> <dd> This pattern allows the empty 6290envelope sender address. See the 6291<a href="postconf.5.html#empty_address_local_login_sender_maps_lookup_key">empty_address_local_login_sender_maps_lookup_key</a> configuration 6292parameter. </dd> 6293 6294<dt> <b> @</b><i>domain</i> </dt> <dd> This pattern allows an 6295envelope sender address when the '<b>@</b>' and <i>domain</i> part 6296match. </dd> 6297 6298</dl> 6299 6300<p> Examples: </p> 6301 6302<pre> 6303/etc/postfix/<a href="postconf.5.html">main.cf</a>: 6304 # Allow root and postfix full control, anyone else can only 6305 # send mail as themselves. Use "uid:" followed by the numerical 6306 # UID when the UID has no entry in the UNIX password file. 6307 <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> = 6308 <a href="DATABASE_README.html#types">inline</a>:{ { root = * }, { postfix = * } }, 6309 <a href="pcre_table.5.html">pcre</a>:/etc/postfix/login_senders 6310</pre> 6311 6312<pre> 6313/etc/postfix/login_senders: 6314 # Allow both the bare username and the user@domain forms. 6315 /(.+)/ $1 $1@example.com 6316</pre> 6317 6318<p> This feature is available in Postfix 3.6 and later. </p> 6319 6320 6321</DD> 6322 6323<DT><b><a name="local_recipient_maps">local_recipient_maps</a> 6324(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD> 6325 6326<p> Lookup tables with all names or addresses of valid local 6327recipients. A recipient address is local when its domain matches 6328$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p> 6329 6330<p> If the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter value is non-empty (the 6331default), then the Postfix SMTP server queries <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> 6332as specified in "<a href="LOCAL_RECIPIENT_README.html#format">Local 6333recipient table query format</a>", and rejects mail for unknown 6334local recipients. Other Postfix interfaces such as the Postfix 6335<a href="sendmail.1.html">sendmail(1)</a> command may still accept an "unknown" recipient. </p> 6336 6337<p> The default <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting assumes that <a href="postconf.5.html#local_transport">local_transport</a> 6338specifies the UNIX-compatible <a href="local.8.html">local(8)</a> delivery agent which queries 6339the UNIX passwd database (typically, /etc.passwd) and the local 6340aliases database (typically, /etc/aliases). The <a href="proxymap.8.html">proxy</a>: agent allows 6341the Postfix SMTP server to access the UNIX passwd database from 6342outside a chroot jail. </p> 6343 6344<p> For other local mail delivery configurations, see "<a href="LOCAL_RECIPIENT_README.html#change">When you need to 6345change the local_recipient_maps setting in main.cf</a>". </p> 6346 6347<p> 6348Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as 6349lists: The Postfix SMTP server needs to know only if a lookup string 6350is found or not, but it does not use the result from table lookup. </p> 6351 6352<p> 6353Specify zero or more "type:name" lookup tables, separated by 6354whitespace or comma. Tables will be searched in the specified order 6355until a match is found. 6356</p> 6357 6358<p> 6359To turn off local recipient checking in the Postfix SMTP server, 6360specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty). 6361</p> 6362 6363<p> 6364Examples: 6365</p> 6366 6367<pre> 6368<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = 6369</pre> 6370 6371 6372</DD> 6373 6374<DT><b><a name="local_transport">local_transport</a> 6375(default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 6376 6377<p> The default mail delivery transport and next-hop destination 6378for final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for 6379[ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 6380This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 6381 6382<p> 6383By default, local mail is delivered to the transport called "local", 6384which is just the name of a service that is defined the <a href="master.5.html">master.cf</a> file. 6385</p> 6386 6387<p> 6388Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 6389is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 6390The <i>:nexthop</i> destination is optional; its syntax is documented 6391in the manual page of the corresponding delivery agent. 6392</p> 6393 6394<p> 6395Beware: if you override the default local delivery agent then you 6396need to review the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> document, otherwise the 6397SMTP server may reject mail for local recipients. 6398</p> 6399 6400 6401</DD> 6402 6403<DT><b><a name="luser_relay">luser_relay</a> 6404(default: empty)</b></DT><DD> 6405 6406<p> 6407Optional catch-all destination for unknown <a href="local.8.html">local(8)</a> recipients. 6408By default, mail for unknown recipients in domains that match 6409$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> is returned 6410as undeliverable. 6411</p> 6412 6413<p> 6414The <a href="postconf.5.html#luser_relay">luser_relay</a> value is not subject to Postfix configuration 6415parameter $name expansion. Instead, the following $name expansions 6416are done: 6417</p> 6418 6419<dl> 6420 6421<dt><b>$domain</b></dt> 6422 6423<dd>The recipient domain. </dd> 6424 6425<dt><b>$extension</b></dt> 6426 6427<dd>The recipient address extension. </dd> 6428 6429<dt><b>$home</b></dt> 6430 6431<dd>The recipient's home directory. </dd> 6432 6433<dt><b>$local</b></dt> 6434 6435<dd>The entire recipient address localpart. </dd> 6436 6437<dt><b>$recipient</b></dt> 6438 6439<dd>The full recipient address. </dd> 6440 6441<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 6442 6443<dd>The address extension delimiter that was found in the recipient 6444address (Postfix 2.11 and later), or the system-wide recipient 6445address extension delimiter (Postfix 2.10 and earlier). </dd> 6446 6447<dt><b>$shell</b></dt> 6448 6449<dd>The recipient's login shell. </dd> 6450 6451<dt><b>$user</b></dt> 6452 6453<dd>The recipient username. </dd> 6454 6455<dt><b>${name?value}</b></dt> 6456 6457<dt><b>${name?{value}}</b> (Postfix ≥ 3.0)</dt> 6458 6459<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 6460 6461<dt><b>${name:value}</b></dt> 6462 6463<dt><b>${name:{value}}</b> (Postfix ≥ 3.0)</dt> 6464 6465<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 6466 6467<dt><b>${name?{value1}:{value2}}</b> (Postfix ≥ 3.0)</dt> 6468 6469<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty, 6470<i>value2</i> otherwise. </dd> 6471 6472</dl> 6473 6474<p> 6475Instead of $name you can also specify ${name} or $(name). 6476</p> 6477 6478<p> 6479Note: <a href="postconf.5.html#luser_relay">luser_relay</a> works only for the Postfix <a href="local.8.html">local(8)</a> delivery agent. 6480</p> 6481 6482<p> 6483Note: if you use this feature for accounts not in the UNIX password 6484file, then you must specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty) 6485in the <a href="postconf.5.html">main.cf</a> file, otherwise the Postfix SMTP server will reject mail 6486for non-UNIX accounts with "User unknown in local recipient table". 6487</p> 6488 6489<p> 6490Examples: 6491</p> 6492 6493<pre> 6494<a href="postconf.5.html#luser_relay">luser_relay</a> = $user@other.host 6495<a href="postconf.5.html#luser_relay">luser_relay</a> = $local@other.host 6496<a href="postconf.5.html#luser_relay">luser_relay</a> = admin+$local 6497</pre> 6498 6499 6500</DD> 6501 6502<DT><b><a name="mail_name">mail_name</a> 6503(default: Postfix)</b></DT><DD> 6504 6505<p> 6506The mail system name that is displayed in Received: headers, in 6507the SMTP greeting banner, and in bounced mail. 6508</p> 6509 6510 6511</DD> 6512 6513<DT><b><a name="mail_owner">mail_owner</a> 6514(default: postfix)</b></DT><DD> 6515 6516<p> 6517The UNIX system account that owns the Postfix queue and most Postfix 6518daemon processes. Specify the name of an unprivileged user account 6519that does not share a user or group ID with other accounts, and that 6520owns no other files 6521or processes on the system. In particular, don't specify nobody 6522or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. 6523</p> 6524 6525<p> 6526When this parameter value is changed you need to re-run "<b>postfix 6527set-permissions</b>" (with Postfix version 2.0 and earlier: 6528"<b>/etc/postfix/post-install set-permissions</b>". 6529</p> 6530 6531 6532</DD> 6533 6534<DT><b><a name="mail_release_date">mail_release_date</a> 6535(default: see "postconf -d" output)</b></DT><DD> 6536 6537<p> 6538The Postfix release date, in "YYYYMMDD" format. 6539</p> 6540 6541 6542</DD> 6543 6544<DT><b><a name="mail_spool_directory">mail_spool_directory</a> 6545(default: see "postconf -d" output)</b></DT><DD> 6546 6547<p> 6548The directory where <a href="local.8.html">local(8)</a> UNIX-style mailboxes are kept. The 6549default setting depends on the system type. Specify a name ending 6550in / for maildir-style delivery. 6551</p> 6552 6553<p> 6554Note: maildir delivery is done with the privileges of the recipient. 6555If you use the <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> setting for maildir style 6556delivery, then you must create the top-level maildir directory in 6557advance. Postfix will not create it. 6558</p> 6559 6560<p> 6561Examples: 6562</p> 6563 6564<pre> 6565<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/mail 6566<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/spool/mail 6567</pre> 6568 6569 6570</DD> 6571 6572<DT><b><a name="mail_version">mail_version</a> 6573(default: see "postconf -d" output)</b></DT><DD> 6574 6575<p> 6576The version of the mail system. Stable releases are named 6577<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases 6578also include the release date. The version string can be used in, 6579for example, the SMTP greeting banner. 6580</p> 6581 6582 6583</DD> 6584 6585<DT><b><a name="mailbox_command">mailbox_command</a> 6586(default: empty)</b></DT><DD> 6587 6588<p> 6589Optional external command that the <a href="local.8.html">local(8)</a> delivery agent should 6590use for mailbox delivery. The command is run with the user ID and 6591the primary group ID privileges of the recipient. Exception: 6592command delivery for root executes with $<a href="postconf.5.html#default_privs">default_privs</a> privileges. 6593This is not a problem, because 1) mail for root should always be 6594aliased to a real user and 2) don't log in as root, use "su" instead. 6595</p> 6596 6597<p> 6598The following environment variables are exported to the command: 6599</p> 6600 6601<dl> 6602 6603<dt><b>CLIENT_ADDRESS</b></dt> 6604 6605<dd>Remote client network address. Available in Postfix version 2.2 and 6606later. </dd> 6607 6608<dt><b>CLIENT_HELO</b></dt> 6609 6610<dd>Remote client EHLO command parameter. Available in Postfix version 2.2 6611and later.</dd> 6612 6613<dt><b>CLIENT_HOSTNAME</b></dt> 6614 6615<dd>Remote client hostname. Available in Postfix version 2.2 and later. 6616</dd> 6617 6618<dt><b>CLIENT_PROTOCOL</b></dt> 6619 6620<dd>Remote client protocol. Available in Postfix version 2.2 and later. 6621</dd> 6622 6623<dt><b>DOMAIN</b></dt> 6624 6625<dd>The domain part of the recipient address. </dd> 6626 6627<dt><b>ENVID</b></dt> 6628 6629<dd>The optional <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID. Available in Postfix version 66303.9 and later</dd> 6631 6632<dt><b>EXTENSION</b></dt> 6633 6634<dd>The optional address extension. </dd> 6635 6636<dt><b>HOME</b></dt> 6637 6638<dd>The recipient home directory. </dd> 6639 6640<dt><b>LOCAL</b></dt> 6641 6642<dd>The recipient address localpart. </dd> 6643 6644<dt><b>LOGNAME</b></dt> 6645 6646<dd>The recipient's username. </dd> 6647 6648<dt><b>ORIGINAL_RECIPIENT</b></dt> 6649 6650<dd>The entire recipient address, before any address rewriting or 6651aliasing. </dd> 6652 6653<dt><b>RECIPIENT</b></dt> 6654 6655<dd>The full recipient address. </dd> 6656 6657<dt><b>SASL_METHOD</b></dt> 6658 6659<dd>SASL authentication method specified in the remote client AUTH 6660command. Available in Postfix version 2.2 and later. </dd> 6661 6662<dt><b>SASL_SENDER</b></dt> 6663 6664<dd>SASL sender address specified in the remote client MAIL FROM 6665command. Available in Postfix version 2.2 and later. </dd> 6666 6667<dt><b>SASL_USER</b></dt> 6668 6669<dd>SASL username specified in the remote client AUTH command. 6670Available in Postfix version 2.2 and later. </dd> 6671 6672<dt><b>SENDER</b></dt> 6673 6674<dd>The full sender address. </dd> 6675 6676<dt><b>SHELL</b></dt> 6677 6678<dd>The recipient's login shell. </dd> 6679 6680<dt><b>USER</b></dt> 6681 6682<dd>The recipient username. </dd> 6683 6684</dl> 6685 6686<p> 6687Unlike other Postfix configuration parameters, the <a href="postconf.5.html#mailbox_command">mailbox_command</a> 6688parameter is not subjected to $name substitutions. This is to make 6689it easier to specify shell syntax (see example below). 6690</p> 6691 6692<p> 6693If you can, avoid shell meta characters because they will force 6694Postfix to run an expensive shell process. If you're delivering 6695via "procmail" then running a shell won't make a noticeable difference 6696in the total cost. 6697</p> 6698 6699<p> 6700Note: if you use the <a href="postconf.5.html#mailbox_command">mailbox_command</a> feature to deliver mail 6701system-wide, you must set up an alias that forwards mail for root 6702to a real user. 6703</p> 6704 6705<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 6706is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 6707<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 6708<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 6709 6710<p> 6711Examples: 6712</p> 6713 6714<pre> 6715<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail 6716<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail -a "$EXTENSION" 6717<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/maildrop -d "$USER" 6718 -f "$SENDER" "$EXTENSION" 6719</pre> 6720 6721 6722</DD> 6723 6724<DT><b><a name="mailbox_command_maps">mailbox_command_maps</a> 6725(default: empty)</b></DT><DD> 6726 6727<p> 6728Optional lookup tables with per-recipient external commands to use 6729for <a href="local.8.html">local(8)</a> mailbox delivery. Behavior is as with <a href="postconf.5.html#mailbox_command">mailbox_command</a>. 6730</p> 6731 6732<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 6733is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 6734<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 6735<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 6736 6737<p> 6738Specify zero or more "type:name" lookup tables, separated by 6739whitespace or comma. Tables will be searched in the specified order 6740until a match is found. 6741</p> 6742 6743 6744</DD> 6745 6746<DT><b><a name="mailbox_delivery_lock">mailbox_delivery_lock</a> 6747(default: see "postconf -d" output)</b></DT><DD> 6748 6749<p> 6750How to lock a UNIX-style <a href="local.8.html">local(8)</a> mailbox before attempting delivery. 6751For a list of available file locking methods, use the "<b>postconf 6752-l</b>" command. 6753</p> 6754 6755<p> 6756This setting is ignored with <b>maildir</b> style delivery, 6757because such deliveries are safe without explicit locks. 6758</p> 6759 6760<p> 6761Note: The <b>dotlock</b> method requires that the recipient UID or 6762GID has write access to the parent directory of the mailbox file. 6763</p> 6764 6765<p> 6766Note: the default setting of this parameter is system dependent. 6767</p> 6768 6769 6770</DD> 6771 6772<DT><b><a name="mailbox_size_limit">mailbox_size_limit</a> 6773(default: 51200000)</b></DT><DD> 6774 6775<p> The maximal size of any <a href="local.8.html">local(8)</a> individual mailbox or maildir 6776file, or zero (no limit). In fact, this limits the size of any 6777file that is written to upon local delivery, including files written 6778by external commands that are executed by the <a href="local.8.html">local(8)</a> delivery 6779agent. The value cannot exceed LONG_MAX (typically, a 32-bit or 678064-bit signed integer). 6781</p> 6782 6783<p> 6784This limit must not be smaller than the message size limit. 6785</p> 6786 6787 6788</DD> 6789 6790<DT><b><a name="mailbox_transport">mailbox_transport</a> 6791(default: empty)</b></DT><DD> 6792 6793<p> 6794Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 6795agent should use for mailbox delivery to all local recipients, 6796whether or not they are found in the UNIX passwd database. 6797</p> 6798 6799<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 6800is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 6801<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 6802<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 6803 6804 6805</DD> 6806 6807<DT><b><a name="mailbox_transport_maps">mailbox_transport_maps</a> 6808(default: empty)</b></DT><DD> 6809 6810<p> Optional lookup tables with per-recipient message delivery 6811transports to use for <a href="local.8.html">local(8)</a> mailbox delivery, whether or not the 6812recipients are found in the UNIX passwd database. </p> 6813 6814<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 6815is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 6816<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 6817<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 6818 6819<p> 6820Specify zero or more "type:name" lookup tables, separated by 6821whitespace or comma. Tables will be searched in the specified order 6822until a match is found. 6823</p> 6824 6825<p> For safety reasons, this feature does not allow $number 6826substitutions in regular expression maps. </p> 6827 6828<p> This feature is available in Postfix 2.3 and later. </p> 6829 6830 6831</DD> 6832 6833<DT><b><a name="maillog_file">maillog_file</a> 6834(default: empty)</b></DT><DD> 6835 6836<p> The name of an optional logfile that is written by the Postfix 6837<a href="postlogd.8.html">postlogd(8)</a> service. An empty value selects logging to syslogd(8). 6838Specify "/dev/stdout" to select logging to standard output. Stdout 6839logging requires that Postfix is started with "postfix start-fg". 6840</p> 6841 6842<p> Note 1: The <a href="postconf.5.html#maillog_file">maillog_file</a> parameter value must contain a prefix 6843that is specified with the <a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a> parameter. </p> 6844 6845<p> Note 2: Some Postfix non-daemon programs may still log information 6846to syslogd(8), before they have processed their configuration 6847parameters and command-line options. </p> 6848 6849<p> This feature is available in Postfix 3.4 and later. </p> 6850 6851 6852</DD> 6853 6854<DT><b><a name="maillog_file_compressor">maillog_file_compressor</a> 6855(default: gzip)</b></DT><DD> 6856 6857<p> The program to run after rotating $<a href="postconf.5.html#maillog_file">maillog_file</a> with "postfix 6858logrotate". The command is run with the rotated logfile name as its 6859first argument. </p> 6860 6861<p> This feature is available in Postfix 3.4 and later. </p> 6862 6863 6864</DD> 6865 6866<DT><b><a name="maillog_file_permissions">maillog_file_permissions</a> 6867(default: 0600)</b></DT><DD> 6868 6869<p> The file access permissions that will be set when the file 6870$<a href="postconf.5.html#maillog_file">maillog_file</a> is created for the first time, or when the file is 6871created after an existing file is rotated. Specify one of: <b>0600</b> 6872(only super-user read/write access), <b>0640</b> (adds 'group' read 6873access), or <b>0644</b> (also adds 'other' read access). The leading 6874'0' is optional. </p> 6875 6876<p> This feature is available in Postfix 3.9 and later. </p> 6877 6878 6879</DD> 6880 6881<DT><b><a name="maillog_file_prefixes">maillog_file_prefixes</a> 6882(default: /var, /dev/stdout)</b></DT><DD> 6883 6884<p> A list of allowed prefixes for a <a href="postconf.5.html#maillog_file">maillog_file</a> value. This is a 6885safety feature to contain the damage from a single configuration 6886mistake. Specify one or more prefix strings, separated by comma or 6887whitespace. </p> 6888 6889<p> This feature is available in Postfix 3.4 and later. </p> 6890 6891 6892</DD> 6893 6894<DT><b><a name="maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> 6895(default: %Y%m%d-%H%M%S)</b></DT><DD> 6896 6897<p> The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotating 6898the file with "postfix logrotate". See strftime(3) for syntax. The 6899default suffix, YYYYMMDD-HHMMSS, allows logs to be rotated frequently. 6900</p> 6901 6902<p> This feature is available in Postfix 3.4 and later. </p> 6903 6904 6905</DD> 6906 6907<DT><b><a name="mailq_path">mailq_path</a> 6908(default: see "postconf -d" output)</b></DT><DD> 6909 6910<p> 6911Sendmail compatibility feature that specifies where the Postfix 6912<a href="mailq.1.html">mailq(1)</a> command is installed. This command can be used to 6913list the Postfix mail queue. 6914</p> 6915 6916 6917</DD> 6918 6919<DT><b><a name="manpage_directory">manpage_directory</a> 6920(default: see "postconf -d" output)</b></DT><DD> 6921 6922<p> 6923Where the Postfix manual pages are installed. 6924</p> 6925 6926 6927</DD> 6928 6929<DT><b><a name="maps_rbl_domains">maps_rbl_domains</a> 6930(default: empty)</b></DT><DD> 6931 6932<p> 6933Obsolete feature: use the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> feature instead. 6934</p> 6935 6936 6937</DD> 6938 6939<DT><b><a name="maps_rbl_reject_code">maps_rbl_reject_code</a> 6940(default: 554)</b></DT><DD> 6941 6942<p> 6943The numerical Postfix SMTP server response code when a remote SMTP 6944client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, 6945<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or 6946<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction. 6947</p> 6948 6949<p> 6950Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 6951</p> 6952 6953 6954</DD> 6955 6956<DT><b><a name="masquerade_classes">masquerade_classes</a> 6957(default: envelope_sender, header_sender, header_recipient)</b></DT><DD> 6958 6959<p> 6960What addresses are subject to address masquerading. 6961</p> 6962 6963<p> 6964By default, address masquerading is limited to envelope sender 6965addresses, and to header sender and header recipient addresses. 6966This allows you to use address masquerading on a mail gateway while 6967still being able to forward mail to users on individual machines. 6968</p> 6969 6970<p> 6971Specify zero or more of: envelope_sender, envelope_recipient, 6972header_sender, header_recipient 6973</p> 6974 6975 6976</DD> 6977 6978<DT><b><a name="masquerade_domains">masquerade_domains</a> 6979(default: empty)</b></DT><DD> 6980 6981<p> 6982Optional list of domains whose subdomain structure will be stripped 6983off in email addresses. 6984</p> 6985 6986<p> 6987The list is processed left to right, and processing stops at the 6988first match. Thus, 6989</p> 6990 6991<blockquote> 6992<pre> 6993<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = foo.example.com example.com 6994</pre> 6995</blockquote> 6996 6997<p> 6998strips "user@any.thing.foo.example.com" to "user@foo.example.com", 6999but strips "user@any.thing.else.example.com" to "user@example.com". 7000</p> 7001 7002<p> 7003A domain name prefixed with ! means do not masquerade this domain 7004or its subdomains. Thus, 7005</p> 7006 7007<blockquote> 7008<pre> 7009<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = !foo.example.com example.com 7010</pre> 7011</blockquote> 7012 7013<p> 7014does not change "user@any.thing.foo.example.com" or "user@foo.example.com", 7015but strips "user@any.thing.else.example.com" to "user@example.com". 7016</p> 7017 7018<p> Note: with Postfix version 2.2, message header address masquerading 7019happens only when message header address rewriting is enabled: </p> 7020 7021<ul> 7022 7023<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 7024 7025<li> The message is received from a network client that matches 7026$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 7027 7028<li> The message is received from the network, and the 7029<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 7030 7031</ul> 7032 7033<p> To get the behavior before Postfix version 2.2, specify 7034"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 7035 7036<p> 7037Example: 7038</p> 7039 7040<pre> 7041<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 7042</pre> 7043 7044 7045</DD> 7046 7047<DT><b><a name="masquerade_exceptions">masquerade_exceptions</a> 7048(default: empty)</b></DT><DD> 7049 7050<p> 7051Optional list of user names that are not subjected to address 7052masquerading, even when their addresses match $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>. 7053</p> 7054 7055<p> 7056By default, address masquerading makes no exceptions. 7057</p> 7058 7059<p> 7060Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 7061separated by commas and/or whitespace. The list is matched left to 7062right, and the search stops on the first match. A "/file/name" 7063pattern is replaced 7064by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 7065matches a lookup key (the lookup result is ignored). Continue long 7066lines by starting the next line with whitespace. Specify "!pattern" 7067to exclude a name from the list. The form "!/file/name" is supported 7068only in Postfix version 2.4 and later. </p> 7069 7070<p> 7071Examples: 7072</p> 7073 7074<pre> 7075<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root, mailer-daemon 7076<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root 7077</pre> 7078 7079 7080</DD> 7081 7082<DT><b><a name="master_service_disable">master_service_disable</a> 7083(default: empty)</b></DT><DD> 7084 7085<p> Selectively disable <a href="master.8.html">master(8)</a> listener ports by service type 7086or by service name and type. Specify a list of service types 7087("inet", "unix", "fifo", or "pass") or "name/type" tuples, where 7088"name" is the first field of a <a href="master.5.html">master.cf</a> entry and "type" is a 7089service type. As with other Postfix matchlists, a search stops at 7090the first match. Specify "!pattern" to exclude a service from the 7091list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled. </p> 7092 7093<p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 7094patterns, nor does it support wildcards such as "*" or "all". This 7095is intentional. </p> 7096 7097<p> Examples: </p> 7098 7099<pre> 7100# With Postfix 2.6..2.10 use '.' instead of '/'. 7101# Turn on all <a href="master.8.html">master(8)</a> listener ports (the default). 7102<a href="postconf.5.html#master_service_disable">master_service_disable</a> = 7103# Turn off only the main SMTP listener port. 7104<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp/inet 7105# Turn off all TCP/IP listener ports. 7106<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet 7107# Turn off all TCP/IP listener ports except "foo". 7108<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo/inet, inet 7109</pre> 7110 7111<p> This feature is available in Postfix 2.6 and later. </p> 7112 7113 7114</DD> 7115 7116<DT><b><a name="max_idle">max_idle</a> 7117(default: 100s)</b></DT><DD> 7118 7119<p> 7120The maximum amount of time that an idle Postfix daemon process waits 7121for an incoming connection before terminating voluntarily. This 7122parameter 7123is ignored by the Postfix queue manager and by other long-lived 7124Postfix daemon processes. 7125</p> 7126 7127<p> Specify a non-zero time value (an integral value plus an optional 7128one-letter suffix that specifies the time unit). Time units: s 7129(seconds), m (minutes), h (hours), d (days), w (weeks). 7130The default time unit is s (seconds). </p> 7131 7132 7133</DD> 7134 7135<DT><b><a name="max_use">max_use</a> 7136(default: 100)</b></DT><DD> 7137 7138<p> 7139The maximal number of incoming connections that a Postfix daemon 7140process will service before terminating voluntarily. This parameter 7141is ignored by the Postfix queue 7142manager and by other long-lived Postfix daemon processes. 7143</p> 7144 7145 7146</DD> 7147 7148<DT><b><a name="maximal_backoff_time">maximal_backoff_time</a> 7149(default: 4000s)</b></DT><DD> 7150 7151<p> 7152The maximal time between attempts to deliver a deferred message. 7153</p> 7154 7155<p> This parameter should be set to a value greater than or equal 7156to $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. </p> 7157 7158<p> Specify a non-zero time value (an integral value plus an optional 7159one-letter suffix that specifies the time unit). Time units: s 7160(seconds), m (minutes), h (hours), d (days), w (weeks). 7161The default time unit is s (seconds). </p> 7162 7163 7164</DD> 7165 7166<DT><b><a name="maximal_queue_lifetime">maximal_queue_lifetime</a> 7167(default: 5d)</b></DT><DD> 7168 7169<p> 7170Consider a message as undeliverable, when delivery fails with a 7171temporary error, and the time in the queue has reached the 7172<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> limit. 7173</p> 7174 7175<p> Specify a non-negative time value (an integral value plus an optional 7176one-letter suffix that specifies the time unit). Time units: s 7177(seconds), m (minutes), h (hours), d (days), w (weeks). 7178The default time unit is d (days). </p> 7179 7180<p> 7181Specify 0 when mail delivery should be tried only once. 7182</p> 7183 7184 7185</DD> 7186 7187<DT><b><a name="message_drop_headers">message_drop_headers</a> 7188(default: bcc, content-length, resent-bcc, return-path)</b></DT><DD> 7189 7190<p> Names of message headers that the <a href="cleanup.8.html">cleanup(8)</a> daemon will remove 7191after applying <a href="header_checks.5.html">header_checks(5)</a> and before invoking Milter applications. 7192The default setting is compatible with Postfix < 3.0. </p> 7193 7194<p> Specify a list of header names, separated by comma or space. 7195Names are matched in a case-insensitive manner. The list of supported 7196header names is limited only by available memory. </p> 7197 7198<p> This feature is available in Postfix 3.0 and later. </p> 7199 7200 7201</DD> 7202 7203<DT><b><a name="message_reject_characters">message_reject_characters</a> 7204(default: empty)</b></DT><DD> 7205 7206<p> The set of characters that Postfix will reject in message 7207content. The usual C-like escape sequences are recognized: <tt>\a 7208\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 7209<tt>\\</tt>. </p> 7210 7211<p> Note 1: this feature does not recognize text that requires MIME 7212decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 7213and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 7214 7215<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 7216= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 7217 7218<p> Example: </p> 7219 7220<pre> 7221<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0 7222</pre> 7223 7224<p> This feature is available in Postfix 2.3 and later. </p> 7225 7226 7227</DD> 7228 7229<DT><b><a name="message_size_limit">message_size_limit</a> 7230(default: 10240000)</b></DT><DD> 7231 7232<p> 7233The maximal size in bytes of a message, including envelope information. 7234The value cannot exceed LONG_MAX (typically, a 32-bit or 64-bit 7235signed integer). 7236</p> 7237 7238<p> Note: be careful when making changes. Excessively small values 7239will result in the loss of non-delivery notifications, when a bounce 7240message size exceeds the local or remote MTA's message size limit. 7241</p> 7242 7243 7244</DD> 7245 7246<DT><b><a name="message_strip_characters">message_strip_characters</a> 7247(default: empty)</b></DT><DD> 7248 7249<p> The set of characters that Postfix will remove from message 7250content. The usual C-like escape sequences are recognized: <tt>\a 7251\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 7252<tt>\\</tt>. </p> 7253 7254<p> Note 1: this feature does not recognize text that requires MIME 7255decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 7256and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 7257 7258<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 7259= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 7260 7261<p> Example: </p> 7262 7263<pre> 7264<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0 7265</pre> 7266 7267<p> This feature is available in Postfix 2.3 and later. </p> 7268 7269 7270</DD> 7271 7272<DT><b><a name="meta_directory">meta_directory</a> 7273(default: see 'postconf -d' output)</b></DT><DD> 7274 7275<p> The location of non-executable files that are shared among 7276multiple Postfix instances, such as postfix-files, dynamicmaps.cf, 7277and the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">master.cf</a>.proto. 7278This directory should contain only Postfix-related files. Typically, 7279the <a href="postconf.5.html#meta_directory">meta_directory</a> parameter has the same default as the <a href="postconf.5.html#config_directory">config_directory</a> 7280parameter (/etc/postfix or /usr/local/etc/postfix). </p> 7281 7282<p> For backwards compatibility with Postfix versions 2.6..2.11, 7283specify "<a href="postconf.5.html#meta_directory">meta_directory</a> = $<a href="postconf.5.html#daemon_directory">daemon_directory</a>" in <a href="postconf.5.html">main.cf</a> before 7284installing or upgrading Postfix, or specify "<a href="postconf.5.html#meta_directory">meta_directory</a> = 7285/path/name" on the "make makefiles", "make install" or "make upgrade" 7286command line. </p> 7287 7288<p> This feature is available in Postfix 3.0 and later. </p> 7289 7290 7291</DD> 7292 7293<DT><b><a name="milter_command_timeout">milter_command_timeout</a> 7294(default: 30s)</b></DT><DD> 7295 7296<p> The time limit for sending an SMTP command to a Milter (mail 7297filter) application, and for receiving the response. </p> 7298 7299<p> Specify a non-zero time value (an integral value plus an optional 7300one-letter suffix that specifies the time unit). Time units: s 7301(seconds), m (minutes), h (hours), d (days), w (weeks). 7302The default time unit is s (seconds). </p> 7303 7304<p> This feature is available in Postfix 2.3 and later. </p> 7305 7306 7307</DD> 7308 7309<DT><b><a name="milter_connect_macros">milter_connect_macros</a> 7310(default: see "postconf -d" output)</b></DT><DD> 7311 7312<p> The macros that are sent to Milter (mail filter) applications 7313after completion of an SMTP connection. See <a href="MILTER_README.html">MILTER_README</a> 7314for a list of available macro names and their meanings. </p> 7315 7316<p> This feature is available in Postfix 2.3 and later. </p> 7317 7318 7319</DD> 7320 7321<DT><b><a name="milter_connect_timeout">milter_connect_timeout</a> 7322(default: 30s)</b></DT><DD> 7323 7324<p> The time limit for connecting to a Milter (mail filter) 7325application, and for negotiating protocol options. </p> 7326 7327<p> Specify a non-zero time value (an integral value plus an optional 7328one-letter suffix that specifies the time unit). Time units: s 7329(seconds), m (minutes), h (hours), d (days), w (weeks). 7330The default time unit is s (seconds). </p> 7331 7332<p> This feature is available in Postfix 2.3 and later. </p> 7333 7334 7335</DD> 7336 7337<DT><b><a name="milter_content_timeout">milter_content_timeout</a> 7338(default: 300s)</b></DT><DD> 7339 7340<p> The time limit for sending message content to a Milter (mail 7341filter) application, and for receiving the response. </p> 7342 7343<p> Specify a non-zero time value (an integral value plus an optional 7344one-letter suffix that specifies the time unit). Time units: s 7345(seconds), m (minutes), h (hours), d (days), w (weeks). 7346The default time unit is s (seconds). </p> 7347 7348<p> This feature is available in Postfix 2.3 and later. </p> 7349 7350 7351</DD> 7352 7353<DT><b><a name="milter_data_macros">milter_data_macros</a> 7354(default: see "postconf -d" output)</b></DT><DD> 7355 7356<p> The macros that are sent to version 4 or higher Milter (mail 7357filter) applications after the SMTP DATA command. See <a href="MILTER_README.html">MILTER_README</a> 7358for a list of available macro names and their meanings. </p> 7359 7360<p> This feature is available in Postfix 2.3 and later. </p> 7361 7362 7363</DD> 7364 7365<DT><b><a name="milter_default_action">milter_default_action</a> 7366(default: tempfail)</b></DT><DD> 7367 7368<p> The default action when a Milter (mail filter) response is 7369unavailable (for example, bad Postfix configuration or Milter 7370failure). Specify one of the following: </p> 7371 7372<dl compact> 7373 7374<dt>accept</dt> <dd>Proceed as if the mail filter was not present. 7375</dd> 7376 7377<dt>reject</dt> <dd>Reject all further commands in this session 7378with a permanent status code.</dd> 7379 7380<dt>tempfail</dt> <dd>Reject all further commands in this session 7381with a temporary status code. </dd> 7382 7383<dt>quarantine</dt> <dd>Like "accept", but freeze the message in 7384the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd> 7385 7386</dl> 7387 7388<p> This feature is available in Postfix 2.3 and later. </p> 7389 7390 7391</DD> 7392 7393<DT><b><a name="milter_end_of_data_macros">milter_end_of_data_macros</a> 7394(default: see "postconf -d" output)</b></DT><DD> 7395 7396<p> The macros that are sent to Milter (mail filter) applications 7397after the message end-of-data. See <a href="MILTER_README.html">MILTER_README</a> for a list of 7398available macro names and their meanings. </p> 7399 7400<p> This feature is available in Postfix 2.3 and later. </p> 7401 7402 7403</DD> 7404 7405<DT><b><a name="milter_end_of_header_macros">milter_end_of_header_macros</a> 7406(default: see "postconf -d" output)</b></DT><DD> 7407 7408<p> The macros that are sent to Milter (mail filter) applications 7409after the end of the message header. See <a href="MILTER_README.html">MILTER_README</a> for a list 7410of available macro names and their meanings. </p> 7411 7412<p> This feature is available in Postfix 2.5 and later. </p> 7413 7414 7415</DD> 7416 7417<DT><b><a name="milter_header_checks">milter_header_checks</a> 7418(default: empty)</b></DT><DD> 7419 7420<p> Optional lookup tables for content inspection of message headers 7421that are produced by Milter applications. See the <a href="header_checks.5.html">header_checks(5)</a> 7422manual page available actions. Currently, PREPEND is not implemented. 7423</p> 7424 7425<p> The following example sends all mail that is marked as SPAM to 7426a spam handling machine. Note that matches are case-insensitive 7427by default. </p> 7428 7429<pre> 7430/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7431 <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a> 7432</pre> 7433 7434<pre> 7435/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>: 7436 /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25 7437</pre> 7438 7439<p> The <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> mechanism could also be used for 7440allowlisting. For example it could be used to skip heavy content 7441inspection for DKIM-signed mail from known friendly domains. </p> 7442 7443<p> This feature is available in Postfix 2.7, and as an optional 7444patch for Postfix 2.6. </p> 7445 7446 7447</DD> 7448 7449<DT><b><a name="milter_helo_macros">milter_helo_macros</a> 7450(default: see "postconf -d" output)</b></DT><DD> 7451 7452<p> The macros that are sent to Milter (mail filter) applications 7453after the SMTP HELO or EHLO command. See 7454<a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their meanings. 7455</p> 7456 7457<p> This feature is available in Postfix 2.3 and later. </p> 7458 7459 7460</DD> 7461 7462<DT><b><a name="milter_macro_daemon_name">milter_macro_daemon_name</a> 7463(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 7464 7465<p> The {daemon_name} macro value for Milter (mail filter) applications. 7466See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 7467meanings. </p> 7468 7469<p> This feature is available in Postfix 2.3 and later. </p> 7470 7471 7472</DD> 7473 7474<DT><b><a name="milter_macro_defaults">milter_macro_defaults</a> 7475(default: empty)</b></DT><DD> 7476 7477<p> Optional list of <i>name=value</i> pairs that specify default 7478values for arbitrary macros that Postfix may send to Milter 7479applications. These defaults are used when there is no corresponding 7480information from the message delivery context. </p> 7481 7482<p> Specify <i>name=value</i> or <i>{name=value}</i> pairs separated 7483by comma or whitespace. Enclose a pair in "{}" when a value contains 7484comma or whitespace (this form ignores whitespace after the enclosing 7485"{", around the "=", and before the enclosing "}"). </p> 7486 7487<p> This feature is available in Postfix 3.1 and later. </p> 7488 7489 7490</DD> 7491 7492<DT><b><a name="milter_macro_v">milter_macro_v</a> 7493(default: $<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b></DT><DD> 7494 7495<p> The {v} macro value for Milter (mail filter) applications. 7496See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 7497meanings. </p> 7498 7499<p> This feature is available in Postfix 2.3 and later. </p> 7500 7501 7502</DD> 7503 7504<DT><b><a name="milter_mail_macros">milter_mail_macros</a> 7505(default: see "postconf -d" output)</b></DT><DD> 7506 7507<p> The macros that are sent to Milter (mail filter) applications 7508after the SMTP MAIL FROM command. See <a href="MILTER_README.html">MILTER_README</a> 7509for a list of available macro names and their meanings. </p> 7510 7511<p> This feature is available in Postfix 2.3 and later. </p> 7512 7513 7514</DD> 7515 7516<DT><b><a name="milter_protocol">milter_protocol</a> 7517(default: 6)</b></DT><DD> 7518 7519<p> The mail filter protocol version and optional protocol extensions 7520for communication with a Milter application; prior to Postfix 2.6 7521the default protocol is 2. Postfix 7522sends this version number during the initial protocol handshake. 7523It should match the version number that is expected by the mail 7524filter application (or by its Milter library). </p> 7525 7526<p>Protocol versions: </p> 7527 7528<dl compact> 7529 7530<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default 7531with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 .. 75322.5).</dd> 7533 7534<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd> 7535 7536<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd> 7537 7538<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default 7539with Sendmail version 8.14 and Postfix version 2.6).</dd> 7540 7541</dl> 7542 7543<p>Protocol extensions: </p> 7544 7545<dl compact> 7546 7547<dt>no_header_reply</dt> <dd> Specify this when the Milter application 7548will not reply for each individual message header.</dd> 7549 7550</dl> 7551 7552<p> This feature is available in Postfix 2.3 and later. </p> 7553 7554 7555</DD> 7556 7557<DT><b><a name="milter_rcpt_macros">milter_rcpt_macros</a> 7558(default: see "postconf -d" output)</b></DT><DD> 7559 7560<p> The macros that are sent to Milter (mail filter) applications 7561after the SMTP RCPT TO command. See <a href="MILTER_README.html">MILTER_README</a> 7562for a list of available macro names and their meanings. </p> 7563 7564<p> This feature is available in Postfix 2.3 and later. </p> 7565 7566 7567</DD> 7568 7569<DT><b><a name="milter_unknown_command_macros">milter_unknown_command_macros</a> 7570(default: see "postconf -d" output)</b></DT><DD> 7571 7572<p> The macros that are sent to version 3 or higher Milter (mail 7573filter) applications after an unknown SMTP command. See <a href="MILTER_README.html">MILTER_README</a> 7574for a list of available macro names and their meanings. </p> 7575 7576<p> This feature is available in Postfix 2.3 and later. </p> 7577 7578 7579</DD> 7580 7581<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a> 7582(default: 2048)</b></DT><DD> 7583 7584<p> 7585The maximal length of MIME multipart boundary strings. The MIME 7586processor is unable to distinguish between boundary strings that 7587do not differ in the first $<a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> characters. 7588</p> 7589 7590<p> 7591This feature is available in Postfix 2.0 and later. 7592</p> 7593 7594 7595</DD> 7596 7597<DT><b><a name="mime_header_checks">mime_header_checks</a> 7598(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 7599 7600<p> 7601Optional lookup tables for content inspection of MIME related 7602message headers, as described in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 7603</p> 7604 7605<p> 7606This feature is available in Postfix 2.0 and later. 7607</p> 7608 7609 7610</DD> 7611 7612<DT><b><a name="mime_nesting_limit">mime_nesting_limit</a> 7613(default: 100)</b></DT><DD> 7614 7615<p> 7616The maximal recursion level that the MIME processor will handle. 7617Postfix refuses mail that is nested deeper than the specified limit. 7618</p> 7619 7620<p> 7621This feature is available in Postfix 2.0 and later. 7622</p> 7623 7624 7625</DD> 7626 7627<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a> 7628(default: 300s)</b></DT><DD> 7629 7630<p> 7631The minimal time between attempts to deliver a deferred message; 7632prior to Postfix 2.4 the default value was 1000s. 7633</p> 7634 7635<p> 7636This parameter also limits the time an unreachable destination is 7637kept in the short-term, in-memory, destination status cache. 7638</p> 7639 7640<p> This parameter should be set greater than or equal to 7641$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 7642 7643<p> Specify a non-zero time value (an integral value plus an optional 7644one-letter suffix that specifies the time unit). Time units: s 7645(seconds), m (minutes), h (hours), d (days), w (weeks). 7646The default time unit is s (seconds). </p> 7647 7648 7649</DD> 7650 7651<DT><b><a name="multi_instance_directories">multi_instance_directories</a> 7652(default: empty)</b></DT><DD> 7653 7654<p> An optional list of non-default Postfix configuration directories; 7655these directories belong to additional Postfix instances that share 7656the Postfix executable files and documentation with the default 7657Postfix instance, and that are started, stopped, etc., together 7658with the default Postfix instance. Specify a list of pathnames 7659separated by comma or whitespace. </p> 7660 7661<p> When $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is empty, the <a href="postfix.1.html">postfix(1)</a> command 7662runs in single-instance mode and operates on a single Postfix 7663instance only. Otherwise, the <a href="postfix.1.html">postfix(1)</a> command runs in multi-instance 7664mode and invokes the multi-instance manager specified with the 7665<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter. The multi-instance manager in 7666turn executes <a href="postfix.1.html">postfix(1)</a> commands for the default instance and for 7667all Postfix instances in $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>. </p> 7668 7669<p> Currently, this parameter setting is ignored except for the 7670default <a href="postconf.5.html">main.cf</a> file. </p> 7671 7672<p> This feature is available in Postfix 2.6 and later. </p> 7673 7674 7675</DD> 7676 7677<DT><b><a name="multi_instance_enable">multi_instance_enable</a> 7678(default: no)</b></DT><DD> 7679 7680<p> Allow this Postfix instance to be started, stopped, etc., by a 7681multi-instance manager. By default, new instances are created in 7682a safe state that prevents them from being started inadvertently. 7683This parameter is reserved for the multi-instance manager. </p> 7684 7685<p> This feature is available in Postfix 2.6 and later. </p> 7686 7687 7688</DD> 7689 7690<DT><b><a name="multi_instance_group">multi_instance_group</a> 7691(default: empty)</b></DT><DD> 7692 7693<p> The optional instance group name of this Postfix instance. A 7694group identifies closely-related Postfix instances that the 7695multi-instance manager can start, stop, etc., as a unit. This 7696parameter is reserved for the multi-instance manager. </p> 7697 7698<p> This feature is available in Postfix 2.6 and later. </p> 7699 7700 7701</DD> 7702 7703<DT><b><a name="multi_instance_name">multi_instance_name</a> 7704(default: empty)</b></DT><DD> 7705 7706<p> The optional instance name of this Postfix instance. This name 7707becomes also the default value for the <a href="postconf.5.html#syslog_name">syslog_name</a> parameter. </p> 7708 7709<p> This feature is available in Postfix 2.6 and later. </p> 7710 7711 7712</DD> 7713 7714<DT><b><a name="multi_instance_wrapper">multi_instance_wrapper</a> 7715(default: empty)</b></DT><DD> 7716 7717<p> The pathname of a multi-instance manager command that the 7718<a href="postfix.1.html">postfix(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> 7719parameter value is non-empty. The pathname may be followed by 7720initial command arguments separated by whitespace; shell 7721metacharacters such as quotes are not supported in this context. 7722</p> 7723 7724<p> The <a href="postfix.1.html">postfix(1)</a> command invokes the manager command with the 7725<a href="postfix.1.html">postfix(1)</a> non-option command arguments on the manager command line, 7726and with all installation configuration parameters exported into 7727the manager command process environment. The manager command in 7728turn invokes the <a href="postfix.1.html">postfix(1)</a> command for individual Postfix instances 7729as "postfix -c <i><a href="postconf.5.html#config_directory">config_directory</a></i> <i>command</i>". </p> 7730 7731<p> This feature is available in Postfix 2.6 and later. </p> 7732 7733 7734</DD> 7735 7736<DT><b><a name="multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> 7737(default: 550)</b></DT><DD> 7738 7739<p> 7740The numerical Postfix SMTP server response code when a remote SMTP 7741client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 7742restriction. 7743</p> 7744 7745<p> 7746Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 7747</p> 7748 7749<p> 7750This feature is available in Postfix 2.1 and later. 7751</p> 7752 7753 7754</DD> 7755 7756<DT><b><a name="mydestination">mydestination</a> 7757(default: $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b></DT><DD> 7758 7759<p> The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a> 7760mail delivery transport. By default this is the Postfix <a href="local.8.html">local(8)</a> 7761delivery agent which looks up all recipients in /etc/passwd and 7762/etc/aliases. The SMTP server validates recipient addresses with 7763$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and rejects non-existent recipients. See also 7764the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. 7765</p> 7766 7767<p> 7768The default <a href="postconf.5.html#mydestination">mydestination</a> value specifies names for the local 7769machine only. On a mail domain gateway, you should also include 7770$<a href="postconf.5.html#mydomain">mydomain</a>. 7771</p> 7772 7773<p> 7774The $<a href="postconf.5.html#local_transport">local_transport</a> delivery method is also selected for mail 7775addressed to user@[the.net.work.address] of the mail system (the 7776IP addresses specified with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> and <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> 7777parameters). 7778</p> 7779 7780<p> 7781Warnings: 7782</p> 7783 7784<ul> 7785 7786<li><p>Do not specify the names of virtual domains - those domains 7787are specified elsewhere. See <a href="VIRTUAL_README.html">VIRTUAL_README</a> for more information. </p> 7788 7789<li><p>Do not specify the names of domains that this machine is 7790backup MX host for. See <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> for how to 7791set up backup MX hosts. </p> 7792 7793<li><p>By default, the Postfix SMTP server rejects mail for recipients 7794not listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter. See the 7795<a href="postconf.5.html">postconf(5)</a> manual for a description of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> 7796and <a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> parameters. </p> 7797 7798</ul> 7799 7800<p> 7801Specify a list of host or domain names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 7802patterns, separated by commas and/or whitespace. A "/file/name" 7803pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 7804is matched when a name matches a lookup key (the lookup result is 7805ignored). Continue long lines by starting the next line with 7806whitespace. </p> 7807 7808<p> 7809Examples: 7810</p> 7811 7812<pre> 7813<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> $<a href="postconf.5.html#mydomain">mydomain</a> 7814<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> www.$<a href="postconf.5.html#mydomain">mydomain</a>, ftp.$<a href="postconf.5.html#mydomain">mydomain</a> 7815</pre> 7816 7817 7818</DD> 7819 7820<DT><b><a name="mydomain">mydomain</a> 7821(default: see "postconf -d" output)</b></DT><DD> 7822 7823<p> 7824The internet domain name of this mail system. The default is to 7825use $<a href="postconf.5.html#myhostname">myhostname</a> minus the first component, or "localdomain" (Postfix 78262.3 and later). $<a href="postconf.5.html#mydomain">mydomain</a> is used as 7827a default value for many other configuration parameters. 7828</p> 7829 7830<p> 7831Example: 7832</p> 7833 7834<pre> 7835<a href="postconf.5.html#mydomain">mydomain</a> = domain.tld 7836</pre> 7837 7838 7839</DD> 7840 7841<DT><b><a name="myhostname">myhostname</a> 7842(default: see "postconf -d" output)</b></DT><DD> 7843 7844<p> 7845The internet hostname of this mail system. The default is to use 7846the fully-qualified domain name (FQDN) from gethostname(), or to 7847use the non-FQDN result from gethostname() and append ".$<a href="postconf.5.html#mydomain">mydomain</a>". 7848$<a href="postconf.5.html#myhostname">myhostname</a> is used as a default value for many other configuration 7849parameters. </p> 7850 7851<p> 7852Example: 7853</p> 7854 7855<pre> 7856<a href="postconf.5.html#myhostname">myhostname</a> = host.example.com 7857</pre> 7858 7859 7860</DD> 7861 7862<DT><b><a name="mynetworks">mynetworks</a> 7863(default: see "postconf -d" output)</b></DT><DD> 7864 7865<p> 7866The list of "trusted" remote SMTP clients that have more privileges than 7867"strangers". 7868</p> 7869 7870<p> 7871In particular, "trusted" SMTP clients are allowed to relay mail 7872through Postfix. See the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter 7873description in the <a href="postconf.5.html">postconf(5)</a> manual. 7874</p> 7875 7876<p> 7877You can specify the list of "trusted" network addresses by hand 7878or you can let Postfix do it for you (which is the default). 7879See the description of the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameter for more 7880information. 7881</p> 7882 7883<p> 7884If you specify the <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, 7885Postfix ignores the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> setting. 7886</p> 7887 7888<p> Specify a list of network addresses or network/netmask patterns, 7889separated by commas and/or whitespace. Continue long lines by 7890starting the next line with whitespace. </p> 7891 7892<p> The netmask specifies the number of bits in the network part 7893of a host address. You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 7894patterns. A "/file/name" pattern is replaced by its contents; a 7895"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry matches a 7896lookup string (the lookup result is ignored). </p> 7897 7898<p> The list is matched left to right, and the search stops on the 7899first match. Specify "!pattern" to exclude an address or network 7900block from the list. The form "!/file/name" is supported only 7901in Postfix version 2.4 and later. </p> 7902 7903<p> Note 1: Pattern matching of domain names is controlled by the 7904presence or absence of "<a href="postconf.5.html#mynetworks">mynetworks</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 7905parameter value. </p> 7906 7907<p> Note 2: IP version 6 address information must be specified inside 7908<tt>[]</tt> in the <a href="postconf.5.html#mynetworks">mynetworks</a> value, and in files specified with 7909"/file/name". IP version 6 addresses contain the ":" character, 7910and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern. </p> 7911 7912<p> Note 3: CIDR ranges cannot be specified in hash tables. Use cidr 7913tables if CIDR ranges are used. </p> 7914 7915<p> Examples: </p> 7916 7917<pre> 7918<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 7919<a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28 7920<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 7921<a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks 7922<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/network_table 7923<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="cidr_table.5.html">cidr</a>:/etc/postfix/network_table.cidr 7924</pre> 7925 7926 7927</DD> 7928 7929<DT><b><a name="mynetworks_style">mynetworks_style</a> 7930(default: Postfix ≥ 3.0: host, Postfix < 3.0: subnet)</b></DT><DD> 7931 7932<p> 7933The method to generate the default value for the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter. 7934This is the list of trusted networks for relay access control etc. 7935</p> 7936 7937<ul> 7938 7939<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host" when Postfix should 7940"trust" only the local machine. </p> 7941 7942<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" when Postfix 7943should "trust" remote SMTP clients in the same IP subnetworks as the local 7944machine. On Linux, this works correctly only with interfaces 7945specified with the "ifconfig" or "ip" command. </p> 7946 7947<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" when Postfix should 7948"trust" remote SMTP clients in the same IP class A/B/C networks as the 7949local machine. Caution: this may cause 7950Postfix to "trust" your entire provider's network. Instead, specify 7951an explicit <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, as described with the <a href="postconf.5.html#mynetworks">mynetworks</a> 7952configuration parameter. </p> 7953 7954</ul> 7955 7956 7957</DD> 7958 7959<DT><b><a name="myorigin">myorigin</a> 7960(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 7961 7962<p> 7963The domain name that locally-posted mail appears to come 7964from, and that locally posted mail is delivered to. The default, 7965$<a href="postconf.5.html#myhostname">myhostname</a>, is adequate for small sites. If you run a domain with 7966multiple machines, you should (1) change this to $<a href="postconf.5.html#mydomain">mydomain</a> and (2) 7967set up a domain-wide alias database that aliases each user to 7968user@that.users.mailhost. 7969</p> 7970 7971<p> 7972Example: 7973</p> 7974 7975<pre> 7976<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 7977</pre> 7978 7979 7980</DD> 7981 7982<DT><b><a name="nested_header_checks">nested_header_checks</a> 7983(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 7984 7985<p> 7986Optional lookup tables for content inspection of non-MIME message 7987headers in attached messages, as described in the <a href="header_checks.5.html">header_checks(5)</a> 7988manual page. 7989</p> 7990 7991<p> 7992This feature is available in Postfix 2.0 and later. 7993</p> 7994 7995 7996</DD> 7997 7998<DT><b><a name="newaliases_path">newaliases_path</a> 7999(default: see "postconf -d" output)</b></DT><DD> 8000 8001<p> 8002Sendmail compatibility feature that specifies the location of the 8003<a href="newaliases.1.html">newaliases(1)</a> command. This command can be used to rebuild the 8004<a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> database. 8005</p> 8006 8007 8008</DD> 8009 8010<DT><b><a name="non_fqdn_reject_code">non_fqdn_reject_code</a> 8011(default: 504)</b></DT><DD> 8012 8013<p> 8014The numerical Postfix SMTP server reply code when a client request 8015is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> 8016or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction. 8017</p> 8018 8019 8020</DD> 8021 8022<DT><b><a name="non_smtpd_milters">non_smtpd_milters</a> 8023(default: empty)</b></DT><DD> 8024 8025<p> A list of Milter (mail filter) applications for new mail that 8026does not arrive via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. This includes local 8027submission via the <a href="sendmail.1.html">sendmail(1)</a> command line, new mail that arrives 8028via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a> server, and old mail that is re-injected 8029into the queue with "postsuper -r". Specify space or comma as a 8030separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 8031 8032<p> This feature is available in Postfix 2.3 and later. </p> 8033 8034 8035</DD> 8036 8037<DT><b><a name="notify_classes">notify_classes</a> 8038(default: resource, software)</b></DT><DD> 8039 8040<p> 8041The list of error classes that are reported to the postmaster. These 8042postmaster notifications do not replace user notifications. The 8043default is to report only the most serious problems. The paranoid 8044may wish to turn on the policy (UCE and mail relaying) and protocol 8045error (broken mail software) reports. 8046</p> 8047 8048<p> NOTE: postmaster notifications may contain confidential information 8049such as SASL passwords or message content. It is the system 8050administrator's responsibility to treat such information with care. 8051</p> 8052 8053<p> 8054The error classes are: 8055</p> 8056 8057<dl> 8058 8059<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt> 8060 8061<dd>Send the postmaster copies of the headers of bounced mail, and 8062send transcripts of SMTP sessions when Postfix rejects mail. The 8063notification is sent to the address specified with the 8064<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster). 8065</dd> 8066 8067<dt><b>2bounce</b></dt> 8068 8069<dd>Send undeliverable bounced mail to the postmaster. The notification 8070is sent to the address specified with the <a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> 8071configuration parameter (default: postmaster). </dd> 8072 8073<dt><b>data</b></dt> 8074 8075<dd>Send the postmaster a transcript of the SMTP session with an 8076error because a critical data file was unavailable. The notification 8077is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 8078configuration parameter (default: postmaster). <br> This feature 8079is available in Postfix 2.9 and later. </dd> 8080 8081<dt><b>delay</b></dt> 8082 8083<dd>Send the postmaster copies of the headers of delayed mail (see 8084<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>). The 8085notification is sent to the address specified with the 8086<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster). 8087</dd> 8088 8089<dt><b>policy</b></dt> 8090 8091<dd>Send the postmaster a transcript of the SMTP session when a 8092client request was rejected because of (UCE) policy. The notification 8093is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 8094configuration parameter (default: postmaster). </dd> 8095 8096<dt><b>protocol</b></dt> 8097 8098<dd>Send the postmaster a transcript of the SMTP session in case 8099of client or server protocol errors. The notification is sent to 8100the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration 8101parameter (default: postmaster). </dd> 8102 8103<dt><b>resource</b></dt> 8104 8105<dd>Inform the postmaster of mail not delivered due to resource 8106problems. The notification is sent to the address specified with 8107the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 8108postmaster). </dd> 8109 8110<dt><b>software</b></dt> 8111 8112<dd>Inform the postmaster of mail not delivered due to software 8113problems. The notification is sent to the address specified with 8114the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 8115postmaster). </dd> 8116 8117</dl> 8118 8119<p> 8120Examples: 8121</p> 8122 8123<pre> 8124<a href="postconf.5.html#notify_classes">notify_classes</a> = bounce, delay, policy, protocol, resource, software 8125<a href="postconf.5.html#notify_classes">notify_classes</a> = 2bounce, resource, software 8126</pre> 8127 8128 8129</DD> 8130 8131<DT><b><a name="openssl_path">openssl_path</a> 8132(default: openssl)</b></DT><DD> 8133 8134<p> 8135The location of the OpenSSL command line program openssl(1). This 8136is used by the "<b><a href="postfix-tls.1.html">postfix tls</a></b>" command to create private keys, 8137certificate signing requests, self-signed certificates, and to 8138compute public key digests for DANE TLSA records. In multi-instance 8139environments, this parameter is always determined from the configuration 8140of the default Postfix instance. 8141</p> 8142 8143<p> Example: </p> 8144 8145<blockquote> 8146<pre> 8147/etc/postfix/<a href="postconf.5.html">main.cf</a>: 8148 # NetBSD pkgsrc: 8149 <a href="postconf.5.html#openssl_path">openssl_path</a> = /usr/pkg/bin/openssl 8150 # Local build: 8151 <a href="postconf.5.html#openssl_path">openssl_path</a> = /usr/local/bin/openssl 8152</pre> 8153</blockquote> 8154 8155<p> 8156This feature is available in Postfix 3.1 and later. 8157</p> 8158 8159 8160</DD> 8161 8162<DT><b><a name="owner_request_special">owner_request_special</a> 8163(default: yes)</b></DT><DD> 8164 8165<p> 8166Enable special treatment for owner-<i>listname</i> entries in the 8167<a href="aliases.5.html">aliases(5)</a> file, and don't split owner-<i>listname</i> and 8168<i>listname</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> 8169is set to "-". This feature is useful for mailing lists. 8170</p> 8171 8172 8173</DD> 8174 8175<DT><b><a name="parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 8176(default: see "postconf -d" output)</b></DT><DD> 8177 8178<p> 8179A list of Postfix features where the pattern "example.com" also 8180matches subdomains of example.com, 8181instead of requiring an explicit ".example.com" pattern. This is 8182planned backwards compatibility: eventually, all Postfix features 8183are expected to require explicit ".example.com" style patterns when 8184you really want to match subdomains. 8185</p> 8186 8187<p> The following Postfix feature names are supported. </p> 8188 8189<dl> 8190 8191<dt> Postfix version 1.0 and later</dt> 8192 8193<dd> 8194<a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, 8195<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>, 8196<a href="postconf.5.html#mynetworks">mynetworks</a>, 8197<a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>, 8198<a href="postconf.5.html#relay_domains">relay_domains</a>, 8199<a href="postconf.5.html#transport_maps">transport_maps</a> 8200</dd> 8201 8202<dt> Postfix version 1.1 and later</dt> 8203 8204<dd> 8205<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a>, 8206<a href="SMTPD_ACCESS_README.html">smtpd_access_maps</a>, 8207</dd> 8208 8209<dt> Postfix version 2.8 and later </dt> 8210 8211<dd> 8212<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> 8213</dd> 8214 8215<dt> Postfix version 3.0 and later </dt> 8216 8217<dd> 8218<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> 8219</dd> 8220 8221</dl> 8222 8223 8224</DD> 8225 8226<DT><b><a name="permit_mx_backup_networks">permit_mx_backup_networks</a> 8227(default: empty)</b></DT><DD> 8228 8229<p> 8230Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to 8231only domains whose primary MX hosts match the listed networks. 8232The parameter value syntax is the same as with the <a href="postconf.5.html#mynetworks">mynetworks</a> 8233parameter; note, however, that the default value is empty. </p> 8234 8235<p> Pattern matching of domain names is controlled by the presence 8236or absence of "<a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>" in the 8237<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value. </p> 8238 8239 8240</DD> 8241 8242<DT><b><a name="pickup_service_name">pickup_service_name</a> 8243(default: pickup)</b></DT><DD> 8244 8245<p> 8246The name of the <a href="pickup.8.html">pickup(8)</a> service. This service picks up local mail 8247submissions from the Postfix <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>. 8248</p> 8249 8250<p> 8251This feature is available in Postfix 2.0 and later. 8252</p> 8253 8254 8255</DD> 8256 8257<DT><b><a name="pipe_delivery_status_filter">pipe_delivery_status_filter</a> 8258(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD> 8259 8260<p> Optional filter for the <a href="pipe.8.html">pipe(8)</a> delivery agent to change the 8261delivery status code or explanatory text of successful or unsuccessful 8262deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p> 8263 8264<p> This feature is available in Postfix 3.0 and later. </p> 8265 8266 8267</DD> 8268 8269<DT><b><a name="plaintext_reject_code">plaintext_reject_code</a> 8270(default: 450)</b></DT><DD> 8271 8272<p> 8273The numerical Postfix SMTP server response code when a request 8274is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction. 8275</p> 8276 8277<p> This feature is available in Postfix 2.3 and later. </p> 8278 8279 8280</DD> 8281 8282<DT><b><a name="postlog_service_name">postlog_service_name</a> 8283(default: postlog)</b></DT><DD> 8284 8285<p> The name of the <a href="postlogd.8.html">postlogd(8)</a> service entry in <a href="master.5.html">master.cf</a>. 8286This service appends logfile records to the file specified 8287with the <a href="postconf.5.html#maillog_file">maillog_file</a> parameter. </p> 8288 8289<p> This feature is available in Postfix 3.4 and later. </p> 8290 8291 8292</DD> 8293 8294<DT><b><a name="postlogd_watchdog_timeout">postlogd_watchdog_timeout</a> 8295(default: 10s)</b></DT><DD> 8296 8297<p> How much time a <a href="postlogd.8.html">postlogd(8)</a> process may take to process a request 8298before it is terminated by a built-in watchdog timer. This is a 8299safety mechanism that prevents <a href="postlogd.8.html">postlogd(8)</a> from becoming non-responsive 8300due to a bug in Postfix itself or in system software. This limit 8301cannot be set under 10s. </p> 8302 8303<p> Specify a non-zero time value (an integral value plus an optional 8304one-letter suffix that specifies the time unit). Time units: s 8305(seconds), m (minutes), h (hours), d (days), w (weeks). 8306The default time unit is s (seconds). </p> 8307 8308<p> This feature is available in Postfix 3.4 and later. </p> 8309 8310 8311</DD> 8312 8313<DT><b><a name="postmulti_control_commands">postmulti_control_commands</a> 8314(default: reload flush)</b></DT><DD> 8315 8316<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager 8317treats as "control" commands, that operate on running instances. For 8318these commands, disabled instances are skipped. </p> 8319 8320<p> This feature is available in Postfix 2.6 and later. </p> 8321 8322 8323</DD> 8324 8325<DT><b><a name="postmulti_start_commands">postmulti_start_commands</a> 8326(default: start)</b></DT><DD> 8327 8328<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 8329as "start" commands. For these commands, disabled instances are "checked" 8330rather than "started", and failure to "start" a member instance of an 8331instance group will abort the start-up of later instances. </p> 8332 8333<p> This feature is available in Postfix 2.6 and later. </p> 8334 8335 8336</DD> 8337 8338<DT><b><a name="postmulti_stop_commands">postmulti_stop_commands</a> 8339(default: see "postconf -d" output)</b></DT><DD> 8340 8341<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 8342as "stop" commands. For these commands, disabled instances are skipped, 8343and enabled instances are processed in reverse order. </p> 8344 8345<p> This feature is available in Postfix 2.6 and later. </p> 8346 8347 8348</DD> 8349 8350<DT><b><a name="postscreen_access_list">postscreen_access_list</a> 8351(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b></DT><DD> 8352 8353<p> Permanent allow/denylist for remote SMTP client IP addresses. 8354<a href="postscreen.8.html">postscreen(8)</a> searches this list immediately after a remote SMTP 8355client connects. Specify a comma- or whitespace-separated list of 8356commands (in upper or lower case) or lookup tables. The search stops 8357upon the first command that fires for the client IP address. </p> 8358 8359<dl> 8360 8361<dt> <b> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> </b> </dt> <dd> Allowlist the client and 8362terminate the search if the client IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>. 8363Do not subject the client to any before/after 220 greeting tests. 8364Pass the connection immediately to a Postfix SMTP server process. 8365<br> Pattern matching of domain names is controlled by the presence 8366or absence of "<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a>" in the 8367<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value. </dd> 8368 8369<dt> <b> <a href="DATABASE_README.html">type:table</a> </b> </dt> <dd> Query the specified lookup 8370table. Each table lookup result is an access list, except that 8371access lists inside a table cannot specify <a href="DATABASE_README.html">type:table</a> entries. <br> 8372To discourage the use of hash, btree, etc. tables, there is no 8373support for substring matching like <a href="smtpd.8.html">smtpd(8)</a>. Use CIDR tables 8374instead. </dd> 8375 8376<dt> <b> permit </b> </dt> <dd> Allowlist the client and terminate 8377the search. Do not subject the client to any before/after 220 8378greeting tests. Pass the connection immediately to a Postfix SMTP 8379server process. </dd> 8380 8381<dt> <b> reject </b> </dt> <dd> Denylist the client and terminate 8382the search. Subject the client to the action configured with the 8383<a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> configuration parameter. </dd> 8384 8385<dt> <b> dunno </b> </dt> <dd> All <a href="postscreen.8.html">postscreen(8)</a> access lists 8386implicitly have this command at the end. <br> When <b> dunno </b> 8387is executed inside a lookup table, return from the lookup table and 8388evaluate the next command. <br> When <b> dunno </b> is executed 8389outside a lookup table, terminate the search, and subject the client 8390to the configured before/after 220 greeting tests. </dd> 8391 8392</dl> 8393 8394<p> Example: </p> 8395 8396<pre> 8397/etc/postfix/<a href="postconf.5.html">main.cf</a>: 8398 <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 8399 <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr 8400 # Postfix < 3.6 use <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a>. 8401 <a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> = enforce 8402</pre> 8403 8404<pre> 8405/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>: 8406 # Rules are evaluated in the order as specified. 8407 # Denylist 192.168.* except 192.168.0.1. 8408 192.168.0.1 dunno 8409 192.168.0.0/16 reject 8410</pre> 8411 8412<p> This feature is available in Postfix 2.8. </p> 8413 8414 8415</DD> 8416 8417<DT><b><a name="postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> 8418(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD> 8419 8420<p> A list of local <a href="postscreen.8.html">postscreen(8)</a> server IP addresses where a 8421non-allowlisted remote SMTP client can obtain <a href="postscreen.8.html">postscreen(8)</a>'s temporary 8422allowlist status. This status is required before the client can 8423talk to a Postfix SMTP server process. By default, a client can 8424obtain <a href="postscreen.8.html">postscreen(8)</a>'s allowlist status on any local <a href="postscreen.8.html">postscreen(8)</a> 8425server IP address. </p> 8426 8427<p> When <a href="postscreen.8.html">postscreen(8)</a> listens on both primary and backup MX 8428addresses, the <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> parameter can be 8429configured to give the temporary allowlist status only when a client 8430connects to a primary MX address. Once a client is allowlisted it 8431can talk to a Postfix SMTP server on any address. Thus, clients 8432that connect only to backup MX addresses will never become allowlisted, 8433and will never be allowed to talk to a Postfix SMTP server process. 8434</p> 8435 8436<p> Specify a list of network addresses or network/netmask patterns, 8437separated by commas and/or whitespace. The netmask specifies the 8438number of bits in the network part of a host address. Continue long 8439lines by starting the next line with whitespace. </p> 8440 8441<p> You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A 8442"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 8443lookup table is matched when a table entry matches a lookup string 8444(the lookup result is ignored). </p> 8445 8446<p> The list is matched left to right, and the search stops on the 8447first match. Specify "!pattern" to exclude an address or network 8448block from the list. </p> 8449 8450<p> Note: IP version 6 address information must be specified inside 8451[] in the <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> value, and in files 8452specified with "/file/name". IP version 6 addresses contain the 8453":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 8454pattern. </p> 8455 8456<p> Example: </p> 8457 8458<pre> 8459/etc/postfix/<a href="postconf.5.html">main.cf</a>: 8460 # Don't allowlist connections to the backup IP address. 8461 # Postfix < 3.6 use <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a>. 8462 <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> = !168.100.189.8, <a href="DATABASE_README.html#types">static</a>:all 8463</pre> 8464 8465<p> This feature is available in Postfix 3.6 and later. </p> 8466 8467<p> Available as <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> in Postfix 2.9 - 3.5. </p> 8468 8469 8470</DD> 8471 8472<DT><b><a name="postscreen_bare_newline_action">postscreen_bare_newline_action</a> 8473(default: ignore)</b></DT><DD> 8474 8475<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 8476a bare newline character, that is, a newline not preceded by carriage 8477return. Specify one of the following: </p> 8478 8479<dl> 8480 8481<dt> <b>ignore</b> </dt> 8482 8483<dd> Ignore the failure of this test. Allow other tests to complete. 8484Do <i>not</i> repeat this test before the result from some 8485other test expires. 8486This option is useful for testing and collecting statistics 8487without blocking mail permanently. </dd> 8488 8489<dt> <b>enforce</b> </dt> 8490 8491<dd> Allow other tests to complete. Reject attempts to deliver mail 8492with a 550 SMTP reply, and log the helo/sender/recipient information. 8493Repeat this test the next time the client connects. </dd> 8494 8495<dt> <b>drop</b> </dt> 8496 8497<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 8498this test the next time the client connects. </dd> 8499 8500</dl> 8501 8502<p> This feature is available in Postfix 2.8. </p> 8503 8504 8505</DD> 8506 8507<DT><b><a name="postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> 8508(default: no)</b></DT><DD> 8509 8510<p> Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 8511server. These tests are expensive: a remote SMTP client must 8512disconnect after 8513it passes the test, before it can talk to a real Postfix SMTP server. 8514</p> 8515 8516<p> This feature is available in Postfix 2.8. </p> 8517 8518 8519</DD> 8520 8521<DT><b><a name="postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> 8522(default: 30d)</b></DT><DD> 8523 8524<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> remembers that a client 8525IP address passed a "bare newline" SMTP protocol test, before it 8526address is required to pass that test again. The default 8527is long because a remote SMTP client must disconnect after it passes 8528the test, 8529before it can talk to a real Postfix SMTP server. </p> 8530 8531<p> Specify a non-zero time value (an integral value plus an optional 8532one-letter suffix that specifies the time unit). Time units: s 8533(seconds), m (minutes), h (hours), d (days), w (weeks). 8534The default time unit is d (days). </p> 8535 8536<p> This feature is available in Postfix 2.8. </p> 8537 8538 8539</DD> 8540 8541<DT><b><a name="postscreen_blacklist_action">postscreen_blacklist_action</a> 8542(default: ignore)</b></DT><DD> 8543 8544<p> Renamed to <a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> in Postfix 3.6. </p> 8545 8546<p> This feature is available in Postfix 2.8 - 3.5. </p> 8547 8548 8549</DD> 8550 8551<DT><b><a name="postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> 8552(default: 12h)</b></DT><DD> 8553 8554<p> The amount of time between <a href="postscreen.8.html">postscreen(8)</a> cache cleanup runs. 8555Cache cleanup increases the load on the cache database and should 8556therefore not be run frequently. This feature requires that the 8557cache database supports the "delete" and "sequence" operators. 8558Specify a zero interval to disable cache cleanup. </p> 8559 8560<p> After each cache cleanup run, the <a href="postscreen.8.html">postscreen(8)</a> daemon logs the 8561number of entries that were retained and dropped. A cleanup run is 8562logged as "partial" when the daemon terminates early after "<b>postfix 8563reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 8564seconds. </p> 8565 8566<p> Specify a non-negative time value (an integral value plus an optional 8567one-letter suffix that specifies the time unit). Time units: s 8568(seconds), m (minutes), h (hours), d (days), w (weeks). 8569The default time unit is h (hours). </p> 8570 8571<p> This feature is available in Postfix 2.8. </p> 8572 8573 8574</DD> 8575 8576<DT><b><a name="postscreen_cache_map">postscreen_cache_map</a> 8577(default: <a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b></DT><DD> 8578 8579<p> Persistent storage for the <a href="postscreen.8.html">postscreen(8)</a> server decisions. </p> 8580 8581<p> To share a <a href="postscreen.8.html">postscreen(8)</a> cache between multiple <a href="postscreen.8.html">postscreen(8)</a> 8582instances, use "<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/path/to/file". 8583This requires Postfix version 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a> 8584implementations don't support cache cleanup. For an alternative 8585approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p> 8586 8587<p> This feature is available in Postfix 2.8. </p> 8588 8589 8590</DD> 8591 8592<DT><b><a name="postscreen_cache_retention_time">postscreen_cache_retention_time</a> 8593(default: 7d)</b></DT><DD> 8594 8595<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will cache an expired 8596temporary allowlist entry before it is removed. This prevents clients 8597from being logged as "NEW" just because their cache entry expired 8598an hour ago. It also prevents the cache from filling up with clients 8599that passed some deep protocol test once and never came back. </p> 8600 8601<p> Specify a non-zero time value (an integral value plus an optional 8602one-letter suffix that specifies the time unit). Time units: s 8603(seconds), m (minutes), h (hours), d (days), w (weeks). 8604The default time unit is d (days). </p> 8605 8606<p> This feature is available in Postfix 2.8. </p> 8607 8608 8609</DD> 8610 8611<DT><b><a name="postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> 8612(default: $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b></DT><DD> 8613 8614<p> How many simultaneous connections any remote SMTP client is 8615allowed to have 8616with the <a href="postscreen.8.html">postscreen(8)</a> daemon. By default, this limit is the same 8617as with the Postfix SMTP server. Note that the triage process can 8618take several seconds, with the time spent in <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 8619delay, and with the time spent talking to the <a href="postscreen.8.html">postscreen(8)</a> built-in 8620dummy SMTP protocol engine. </p> 8621 8622<p> This feature is available in Postfix 2.8. </p> 8623 8624 8625</DD> 8626 8627<DT><b><a name="postscreen_command_count_limit">postscreen_command_count_limit</a> 8628(default: 20)</b></DT><DD> 8629 8630<p> The limit on the total number of commands per SMTP session for 8631<a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP protocol engine. This SMTP engine 8632defers or rejects all attempts to deliver mail, therefore there is 8633no need to enforce separate limits on the number of junk commands 8634and error commands. </p> 8635 8636<p> This feature is available in Postfix 2.8. </p> 8637 8638 8639</DD> 8640 8641<DT><b><a name="postscreen_command_filter">postscreen_command_filter</a> 8642(default: $<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b></DT><DD> 8643 8644<p> A mechanism to transform commands from remote SMTP clients. 8645See <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for further details. </p> 8646 8647<p> This feature is available in Postfix 2.8 and later. </p> 8648 8649 8650</DD> 8651 8652<DT><b><a name="postscreen_command_time_limit">postscreen_command_time_limit</a> 8653(default: normal: 300s, <a href="STRESS_README.html">overload</a>: 10s)</b></DT><DD> 8654 8655<p> The time limit to read an entire command line with <a href="postscreen.8.html">postscreen(8)</a>'s 8656built-in SMTP protocol engine. </p> 8657 8658<p> This feature is available in Postfix 2.8. </p> 8659 8660 8661</DD> 8662 8663<DT><b><a name="postscreen_denylist_action">postscreen_denylist_action</a> 8664(default: ignore)</b></DT><DD> 8665 8666<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client is 8667permanently denylisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter. 8668Specify one of the following: </p> 8669 8670<dl> 8671 8672<dt> <b>ignore</b> (default) </dt> 8673 8674<dd> Ignore this result. Allow other tests to complete. Repeat 8675this test the next time the client connects. 8676This option is useful for testing and collecting statistics 8677without blocking mail. </dd> 8678 8679<dt> <b>enforce</b> </dt> 8680 8681<dd> Allow other tests to complete. Reject attempts to deliver mail 8682with a 550 SMTP reply, and log the helo/sender/recipient information. 8683Repeat this test the next time the client connects. </dd> 8684 8685<dt> <b>drop</b> </dt> 8686 8687<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 8688this test the next time the client connects. </dd> 8689 8690</dl> 8691 8692<p> This feature is available in Postfix 3.6 and later. </p> 8693 8694<p> Available as <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> in Postfix 2.8 - 3.5. </p> 8695 8696 8697</DD> 8698 8699<DT><b><a name="postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> 8700(default: $<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b></DT><DD> 8701 8702<p> Disable the SMTP VRFY command in the <a href="postscreen.8.html">postscreen(8)</a> daemon. See 8703<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> for details. </p> 8704 8705<p> This feature is available in Postfix 2.8. </p> 8706 8707 8708</DD> 8709 8710<DT><b><a name="postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> 8711(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>)</b></DT><DD> 8712 8713<p> Lookup tables, indexed by the remote SMTP client address, with 8714case insensitive lists of EHLO keywords (pipelining, starttls, auth, 8715etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO response 8716to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 8717The table is not searched by hostname for robustness reasons. </p> 8718 8719<p> This feature is available in Postfix 2.8 and later. </p> 8720 8721 8722</DD> 8723 8724<DT><b><a name="postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> 8725(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b></DT><DD> 8726 8727<p> A case insensitive list of EHLO keywords (pipelining, starttls, 8728auth, etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO 8729response to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 8730for details. </p> 8731 8732<p> This feature is available in Postfix 2.8 and later. </p> 8733 8734 8735</DD> 8736 8737<DT><b><a name="postscreen_dnsbl_action">postscreen_dnsbl_action</a> 8738(default: ignore)</b></DT><DD> 8739 8740<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client's combined 8741DNSBL score is equal to or greater than a threshold (as defined 8742with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 8743parameters). Specify one of the following: </p> 8744 8745<dl> 8746 8747<dt> <b>ignore</b> (default) </dt> 8748 8749<dd> Ignore the failure of this test. Allow other tests to complete. 8750Repeat this test the next time the client connects. 8751This option is useful for testing and collecting statistics 8752without blocking mail. </dd> 8753 8754<dt> <b>enforce</b> </dt> 8755 8756<dd> Allow other tests to complete. Reject attempts to deliver mail 8757with a 550 SMTP reply, and log the helo/sender/recipient information. 8758Repeat this test the next time the client connects. </dd> 8759 8760<dt> <b>drop</b> </dt> 8761 8762<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 8763this test the next time the client connects. </dd> 8764 8765</dl> 8766 8767<p> This feature is available in Postfix 2.8. </p> 8768 8769 8770</DD> 8771 8772<DT><b><a name="postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> 8773(default: 0)</b></DT><DD> 8774 8775<p> Allow a remote SMTP client to skip "before" and "after 220 8776greeting" protocol tests, based on its combined DNSBL score as 8777defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter. </p> 8778 8779<p> Specify a negative value to enable this feature. When a client 8780passes the <a href="postconf.5.html#postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> without having 8781failed other tests, all pending or disabled tests are flagged as 8782completed with an expiration time based on the DNS reply TTL. 8783When a test was already completed, its expiration time is updated 8784if it was less than the value based on the DNS reply TTL. See 8785also <a href="postconf.5.html#postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a> and <a href="postconf.5.html#postscreen_dnsbl_min_ttl">postscreen_dnsbl_min_ttl</a>. </p> 8786 8787<p> This feature is available in Postfix 3.6 and later. </p> 8788 8789<p> Available as <a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> in Postfix 2.11 8790- 3.5. </p> 8791 8792 8793</DD> 8794 8795<DT><b><a name="postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a> 8796(default: ${<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>?{$<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>}:{1}}h)</b></DT><DD> 8797 8798<p> The maximum amount of time that <a href="postscreen.8.html">postscreen(8)</a> remembers that a 8799client IP address passed a DNS-based reputation test, before it is 8800required to pass that test again. If the DNS 8801reply specifies a shorter TTL value, that value will be used unless 8802it would be smaller than <a href="postconf.5.html#postscreen_dnsbl_min_ttl">postscreen_dnsbl_min_ttl</a>. </p> 8803 8804<p> Specify a non-zero time value (an integral value plus an optional 8805one-letter suffix that specifies the time unit). Time units: s 8806(seconds), m (minutes), h (hours), d (days), w (weeks). 8807The default time unit is h (hours). </p> 8808 8809<p> This feature is available in Postfix 3.1. The default setting 8810is backwards-compatible with older Postfix versions. </p> 8811 8812 8813</DD> 8814 8815<DT><b><a name="postscreen_dnsbl_min_ttl">postscreen_dnsbl_min_ttl</a> 8816(default: 60s)</b></DT><DD> 8817 8818<p> The minimum amount of time that <a href="postscreen.8.html">postscreen(8)</a> remembers that a 8819client IP address passed a DNS-based reputation test, before it 8820is required to pass that test again. If the DNS 8821reply specifies a larger TTL value, that value will be used unless 8822it would be larger than <a href="postconf.5.html#postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a>. </p> 8823 8824<p> Specify a non-zero time value (an integral value plus an optional 8825one-letter suffix that specifies the time unit). Time units: s 8826(seconds), m (minutes), h (hours), d (days), w (weeks). 8827The default time unit is s (seconds). </p> 8828 8829<p> This feature is available in Postfix 3.1. </p> 8830 8831 8832</DD> 8833 8834<DT><b><a name="postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> 8835(default: empty)</b></DT><DD> 8836 8837<p> A mapping from an actual DNSBL domain name which includes a secret 8838password, to the DNSBL domain name that postscreen will reply with 8839when it rejects mail. When no mapping is found, the actual DNSBL 8840domain will be used. </p> 8841 8842<p> For maximal stability it is best to use a file that is read 8843into memory such as <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>: or <a href="DATABASE_README.html#types">texthash</a>: (<a href="DATABASE_README.html#types">texthash</a>: is similar 8844to <a href="DATABASE_README.html#types">hash</a>:, except a) there is no need to run <a href="postmap.1.html">postmap(1)</a> before the 8845file can be used, and b) <a href="DATABASE_README.html#types">texthash</a>: does not detect changes after 8846the file is read). </p> 8847 8848<p> Example: </p> 8849 8850<pre> 8851/etc/postfix/<a href="postconf.5.html">main.cf</a>: 8852 <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply 8853</pre> 8854 8855<pre> 8856/etc/postfix/dnsbl_reply: 8857 secret.zen.spamhaus.org zen.spamhaus.org 8858</pre> 8859 8860<p> NOTE: This feature differs from the Postfix SMTP server's 8861<a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> feature, where 1) the table search key includes the 8862optional "<i>=address-filter</i>", and where 2) the lookup result 8863contains free text with <i>$name</i> variables. </p> 8864 8865<p> This feature is available in Postfix 2.8. </p> 8866 8867 8868</DD> 8869 8870<DT><b><a name="postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 8871(default: empty)</b></DT><DD> 8872 8873<p>Optional list of patterns with DNS allow/denylist domains, filters 8874and weight 8875factors. When the list is non-empty, the <a href="dnsblog.8.html">dnsblog(8)</a> daemon will 8876query these domains with the reversed IP addresses of remote SMTP 8877clients, 8878and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL score with 8879each non-error reply as described below. </p> 8880 8881<p> Caution: when postscreen rejects mail, its SMTP response contains 8882the DNSBL 8883domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to hide 8884"password" information in DNSBL domain names. </p> 8885 8886<p> When a client's score is equal to or greater than the threshold 8887specified with <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>, <a href="postscreen.8.html">postscreen(8)</a> can drop 8888the connection with the remote SMTP client. </p> 8889 8890<p> Specify a list of domain=filter*weight patterns, separated by 8891comma or whitespace. </p> 8892 8893<ul> 8894 8895<li> <p> When a pattern specifies no "=filter", <a href="postscreen.8.html">postscreen(8)</a> will 8896use any non-error DNSBL query result. Otherwise, <a href="postscreen.8.html">postscreen(8)</a> 8897will use only DNSBL 8898query results that match the filter. The filter has the form d.d.d.d, 8899where each d is a number, or a pattern inside [] that contains one 8900or more ";"-separated numbers or number..number ranges. </p> 8901 8902<li> <p> When a pattern specifies no "*weight", the weight of the 8903pattern is 1. Otherwise, the weight must be an integral number. 8904Specify a negative number for allowlisting. </p> 8905 8906<li> <p> When a pattern matches one or more DNSBL query results, 8907<a href="postscreen.8.html">postscreen(8)</a> adds that pattern's weight once to the remote SMTP 8908client's DNSBL score. </p> 8909 8910</ul> 8911 8912<p> Examples: </p> 8913 8914<p> To use example.com as a high-confidence blocklist, and to 8915block mail with example.net and example.org only when both agree: 8916</p> 8917 8918<pre> 8919<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2 8920<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com*2, example.net, example.org 8921</pre> 8922 8923<p> To filter only DNSBL replies containing 127.0.0.4: </p> 8924 8925<pre> 8926<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com=127.0.0.4 8927</pre> 8928 8929<p> This feature is available in Postfix 2.8. </p> 8930 8931 8932</DD> 8933 8934<DT><b><a name="postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 8935(default: 1)</b></DT><DD> 8936 8937<p> The inclusive lower bound for blocking a remote SMTP client, based on 8938its combined DNSBL score as defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 8939parameter. </p> 8940 8941<p> This feature is available in Postfix 2.8. </p> 8942 8943 8944</DD> 8945 8946<DT><b><a name="postscreen_dnsbl_timeout">postscreen_dnsbl_timeout</a> 8947(default: 10s)</b></DT><DD> 8948 8949<p> The time limit for DNSBL or DNSWL lookups. This is separate from 8950the timeouts in the <a href="dnsblog.8.html">dnsblog(8)</a> daemon which are defined by system 8951resolver(3) routines. </p> 8952 8953<p> Specify a non-zero time value (an integral value plus an optional 8954one-letter suffix that specifies the time unit). Time units: s 8955(seconds), m (minutes), h (hours), d (days), w (weeks). 8956The default time unit is s (seconds). </p> 8957 8958<p> This feature is available in Postfix 3.0. </p> 8959 8960 8961</DD> 8962 8963<DT><b><a name="postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> 8964(default: 1h)</b></DT><DD> 8965 8966<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> remembers that a client 8967IP address passed a DNS-based reputation test, before it is required 8968to pass that test again. </p> 8969 8970<p> Specify a non-zero time value (an integral value plus an optional 8971one-letter suffix that specifies the time unit). Time units: s 8972(seconds), m (minutes), h (hours), d (days), w (weeks). 8973The default time unit is h (hours). </p> 8974 8975<p> This feature is available in Postfix 2.8-3.0. It was 8976replaced by <a href="postconf.5.html#postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a> in Postfix 3.1. </p> 8977 8978 8979</DD> 8980 8981<DT><b><a name="postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> 8982(default: 0)</b></DT><DD> 8983 8984<p> Renamed to <a href="postconf.5.html#postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> in Postfix 3.6. </p> 8985 8986<p> This feature is available in Postfix 2.11 - 3.5. </p> 8987 8988 8989</DD> 8990 8991<DT><b><a name="postscreen_enforce_tls">postscreen_enforce_tls</a> 8992(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 8993 8994<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 8995require that clients use TLS encryption. See smtpd_postscreen_enforce_tls 8996for details. </p> 8997 8998<p> This feature is available in Postfix 2.8 and later. 8999Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 9000 9001 9002</DD> 9003 9004<DT><b><a name="postscreen_expansion_filter">postscreen_expansion_filter</a> 9005(default: see "postconf -d" output)</b></DT><DD> 9006 9007<p> List of characters that are permitted in <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> 9008attribute expansions. See <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> for further 9009details. </p> 9010 9011<p> This feature is available in Postfix 2.8 and later. </p> 9012 9013 9014</DD> 9015 9016<DT><b><a name="postscreen_forbidden_commands">postscreen_forbidden_commands</a> 9017(default: $<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b></DT><DD> 9018 9019<p> List of commands that the <a href="postscreen.8.html">postscreen(8)</a> server considers in 9020violation of the SMTP protocol. See <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> for 9021syntax, and <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> for possible actions. 9022</p> 9023 9024<p> This feature is available in Postfix 2.8. </p> 9025 9026 9027</DD> 9028 9029<DT><b><a name="postscreen_greet_action">postscreen_greet_action</a> 9030(default: ignore)</b></DT><DD> 9031 9032<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client speaks 9033before its turn within the time specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 9034parameter. Specify one of the following: </p> 9035 9036<dl> 9037 9038<dt> <b>ignore</b> (default) </dt> 9039 9040<dd> Ignore the failure of this test. Allow other tests to complete. 9041Repeat this test the next time the client connects. 9042This option is useful for testing and collecting statistics 9043without blocking mail. </dd> 9044 9045<dt> <b>enforce</b> </dt> 9046 9047<dd> Allow other tests to complete. Reject attempts to deliver mail 9048with a 550 SMTP reply, and log the helo/sender/recipient information. 9049Repeat this test the next time the client connects. </dd> 9050 9051<dt> <b>drop</b> </dt> 9052 9053<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 9054this test the next time the client connects. </dd> 9055 9056</dl> 9057 9058<p> In either case, <a href="postscreen.8.html">postscreen(8)</a> will not allowlist the remote SMTP client 9059IP address. </p> 9060 9061<p> This feature is available in Postfix 2.8. </p> 9062 9063 9064</DD> 9065 9066<DT><b><a name="postscreen_greet_banner">postscreen_greet_banner</a> 9067(default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b></DT><DD> 9068 9069<p> The <i>text</i> in the optional "220-<i>text</i>..." server 9070response that 9071<a href="postscreen.8.html">postscreen(8)</a> sends ahead of the real Postfix SMTP server's "220 9072text..." response, in an attempt to confuse bad SMTP clients so 9073that they speak before their turn (pre-greet). Specify an empty 9074value to disable this feature. </p> 9075 9076<p> This feature is available in Postfix 2.8. </p> 9077 9078 9079</DD> 9080 9081<DT><b><a name="postscreen_greet_ttl">postscreen_greet_ttl</a> 9082(default: 1d)</b></DT><DD> 9083 9084<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> remembers that a client 9085IP address passed a PREGREET test, before it is required to pass 9086that test again. The default is relatively short, because 9087a good client can immediately talk to a real Postfix SMTP server. </p> 9088 9089<p> Specify a non-zero time value (an integral value plus an optional 9090one-letter suffix that specifies the time unit). Time units: s 9091(seconds), m (minutes), h (hours), d (days), w (weeks). 9092The default time unit is d (days). </p> 9093 9094<p> This feature is available in Postfix 2.8. </p> 9095 9096 9097</DD> 9098 9099<DT><b><a name="postscreen_greet_wait">postscreen_greet_wait</a> 9100(default: normal: 6s, <a href="STRESS_README.html">overload</a>: 2s)</b></DT><DD> 9101 9102<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will wait for an SMTP 9103client to send a command before its turn, and for DNS blocklist 9104lookup results to arrive (default: up to 2 seconds under stress, 9105up to 6 seconds otherwise). <p> 9106 9107<p> Specify a non-zero time value (an integral value plus an optional 9108one-letter suffix that specifies the time unit). Time units: s 9109(seconds), m (minutes), h (hours), d (days), w (weeks). 9110The default time unit is s (seconds). </p> 9111 9112<p> This feature is available in Postfix 2.8. </p> 9113 9114 9115</DD> 9116 9117<DT><b><a name="postscreen_helo_required">postscreen_helo_required</a> 9118(default: $<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b></DT><DD> 9119 9120<p> Require that a remote SMTP client sends HELO or EHLO before 9121commencing a MAIL transaction. </p> 9122 9123<p> This feature is available in Postfix 2.8. </p> 9124 9125 9126</DD> 9127 9128<DT><b><a name="postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> 9129(default: drop)</b></DT><DD> 9130 9131<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 9132non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> 9133parameter. Specify one of the following: </p> 9134 9135<dl> 9136 9137<dt> <b>ignore</b> </dt> 9138 9139<dd> Ignore the failure of this test. Allow other tests to complete. 9140Do <i>not</i> repeat this test before the result from some 9141other test expires. 9142This option is useful for testing and collecting statistics 9143without blocking mail permanently. </dd> 9144 9145<dt> <b>enforce</b> </dt> 9146 9147<dd> Allow other tests to complete. Reject attempts to deliver mail 9148with a 550 SMTP reply, and log the helo/sender/recipient information. 9149Repeat this test the next time the client connects. </dd> 9150 9151<dt> <b>drop</b> </dt> 9152 9153<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 9154this test the next time the client connects. This action is the 9155same as with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> 9156feature. </dd> 9157 9158</dl> 9159 9160<p> This feature is available in Postfix 2.8. </p> 9161 9162 9163</DD> 9164 9165<DT><b><a name="postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> 9166(default: no)</b></DT><DD> 9167 9168<p> Enable "non-SMTP command" tests in the <a href="postscreen.8.html">postscreen(8)</a> server. These 9169tests are expensive: a client must disconnect after it passes the 9170test, before it can talk to a real Postfix SMTP server. </p> 9171 9172<p> This feature is available in Postfix 2.8. </p> 9173 9174 9175</DD> 9176 9177<DT><b><a name="postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> 9178(default: 30d)</b></DT><DD> 9179 9180<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> remembers that a client 9181IP address passed a "non_smtp_command" SMTP protocol test, before 9182it is required to pass that test again. The default 9183is long because a client must disconnect after it passes the test, 9184before it can talk to a real Postfix SMTP server. </p> 9185 9186<p> Specify a non-zero time value (an integral value plus an optional 9187one-letter suffix that specifies the time unit). Time units: s 9188(seconds), m (minutes), h (hours), d (days), w (weeks). 9189The default time unit is d (days). </p> 9190 9191<p> This feature is available in Postfix 2.8. </p> 9192 9193 9194</DD> 9195 9196<DT><b><a name="postscreen_pipelining_action">postscreen_pipelining_action</a> 9197(default: enforce)</b></DT><DD> 9198 9199<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client 9200sends 9201multiple commands instead of sending one command and waiting for 9202the server to respond. Specify one of the following: </p> 9203 9204<dl> 9205 9206<dt> <b>ignore</b> </dt> 9207 9208<dd> Ignore the failure of this test. Allow other tests to complete. 9209Do <i>not</i> repeat this test before the result from some 9210other test expires. 9211This option is useful for testing and collecting statistics 9212without blocking mail permanently. </dd> 9213 9214<dt> <b>enforce</b> </dt> 9215 9216<dd> Allow other tests to complete. Reject attempts to deliver mail 9217with a 550 SMTP reply, and log the helo/sender/recipient information. 9218Repeat this test the next time the client connects. </dd> 9219 9220<dt> <b>drop</b> </dt> 9221 9222<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 9223this test the next time the client connects. </dd> 9224 9225</dl> 9226 9227<p> This feature is available in Postfix 2.8. </p> 9228 9229 9230</DD> 9231 9232<DT><b><a name="postscreen_pipelining_enable">postscreen_pipelining_enable</a> 9233(default: no)</b></DT><DD> 9234 9235<p> Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 9236server. These tests are expensive: a good client must disconnect 9237after it passes the test, before it can talk to a real Postfix SMTP 9238server. </p> 9239 9240<p> This feature is available in Postfix 2.8. </p> 9241 9242 9243</DD> 9244 9245<DT><b><a name="postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> 9246(default: 30d)</b></DT><DD> 9247 9248<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> remembers that a client 9249IP address passed a "pipelining" SMTP protocol test, before it is 9250required to pass that test again. The default is 9251long because a good client must disconnect after it passes the test, 9252before it can talk to a real Postfix SMTP server. </p> 9253 9254<p> Specify a non-zero time value (an integral value plus an optional 9255one-letter suffix that specifies the time unit). Time units: s 9256(seconds), m (minutes), h (hours), d (days), w (weeks). 9257The default time unit is d (days). </p> 9258 9259<p> This feature is available in Postfix 2.8. </p> 9260 9261 9262</DD> 9263 9264<DT><b><a name="postscreen_post_queue_limit">postscreen_post_queue_limit</a> 9265(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 9266 9267<p> The number of clients that can be waiting for service from a 9268real Postfix SMTP server process. When this queue is full, all 9269clients will 9270receive a 421 response. </p> 9271 9272<p> This feature is available in Postfix 2.8. </p> 9273 9274 9275</DD> 9276 9277<DT><b><a name="postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> 9278(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 9279 9280<p> The number of non-allowlisted clients that can be waiting for 9281a decision whether they will receive service from a real Postfix 9282SMTP server 9283process. When this queue is full, all non-allowlisted clients will 9284receive a 421 response. </p> 9285 9286<p> This feature is available in Postfix 2.8. </p> 9287 9288 9289</DD> 9290 9291<DT><b><a name="postscreen_reject_footer">postscreen_reject_footer</a> 9292(default: $<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b></DT><DD> 9293 9294<p> Optional information that is appended after a 4XX or 5XX 9295<a href="postscreen.8.html">postscreen(8)</a> server 9296response. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> for further details. </p> 9297 9298<p> This feature is available in Postfix 2.8 and later. </p> 9299 9300 9301</DD> 9302 9303<DT><b><a name="postscreen_reject_footer_maps">postscreen_reject_footer_maps</a> 9304(default: $<a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a>)</b></DT><DD> 9305 9306<p> Optional lookup table for information that is appended after a 4XX 9307or 5XX <a href="postscreen.8.html">postscreen(8)</a> server response. See <a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a> for 9308further details. </p> 9309 9310<p> This feature is available in Postfix 3.4 and later. </p> 9311 9312 9313</DD> 9314 9315<DT><b><a name="postscreen_tls_security_level">postscreen_tls_security_level</a> 9316(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 9317 9318<p> The SMTP TLS security level for the <a href="postscreen.8.html">postscreen(8)</a> server; when 9319a non-empty value is specified, this overrides the obsolete parameters 9320<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>. See <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> 9321for details. </p> 9322 9323<p> This feature is available in Postfix 2.8 and later. </p> 9324 9325 9326</DD> 9327 9328<DT><b><a name="postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> 9329(default: empty)</b></DT><DD> 9330 9331<p> The name of the proxy protocol used by an optional before-postscreen 9332proxy agent. When a proxy agent is used, this protocol conveys local 9333and remote address and port information. Specify 9334"<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> = haproxy" to enable the haproxy 9335protocol; version 2 is supported with Postfix 3.5 and later. <p> 9336 9337<p> This feature is available in Postfix 2.10 and later. </p> 9338 9339 9340</DD> 9341 9342<DT><b><a name="postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a> 9343(default: 5s)</b></DT><DD> 9344 9345<p> The time limit for the proxy protocol specified with the 9346<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter. </p> 9347 9348<p> This feature is available in Postfix 2.10 and later. </p> 9349 9350 9351</DD> 9352 9353<DT><b><a name="postscreen_use_tls">postscreen_use_tls</a> 9354(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 9355 9356<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 9357but do not require that clients use TLS encryption. </p> 9358 9359<p> This feature is available in Postfix 2.8 and later. 9360Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 9361 9362 9363</DD> 9364 9365<DT><b><a name="postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> 9366(default: 10s)</b></DT><DD> 9367 9368<p> How much time a <a href="postscreen.8.html">postscreen(8)</a> process may take to respond to 9369a remote SMTP client command or to perform a cache operation before it 9370is terminated by a built-in watchdog timer. This is a safety 9371mechanism that prevents <a href="postscreen.8.html">postscreen(8)</a> from becoming non-responsive 9372due to a bug in Postfix itself or in system software. To avoid 9373false alarms and unnecessary cache corruption this limit cannot be 9374set under 10s. </p> 9375 9376<p> Specify a non-zero time value (an integral value plus an optional 9377one-letter suffix that specifies the time unit). Time units: s 9378(seconds), m (minutes), h (hours), d (days), w (weeks). 9379The default time unit is s (seconds). </p> 9380 9381<p> This feature is available in Postfix 2.8. </p> 9382 9383 9384</DD> 9385 9386<DT><b><a name="postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> 9387(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD> 9388 9389<p> Renamed to <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> in Postfix 3.6. </p> 9390 9391<p> This feature is available in Postfix 2.9 - 3.5. </p> 9392 9393 9394</DD> 9395 9396<DT><b><a name="prepend_delivered_header">prepend_delivered_header</a> 9397(default: command, file, forward)</b></DT><DD> 9398 9399<p> The message delivery contexts where the Postfix <a href="local.8.html">local(8)</a> delivery 9400agent prepends a Delivered-To: message header with the address 9401that the mail was delivered to. This information is used for mail 9402delivery loop detection. </p> 9403 9404<p> 9405By default, the Postfix local delivery agent prepends a Delivered-To: 9406header when forwarding mail and when delivering to file (mailbox) 9407and command. Turning off the Delivered-To: header when forwarding 9408mail is not recommended. 9409</p> 9410 9411<p> 9412Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>. 9413</p> 9414 9415<p> 9416Example: 9417</p> 9418 9419<pre> 9420<a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> = forward 9421</pre> 9422 9423 9424</DD> 9425 9426<DT><b><a name="process_id">process_id</a> 9427(read-only)</b></DT><DD> 9428 9429<p> 9430The process ID of a Postfix command or daemon process. 9431</p> 9432 9433 9434</DD> 9435 9436<DT><b><a name="process_id_directory">process_id_directory</a> 9437(default: pid)</b></DT><DD> 9438 9439<p> 9440The location of Postfix PID files relative to $<a href="postconf.5.html#queue_directory">queue_directory</a>. 9441This is a read-only parameter. 9442</p> 9443 9444 9445</DD> 9446 9447<DT><b><a name="process_name">process_name</a> 9448(read-only)</b></DT><DD> 9449 9450<p> 9451The process name of a Postfix command or daemon process. 9452</p> 9453 9454 9455</DD> 9456 9457<DT><b><a name="propagate_unmatched_extensions">propagate_unmatched_extensions</a> 9458(default: canonical, virtual)</b></DT><DD> 9459 9460<p> 9461What address lookup tables copy an address extension from the lookup 9462key to the lookup result. 9463</p> 9464 9465<p> 9466For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com => 9467joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>" 9468would rewrite to "<i>joe.user+foo@example.net</i>". 9469</p> 9470 9471<p> 9472Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, 9473<b>forward</b>, <b>include</b> or <b>generic</b>. These cause 9474address extension 9475propagation with <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a>, and <a href="aliases.5.html">aliases(5)</a> maps, 9476with <a href="local.8.html">local(8)</a> .forward and :include: file lookups, and with <a href="smtp.8.html">smtp(8)</a> 9477generic maps, respectively. </p> 9478 9479<p> 9480Note: enabling this feature for types other than <b>canonical</b> 9481and <b>virtual</b> is likely to cause problems when mail is forwarded 9482to other sites, especially with mail that is sent to a mailing list 9483exploder address. 9484</p> 9485 9486<p> 9487Examples: 9488</p> 9489 9490<pre> 9491<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual, alias, 9492 forward, include 9493<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual 9494</pre> 9495 9496 9497</DD> 9498 9499<DT><b><a name="proxy_interfaces">proxy_interfaces</a> 9500(default: empty)</b></DT><DD> 9501 9502<p> 9503The remote network interface addresses that this mail system receives mail 9504on by way of a proxy or network address translation unit. 9505</p> 9506 9507<p> 9508This feature is available in Postfix 2.0 and later. 9509</p> 9510 9511<p> You must specify your "outside" proxy/NAT addresses when your 9512system is a backup MX host for other domains, otherwise mail delivery 9513loops will happen when the primary MX host is down. </p> 9514 9515<p> 9516Example: 9517</p> 9518 9519<pre> 9520<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 9521</pre> 9522 9523 9524</DD> 9525 9526<DT><b><a name="proxy_read_maps">proxy_read_maps</a> 9527(default: see "postconf -d" output)</b></DT><DD> 9528 9529<p> 9530The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 9531access for the read-only service. 9532</p> 9533 9534<p> 9535Specify zero or more "type:name" lookup tables, separated by 9536whitespace or comma. 9537Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. 9538</p> 9539 9540<p> 9541This feature is available in Postfix 2.0 and later. 9542</p> 9543 9544 9545</DD> 9546 9547<DT><b><a name="proxy_write_maps">proxy_write_maps</a> 9548(default: see "postconf -d" output)</b></DT><DD> 9549 9550<p> The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 9551access for the read-write service. Postfix-owned local database 9552files should be stored under the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. 9553Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. </p> 9554 9555<p> 9556This feature is available in Postfix 2.5 and later. 9557</p> 9558 9559 9560</DD> 9561 9562<DT><b><a name="proxymap_service_name">proxymap_service_name</a> 9563(default: proxymap)</b></DT><DD> 9564 9565<p> The name of the proxymap read-only table lookup service. This 9566service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. </p> 9567 9568<p> This feature is available in Postfix 2.6 and later. </p> 9569 9570 9571</DD> 9572 9573<DT><b><a name="proxywrite_service_name">proxywrite_service_name</a> 9574(default: proxywrite)</b></DT><DD> 9575 9576<p> The name of the proxywrite read-write table lookup service. 9577This service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. 9578</p> 9579 9580<p> This feature is available in Postfix 2.6 and later. </p> 9581 9582 9583</DD> 9584 9585<DT><b><a name="qmgr_clog_warn_time">qmgr_clog_warn_time</a> 9586(default: 300s)</b></DT><DD> 9587 9588<p> 9589The minimal delay between warnings that a specific destination is 9590clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>. Specify 0 to disable. 9591</p> 9592 9593<p> Specify a non-negative time value (an integral value plus an optional 9594one-letter suffix that specifies the time unit). Time units: s 9595(seconds), m (minutes), h (hours), d (days), w (weeks). 9596The default time unit is s (seconds). </p> 9597 9598<p> 9599This feature is enabled with the <a href="postconf.5.html#helpful_warnings">helpful_warnings</a> parameter. 9600</p> 9601 9602<p> 9603This feature is available in Postfix 2.0 and later. 9604</p> 9605 9606 9607</DD> 9608 9609<DT><b><a name="qmgr_daemon_timeout">qmgr_daemon_timeout</a> 9610(default: 1000s)</b></DT><DD> 9611 9612<p> How much time a Postfix queue manager process may take to handle 9613a request before it is terminated by a built-in watchdog timer. 9614</p> 9615 9616<p> Specify a non-zero time value (an integral value plus an optional 9617one-letter suffix that specifies the time unit). Time units: s 9618(seconds), m (minutes), h (hours), d (days), w (weeks). 9619The default time unit is s (seconds). </p> 9620 9621<p> This feature is available in Postfix 2.8 and later. </p> 9622 9623 9624</DD> 9625 9626<DT><b><a name="qmgr_fudge_factor">qmgr_fudge_factor</a> 9627(default: 100)</b></DT><DD> 9628 9629<p> 9630Obsolete feature: the percentage of delivery resources that a busy 9631mail system will use up for delivery of a large mailing list 9632message. 9633</p> 9634 9635<p> 9636This feature exists only in the <a href="qmgr.8.html">oqmgr(8)</a> old queue manager. The 9637current queue manager solves the problem in a better way. 9638</p> 9639 9640 9641</DD> 9642 9643<DT><b><a name="qmgr_ipc_timeout">qmgr_ipc_timeout</a> 9644(default: 60s)</b></DT><DD> 9645 9646<p> The time limit for the queue manager to send or receive information 9647over an internal communication channel. The purpose is to break 9648out of deadlock situations. If the time limit is exceeded the 9649software either retries or aborts the operation. </p> 9650 9651<p> Specify a non-zero time value (an integral value plus an optional 9652one-letter suffix that specifies the time unit). Time units: s 9653(seconds), m (minutes), h (hours), d (days), w (weeks). 9654The default time unit is s (seconds). </p> 9655 9656<p> This feature is available in Postfix 2.8 and later. </p> 9657 9658 9659</DD> 9660 9661<DT><b><a name="qmgr_message_active_limit">qmgr_message_active_limit</a> 9662(default: 20000)</b></DT><DD> 9663 9664<p> 9665The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>. 9666</p> 9667 9668 9669</DD> 9670 9671<DT><b><a name="qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> 9672(default: 20000)</b></DT><DD> 9673 9674<p> The maximal number of recipients held in memory by the Postfix 9675queue manager, and the maximal size of the short-term, 9676in-memory "dead" destination status cache. </p> 9677 9678 9679</DD> 9680 9681<DT><b><a name="qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> 9682(default: 10)</b></DT><DD> 9683 9684<p> 9685The minimal number of in-memory recipients for any message. This 9686takes priority over any other in-memory recipient limits (i.e., 9687the global <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> and the per transport 9688_recipient_limit) if necessary. The minimum value allowed for this 9689parameter is 1. 9690</p> 9691 9692 9693</DD> 9694 9695<DT><b><a name="qmqpd_authorized_clients">qmqpd_authorized_clients</a> 9696(default: empty)</b></DT><DD> 9697 9698<p> 9699What remote QMQP clients are allowed to connect to the Postfix QMQP 9700server port. 9701</p> 9702 9703<p> 9704By default, no client is allowed to use the service. This is 9705because the QMQP server will relay mail to any destination. 9706</p> 9707 9708<p> 9709Specify a list of client patterns. A list pattern specifies a host 9710name, a domain name, an internet address, or a network/mask pattern, 9711where the mask specifies the number of bits in the network part. 9712When a pattern specifies a file name, its contents are substituted 9713for the file name; when a pattern is a "<a href="DATABASE_README.html">type:table</a>" table specification, 9714table lookup is used instead. </p> 9715 9716<p> 9717Patterns are separated by whitespace and/or commas. In order to 9718reverse the result, precede a pattern with an 9719exclamation point (!). The form "!/file/name" is supported only 9720in Postfix version 2.4 and later. 9721</p> 9722 9723<p> Pattern matching of domain names is controlled by the presence 9724or absence of "<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a>" in the 9725<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value. </p> 9726 9727<p> 9728Example: 9729</p> 9730 9731<pre> 9732<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> = !192.168.0.1, 192.168.0.0/24 9733</pre> 9734 9735 9736</DD> 9737 9738<DT><b><a name="qmqpd_client_port_logging">qmqpd_client_port_logging</a> 9739(default: no)</b></DT><DD> 9740 9741<p> Enable logging of the remote QMQP client port in addition to 9742the hostname and IP address. The logging format is "host[address]:port". 9743</p> 9744 9745<p> This feature is available in Postfix 2.5 and later. </p> 9746 9747 9748</DD> 9749 9750<DT><b><a name="qmqpd_error_delay">qmqpd_error_delay</a> 9751(default: 1s)</b></DT><DD> 9752 9753<p> 9754How long the Postfix QMQP server will pause before sending a negative 9755reply to the remote QMQP client. The purpose is to slow down confused 9756or malicious clients. 9757</p> 9758 9759<p> Specify a non-negative time value (an integral value plus an optional 9760one-letter suffix that specifies the time unit). Time units: s 9761(seconds), m (minutes), h (hours), d (days), w (weeks). 9762The default time unit is s (seconds). </p> 9763 9764 9765</DD> 9766 9767<DT><b><a name="qmqpd_timeout">qmqpd_timeout</a> 9768(default: 300s)</b></DT><DD> 9769 9770<p> 9771The time limit for sending or receiving information over the network. 9772If a read or write operation blocks for more than $<a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a> 9773seconds the Postfix QMQP server gives up and disconnects. 9774</p> 9775 9776<p> Specify a non-zero time value (an integral value plus an optional 9777one-letter suffix that specifies the time unit). Time units: s 9778(seconds), m (minutes), h (hours), d (days), w (weeks). 9779The default time unit is s (seconds). </p> 9780 9781 9782</DD> 9783 9784<DT><b><a name="queue_directory">queue_directory</a> 9785(default: see "postconf -d" output)</b></DT><DD> 9786 9787<p> 9788The location of the Postfix top-level queue directory. This is the 9789root directory of Postfix daemon processes that run chrooted. 9790</p> 9791 9792 9793</DD> 9794 9795<DT><b><a name="queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> 9796(default: 100)</b></DT><DD> 9797 9798<p> 9799The maximal number of (name=value) attributes that may be stored 9800in a Postfix queue file. The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> 9801server. 9802</p> 9803 9804<p> 9805This feature is available in Postfix 2.0 and later. 9806</p> 9807 9808 9809</DD> 9810 9811<DT><b><a name="queue_minfree">queue_minfree</a> 9812(default: 0)</b></DT><DD> 9813 9814<p> 9815The minimal amount of free space in bytes in the queue file system 9816that is needed to receive mail. This is currently used by the 9817Postfix SMTP server to decide if it will accept any mail at all. 9818</p> 9819 9820<p> 9821By default, the Postfix SMTP server rejects MAIL FROM commands when 9822the amount of free space is less than 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a> 9823(Postfix version 2.1 and later). 9824To specify a higher minimum free space limit, specify a <a href="postconf.5.html#queue_minfree">queue_minfree</a> 9825value that is at least 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>. 9826</p> 9827 9828<p> 9829With Postfix versions 2.0 and earlier, a <a href="postconf.5.html#queue_minfree">queue_minfree</a> value of 9830zero means there is no minimum required amount of free space. 9831</p> 9832 9833 9834</DD> 9835 9836<DT><b><a name="queue_run_delay">queue_run_delay</a> 9837(default: 300s)</b></DT><DD> 9838 9839<p> 9840The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager; 9841prior to Postfix 2.4 the default value was 1000s. 9842</p> 9843 9844<p> This parameter should be set less than or equal to 9845$<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 9846 9847<p> Specify a non-zero time value (an integral value plus an optional 9848one-letter suffix that specifies the time unit). Time units: s 9849(seconds), m (minutes), h (hours), d (days), w (weeks). 9850The default time unit is s (seconds). </p> 9851 9852 9853</DD> 9854 9855<DT><b><a name="queue_service_name">queue_service_name</a> 9856(default: qmgr)</b></DT><DD> 9857 9858<p> 9859The name of the <a href="qmgr.8.html">qmgr(8)</a> service. This service manages the Postfix 9860queue and schedules delivery requests. 9861</p> 9862 9863<p> 9864This feature is available in Postfix 2.0 and later. 9865</p> 9866 9867 9868</DD> 9869 9870<DT><b><a name="rbl_reply_maps">rbl_reply_maps</a> 9871(default: empty)</b></DT><DD> 9872 9873<p> 9874Optional lookup tables with RBL or RHSBL response templates. The 9875table search key is the reject_rbl_* or reject_rhsbl_* argument, 9876including any optional "<i>=address-filter</i>". With Postfix 3.10 9877and later, if the result is "not found" and the search key has the 9878form <i>domain=address-filter</i>, then <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> will also 9879search with the <i>domain</i>. </p> 9880 9881<p> By default, Postfix uses the 9882template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration 9883parameter. See there for a discussion of the response template 9884syntax. 9885</p> 9886 9887<p> Example: </p> 9888 9889<pre> 9890/etc/postfix/<a href="postconf.5.html">main.cf</a>: 9891 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/rbl_reply 9892 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = 9893 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 9894 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> <i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11], 9895 ... 9896<br> 9897/etc/postfix/rbl_reply: 9898 # See https://www.postfix.org/postconf.5.html#<a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> 9899 # for the definition of the $client_address and $rbl_class etc. 9900 # variables. 9901 <i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11] 9902 554 $rbl_class $rbl_what blocked using ZEN - see <a href="https://www.spamhaus.org/query/ip/$client_address">https://www.spamhaus.org/query/ip/$client_address</a> for details 9903</pre> 9904 9905<pre> 9906 # Postfix ≥ 3.10: if a search key <i>domain=address-filter</i> 9907 # is not found, then <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> will also search with the 9908 # <i>domain</i>. 9909 <i>secret</i>.zen.dq.spamhaus.net 9910 554 $rbl_class $rbl_what blocked using ZEN - see <a href="https://www.spamhaus.org/query/ip/$client_address">https://www.spamhaus.org/query/ip/$client_address</a> for details 9911</pre> 9912 9913<p> 9914NOTE: This feature differs from <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> where 9915the table search key is only a domain name (no "<i>=address-filter</i>", 9916no "<i>*weight</i>" factor) and where the lookup result 9917should be only a domain name (no free text, no <i>$name</i> variables). 9918</p> 9919 9920<p> 9921This feature is available in Postfix 2.0 and later. 9922The "=address-filter" feature is available in Postfix 2.8 and later. 9923</p> 9924 9925 9926</DD> 9927 9928<DT><b><a name="readme_directory">readme_directory</a> 9929(default: see "postconf -d" output)</b></DT><DD> 9930 9931<p> 9932The location of Postfix README files that describe how to build, 9933configure or operate a specific Postfix subsystem or feature. 9934</p> 9935 9936 9937</DD> 9938 9939<DT><b><a name="receive_override_options">receive_override_options</a> 9940(default: empty)</b></DT><DD> 9941 9942<p> Enable or disable recipient validation, built-in content 9943filtering, or address mapping. Typically, these are specified in 9944<a href="master.5.html">master.cf</a> as command-line arguments for the <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a> or 9945<a href="pickup.8.html">pickup(8)</a> daemons. </p> 9946 9947<p> Specify zero or more of the following options. The options 9948override <a href="postconf.5.html">main.cf</a> settings and are either implemented by <a href="smtpd.8.html">smtpd(8)</a>, 9949<a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a> themselves, or they are forwarded to the 9950cleanup server. </p> 9951 9952<dl> 9953 9954<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt> 9955 9956<dd>Do not try to reject unknown recipients (SMTP server only). 9957This is typically specified AFTER an external content filter. 9958</dd> 9959 9960<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt> 9961 9962<dd>Disable canonical address mapping, virtual alias map expansion, 9963address masquerading, and automatic BCC (blind carbon-copy) 9964recipients. This is typically specified BEFORE an external content 9965filter. </dd> 9966 9967<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt> 9968 9969<dd>Disable header/body_checks. This is typically specified AFTER 9970an external content filter. </dd> 9971 9972<dt><b><a name="no_milters">no_milters</a></b></dt> 9973 9974<dd>Disable Milter (mail filter) applications. This is typically 9975specified AFTER an external content filter. </dd> 9976 9977</dl> 9978 9979<p> 9980Note: when the "BEFORE content filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> 9981setting is specified in the <a href="postconf.5.html">main.cf</a> file, specify the "AFTER content 9982filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> setting in <a href="master.5.html">master.cf</a> (and vice 9983versa). 9984</p> 9985 9986<p> 9987Examples: 9988</p> 9989 9990<pre> 9991<a href="postconf.5.html#receive_override_options">receive_override_options</a> = 9992 <a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>, <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a> 9993<a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a> 9994</pre> 9995 9996<p> 9997This feature is available in Postfix 2.1 and later. 9998</p> 9999 10000 10001</DD> 10002 10003<DT><b><a name="recipient_bcc_maps">recipient_bcc_maps</a> 10004(default: empty)</b></DT><DD> 10005 10006<p> 10007Optional BCC (blind carbon-copy) address lookup tables, indexed by 10008envelope recipient address. The BCC address (multiple results are not 10009supported) is added when mail enters from outside of Postfix. 10010</p> 10011 10012<p> 10013Specify zero or more "type:name" lookup tables, separated by 10014whitespace or comma. Tables will be searched in the specified order 10015until a match is found. 10016</p> 10017 10018<p> 10019The table search order is as follows: 10020</p> 10021 10022<ul> 10023 10024<li> Look up the "user+extension@domain.tld" address including the 10025optional address extension. 10026 10027<li> Look up the "user@domain.tld" address without the optional 10028address extension. 10029 10030<li> Look up the "user+extension" address local part when the 10031recipient domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 10032or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 10033 10034<li> Look up the "user" address local part when the recipient domain 10035equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 10036 10037<li> Look up the "@domain.tld" part. 10038 10039</ul> 10040 10041<p> 10042Note: with Postfix 2.3 and later the BCC address is added as if it 10043was specified with NOTIFY=NONE. The sender will not be notified 10044when the BCC address is undeliverable, as long as all down-stream 10045software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>. 10046</p> 10047 10048<p> 10049Note: with Postfix 2.2 and earlier the sender will unconditionally 10050be notified when the BCC address is undeliverable. 10051</p> 10052 10053<p> Note: automatic BCC recipients are produced only for new mail. 10054To avoid mailer loops, automatic BCC recipients are not generated 10055after Postfix forwards mail internally, or after Postfix generates 10056mail itself. </p> 10057 10058<p> Note: automatic BCC recipients are subject to address 10059canonicalization (add missing domain), <a href="postconf.5.html#canonical_maps">canonical_maps</a>, <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>, 10060and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p> 10061 10062<p> 10063Example: 10064</p> 10065 10066<pre> 10067<a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_bcc 10068</pre> 10069 10070<p> 10071After a change, run "<b>postmap /etc/postfix/recipient_bcc</b>". 10072</p> 10073 10074<p> 10075This feature is available in Postfix 2.1 and later. 10076</p> 10077 10078 10079</DD> 10080 10081<DT><b><a name="recipient_canonical_classes">recipient_canonical_classes</a> 10082(default: envelope_recipient, header_recipient)</b></DT><DD> 10083 10084<p> What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address 10085mapping. By default, <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address mapping is 10086applied to envelope recipient addresses, and to header recipient 10087addresses. </p> 10088 10089<p> Specify one or more of: envelope_recipient, header_recipient 10090</p> 10091 10092<p> This feature is available in Postfix 2.2 and later. </p> 10093 10094 10095</DD> 10096 10097<DT><b><a name="recipient_canonical_maps">recipient_canonical_maps</a> 10098(default: empty)</b></DT><DD> 10099 10100<p> 10101Optional address mapping lookup tables for envelope and header 10102recipient addresses. 10103The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 10104</p> 10105 10106<p> 10107Note: $<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 10108</p> 10109 10110<p> 10111Example: 10112</p> 10113 10114<pre> 10115<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_canonical 10116</pre> 10117 10118 10119</DD> 10120 10121<DT><b><a name="recipient_delimiter">recipient_delimiter</a> 10122(default: empty)</b></DT><DD> 10123 10124<p> The set of characters that can separate an email address 10125localpart, user name, or a .forward file name from its extension. 10126For example, with "<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +", the software tries 10127user+foo@example.com before trying user@example.com, user+foo before 10128trying user, and .forward+foo before trying .forward. </p> 10129 10130<p> More formally, an email address localpart or user name is 10131separated from its extension by the first character that matches 10132the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set. The delimiter character and extension 10133may then be used to generate an extended .forward file name. This 10134implementation recognizes one delimiter character and one extension 10135per email address localpart or email address. With Postfix 2.10 and 10136earlier, the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> specifies a single character. </p> 10137 10138<p> See <a href="canonical.5.html">canonical(5)</a>, <a href="local.8.html">local(8)</a>, <a href="relocated.5.html">relocated(5)</a> and <a href="virtual.5.html">virtual(5)</a> for the 10139effects of <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> on lookups in aliases, canonical, 10140virtual, and relocated maps, and see the <a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> 10141parameter for propagating an extension from one email address to 10142another. </p> 10143 10144<p> When used in <a href="postconf.5.html#command_execution_directory">command_execution_directory</a>, <a href="postconf.5.html#forward_path">forward_path</a>, or 10145<a href="postconf.5.html#luser_relay">luser_relay</a>, ${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>} is replaced with the actual 10146recipient delimiter that was found in the recipient email address 10147(Postfix 2.11 and later), or it is replaced with the <a href="postconf.5.html">main.cf</a> 10148<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> parameter value (Postfix 2.10 and earlier). 10149</p> 10150 10151<p> The <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is not applied to the mailer-daemon 10152address, the postmaster address, or the double-bounce address. With 10153the default "<a href="postconf.5.html#owner_request_special">owner_request_special</a> = yes" setting, the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> 10154is also not applied to addresses with the special "owner-" prefix 10155or the special "-request" suffix. </p> 10156 10157<p> 10158Examples: 10159</p> 10160 10161<pre> 10162# Handle Postfix-style extensions. 10163<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = + 10164</pre> 10165 10166<pre> 10167# Handle both Postfix and qmail extensions (Postfix 2.11 and later). 10168<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +- 10169</pre> 10170 10171<pre> 10172# Use .forward for mail without address extension, and for mail with 10173# an unrecognized address extension. 10174<a href="postconf.5.html#forward_path">forward_path</a> = $home/.forward${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>}${extension}, 10175 $home/.forward 10176</pre> 10177 10178 10179</DD> 10180 10181<DT><b><a name="reject_code">reject_code</a> 10182(default: 554)</b></DT><DD> 10183 10184<p> 10185The numerical Postfix SMTP server response code when a remote SMTP 10186client request is rejected by the "reject" restriction. 10187</p> 10188 10189<p> 10190Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 10191</p> 10192 10193 10194</DD> 10195 10196<DT><b><a name="reject_tempfail_action">reject_tempfail_action</a> 10197(default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b></DT><DD> 10198 10199<p> The Postfix SMTP server's action when a reject-type restriction 10200fails due to a temporary error condition. Specify "defer" to defer 10201the remote SMTP client request immediately. With the default 10202"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 10203for opportunities to reject mail, and defers the client request 10204only if it would otherwise be accepted. </p> 10205 10206<p> For finer control, see: <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>, 10207<a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>, <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a>, 10208and <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>. </p> 10209 10210<p> This feature is available in Postfix 2.6 and later. </p> 10211 10212 10213</DD> 10214 10215<DT><b><a name="relay_clientcerts">relay_clientcerts</a> 10216(default: empty)</b></DT><DD> 10217 10218<p> List of tables with remote SMTP client-certificate fingerprints or 10219public key fingerprints (Postfix 2.9 and later) for which the Postfix 10220SMTP server will allow access with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 10221feature. The fingerprint digest algorithm is configurable via the 10222<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 10223Postfix version 2.5). </p> 10224 10225<p> The default algorithm is <b>sha256</b> with Postfix ≥ 3.6 10226and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix 10227≤ 3.5, the default algorithm is <b>md5</b>. The best-practice 10228algorithm is now <b>sha256</b>. Recent advances in hash function 10229cryptanalysis have led to md5 and sha1 being deprecated in favor of 10230sha256. However, as long as there are no known "second pre-image" 10231attacks against the older algorithms, their use in this context, though 10232not recommended, is still likely safe. </p> 10233 10234<p> Postfix lookup tables are in the form of (key, value) pairs. 10235Since we only need the key, the value can be chosen freely, e.g. 10236the name of the user or host: 10237D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p> 10238 10239<p> Example: </p> 10240 10241<pre> 10242<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_clientcerts 10243</pre> 10244 10245<p>For more fine-grained control, use <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> to select 10246an appropriate <a href="access.5.html">access(5)</a> policy for each client. 10247See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p> 10248 10249<p>This feature is available with Postfix version 2.2.</p> 10250 10251 10252</DD> 10253 10254<DT><b><a name="relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> 10255(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 10256 10257<p> The maximal number of parallel deliveries to the same destination 10258via the relay message delivery transport. This limit is enforced 10259by the queue manager. The message delivery transport name is the 10260first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 10261 10262<p> This feature is available in Postfix 2.0 and later. </p> 10263 10264 10265</DD> 10266 10267<DT><b><a name="relay_destination_recipient_limit">relay_destination_recipient_limit</a> 10268(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 10269 10270<p> The maximal number of recipients per message for the relay 10271message delivery transport. This limit is enforced by the queue 10272manager. The message delivery transport name is the first field in 10273the entry in the <a href="master.5.html">master.cf</a> file. </p> 10274 10275<p> Setting this parameter to a value of 1 changes the meaning of 10276<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> from concurrency per domain 10277into concurrency per recipient. </p> 10278 10279<p> This feature is available in Postfix 2.0 and later. </p> 10280 10281 10282</DD> 10283 10284<DT><b><a name="relay_domains">relay_domains</a> 10285(default: Postfix ≥ 3.0: empty, Postfix < 3.0: $<a href="postconf.5.html#mydestination">mydestination</a>)</b></DT><DD> 10286 10287<p> What destination domains (and subdomains thereof) this system 10288will relay mail to. For details about how 10289the <a href="postconf.5.html#relay_domains">relay_domains</a> value is used, see the description of the 10290<a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> and <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> SMTP recipient 10291restrictions. </p> 10292 10293<p> Domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a> are delivered with the 10294$<a href="postconf.5.html#relay_transport">relay_transport</a> mail delivery transport. The SMTP server validates 10295recipient addresses with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> and rejects non-existent 10296recipients. See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the 10297<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 10298 10299<p> Note: Postfix will not automatically forward mail for domains 10300that list this system as their primary or backup MX host. See the 10301<a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> restriction in the <a href="postconf.5.html">postconf(5)</a> manual page. </p> 10302 10303<p> Specify a list of host or domain names, "/file/name" patterns 10304or "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 10305Continue long lines by starting the next line with whitespace. A 10306"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 10307lookup table is matched when a (parent) domain appears as lookup 10308key. Specify "!pattern" to exclude a domain from the list. The form 10309"!/file/name" is supported only in Postfix version 2.4 and later. 10310</p> 10311 10312<p> Pattern matching of domain names is controlled by the presence 10313or absence of "<a href="postconf.5.html#relay_domains">relay_domains</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 10314parameter value. </p> 10315 10316 10317</DD> 10318 10319<DT><b><a name="relay_domains_reject_code">relay_domains_reject_code</a> 10320(default: 554)</b></DT><DD> 10321 10322<p> 10323The numerical Postfix SMTP server response code when a client 10324request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient 10325restriction. 10326</p> 10327 10328<p> 10329Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 10330</p> 10331 10332 10333</DD> 10334 10335<DT><b><a name="relay_recipient_maps">relay_recipient_maps</a> 10336(default: empty)</b></DT><DD> 10337 10338<p> Optional lookup tables with all valid addresses in the domains 10339that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for 10340domains that have no valid recipient list, and become a source of 10341backscatter mail: Postfix accepts spam for non-existent recipients 10342and then floods innocent people with undeliverable mail. Technically, 10343tables 10344listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs 10345to know only if a lookup string is found or not, but it does not 10346use the result from the table lookup. </p> 10347 10348<p> 10349Specify zero or more "type:name" lookup tables, separated by 10350whitespace or comma. Tables will be searched in the specified order 10351until a match is found. 10352</p> 10353 10354<p> 10355If this parameter is non-empty, then the Postfix SMTP server will reject 10356mail to unknown relay users. This feature is off by default. 10357</p> 10358 10359<p> 10360See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 10361file. 10362</p> 10363 10364<p> 10365Example: 10366</p> 10367 10368<pre> 10369<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients 10370</pre> 10371 10372<p> 10373This feature is available in Postfix 2.0 and later. 10374</p> 10375 10376 10377</DD> 10378 10379<DT><b><a name="relay_transport">relay_transport</a> 10380(default: relay)</b></DT><DD> 10381 10382<p> 10383The default mail delivery transport and next-hop destination for 10384the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class: recipient domains that match 10385$<a href="postconf.5.html#relay_domains">relay_domains</a>. </p> 10386 10387<p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class: </p> 10388 10389<ul> 10390 10391<li> <p> In order of decreasing precedence, the message delivery 10392transport is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>. 10393</p> 10394 10395<li> <p> In order of decreasing precedence, the nexthop destination 10396is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>, 3) 10397$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient 10398domain. </p> 10399 10400</ul> 10401 10402<p> 10403Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 10404is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 10405The <i>:nexthop</i> destination is optional; its syntax is documented 10406in the manual page of the corresponding delivery agent. 10407</p> 10408 10409<p> 10410See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 10411file. 10412</p> 10413 10414<p> 10415This feature is available in Postfix 2.0 and later. 10416</p> 10417 10418 10419</DD> 10420 10421<DT><b><a name="relayhost">relayhost</a> 10422(default: empty)</b></DT><DD> 10423 10424<p> 10425The next-hop destination(s) for non-local mail; takes precedence 10426over non-<a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> in recipient addresses. This information 10427will not be used when the sender matches $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>. 10428</p> 10429 10430<p> In order of decreasing precedence: </p> 10431 10432<ul> 10433 10434<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class 10435(domains matching $<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken 10436from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>, 3) 10437$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient 10438domain. <p> 10439 10440<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> address class 10441(domains that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, 10442$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, 10443or $<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken from 1) 10444$<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or 10445$<a href="postconf.5.html#default_transport">default_transport</a>, 3) $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> 10446or the recipient domain. </p> 10447 10448</ul> 10449 10450<p> 10451On an intranet, specify the organizational domain name. If your 10452internal DNS uses no MX records, specify the name of the intranet 10453gateway host instead. 10454</p> 10455 10456<p> 10457In the case of SMTP delivery, specify one or more destinations in 10458the form of a domain name, hostname, hostname:service, [hostname]:service, 10459[hostaddress] or [hostaddress]:service, separated by comma or whitespace. 10460The form [hostname] turns off MX or SRV lookups. Multiple destinations 10461are supported in Postfix 3.5 and later. Each destination is tried 10462in the specified order. 10463</p> 10464 10465<p> If an SMTP destination is a load balancer, and there are no 10466alternative destinations, specify the load balancer multiple times. 10467Without the duplicate info, the Postfix SMTP client would not 10468reconnect immediately to the same load balancer after a remote SMTP 10469server failure. </p> 10470 10471<p> 10472If you're connected via UUCP, see the <a href="UUCP_README.html">UUCP_README</a> file for useful 10473information. 10474</p> 10475 10476<p> 10477Examples: 10478</p> 10479 10480<pre> 10481<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 10482<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.example.com] 10483<a href="postconf.5.html#relayhost">relayhost</a> = mail1.example:587, mail2.example:587 10484<a href="postconf.5.html#relayhost">relayhost</a> = [an.ip.add.ress] 10485</pre> 10486 10487 10488</DD> 10489 10490<DT><b><a name="relocated_maps">relocated_maps</a> 10491(default: empty)</b></DT><DD> 10492 10493<p> 10494Optional lookup tables with new contact information for users or 10495domains that no longer exist. The table format and lookups are 10496documented in <a href="relocated.5.html">relocated(5)</a>. 10497</p> 10498 10499<p> 10500Specify zero or more "type:name" lookup tables, separated by 10501whitespace or comma. Tables will be searched in the specified order 10502until a match is found. 10503</p> 10504 10505<p> 10506If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to 10507build the necessary DBM or DB file after change, then "<b>postfix 10508reload</b>" to make the changes visible. 10509</p> 10510 10511<p> 10512Examples: 10513</p> 10514 10515<pre> 10516<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/relocated 10517<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relocated 10518</pre> 10519 10520 10521</DD> 10522 10523<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a> 10524(default: empty)</b></DT><DD> 10525 10526<p> Rewrite or add message headers in mail from remote clients if 10527the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter value is non-empty, 10528updating incomplete addresses with the domain specified in the 10529<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter, and adding missing headers. 10530</p> 10531 10532<p> The 10533<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what clients Postfix 10534considers local. </p> 10535 10536<p> Examples: </p> 10537 10538<p> The safe setting: append "domain.invalid" to incomplete header 10539addresses from remote SMTP clients, so that those addresses cannot 10540be confused with local addresses. </p> 10541 10542<blockquote> 10543<pre> 10544<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid 10545</pre> 10546</blockquote> 10547 10548<p> The default, purist, setting: don't rewrite headers from remote 10549clients at all. </p> 10550 10551<blockquote> 10552<pre> 10553<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = 10554</pre> 10555</blockquote> 10556 10557 10558</DD> 10559 10560<DT><b><a name="require_home_directory">require_home_directory</a> 10561(default: no)</b></DT><DD> 10562 10563<p> 10564Require that a <a href="local.8.html">local(8)</a> recipient's home directory exists 10565before mail delivery is attempted. By default this test is disabled. 10566It can be useful for environments that import home directories to 10567the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). 10568</p> 10569 10570 10571</DD> 10572 10573<DT><b><a name="reset_owner_alias">reset_owner_alias</a> 10574(default: no)</b></DT><DD> 10575 10576<p> Reset the <a href="local.8.html">local(8)</a> delivery agent's idea of the owner-alias 10577attribute, when delivering mail to a child alias that does not have 10578its own owner alias. </p> 10579 10580<p> This feature is available in Postfix 2.8 and later. With older 10581Postfix releases, the behavior is as if this parameter is set to 10582"yes". </p> 10583 10584<p> As documented in <a href="aliases.5.html">aliases(5)</a>, when an alias <i>name</i> has a 10585companion alias named owner-<i>name</i>, this will replace the 10586envelope sender address, so that delivery errors will be 10587reported to the owner alias instead of the sender. This configuration 10588is recommended for mailing lists. <p> 10589 10590<p> A less known property of the owner alias is that it also forces 10591the <a href="local.8.html">local(8)</a> delivery agent to write local and remote addresses 10592from alias expansion to a new queue file, instead of attempting to 10593deliver mail to local addresses as soon as they come out of alias 10594expansion. </p> 10595 10596<p> Writing local addresses from alias expansion to a new queue 10597file allows for robust handling of temporary delivery errors: errors 10598with one local member have no effect on deliveries to other members 10599of the list. On the other hand, delivery to local addresses as 10600soon as they come out of alias expansion is fragile: a temporary 10601error with one local address from alias expansion will cause the 10602entire alias to be expanded repeatedly until the error goes away, 10603or until the message expires in the queue. In that case, a problem 10604with one list member results in multiple message deliveries to other 10605list members. </p> 10606 10607<p> The default behavior of Postfix 2.8 and later is to keep the 10608owner-alias attribute of the parent alias, when delivering mail to 10609a child alias that does not have its own owner alias. Then, local 10610addresses from that child alias will be written to a new queue file, 10611and a temporary error with one local address will not affect delivery 10612to other mailing list members. </p> 10613 10614<p> Unfortunately, older Postfix releases reset the owner-alias 10615attribute when delivering mail to a child alias that does not have 10616its own owner alias. To be precise, this resets only the decision 10617to create a new queue file, not the decision to override the envelope 10618sender address. The <a href="local.8.html">local(8)</a> delivery agent then attempts to 10619deliver local addresses as soon as they come out of child alias 10620expansion. If delivery to any address from child alias expansion 10621fails with a temporary error condition, the entire mailing list may 10622be expanded repeatedly until the mail expires in the queue, resulting 10623in multiple deliveries of the same message to mailing list members. 10624</p> 10625 10626 10627</DD> 10628 10629<DT><b><a name="resolve_dequoted_address">resolve_dequoted_address</a> 10630(default: yes)</b></DT><DD> 10631 10632<p> Resolve a recipient address safely instead of correctly, by 10633looking inside quotes. </p> 10634 10635<p> By default, the Postfix address resolver does not quote the 10636address localpart as per <a href="https://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or ! 10637operators remain visible. This behavior is safe but it is also 10638technically incorrect. </p> 10639 10640<p> If you specify "<a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> = no", then 10641the Postfix 10642resolver will not know about additional @ etc. operators in the 10643address localpart. This opens opportunities for obscure mail relay 10644attacks with user@domain@domain addresses when Postfix provides 10645backup MX service for Sendmail systems. </p> 10646 10647 10648</DD> 10649 10650<DT><b><a name="resolve_null_domain">resolve_null_domain</a> 10651(default: no)</b></DT><DD> 10652 10653<p> Resolve an address that ends in the "@" null domain as if the 10654local hostname were specified, instead of rejecting the address as 10655invalid. </p> 10656 10657<p> This feature is available in Postfix 2.1 and later. 10658Earlier versions always resolve the null domain as the local 10659hostname. </p> 10660 10661<p> The Postfix SMTP server uses this feature to reject mail from 10662or to addresses that end in the "@" null domain, and from addresses 10663that rewrite into a form that ends in the "@" null domain. </p> 10664 10665 10666</DD> 10667 10668<DT><b><a name="resolve_numeric_domain">resolve_numeric_domain</a> 10669(default: no)</b></DT><DD> 10670 10671<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of 10672rejecting the address as invalid. </p> 10673 10674<p> This feature is available in Postfix 2.3 and later. 10675 10676 10677</DD> 10678 10679<DT><b><a name="respectful_logging">respectful_logging</a> 10680(default: see 'postconf -d' output)</b></DT><DD> 10681 10682<p> Avoid logging that implies white is better than black. Instead 10683use 'allowlist', 'denylist', and variations of those words. </p> 10684 10685<p> This feature is available in Postfix 3.6 and later. </p> 10686 10687 10688</DD> 10689 10690<DT><b><a name="rewrite_service_name">rewrite_service_name</a> 10691(default: rewrite)</b></DT><DD> 10692 10693<p> 10694The name of the address rewriting service. This service rewrites 10695addresses to standard form and resolves them to a (delivery method, 10696next-hop host, recipient) triple. 10697</p> 10698 10699<p> 10700This feature is available in Postfix 2.0 and later. 10701</p> 10702 10703 10704</DD> 10705 10706<DT><b><a name="sample_directory">sample_directory</a> 10707(default: /etc/postfix)</b></DT><DD> 10708 10709<p> 10710The name of the directory with example Postfix configuration files. 10711Starting with Postfix 2.1, these files have been replaced with the 10712<a href="postconf.5.html">postconf(5)</a> manual page. 10713</p> 10714 10715 10716</DD> 10717 10718<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> 10719(default: no)</b></DT><DD> 10720 10721<p> When authenticating to a remote SMTP or LMTP server with the 10722default setting "no", send no SASL authoriZation ID (authzid); send 10723only the SASL authentiCation ID (authcid) plus the authcid's password. 10724</p> 10725 10726<p> The non-default setting "yes" enables the behavior of older 10727Postfix versions. These always send a SASL authzid that is equal 10728to the SASL authcid, but this causes interoperability problems 10729with some SMTP servers. </p> 10730 10731<p> This feature is available in Postfix 2.4.4 and later. </p> 10732 10733 10734</DD> 10735 10736<DT><b><a name="sender_based_routing">sender_based_routing</a> 10737(default: no)</b></DT><DD> 10738 10739<p> 10740This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 10741in Postfix version 2.3. 10742</p> 10743 10744 10745</DD> 10746 10747<DT><b><a name="sender_bcc_maps">sender_bcc_maps</a> 10748(default: empty)</b></DT><DD> 10749 10750<p> Optional BCC (blind carbon-copy) address lookup tables, indexed 10751by envelope sender address. The BCC address (multiple results are not 10752supported) is added when mail enters from outside of Postfix. </p> 10753 10754<p> 10755Specify zero or more "type:name" lookup tables, separated by 10756whitespace or comma. Tables will be searched in the specified order 10757until a match is found. 10758</p> 10759 10760<p> 10761The table search order is as follows: 10762</p> 10763 10764<ul> 10765 10766<li> Look up the "user+extension@domain.tld" address including the 10767optional address extension. 10768 10769<li> Look up the "user@domain.tld" address without the optional 10770address extension. 10771 10772<li> Look up the "user+extension" address local part when the 10773sender domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 10774or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 10775 10776<li> Look up the "user" address local part when the sender domain 10777equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 10778 10779<li> Look up the "@domain.tld" part. 10780 10781</ul> 10782 10783<p> 10784Note: with Postfix 2.3 and later the BCC address is added as if it 10785was specified with NOTIFY=NONE. The sender will not be notified 10786when the BCC address is undeliverable, as long as all down-stream 10787software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>. 10788</p> 10789 10790<p> 10791Note: with Postfix 2.2 and earlier the sender will be notified 10792when the BCC address is undeliverable. 10793</p> 10794 10795<p> Note: automatic BCC recipients are produced only for new mail. 10796To avoid mailer loops, automatic BCC recipients are not generated 10797after Postfix forwards mail internally, or after Postfix generates 10798mail itself. </p> 10799 10800<p> Note: automatic BCC recipients are subject to address 10801canonicalization (add missing domain), <a href="postconf.5.html#canonical_maps">canonical_maps</a>, <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>, 10802and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p> 10803 10804<p> 10805Example: 10806</p> 10807 10808<pre> 10809<a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_bcc 10810</pre> 10811 10812<p> 10813After a change, run "<b>postmap /etc/postfix/sender_bcc</b>". 10814</p> 10815 10816<p> 10817This feature is available in Postfix 2.1 and later. 10818</p> 10819 10820 10821</DD> 10822 10823<DT><b><a name="sender_canonical_classes">sender_canonical_classes</a> 10824(default: envelope_sender, header_sender)</b></DT><DD> 10825 10826<p> What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address 10827mapping. By default, <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address mapping is 10828applied to envelope sender addresses, and to header sender addresses. 10829</p> 10830 10831<p> Specify one or more of: envelope_sender, header_sender </p> 10832 10833<p> This feature is available in Postfix 2.2 and later. </p> 10834 10835 10836</DD> 10837 10838<DT><b><a name="sender_canonical_maps">sender_canonical_maps</a> 10839(default: empty)</b></DT><DD> 10840 10841<p> 10842Optional address mapping lookup tables for envelope and header 10843sender addresses. 10844The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 10845</p> 10846 10847<p> 10848Example: you want to rewrite the SENDER address "user@ugly.example" 10849to "user@pretty.example", while still being able to send mail to 10850the RECIPIENT address "user@ugly.example". 10851</p> 10852 10853<p> 10854Note: $<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 10855</p> 10856 10857<p> 10858Example: 10859</p> 10860 10861<pre> 10862<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_canonical 10863</pre> 10864 10865 10866</DD> 10867 10868<DT><b><a name="sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> 10869(default: empty)</b></DT><DD> 10870 10871<p> A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a> 10872parameter setting. The tables are searched by the envelope sender 10873address and @domain. A lookup result of DUNNO terminates the search 10874without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting. 10875This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 10876 10877<p> This setting affects only the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> address class 10878(recipient domains that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, 10879$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, 10880or $<a href="postconf.5.html#relay_domains">relay_domains</a>): </p> 10881 10882<ul> 10883 10884<li> <p> In order of decreasing precedence, the delivery transport 10885is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) 10886$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. 10887</p> 10888 10889<li> <p> In order of decreasing precedence, the nexthop destination 10890is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) 10891$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>, 3) 10892$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient 10893domain. </p> 10894 10895</ul> 10896 10897<p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and 10898therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>, not the 10899syntax of <a href="postconf.5.html#transport_maps">transport_maps</a>. Specifically, this does not support the 10900<a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport, null nexthop, or null 10901email addresses. </p> 10902 10903<p> 10904Specify zero or more "type:name" lookup tables, separated by 10905whitespace or comma. Tables will be searched in the specified order 10906until a match is found. 10907</p> 10908 10909<p> For safety reasons, this feature does not allow $number 10910substitutions in regular expression maps. </p> 10911 10912<p> This feature is available in Postfix 2.7 and later. </p> 10913 10914 10915</DD> 10916 10917<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 10918(default: empty)</b></DT><DD> 10919 10920<p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter 10921setting. The tables are searched by the envelope sender address and 10922@domain. A lookup result of DUNNO terminates the search without 10923overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and 10924later). </p> 10925 10926<p> In order of decreasing precedence: </p> 10927 10928<ul> 10929 10930<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class 10931(domains matching $<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken 10932from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>, 3) 10933$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient 10934domain. </p> 10935 10936<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> address class 10937(domains that do not match <a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, 10938$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, 10939$<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken from 1) 10940$<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or 10941$<a href="postconf.5.html#default_transport">default_transport</a>, 3) $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> 10942or the recipient domain. </p> 10943 10944</ul> 10945 10946<p> 10947Specify zero or more "type:name" lookup tables, separated by 10948whitespace or comma. Tables will be searched in the specified order 10949until a match is found. 10950</p> 10951 10952<p> For safety reasons, this feature does not allow $number 10953substitutions in regular expression maps. </p> 10954 10955<p> 10956This feature is available in Postfix 2.3 and later. 10957</p> 10958 10959 10960</DD> 10961 10962<DT><b><a name="sendmail_fix_line_endings">sendmail_fix_line_endings</a> 10963(default: always)</b></DT><DD> 10964 10965<p> Controls how the Postfix sendmail command converts email message 10966line endings from <CR><LF> into UNIX format (<LF>). 10967</p> 10968 10969<dl> 10970 10971<dt> <b>always</b> </dt> <dd> Always convert message lines ending 10972in <CR><LF>. This setting is the default with Postfix 109732.9 and later. </dd> 10974 10975<dt> <b>strict</b> </dt> <dd> Convert message lines ending in 10976<CR><LF> only if the first input line ends in 10977<CR><LF>. This setting is backwards-compatible with 10978Postfix 2.8 and earlier. </dd> 10979 10980<dt> <b>never</b> </dt> <dd> Never convert message lines ending in 10981<CR><LF>. This setting exists for completeness only. 10982</dd> 10983 10984</dl> 10985 10986<p> This feature is available in Postfix 2.9 and later. </p> 10987 10988 10989</DD> 10990 10991<DT><b><a name="sendmail_path">sendmail_path</a> 10992(default: see "postconf -d" output)</b></DT><DD> 10993 10994<p> 10995A Sendmail compatibility feature that specifies the location of 10996the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. This command can be used to 10997submit mail into the Postfix queue. 10998</p> 10999 11000 11001</DD> 11002 11003<DT><b><a name="service_name">service_name</a> 11004(read-only)</b></DT><DD> 11005 11006<p> The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. This 11007can be used to distinguish the logging from different services that 11008use the same program name. </p> 11009 11010<p> Example <a href="master.5.html">master.cf</a> entries: </p> 11011 11012<pre> 11013# Distinguish inbound MTA logging from submission and submissions logging. 11014smtp inet n - n - - smtpd 11015submission inet n - n - - smtpd 11016 -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/$<a href="postconf.5.html#service_name">service_name</a> 11017submissions inet n - n - - smtpd 11018 -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/$<a href="postconf.5.html#service_name">service_name</a> 11019</pre> 11020 11021<pre> 11022# Distinguish outbound MTA logging from inbound relay logging. 11023smtp unix - - n - - smtp 11024relay unix - - n - - smtp 11025 -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/$<a href="postconf.5.html#service_name">service_name</a> 11026</pre> 11027 11028<p> This feature is available in Postfix 3.3 and later. </p> 11029 11030 11031</DD> 11032 11033<DT><b><a name="service_throttle_time">service_throttle_time</a> 11034(default: 60s)</b></DT><DD> 11035 11036<p> 11037How long the Postfix <a href="master.8.html">master(8)</a> waits before forking a server that 11038appears to be malfunctioning. 11039</p> 11040 11041<p> Specify a non-zero time value (an integral value plus an optional 11042one-letter suffix that specifies the time unit). Time units: s 11043(seconds), m (minutes), h (hours), d (days), w (weeks). 11044The default time unit is s (seconds). </p> 11045 11046 11047</DD> 11048 11049<DT><b><a name="setgid_group">setgid_group</a> 11050(default: postdrop)</b></DT><DD> 11051 11052<p> 11053The group ownership of set-gid Postfix commands and of group-writable 11054Postfix directories. When this parameter value is changed you need 11055to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and 11056earlier: "<b>/etc/postfix/post-install set-permissions</b>". 11057</p> 11058 11059 11060</DD> 11061 11062<DT><b><a name="shlib_directory">shlib_directory</a> 11063(default: see 'postconf -d' output)</b></DT><DD> 11064 11065<p> The location of Postfix dynamically-linked libraries 11066(libpostfix-*.so), and the default location of Postfix database 11067plugins (postfix-*.so) that have a relative pathname in the 11068dynamicmaps.cf file. The <a href="postconf.5.html#shlib_directory">shlib_directory</a> parameter defaults to 11069"no" when Postfix dynamically-linked libraries and database plugins 11070are disabled at compile time, otherwise it typically defaults to 11071/usr/lib/postfix or /usr/local/lib/postfix. </p> 11072 11073<p> Notes: </p> 11074 11075<ul> 11076 11077<li> <p> The directory specified with <a href="postconf.5.html#shlib_directory">shlib_directory</a> should contain 11078only Postfix-related files. Postfix dynamically-linked libraries 11079and database plugins should not be installed in a "public" system 11080directory such as /usr/lib or /usr/local/lib. Linking Postfix 11081dynamically-linked library files or database plugins into non-Postfix 11082programs is not supported. Postfix dynamically-linked libraries 11083and database plugins implement a Postfix-internal API that changes 11084without maintaining compatibility. </p> 11085 11086<li> <p> You can change the <a href="postconf.5.html#shlib_directory">shlib_directory</a> value after Postfix is 11087built. However, you may have to run ldconfig or equivalent to prevent 11088Postfix programs from failing because the libpostfix-*.so files are 11089not found. No ldconfig command is needed if you keep the libpostfix-*.so 11090files in the compiled-in default $<a href="postconf.5.html#shlib_directory">shlib_directory</a> location. </p> 11091 11092</ul> 11093 11094<p> This feature is available in Postfix 3.0 and later. </p> 11095 11096 11097</DD> 11098 11099<DT><b><a name="show_user_unknown_table_name">show_user_unknown_table_name</a> 11100(default: yes)</b></DT><DD> 11101 11102<p> 11103Display the name of the recipient table in the "User unknown" 11104responses. The extra detail makes troubleshooting easier but also 11105reveals information that is nobody else's business. 11106</p> 11107 11108<p> 11109This feature is available in Postfix 2.0 and later. 11110</p> 11111 11112 11113</DD> 11114 11115<DT><b><a name="showq_service_name">showq_service_name</a> 11116(default: showq)</b></DT><DD> 11117 11118<p> 11119The name of the <a href="showq.8.html">showq(8)</a> service. This service produces mail queue 11120status reports. 11121</p> 11122 11123<p> 11124This feature is available in Postfix 2.0 and later. 11125</p> 11126 11127 11128</DD> 11129 11130<DT><b><a name="smtp_address_preference">smtp_address_preference</a> 11131(default: any)</b></DT><DD> 11132 11133<p> The address type ("ipv6", "ipv4" or "any") that the Postfix 11134SMTP client will try first, when a destination has IPv6 and IPv4 11135addresses with equal MX preference. This feature has no effect 11136unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6. </p> 11137 11138<p> Postfix SMTP client address preference has evolved. With Postfix 111392.8 the default is "ipv6"; earlier implementations are hard-coded 11140to prefer IPv6 over IPv4. </p> 11141 11142<p> Notes for mail delivery between sites that have both IPv4 and 11143IPv6 connectivity: </p> 11144 11145<ul> 11146 11147<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv6" is unsafe. 11148All deliveries will suffer delays during an IPv6 outage, even 11149while the destination is still reachable over IPv4. Mail may be 11150stuck in the queue with Postfix versions < 3.3 that do not 11151implement "<a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a>". For similar reasons, the 11152setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv4" is also unsafe. </p> 11153 11154<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = any" is safe. With 11155this, and "<a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> = yes" (the default), only 11156half of deliveries will suffer delays if there is an outage 11157that affects IPv6 or IPv4, as long as it does not affect both. </p> 11158 11159<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv4" is not a 11160solution for remote servers that flag email received over IPv6 as 11161more 'spammy' (the client IPv6 address has a bad or missing PTR or 11162AAAA record, bad network neighbors, etc.). Instead, configure Postfix 11163to receive mail over both IPv4 and IPv6, and to deliver mail over 11164only IPv4. </p> 11165 11166<blockquote> 11167<pre> 11168/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11169 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all 11170</pre> 11171</blockquote> 11172 11173<blockquote> 11174<pre> 11175/etc/postfix/<a href="master.5.html">master.cf</a> 11176 smtp ...other fields... smtp -o <a href="postconf.5.html#inet_protocols">inet_protocols</a>=ipv4 11177</pre> 11178</blockquote> 11179 11180</ul> 11181 11182<p> This feature is available in Postfix 2.8 and later. </p> 11183 11184 11185</DD> 11186 11187<DT><b><a name="smtp_address_verify_target">smtp_address_verify_target</a> 11188(default: rcpt)</b></DT><DD> 11189 11190<p> In the context of email address verification, the SMTP protocol 11191stage that determines whether an email address is deliverable. 11192Specify one of "rcpt" or "data". The latter is needed with remote 11193SMTP servers that reject recipients after the DATA command. Use 11194<a href="postconf.5.html#transport_maps">transport_maps</a> to apply this feature selectively: </p> 11195 11196<blockquote> 11197<pre> 11198/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11199 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport 11200</pre> 11201</blockquote> 11202 11203<blockquote> 11204<pre> 11205/etc/postfix/transport: 11206 smtp-domain-that-verifies-after-data smtp-data-target: 11207 lmtp-domain-that-verifies-after-data lmtp-data-target: 11208</pre> 11209</blockquote> 11210 11211<blockquote> 11212<pre> 11213/etc/postfix/<a href="master.5.html">master.cf</a>: 11214 smtp-data-target unix - - n - - smtp 11215 -o <a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a>=data 11216 lmtp-data-target unix - - n - - lmtp 11217 -o <a href="postconf.5.html#lmtp_address_verify_target">lmtp_address_verify_target</a>=data 11218</pre> 11219</blockquote> 11220 11221<p> Unselective use of the "data" target does no harm, but will 11222result in unnecessary "lost connection after DATA" events at remote 11223SMTP/LMTP servers. </p> 11224 11225<p> This feature is available in Postfix 3.0 and later. </p> 11226 11227 11228</DD> 11229 11230<DT><b><a name="smtp_always_send_ehlo">smtp_always_send_ehlo</a> 11231(default: yes)</b></DT><DD> 11232 11233<p> 11234Always send EHLO at the start of an SMTP session. 11235</p> 11236 11237<p> 11238With "<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> = no", the Postfix SMTP client sends 11239EHLO only when 11240the word "ESMTP" appears in the server greeting banner (example: 11241220 spike.porcupine.org ESMTP Postfix). 11242</p> 11243 11244 11245</DD> 11246 11247<DT><b><a name="smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> 11248(default: yes)</b></DT><DD> 11249 11250<p> When a remote destination resolves to a combination of IPv4 and 11251IPv6 addresses, ensure that the Postfix SMTP client can try both 11252address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>. </p> 11253 11254<p> This avoids an interoperability problem when a destination resolves 11255to primarily IPv6 addresses, the smtp_address_limit feature eliminates 11256most or all IPv4 addresses, and the destination is not reachable over 11257IPv6. </p> 11258 11259<p> This feature is available in Postfix 3.3 and later. </p> 11260 11261 11262</DD> 11263 11264<DT><b><a name="smtp_bind_address">smtp_bind_address</a> 11265(default: empty)</b></DT><DD> 11266 11267<p> 11268An optional numerical network address that the Postfix SMTP client 11269should bind to when making an IPv4 connection. 11270</p> 11271 11272<p> 11273This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 11274it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 11275for example: 11276</p> 11277 11278<blockquote> 11279<pre> 11280/etc/postfix/<a href="master.5.html">master.cf</a>: 11281 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44 11282</pre> 11283</blockquote> 11284 11285<p> See <a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> for how Postfix should handle 11286errors (Postfix 3.7 and later). </p> 11287 11288<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv4 11289address, and that address is a non-loopback address, it is 11290automatically used as the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual 11291IP hosting, but can be a problem on multi-homed firewalls. See the 11292<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 11293 11294<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 11295but this form is not required here. </p> 11296 11297 11298</DD> 11299 11300<DT><b><a name="smtp_bind_address6">smtp_bind_address6</a> 11301(default: empty)</b></DT><DD> 11302 11303<p> 11304An optional numerical network address that the Postfix SMTP client 11305should bind to when making an IPv6 connection. 11306</p> 11307 11308<p> This feature is available in Postfix 2.2 and later. </p> 11309 11310<p> 11311This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 11312it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 11313for example: 11314</p> 11315 11316<blockquote> 11317<pre> 11318/etc/postfix/<a href="master.5.html">master.cf</a>: 11319 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>=1:2:3:4:5:6:7:8 11320</pre> 11321</blockquote> 11322 11323<p> See <a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> for how Postfix should handle 11324errors (Postfix 3.7 and later). </p> 11325 11326<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv6 11327address, and that address is a non-loopback address, it is 11328automatically used as the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. This supports virtual 11329IP hosting, but can be a problem on multi-homed firewalls. See the 11330<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 11331 11332<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 11333but this form is not recommended here. </p> 11334 11335 11336</DD> 11337 11338<DT><b><a name="smtp_bind_address_enforce">smtp_bind_address_enforce</a> 11339(default: no)</b></DT><DD> 11340 11341<p> Defer delivery when the Postfix SMTP client cannot apply the 11342<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting. By default, the 11343Postfix SMTP client will continue delivery after logging a warning. 11344</p> 11345 11346<p> This feature is available in Postfix 3.7 and later. </p> 11347 11348 11349</DD> 11350 11351<DT><b><a name="smtp_body_checks">smtp_body_checks</a> 11352(default: empty)</b></DT><DD> 11353 11354<p> Restricted <a href="header_checks.5.html">body_checks(5)</a> tables for the Postfix SMTP client. 11355These tables are searched while mail is being delivered. Actions 11356that change the delivery time or destination are not available. 11357</p> 11358 11359<p> This feature is available in Postfix 2.5 and later. </p> 11360 11361 11362</DD> 11363 11364<DT><b><a name="smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 11365(default: version dependent)</b></DT><DD> 11366 11367<p> When the remote SMTP servername is a DNS CNAME, replace the 11368servername with the result from CNAME expansion for the purpose of 11369logging, SASL password lookup, TLS 11370policy decisions, or TLS certificate verification. The value "no" 11371hardens Postfix <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> hostname-based policies against 11372false hostname information in DNS CNAME records, and makes SASL 11373password file lookups more predictable. This is the default setting 11374as of Postfix 2.3. </p> 11375 11376<p> When DNS CNAME records are validated with secure DNS lookups 11377(<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> = dnssec), they are always allowed to 11378override the above servername (Postfix 2.11 and later). </p> 11379 11380<p> This feature is available in Postfix 2.2.9 and later. </p> 11381 11382 11383</DD> 11384 11385<DT><b><a name="smtp_connect_timeout">smtp_connect_timeout</a> 11386(default: 30s)</b></DT><DD> 11387 11388<p> 11389The Postfix SMTP client time limit for completing a TCP connection, or 11390zero (use the operating system built-in time limit). 11391</p> 11392 11393<p> 11394When no connection can be made within the deadline, the Postfix 11395SMTP client 11396tries the next address on the mail exchanger list. Specify 0 to 11397disable the time limit (i.e. use whatever timeout is implemented by 11398the operating system). 11399</p> 11400 11401<p> Specify a non-negative time value (an integral value plus an optional 11402one-letter suffix that specifies the time unit). Time units: s 11403(seconds), m (minutes), h (hours), d (days), w (weeks). 11404The default time unit is s (seconds). </p> 11405 11406 11407</DD> 11408 11409<DT><b><a name="smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 11410(default: empty)</b></DT><DD> 11411 11412<p> Permanently enable SMTP connection caching for the specified 11413destinations. With SMTP connection caching, a connection is not 11414closed immediately after completion of a mail transaction. Instead, 11415the connection is kept open for up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 11416seconds. This allows connections to be reused for other deliveries, 11417and can improve mail delivery performance. </p> 11418 11419<p> Specify a comma or white space separated list of destinations 11420or pseudo-destinations: </p> 11421 11422<ul> 11423 11424<li> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the 11425right-hand side of an email address, without the [] around a numeric 11426IP address), 11427 11428<li> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without 11429[] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the 11430transport map, 11431 11432<li> if mail is sent via a UNIX-domain socket: a pathname (without 11433the unix: prefix), 11434 11435<li> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as 11436defined above, 11437 11438<li> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names on 11439the left-hand side. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" 11440lookups is ignored. 11441 11442</ul> 11443 11444<p> This feature is available in Postfix 2.2 and later. </p> 11445 11446 11447</DD> 11448 11449<DT><b><a name="smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 11450(default: yes)</b></DT><DD> 11451 11452<p> Temporarily enable SMTP connection caching while a destination 11453has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. With SMTP connection 11454caching, a connection is not closed immediately after completion 11455of a mail transaction. Instead, the connection is kept open for 11456up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> seconds. This allows 11457connections to be reused for other deliveries, and can improve mail 11458delivery performance. </p> 11459 11460<p> This feature is available in Postfix 2.2 and later. </p> 11461 11462 11463</DD> 11464 11465<DT><b><a name="smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 11466(default: 2s)</b></DT><DD> 11467 11468<p> When SMTP connection caching is enabled, the amount of time that 11469an unused SMTP client socket is kept open before it is closed. Do 11470not specify larger values without permission from the remote sites. 11471</p> 11472 11473<p> This feature is available in Postfix 2.2 and later. </p> 11474 11475 11476</DD> 11477 11478<DT><b><a name="smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> 11479(default: 0)</b></DT><DD> 11480 11481<p> When SMTP connection caching is enabled, the number of times 11482that an SMTP session may be reused before it is closed, or zero (no 11483limit). With a reuse count limit of N, a connection is used up to 11484N+1 times. </p> 11485 11486<p> NOTE: This feature is unsafe. When a high-volume destination 11487has multiple inbound MTAs, then the slowest inbound MTA will attract 11488the most connections to that destination. This limitation does not 11489exist with the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> feature. </p> 11490 11491<p> This feature is available in Postfix 2.11. </p> 11492 11493 11494</DD> 11495 11496<DT><b><a name="smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 11497(default: 300s)</b></DT><DD> 11498 11499<p> The amount of time during which Postfix will use an SMTP 11500connection repeatedly. The timer starts when the connection is 11501initiated (i.e. it includes the connect, greeting and helo latency, 11502in addition to the latencies of subsequent mail delivery transactions). 11503</p> 11504 11505<p> This feature addresses a performance stability problem with 11506remote SMTP servers. This problem is not specific to Postfix: it 11507can happen when any MTA sends large amounts of SMTP email to a site 11508that has multiple MX hosts. </p> 11509 11510<p> The problem starts when one of a set of MX hosts becomes slower 11511than the rest. Even though SMTP clients connect to fast and slow 11512MX hosts with equal probability, the slow MX host ends up with more 11513simultaneous inbound connections than the faster MX hosts, because 11514the slow MX host needs more time to serve each client request. </p> 11515 11516<p> The slow MX host becomes a connection attractor. If one MX 11517host becomes N times slower than the rest, it dominates mail delivery 11518latency unless there are more than N fast MX hosts to counter the 11519effect. And if the number of MX hosts is smaller than N, the mail 11520delivery latency becomes effectively that of the slowest MX host 11521divided by the total number of MX hosts. </p> 11522 11523<p> The solution uses connection caching in a way that differs from 11524Postfix version 2.2. By limiting the amount of time during which a connection 11525can be used repeatedly (instead of limiting the number of deliveries 11526over that connection), Postfix not only restores fairness in the 11527distribution of simultaneous connections across a set of MX hosts, 11528it also favors deliveries over connections that perform well, which 11529is exactly what we want. </p> 11530 11531<p> The default reuse time limit, 300s, is comparable to the various 11532smtp transaction timeouts which are fair estimates of maximum excess 11533latency for a slow delivery. Note that hosts may accept thousands 11534of messages over a single connection within the default connection 11535reuse time limit. This number is much larger than the default Postfix 11536version 2.2 limit of 10 messages per cached connection. It may prove necessary 11537to lower the limit to avoid interoperability issues with MTAs that 11538exhibit bugs when many messages are delivered via a single connection. 11539A lower reuse time limit risks losing the benefit of connection 11540reuse when the average connection and mail delivery latency exceeds 11541the reuse time limit. </p> 11542 11543<p> This feature is available in Postfix 2.3 and later. </p> 11544 11545 11546</DD> 11547 11548<DT><b><a name="smtp_data_done_timeout">smtp_data_done_timeout</a> 11549(default: 600s)</b></DT><DD> 11550 11551<p> 11552The Postfix SMTP client time limit for sending the SMTP ".", and 11553for receiving the remote SMTP server response. 11554</p> 11555 11556<p> 11557When no response is received within the deadline, a warning is 11558logged that the mail may be delivered multiple times. 11559</p> 11560 11561<p> Specify a non-zero time value (an integral value plus an optional 11562one-letter suffix that specifies the time unit). Time units: s 11563(seconds), m (minutes), h (hours), d (days), w (weeks). 11564The default time unit is s (seconds). </p> 11565 11566 11567</DD> 11568 11569<DT><b><a name="smtp_data_init_timeout">smtp_data_init_timeout</a> 11570(default: 120s)</b></DT><DD> 11571 11572<p> 11573The Postfix SMTP client time limit for sending the SMTP DATA command, 11574and for receiving the remote SMTP server response. 11575</p> 11576 11577<p> 11578Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 11579The default time unit is s (seconds). 11580</p> 11581 11582 11583</DD> 11584 11585<DT><b><a name="smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 11586(default: 180s)</b></DT><DD> 11587 11588<p> 11589The Postfix SMTP client time limit for sending the SMTP message content. 11590When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 11591seconds the Postfix SMTP client terminates the transfer. 11592</p> 11593 11594<p> 11595Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 11596The default time unit is s (seconds). 11597</p> 11598 11599 11600</DD> 11601 11602<DT><b><a name="smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 11603(default: no)</b></DT><DD> 11604 11605<p> 11606Defer mail delivery when no MX record resolves to an IP address. 11607</p> 11608 11609<p> 11610The default (no) is to return the mail as undeliverable. With older 11611Postfix versions the default was to keep trying to deliver the mail 11612until someone fixed the MX record or until the mail was too old. 11613</p> 11614 11615<p> 11616Note: the Postfix SMTP client always ignores MX records with equal 11617or worse preference 11618than the local MTA itself. 11619</p> 11620 11621<p> 11622This feature is available in Postfix 2.1 and later. 11623</p> 11624 11625 11626</DD> 11627 11628<DT><b><a name="smtp_delivery_status_filter">smtp_delivery_status_filter</a> 11629(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD> 11630 11631<p> Optional filter for the <a href="smtp.8.html">smtp(8)</a> delivery agent to change the 11632delivery status code or explanatory text of successful or unsuccessful 11633deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p> 11634 11635<p> NOTE: This feature modifies Postfix SMTP client error or non-error 11636messages that may or may not be derived from remote SMTP server 11637responses. In contrast, the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> feature modifies 11638remote SMTP server responses only. </p> 11639 11640 11641</DD> 11642 11643<DT><b><a name="smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> 11644(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 11645 11646<p> The maximal number of parallel deliveries to the same destination 11647via the smtp message delivery transport. This limit is enforced by 11648the queue manager. The message delivery transport name is the first 11649field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 11650 11651 11652</DD> 11653 11654<DT><b><a name="smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> 11655(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 11656 11657<p> The maximal number of recipients per message for the smtp 11658message delivery transport. This limit is enforced by the queue 11659manager. The message delivery transport name is the first field in 11660the entry in the <a href="master.5.html">master.cf</a> file. </p> 11661 11662<p> Setting this parameter to a value of 1 changes the meaning of 11663<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> from concurrency per domain 11664into concurrency per recipient. </p> 11665 11666 11667</DD> 11668 11669<DT><b><a name="smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> 11670(default: empty)</b></DT><DD> 11671 11672<p> Lookup tables, indexed by the remote SMTP server address, with 11673case insensitive lists of EHLO keywords (pipelining, starttls, auth, 11674etc.) that the Postfix SMTP client will ignore in the EHLO response from a 11675remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The 11676table is not indexed by hostname for consistency with 11677<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 11678 11679<p> 11680Specify zero or more "type:name" lookup tables, separated by 11681whitespace or comma. Tables will be searched in the specified order 11682until a match is found. 11683</p> 11684 11685<p> This feature is available in Postfix 2.2 and later. </p> 11686 11687 11688</DD> 11689 11690<DT><b><a name="smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> 11691(default: empty)</b></DT><DD> 11692 11693<p> A case insensitive list of EHLO keywords (pipelining, starttls, 11694auth, etc.) that the Postfix SMTP client will ignore in the EHLO 11695response from a remote SMTP server. </p> 11696 11697<p> This feature is available in Postfix 2.2 and later. </p> 11698 11699<p> Notes: </p> 11700 11701<ul> 11702 11703<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 11704this action from being logged. </p> 11705 11706<li> <p> Use the <a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to 11707discard EHLO keywords selectively. </p> 11708 11709</ul> 11710 11711 11712</DD> 11713 11714<DT><b><a name="smtp_dns_reply_filter">smtp_dns_reply_filter</a> 11715(default: empty)</b></DT><DD> 11716 11717<p> Optional filter for Postfix SMTP client DNS lookup results. 11718Specify zero or more lookup tables. The lookup tables are searched 11719in the given order for a match with the DNS lookup result, converted 11720to the following form: </p> 11721 11722<pre> 11723 <i>name ttl class type preference value</i> 11724</pre> 11725 11726<p> The <i>class</i> field is always "IN", the <i>preference</i> 11727field exists only for MX records, the names of hosts, domains, etc. 11728end in ".", and those names are in ASCII form (xn--mumble form in 11729the case of UTF8 names). </p> 11730 11731<p> When a match is found, the table lookup result specifies an 11732action. By default, the table query and the action name are 11733case-insensitive. Currently, only the <b>IGNORE</b> action is 11734implemented. </p> 11735 11736<p> Notes: </p> 11737 11738<ul> 11739 11740<li> <p> Postfix DNS reply filters have no effect on implicit DNS 11741lookups through nsswitch.conf or equivalent mechanisms. </p> 11742 11743<li> <p> The Postfix SMTP/LMTP client uses <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> 11744and <a href="postconf.5.html#lmtp_dns_reply_filter">lmtp_dns_reply_filter</a> only to discover a remote SMTP or LMTP 11745service (record types MX, A, AAAA, and TLSA). These lookups are 11746also made to implement the features <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and 11747<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. </p> 11748 11749<li> <p> The Postfix SMTP/LMTP client defers mail delivery when 11750a filter removes all lookup results from a successful query. </p> 11751 11752<li> <p> Postfix SMTP server uses <a href="postconf.5.html#smtpd_dns_reply_filter">smtpd_dns_reply_filter</a> only to 11753look up MX, A, AAAA, and TXT records to implement the features 11754<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>, <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>, 11755<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>, reject_rbl_*, and reject_rhsbl_*. 11756</p> 11757 11758<li> <p> The Postfix SMTP server logs a warning or defers mail 11759delivery when a filter removes all lookup results from a successful 11760query. </p> 11761 11762</ul> 11763 11764<p> Example: ignore Google AAAA records in Postfix SMTP client DNS 11765lookups, because Google sometimes hard-rejects mail from IPv6 clients 11766with valid PTR etc. records. </p> 11767 11768<pre> 11769/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11770 <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_dns_reply_filter 11771</pre> 11772 11773<pre> 11774/etc/postfix/smtp_dns_reply_filter: 11775 # /domain ttl IN AAAA address/ action, all case-insensitive. 11776 # Note: the domain name ends in ".". 11777 /^\S+\.google\.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE 11778</pre> 11779 11780<p> This feature is available in Postfix 3.0 and later. </p> 11781 11782 11783</DD> 11784 11785<DT><b><a name="smtp_dns_resolver_options">smtp_dns_resolver_options</a> 11786(default: empty)</b></DT><DD> 11787 11788<p> DNS Resolver options for the Postfix SMTP client. Specify zero 11789or more of the following options, separated by comma or whitespace. 11790Option names are case-sensitive. Some options refer to domain names 11791that are specified in the file /etc/resolv.conf or equivalent. </p> 11792 11793<dl> 11794 11795<dt><b>res_defnames</b></dt> 11796 11797<dd> Append the current domain name to single-component names (those 11798that do not contain a "." character). This can produce incorrect 11799results, and is the hard-coded behavior prior to Postfix 2.8. </dd> 11800 11801<dt><b>res_dnsrch</b></dt> 11802 11803<dd> Search for host names in the current domain and in parent 11804domains. This can produce incorrect results and is therefore not 11805recommended. </dd> 11806 11807</dl> 11808 11809<p> This feature is available in Postfix 2.8 and later. </p> 11810 11811 11812</DD> 11813 11814<DT><b><a name="smtp_dns_support_level">smtp_dns_support_level</a> 11815(default: empty)</b></DT><DD> 11816 11817<p> Level of DNS support in the Postfix SMTP client. With 11818"<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>" left at its empty default value, the legacy 11819"<a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>" parameter controls whether DNS is enabled in 11820the Postfix SMTP client, otherwise the legacy parameter is ignored. 11821</p> 11822 11823<p> Specify one of the following: </p> 11824 11825<dl> 11826 11827<dt><b>disabled</b></dt> 11828 11829<dd>Disable DNS lookups. No MX lookups are performed and hostname 11830to address lookups are unconditionally "native". This setting is 11831not appropriate for hosts that deliver mail to the public Internet. 11832Some obsolete how-to documents recommend disabling DNS lookups in 11833some configurations with content_filters. This is no longer required 11834and strongly discouraged. </dd> 11835 11836<dt><b>enabled</b></dt> 11837 11838<dd>Enable DNS lookups. Nexthop destination domains not enclosed 11839in "[]" will be subject to MX lookups. If "dns" and "native" are 11840included in the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter value, DNS will be 11841queried first to resolve MX-host A records, followed by "native" 11842lookups if no answer is found in DNS. </dd> 11843 11844<dt><b>dnssec</b></dt> 11845 11846<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a> 11847lookups. The "dnssec" setting differs from the "enabled" setting 11848above in the following ways: <ul> <li>Any MX lookups will set 11849RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated 11850responses. If the MX response is DNSSEC-validated the corresponding 11851hostnames are considered validated. <li> The address lookups of 11852validated hostnames are also validated, (provided of course 11853"<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" includes "dns", see below). <li>Temporary 11854failures in DNSSEC-enabled hostname-to-address resolution block any 11855"native" lookups. Additional "native" lookups only happen when 11856DNSSEC lookups hard-fail (NODATA or NXDOMAIN). </ul> </dd> 11857 11858</dl> 11859 11860<p> The Postfix SMTP client considers non-MX "[nexthop]" and 11861"[nexthop]:port" destinations equivalent to statically-validated 11862MX records of the form "nexthop. IN MX 0 nexthop." Therefore, 11863with "dnssec" support turned on, validated hostname-to-address 11864lookups apply to the nexthop domain of any "[nexthop]" or 11865"[nexthop]:port" destination. This is also true for LMTP "inet:host" 11866and "inet:host:port" destinations, as LMTP hostnames are never 11867subject to MX lookups. </p> 11868 11869<p>The "dnssec" setting is recommended only if you plan to use the 11870<a href="TLS_README.html#client_tls_dane">dane</a> or <a 11871href="TLS_README.html#client_tls_dane">dane-only</a> TLS security 11872level, otherwise enabling DNSSEC support in Postfix offers no 11873additional security. Postfix DNSSEC support relies on an upstream 11874recursive nameserver that validates DNSSEC signatures. Such a DNS 11875server will always filter out forged DNS responses, even when Postfix 11876itself is not configured to use DNSSEC. </p> 11877 11878<p> When using Postfix DANE support the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter 11879should include "dns", as <a 11880href="https://tools.ietf.org/html/rfc7672">DANE</a> is not applicable 11881to hosts resolved via "native" lookups. </p> 11882 11883<p> As mentioned above, Postfix is not a validating <a 11884href="https://tools.ietf.org/html/rfc4035#section-4.9">stub 11885resolver</a>; it relies on the system's configured DNSSEC-validating 11886<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive 11887nameserver</a> to perform all DNSSEC validation. Since this 11888nameserver's DNSSEC-validated responses will be fully trusted, it 11889is strongly recommended that the MTA host have a local DNSSEC-validating 11890recursive caching nameserver listening on a loopback address, and 11891be configured to use only this nameserver for all lookups. Otherwise, 11892Postfix may remain subject to man-in-the-middle attacks that forge 11893responses from the recursive nameserver</p> 11894 11895<p>DNSSEC support requires a version of Postfix compiled against a 11896reasonably-modern DNS resolver(3) library that implements the 11897RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p> 11898 11899<p> This feature is available in Postfix 2.11 and later. </p> 11900 11901 11902</DD> 11903 11904<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a> 11905(default: no)</b></DT><DD> 11906 11907<p> Enforcement mode: require that remote SMTP servers use TLS 11908encryption, and never send mail in the clear. This also requires 11909that the remote SMTP server hostname matches the information in 11910the remote server certificate, and that the remote SMTP server 11911certificate was issued by a CA that is trusted by the Postfix SMTP 11912client. If the certificate doesn't verify or the hostname doesn't 11913match, delivery is deferred and mail stays in the queue. </p> 11914 11915<p> The server hostname is matched against all names provided as 11916dNSNames in the SubjectAlternativeName. If no dNSNames are specified, 11917the CommonName is checked. The behavior may be changed with the 11918<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p> 11919 11920<p> This option is useful only if you are definitely sure that you 11921will only connect to servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that 11922provide valid server certificates. Typical use is for clients that 11923send all their email to a dedicated mailhub. </p> 11924 11925<p> This feature is available in Postfix 2.2 and later. With 11926Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 11927 11928 11929</DD> 11930 11931<DT><b><a name="smtp_fallback_relay">smtp_fallback_relay</a> 11932(default: $<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b></DT><DD> 11933 11934<p> Optional list of relay destinations that will be used when an 11935SMTP destination is not found, or when delivery fails due to a 11936non-permanent error. With Postfix 2.2 and earlier this parameter 11937is called <a href="postconf.5.html#fallback_relay">fallback_relay</a>. </p> 11938 11939<p> By default, <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> is empty, mail is returned to 11940the sender when a destination is not found, and delivery is deferred 11941after it fails due to a non-permanent error. </p> 11942 11943<p> With bulk email deliveries, it can be beneficial to run the 11944fallback relay MTA on the same host, so that it can reuse the sender 11945IP address. This speeds up deliveries that are delayed by IP-based 11946reputation systems (greylist, etc.). </p> 11947 11948<p> The fallback relays must be SMTP destinations. Specify a domain, 11949host, host:port, [host]:port, [address] or [address]:port; the form 11950[host] turns off MX lookups. If you specify multiple SMTP 11951destinations, Postfix will try them in the specified order. </p> 11952 11953<p> To prevent mailer loops between MX hosts and fall-back hosts, 11954Postfix version 2.2 and later will not use the fallback relays for 11955destinations that it is MX host for (assuming DNS lookup is turned on). 11956</p> 11957 11958 11959</DD> 11960 11961<DT><b><a name="smtp_generic_maps">smtp_generic_maps</a> 11962(default: empty)</b></DT><DD> 11963 11964<p> Optional lookup tables that perform address rewriting in the 11965Postfix SMTP client, typically to transform a locally valid address into 11966a globally valid address when sending mail across the Internet. 11967This is needed when the local machine does not have its own Internet 11968domain name, but uses something like <i>localdomain.local</i> 11969instead. </p> 11970 11971<p> 11972Specify zero or more "type:name" lookup tables, separated by 11973whitespace or comma. Tables will be searched in the specified order 11974until a match is found. 11975</p> 11976 11977<p> The table format and lookups are documented in <a href="generic.5.html">generic(5)</a>; 11978examples are shown in the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> and 11979<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents. </p> 11980 11981<p> This feature is available in Postfix 2.2 and later. </p> 11982 11983 11984</DD> 11985 11986<DT><b><a name="smtp_header_checks">smtp_header_checks</a> 11987(default: empty)</b></DT><DD> 11988 11989<p> Restricted <a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP client. 11990These tables are searched while mail is being delivered. Actions 11991that change the delivery time or destination are not available. 11992</p> 11993 11994<p> This feature is available in Postfix 2.5 and later. </p> 11995 11996 11997</DD> 11998 11999<DT><b><a name="smtp_helo_name">smtp_helo_name</a> 12000(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 12001 12002<p> 12003The hostname to send in the SMTP HELO or EHLO command. 12004</p> 12005 12006<p> 12007The default value is the machine hostname. Specify a hostname or 12008[ip.add.re.ss]. 12009</p> 12010 12011<p> 12012This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP 12013clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 12014client, for example: 12015</p> 12016 12017<blockquote> 12018<pre> 12019/etc/postfix/<a href="master.5.html">master.cf</a>: 12020 mysmtp ... smtp -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=foo.bar.com 12021</pre> 12022</blockquote> 12023 12024<p> 12025This feature is available in Postfix 2.0 and later. 12026</p> 12027 12028 12029</DD> 12030 12031<DT><b><a name="smtp_helo_timeout">smtp_helo_timeout</a> 12032(default: 300s)</b></DT><DD> 12033 12034<p> 12035The Postfix SMTP client time limit for sending the HELO or EHLO command, 12036and for receiving the initial remote SMTP server response. 12037</p> 12038 12039<p> Specify a non-zero time value (an integral value plus an optional 12040one-letter suffix that specifies the time unit). Time units: s 12041(seconds), m (minutes), h (hours), d (days), w (weeks). 12042The default time unit is s (seconds). </p> 12043 12044 12045</DD> 12046 12047<DT><b><a name="smtp_host_lookup">smtp_host_lookup</a> 12048(default: dns)</b></DT><DD> 12049 12050<p> 12051What mechanisms the Postfix SMTP client uses to look up a host's 12052IP address. This parameter is ignored when DNS lookups are disabled 12053(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> and <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>). The "dns" 12054mechanism is always tried before "native" if both are listed. 12055</p> 12056 12057<p> 12058Specify one of the following: 12059</p> 12060 12061<dl> 12062 12063<dt><b>dns</b></dt> 12064 12065<dd>Hosts can be found in the DNS (preferred). </dd> 12066 12067<dt><b>native</b></dt> 12068 12069<dd>Use the native naming service only (nsswitch.conf, or equivalent 12070mechanism). </dd> 12071 12072<dt><b>dns, native</b></dt> 12073 12074<dd>Use the native service for hosts not found in the DNS. </dd> 12075 12076</dl> 12077 12078<p> 12079This feature is available in Postfix 2.1 and later. 12080</p> 12081 12082 12083</DD> 12084 12085<DT><b><a name="smtp_line_length_limit">smtp_line_length_limit</a> 12086(default: 998)</b></DT><DD> 12087 12088<p> 12089The maximal length of message header and body lines that Postfix 12090will send via SMTP. This limit does not include the <CR><LF> 12091at the end of each line. Longer lines are broken by inserting 12092"<CR><LF><SPACE>", to minimize the damage to MIME 12093formatted mail. Specify zero to disable this limit. 12094</p> 12095 12096<p> 12097The Postfix limit of 998 characters not including <CR><LF> 12098is consistent with the SMTP limit of 1000 characters including 12099<CR><LF>. The Postfix limit was 990 with Postfix 2.8 12100and earlier. 12101</p> 12102 12103 12104</DD> 12105 12106<DT><b><a name="smtp_mail_timeout">smtp_mail_timeout</a> 12107(default: 300s)</b></DT><DD> 12108 12109<p> 12110The Postfix SMTP client time limit for sending the MAIL FROM command, 12111and for receiving the remote SMTP server response. 12112</p> 12113 12114<p> Specify a non-zero time value (an integral value plus an optional 12115one-letter suffix that specifies the time unit). Time units: s 12116(seconds), m (minutes), h (hours), d (days), w (weeks). 12117The default time unit is s (seconds). </p> 12118 12119 12120</DD> 12121 12122<DT><b><a name="smtp_mime_header_checks">smtp_mime_header_checks</a> 12123(default: empty)</b></DT><DD> 12124 12125<p> Restricted mime_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 12126client. These tables are searched while mail is being delivered. 12127Actions that change the delivery time or destination are not 12128available. </p> 12129 12130<p> This feature is available in Postfix 2.5 and later. </p> 12131 12132 12133</DD> 12134 12135<DT><b><a name="smtp_min_data_rate">smtp_min_data_rate</a> 12136(default: 500)</b></DT><DD> 12137 12138<p> The minimum plaintext data transfer rate in bytes/second for 12139DATA requests, when deadlines are enabled with <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. 12140After a write operation transfers N plaintext message bytes (possibly 12141after TLS encryption), and after the DATA request deadline is 12142decremented by the elapsed time of that write operation, the DATA 12143request deadline is incremented by N/smtp_min_data_rate seconds. 12144However, the deadline will never be incremented beyond the time 12145limit specified with <a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>. </p> 12146 12147<p> This feature is available in Postfix 3.7 and later. </p> 12148 12149 12150</DD> 12151 12152<DT><b><a name="smtp_mx_address_limit">smtp_mx_address_limit</a> 12153(default: 5)</b></DT><DD> 12154 12155<p> 12156The maximal number of MX (mail exchanger) IP addresses that can 12157result from Postfix SMTP client mail exchanger lookups, or zero (no 12158limit). Prior to 12159Postfix version 2.3, this limit was disabled by default. 12160</p> 12161 12162<p> 12163This feature is available in Postfix 2.1 and later. 12164</p> 12165 12166 12167</DD> 12168 12169<DT><b><a name="smtp_mx_session_limit">smtp_mx_session_limit</a> 12170(default: 2)</b></DT><DD> 12171 12172<p> The maximal number of SMTP sessions per delivery request before 12173the Postfix SMTP client 12174gives up or delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no 12175limit). This restriction ignores sessions that fail to complete the 12176SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to 12177complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p> 12178 12179<p> This feature is available in Postfix 2.1 and later. </p> 12180 12181 12182</DD> 12183 12184<DT><b><a name="smtp_nested_header_checks">smtp_nested_header_checks</a> 12185(default: empty)</b></DT><DD> 12186 12187<p> Restricted nested_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 12188client. These tables are searched while mail is being delivered. 12189Actions that change the delivery time or destination are not 12190available. </p> 12191 12192<p> This feature is available in Postfix 2.5 and later. </p> 12193 12194 12195</DD> 12196 12197<DT><b><a name="smtp_never_send_ehlo">smtp_never_send_ehlo</a> 12198(default: no)</b></DT><DD> 12199 12200<p> Never send EHLO at the start of an SMTP session. See also the 12201<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p> 12202 12203 12204</DD> 12205 12206<DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a> 12207(default: no)</b></DT><DD> 12208 12209<p> Change the behavior of the smtp_*_timeout time limits, from a 12210time limit per read or write system call, to a time limit to send 12211or receive a complete record (an SMTP command line, SMTP response 12212line, SMTP message content line, or TLS protocol message). This 12213limits the impact from hostile peers that trickle data one byte at 12214a time. </p> 12215 12216<p> Note: when per-record deadlines are enabled, a short timeout 12217may cause problems with TLS over very slow network connections. 12218The reasons are that a TLS protocol message can be up to 16 kbytes 12219long (with TLSv1), and that an entire TLS protocol message must be 12220sent or received within the per-record deadline. </p> 12221 12222<p> This feature is available in Postfix 2.9-3.6. With older 12223Postfix releases, the behavior is as if this parameter is set to 12224"no". Postfix 3.7 and later use <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. </p> 12225 12226 12227</DD> 12228 12229<DT><b><a name="smtp_per_request_deadline">smtp_per_request_deadline</a> 12230(default: no)</b></DT><DD> 12231 12232<p> Change the behavior of the smtp_*_timeout time limits, from a 12233time limit per plaintext or TLS read or write call, to a combined 12234time limit for sending a complete SMTP request and for receiving a 12235complete SMTP response. The deadline limits only the time spent 12236waiting for plaintext or TLS read or write calls, not time spent 12237elsewhere. The per-request deadline limits the impact from hostile 12238peers that trickle data one byte at a time. </p> 12239 12240<p> See <a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> for how the per-request deadline is 12241managed during the DATA phase. </p> 12242 12243<p> Note: when per-request deadlines are enabled, a short time limit 12244may cause problems with TLS over very slow network connections. The 12245reason is that a TLS protocol message can be up to 16 kbytes long 12246(with TLSv1), and that an entire TLS protocol message must be 12247transferred within the per-request deadline. </p> 12248 12249<p> This feature is available in Postfix 3.7 and later. A weaker 12250feature, called <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a>, is available with Postfix 122512.9-3.6. </p> 12252 12253<p> This feature is available in Postfix 3.7 and later. </p> 12254 12255 12256</DD> 12257 12258<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 12259(default: 10s)</b></DT><DD> 12260 12261<p> 12262How long the Postfix SMTP client pauses before sending 12263".<CR><LF>" in order to work around the PIX firewall 12264"<CR><LF>.<CR><LF>" bug. 12265</p> 12266 12267<p> 12268Choosing too short a time makes this workaround ineffective when 12269sending large messages over slow network connections. 12270</p> 12271 12272<p> Specify a non-zero time value (an integral value plus an optional 12273one-letter suffix that specifies the time unit). Time units: s 12274(seconds), m (minutes), h (hours), d (days), w (weeks). 12275The default time unit is s (seconds). </p> 12276 12277 12278</DD> 12279 12280<DT><b><a name="smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 12281(default: empty)</b></DT><DD> 12282 12283<p> Lookup tables, indexed by the remote SMTP server address, with 12284per-destination workarounds for CISCO PIX firewall bugs. The table 12285is not indexed by hostname for consistency with 12286<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>. </p> 12287 12288<p> 12289Specify zero or more "type:name" lookup tables, separated by 12290whitespace or comma. Tables will be searched in the specified order 12291until a match is found. 12292</p> 12293 12294<p> This feature is available in Postfix 2.4 and later. </p> 12295 12296 12297</DD> 12298 12299<DT><b><a name="smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 12300(default: 500s)</b></DT><DD> 12301 12302<p> How long a message must be queued before the Postfix SMTP client 12303turns on the PIX firewall "<CR><LF>.<CR><LF>" 12304bug workaround for delivery through firewalls with "smtp fixup" 12305mode turned on. </p> 12306 12307<p> Specify a non-negative time value (an integral value plus an optional 12308one-letter suffix that specifies the time unit). Time units: s 12309(seconds), m (minutes), h (hours), d (days), w (weeks). 12310The default time unit is s (seconds). </p> 12311 12312<p> 12313By default, the workaround is turned off for mail that is queued 12314for less than 500 seconds. In other words, the workaround is normally 12315turned off for the first delivery attempt. 12316</p> 12317 12318<p> 12319Specify 0 to enable the PIX firewall 12320"<CR><LF>.<CR><LF>" bug workaround upon the 12321first delivery attempt. 12322</p> 12323 12324 12325</DD> 12326 12327<DT><b><a name="smtp_pix_workarounds">smtp_pix_workarounds</a> 12328(default: disable_esmtp, delay_dotcrlf)</b></DT><DD> 12329 12330<p> A list that specifies zero or more workarounds for CISCO PIX 12331firewall bugs. These workarounds are implemented by the Postfix 12332SMTP client. Workaround names are separated by comma or space, and 12333are case insensitive. This parameter setting can be overruled with 12334per-destination <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> settings. </p> 12335 12336<dl> 12337 12338<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending 12339".<CR><LF>" after the end of the message content. The 12340delay is subject to the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> and 12341<a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> parameter settings. </dd> 12342 12343<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands: 12344send HELO instead of EHLO. </dd> 12345 12346</dl> 12347 12348<p> This feature is available in Postfix 2.4 and later. The default 12349settings are backwards compatible with earlier Postfix versions. 12350</p> 12351 12352 12353</DD> 12354 12355<DT><b><a name="smtp_quit_timeout">smtp_quit_timeout</a> 12356(default: 300s)</b></DT><DD> 12357 12358<p> 12359The Postfix SMTP client time limit for sending the QUIT command, 12360and for receiving the remote SMTP server response. 12361</p> 12362 12363<p> Specify a non-zero time value (an integral value plus an optional 12364one-letter suffix that specifies the time unit). Time units: s 12365(seconds), m (minutes), h (hours), d (days), w (weeks). 12366The default time unit is s (seconds). </p> 12367 12368 12369</DD> 12370 12371<DT><b><a name="smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 12372(default: yes)</b></DT><DD> 12373 12374<p> 12375Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands 12376as required 12377by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart 12378that ends in ".". 12379</p> 12380 12381<p> 12382The default is to comply with <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to 12383a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>: 12384</p> 12385 12386<blockquote> 12387<pre> 12388/etc/postfix/<a href="master.5.html">master.cf</a>: 12389 broken-smtp . . . smtp -o <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>=no 12390</pre> 12391</blockquote> 12392 12393<p> 12394and route mail for the destination in question to the "broken-smtp" 12395message delivery with a <a href="transport.5.html">transport(5)</a> table. 12396</p> 12397 12398<p> 12399This feature is available in Postfix 2.1 and later. 12400</p> 12401 12402 12403</DD> 12404 12405<DT><b><a name="smtp_randomize_addresses">smtp_randomize_addresses</a> 12406(default: yes)</b></DT><DD> 12407 12408<p> 12409Randomize the order of equal-preference MX host addresses. This 12410is a performance feature of the Postfix SMTP client. 12411</p> 12412 12413 12414</DD> 12415 12416<DT><b><a name="smtp_rcpt_timeout">smtp_rcpt_timeout</a> 12417(default: 300s)</b></DT><DD> 12418 12419<p> 12420The Postfix SMTP client time limit for sending the SMTP RCPT TO 12421command, and for receiving the remote SMTP server response. 12422</p> 12423 12424<p> Specify a non-zero time value (an integral value plus an optional 12425one-letter suffix that specifies the time unit). Time units: s 12426(seconds), m (minutes), h (hours), d (days), w (weeks). 12427The default time unit is s (seconds). </p> 12428 12429 12430</DD> 12431 12432<DT><b><a name="smtp_reply_filter">smtp_reply_filter</a> 12433(default: empty)</b></DT><DD> 12434 12435<p> A mechanism to transform replies from remote SMTP servers one 12436line at a time. This is a last-resort tool to work around server 12437replies that break interoperability with the Postfix SMTP client. 12438Other uses involve fault injection to test Postfix's handling of 12439invalid responses. </p> 12440 12441<p> Notes: </p> 12442 12443<ul> 12444 12445<li> <p> In the case of a multi-line reply, the Postfix SMTP client 12446uses the final reply line's numerical SMTP reply code and enhanced 12447status code. </p> 12448 12449<li> <p> The numerical SMTP reply code (XYZ) takes precedence over 12450the enhanced status code (X.Y.Z). When the enhanced status code 12451initial digit differs from the SMTP reply code initial digit, or 12452when no enhanced status code is present, the Postfix SMTP client 12453uses a generic enhanced status code (X.0.0) instead. </p> 12454 12455</ul> 12456 12457<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 12458string is a single SMTP reply line as received from the remote SMTP 12459server, except that the trailing <CR><LF> are removed. 12460When the lookup succeeds, the result replaces the single SMTP reply 12461line. </p> 12462 12463<p> Examples: </p> 12464 12465<pre> 12466/etc/postfix/<a href="postconf.5.html">main.cf</a>: 12467 <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/reply_filter 12468</pre> 12469 12470<pre> 12471/etc/postfix/reply_filter: 12472 # Transform garbage into "250-filler..." so that it looks like 12473 # one line from a multi-line reply. It does not matter what we 12474 # substitute here as long it has the right syntax. The Postfix 12475 # SMTP client will use the final line's numerical SMTP reply 12476 # code and enhanced status code. 12477 !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage 12478</pre> 12479 12480<p> This feature is available in Postfix 2.7. </p> 12481 12482 12483</DD> 12484 12485<DT><b><a name="smtp_rset_timeout">smtp_rset_timeout</a> 12486(default: 20s)</b></DT><DD> 12487 12488<p> The Postfix SMTP client time limit for sending the RSET command, 12489and for receiving the remote SMTP server response. The SMTP client 12490sends RSET in 12491order to finish a recipient address probe, or to verify that a 12492cached session is still usable. </p> 12493 12494<p> Specify a non-zero time value (an integral value plus an optional 12495one-letter suffix that specifies the time unit). Time units: s 12496(seconds), m (minutes), h (hours), d (days), w (weeks). 12497The default time unit is s (seconds). </p> 12498 12499<p> This feature is available in Postfix 2.1 and later. </p> 12500 12501 12502</DD> 12503 12504<DT><b><a name="smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 12505(default: empty)</b></DT><DD> 12506 12507<p> An optional table to prevent repeated SASL authentication 12508failures with the same remote SMTP server hostname, username and 12509password. Each table (key, value) pair contains a server name, a 12510username and password, and the full server response. This information 12511is stored when a remote SMTP server rejects an authentication attempt 12512with a 535 reply code. As long as the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> 12513information does not change, and as long as the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 12514information does not expire (see <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>) the 12515Postfix SMTP client avoids SASL authentication attempts with the 12516same server, username and password, and instead bounces or defers 12517mail as controlled with the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> configuration 12518parameter. </p> 12519 12520<p> Use a per-destination delivery concurrency of 1 (for example, 12521"<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> = 1", 12522"<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> = 1", etc.), otherwise multiple 12523delivery agents may experience a login failure at the same time. 12524</p> 12525 12526<p> The table must be accessed via the proxywrite service, i.e. the 12527map name must start with "<a href="proxymap.8.html">proxy</a>:". The table should be stored under 12528the directory specified with the <a href="postconf.5.html#data_directory">data_directory</a> parameter. </p> 12529 12530<p> This feature uses cryptographic hashing to protect plain-text 12531passwords, and requires that Postfix is compiled with TLS support. 12532</p> 12533 12534<p> Example: </p> 12535 12536<pre> 12537<a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/sasl_auth_cache 12538</pre> 12539 12540<p> This feature is available in Postfix 2.5 and later. </p> 12541 12542 12543</DD> 12544 12545<DT><b><a name="smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 12546(default: 90d)</b></DT><DD> 12547 12548<p> The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it 12549is removed. </p> 12550 12551<p> Specify a non-negative time value (an integral value plus an optional 12552one-letter suffix that specifies the time unit). Time units: s 12553(seconds), m (minutes), h (hours), d (days), w (weeks). 12554The default time unit is d (days). </p> 12555 12556<p> This feature is available in Postfix 2.5 and later. </p> 12557 12558 12559</DD> 12560 12561<DT><b><a name="smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> 12562(default: no)</b></DT><DD> 12563 12564<p> 12565Enable SASL authentication in the Postfix SMTP client. By default, 12566the Postfix SMTP client uses no authentication. 12567</p> 12568 12569<p> 12570Example: 12571</p> 12572 12573<pre> 12574<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes 12575</pre> 12576 12577 12578</DD> 12579 12580<DT><b><a name="smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 12581(default: yes)</b></DT><DD> 12582 12583<p> When a remote SMTP server rejects a SASL authentication request 12584with a 535 reply code, defer mail delivery instead of returning 12585mail as undeliverable. The latter behavior was hard-coded prior to 12586Postfix version 2.5. </p> 12587 12588<p> Note: the setting "yes" overrides the global <a href="postconf.5.html#soft_bounce">soft_bounce</a> 12589parameter, but the setting "no" does not. </p> 12590 12591<p> Example: </p> 12592 12593<pre> 12594# Default as of Postfix 2.5 12595<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = yes 12596# The old hard-coded default 12597<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = no 12598</pre> 12599 12600<p> This feature is available in Postfix 2.5 and later. </p> 12601 12602 12603</DD> 12604 12605<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 12606(default: empty)</b></DT><DD> 12607 12608<p> 12609If non-empty, a Postfix SMTP client filter for the remote SMTP 12610server's list of offered SASL mechanisms. Different client and 12611server implementations may support different mechanism lists; by 12612default, the Postfix SMTP client will use the intersection of the 12613two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> specifies an optional third mechanism 12614list to intersect with. </p> 12615 12616<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>" 12617lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups 12618is ignored. Specify "!pattern" to exclude a mechanism name from the 12619list. The form "!/file/name" is supported only in Postfix version 126202.4 and later. </p> 12621 12622<p> This feature is available in Postfix 2.2 and later. </p> 12623 12624<p> 12625Examples: 12626</p> 12627 12628<pre> 12629<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login 12630<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = /etc/postfix/smtp_mechs 12631<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:rest 12632</pre> 12633 12634 12635</DD> 12636 12637<DT><b><a name="smtp_sasl_password_maps">smtp_sasl_password_maps</a> 12638(default: empty)</b></DT><DD> 12639 12640<p> 12641Optional Postfix SMTP client lookup tables with one username:password 12642entry per sender, remote hostname or next-hop domain. Per-sender 12643lookup is done only when sender-dependent authentication is enabled. 12644If no username:password entry is found, then the Postfix SMTP client 12645will not attempt to authenticate to the remote host. 12646</p> 12647 12648<p> Use <a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> to specify an 12649alternative separator between username and password. </p> 12650 12651<p> 12652The Postfix SMTP client opens the lookup table before going to 12653chroot jail, so you can leave the password file in /etc/postfix. 12654</p> 12655 12656<p> 12657Specify zero or more "type:name" lookup tables, separated by 12658whitespace or comma. Tables will be searched in the specified order 12659until a match is found. 12660</p> 12661 12662 12663</DD> 12664 12665<DT><b><a name="smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> 12666(default: :)</b></DT><DD> 12667 12668<p> The delimiter between username and password in sasl_passwd_maps lookup 12669results. Specify one non-whitespace character that does not appear in 12670the username. </p> 12671 12672<p> This feature is available in Postfix ≥ 3.9. </p> 12673 12674 12675</DD> 12676 12677<DT><b><a name="smtp_sasl_path">smtp_sasl_path</a> 12678(default: empty)</b></DT><DD> 12679 12680<p> Implementation-specific information that the Postfix SMTP client 12681passes through to 12682the SASL plug-in implementation that is selected with 12683<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. Typically this specifies the name of a 12684configuration file or rendezvous point. </p> 12685 12686<p> This feature is available in Postfix 2.3 and later. </p> 12687 12688 12689</DD> 12690 12691<DT><b><a name="smtp_sasl_security_options">smtp_sasl_security_options</a> 12692(default: noplaintext, noanonymous)</b></DT><DD> 12693 12694<p> Postfix SMTP client SASL security options; as of Postfix 2.3 12695the list of available 12696features depends on the SASL client implementation that is selected 12697with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. </p> 12698 12699<p> The following security features are defined for the <b>cyrus</b> 12700client SASL implementation: </p> 12701 12702<p> 12703Specify zero or more of the following: 12704</p> 12705 12706<dl> 12707 12708<dt><b>noplaintext</b></dt> 12709 12710<dd>Disallow methods that use plaintext passwords. </dd> 12711 12712<dt><b>noactive</b></dt> 12713 12714<dd>Disallow methods subject to active (non-dictionary) attack. 12715</dd> 12716 12717<dt><b>nodictionary</b></dt> 12718 12719<dd>Disallow methods subject to passive (dictionary) attack. </dd> 12720 12721<dt><b>noanonymous</b></dt> 12722 12723<dd>Disallow methods that allow anonymous authentication. </dd> 12724 12725<dt><b>mutual_auth</b></dt> 12726 12727<dd>Only allow methods that provide mutual authentication (not 12728available with SASL version 1). </dd> 12729 12730</dl> 12731 12732<p> 12733Example: 12734</p> 12735 12736<pre> 12737<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noplaintext 12738</pre> 12739 12740 12741</DD> 12742 12743<DT><b><a name="smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 12744(default: $<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b></DT><DD> 12745 12746<p> The SASL authentication security options that the Postfix SMTP 12747client uses for TLS encrypted SMTP sessions. </p> 12748 12749<p> This feature is available in Postfix 2.2 and later. </p> 12750 12751 12752</DD> 12753 12754<DT><b><a name="smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> 12755(default: $<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b></DT><DD> 12756 12757<p> The SASL authentication security options that the Postfix SMTP 12758client uses for TLS encrypted SMTP sessions with a verified server 12759certificate. </p> 12760 12761<p> When mail is sent to the public MX host for the recipient's 12762domain, server certificates are by default optional, and delivery 12763proceeds even if certificate verification fails. For delivery via 12764a submission service that requires SASL authentication, it may be 12765appropriate to send plaintext passwords only when the connection 12766to the server is strongly encrypted <b>and</b> the server identity 12767is verified. </p> 12768 12769<p> The <a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> parameter makes it 12770possible to only enable plaintext mechanisms when a secure connection 12771to the server is available. Submission servers subject to this 12772policy must either have verifiable certificates or offer suitable 12773non-plaintext SASL mechanisms. </p> 12774 12775<p> This feature is available in Postfix 2.6 and later. </p> 12776 12777 12778</DD> 12779 12780<DT><b><a name="smtp_sasl_type">smtp_sasl_type</a> 12781(default: cyrus)</b></DT><DD> 12782 12783<p> The SASL plug-in type that the Postfix SMTP client should use 12784for authentication. The available types are listed with the 12785"<b>postconf -A</b>" command. </p> 12786 12787<p> This feature is available in Postfix 2.3 and later. </p> 12788 12789 12790</DD> 12791 12792<DT><b><a name="smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 12793(default: no)</b></DT><DD> 12794 12795<p> Whether or not to append the "AUTH=<>" option to the MAIL 12796FROM command in SASL-authenticated SMTP sessions. The default is 12797not to send this, to avoid problems with broken remote SMTP servers. 12798Before Postfix 2.9 the behavior is as if "<a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 12799= yes". 12800 12801<p> This feature is available in Postfix 2.9 and later. </p> 12802 12803 12804</DD> 12805 12806<DT><b><a name="smtp_send_xforward_command">smtp_send_xforward_command</a> 12807(default: no)</b></DT><DD> 12808 12809<p> 12810Send the non-standard XFORWARD command when the Postfix SMTP server 12811EHLO response announces XFORWARD support. 12812</p> 12813 12814<p> 12815This allows a Postfix SMTP delivery agent, used for injecting mail 12816into 12817a content filter, to forward the name, address, protocol and HELO 12818name of the original client to the content filter and downstream 12819queuing SMTP server. This can produce more useful logging than 12820localhost[127.0.0.1] etc. 12821</p> 12822 12823<p> 12824This feature is available in Postfix 2.1 and later. 12825</p> 12826 12827 12828</DD> 12829 12830<DT><b><a name="smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 12831(default: no)</b></DT><DD> 12832 12833<p> 12834Enable sender-dependent authentication in the Postfix SMTP client; this is 12835available only with SASL authentication, and disables SMTP connection 12836caching to ensure that mail from different senders will use the 12837appropriate credentials. </p> 12838 12839<p> 12840This feature is available in Postfix 2.3 and later. 12841</p> 12842 12843 12844</DD> 12845 12846<DT><b><a name="smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> 12847(default: yes)</b></DT><DD> 12848 12849<p> 12850Skip SMTP servers that greet with a 4XX status code (go away, try 12851again later). 12852</p> 12853 12854<p> 12855By default, the Postfix SMTP client moves on the next mail exchanger. 12856Specify 12857"<a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> = no" if Postfix should defer delivery 12858immediately. 12859</p> 12860 12861<p> This feature is available in Postfix 2.0 and earlier. 12862Later Postfix versions always skip remote SMTP servers that greet 12863with a 128644XX status code. </p> 12865 12866 12867</DD> 12868 12869<DT><b><a name="smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 12870(default: yes)</b></DT><DD> 12871 12872<p> 12873Skip remote SMTP servers that greet with a 5XX status code. 12874</p> 12875 12876<p> By default, the Postfix SMTP client moves on the next mail 12877exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should 12878bounce the mail immediately. Caution: the latter behavior appears 12879to contradict <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 12880 12881 12882</DD> 12883 12884<DT><b><a name="smtp_skip_quit_response">smtp_skip_quit_response</a> 12885(default: yes)</b></DT><DD> 12886 12887<p> 12888Do not wait for the response to the SMTP QUIT command. 12889</p> 12890 12891 12892</DD> 12893 12894<DT><b><a name="smtp_starttls_timeout">smtp_starttls_timeout</a> 12895(default: 300s)</b></DT><DD> 12896 12897<p> Time limit for Postfix SMTP client write and read operations 12898during TLS startup and shutdown handshake procedures. </p> 12899 12900<p> Specify a non-zero time value (an integral value plus an optional 12901one-letter suffix that specifies the time unit). Time units: s 12902(seconds), m (minutes), h (hours), d (days), w (weeks). 12903The default time unit is s (seconds). </p> 12904 12905<p> This feature is available in Postfix 2.2 and later. </p> 12906 12907 12908</DD> 12909 12910<DT><b><a name="smtp_tcp_port">smtp_tcp_port</a> 12911(default: smtp)</b></DT><DD> 12912 12913<p> 12914The default TCP port that the Postfix SMTP client connects to. 12915Specify a symbolic name (see services(5)) or a numeric port. 12916</p> 12917 12918 12919</DD> 12920 12921<DT><b><a name="smtp_tls_CAfile">smtp_tls_CAfile</a> 12922(default: empty)</b></DT><DD> 12923 12924<p> A file containing CA certificates of root CAs trusted to sign 12925either remote SMTP server certificates or intermediate CA certificates. 12926These are loaded into memory before the <a href="smtp.8.html">smtp(8)</a> client enters the 12927chroot jail. If the number of trusted roots is large, consider using 12928<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> instead, but note that the latter directory must be 12929present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This 12930file may also be used to augment the client certificate trust chain, 12931but it is best to include all the required certificates directly in 12932$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (or, Postfix ≥ 3.4 $<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>). </p> 12933 12934<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use 12935ONLY the system-supplied default Certification Authority certificates. 12936</p> 12937 12938<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 12939appending the system-supplied default CAs and trusting third-party 12940certificates. </p> 12941 12942<p> Example: </p> 12943 12944<pre> 12945<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem 12946</pre> 12947 12948<p> This feature is available in Postfix 2.2 and later. </p> 12949 12950 12951</DD> 12952 12953<DT><b><a name="smtp_tls_CApath">smtp_tls_CApath</a> 12954(default: empty)</b></DT><DD> 12955 12956<p> Directory with PEM format Certification Authority certificates 12957that the Postfix SMTP client uses to verify a remote SMTP server 12958certificate. Don't forget to create the necessary "hash" links 12959with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 12960</p> 12961 12962<p> To use this option in chroot mode, this directory (or a copy) 12963must be inside the chroot jail. </p> 12964 12965<p> Specify "<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /path/to/system_CA_directory" to 12966use ONLY the system-supplied default Certification Authority certificates. 12967</p> 12968 12969<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 12970appending the system-supplied default CAs and trusting third-party 12971certificates. </p> 12972 12973<p> Example: </p> 12974 12975<pre> 12976<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs 12977</pre> 12978 12979<p> This feature is available in Postfix 2.2 and later. </p> 12980 12981 12982</DD> 12983 12984<DT><b><a name="smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 12985(default: no)</b></DT><DD> 12986 12987<p> Try to detect a mail hijacking attack based on a TLS protocol 12988vulnerability (CVE-2009-3555), where an attacker prepends malicious 12989HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 12990The attack would succeed with non-Postfix SMTP servers that reply 12991to the malicious HELO, MAIL, RCPT, DATA commands after negotiating 12992the Postfix SMTP client TLS session. </p> 12993 12994<p> This feature is available in Postfix 2.7. </p> 12995 12996 12997</DD> 12998 12999<DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a> 13000(default: empty)</b></DT><DD> 13001 13002<p> File with the Postfix SMTP client RSA certificate in PEM format. 13003This file may also contain the Postfix SMTP client private RSA key, and 13004these may be the same as the Postfix SMTP server RSA certificate and key 13005file. With Postfix ≥ 3.4 the preferred way to configure client keys 13006and certificates is via the "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p> 13007 13008<p> Do not configure client certificates unless you <b>must</b> present 13009client TLS certificates to one or more servers. Client certificates are 13010not usually needed, and can cause problems in configurations that work 13011well without them. The recommended setting is to let the defaults stand: </p> 13012 13013<blockquote> 13014<pre> 13015<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = 13016<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = 13017<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = 13018<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> = 13019# Obsolete DSA parameters 13020<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = 13021<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = 13022# Postfix ≥ 3.4 interface 13023<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> = 13024</pre> 13025</blockquote> 13026 13027<p> The best way to use the default settings is to comment out the above 13028parameters in <a href="postconf.5.html">main.cf</a> if present. </p> 13029 13030<p> To enable remote SMTP servers to verify the Postfix SMTP client 13031certificate, the issuing CA certificates must be made available to the 13032server. You should include the required certificates in the client 13033certificate file, the client certificate first, then the issuing 13034CA(s) (bottom-up order). </p> 13035 13036<p> Example: the certificate for "client.example.com" was issued by 13037"intermediate CA" which itself has a certificate issued by "root CA". 13038As the "root" super-user create the client.pem file with: </p> 13039 13040<blockquote> 13041<pre> 13042# <b>umask 077</b> 13043# <b>cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem </b> 13044</pre> 13045</blockquote> 13046 13047<p> If you also want to verify remote SMTP server certificates issued by 13048these CAs, you can add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in 13049which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>, 13050<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (obsolete) or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p> 13051 13052<p> A certificate supplied here must be usable as an SSL client certificate 13053and hence pass the "openssl verify -purpose sslclient ..." test. </p> 13054 13055<p> Example: </p> 13056 13057<pre> 13058<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/chain.pem 13059</pre> 13060 13061<p> This feature is available in Postfix 2.2 and later. </p> 13062 13063 13064</DD> 13065 13066<DT><b><a name="smtp_tls_chain_files">smtp_tls_chain_files</a> 13067(default: empty)</b></DT><DD> 13068 13069<p> List of one or more PEM files, each holding one or more private keys 13070directly followed by a corresponding certificate chain. The file names 13071are separated by commas and/or whitespace. This parameter obsoletes the 13072legacy algorithm-specific key and certificate file settings. When this 13073parameter is non-empty, the legacy parameters are ignored, and a warning 13074is logged if any are also non-empty. </p> 13075 13076<p> With the proliferation of multiple private key algorithms—which, 13077as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 13078and Ed448—it is increasingly impractical to use separate 13079parameters to configure the key and certificate chain for each 13080algorithm. Therefore, Postfix now supports storing multiple keys and 13081corresponding certificate chains in a single file or in a set of files. 13082 13083<p> Each key must appear <b>immediately before</b> the corresponding 13084certificate, optionally followed by additional issuer certificates that 13085complete the certificate chain for that key. When multiple files are 13086specified, they are equivalent to a single file that is concatenated 13087from those files in the given order. Thus, while a key must always 13088precede its certificate and issuer chain, it can be in a separate file, 13089so long as that file is listed immediately before the file that holds 13090the corresponding certificate chain. Once all the files are 13091concatenated, the sequence of PEM objects must be: <i>key1, cert1, 13092[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p> 13093 13094<p> Storing the private key in the same file as the corresponding 13095certificate is more reliable. With the key and certificate in separate 13096files, there is a chance that during key rollover a Postfix process 13097might load a private key and certificate from separate files that don't 13098match. Various operational errors may even result in a persistent 13099broken configuration in which the certificate does not match the private 13100key. </p> 13101 13102<p> The file or files must contain at most one key of each type. If, 13103for example, two or more RSA keys and corresponding chains are listed, 13104depending on the version of OpenSSL either only the last one will be 13105used or a configuration error may be detected. Note that while 13106"Ed25519" and "Ed448" are considered separate algorithms, the various 13107ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are 13108considered as different parameters of a single "ECDSA" algorithm, so it 13109is not presently possible to configure keys for more than one ECDSA 13110curve. </p> 13111 13112<p> 13113Example (separate files for each key and corresponding certificate chain): 13114</p> 13115<blockquote> 13116<pre> 13117/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13118 <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> = 13119 ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed25519.pem, 13120 ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed448.pem, 13121 ${<a href="postconf.5.html#config_directory">config_directory</a>}/rsa.pem 13122</pre> 13123</blockquote> 13124 13125<blockquote> 13126<pre> 13127/etc/postfix/ed25519.pem: 13128 -----BEGIN PRIVATE KEY----- 13129 MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 13130 -----END PRIVATE KEY----- 13131 -----BEGIN CERTIFICATE----- 13132 MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG 13133 ... 13134 nC0egv51YPDWxEHom4QA 13135 -----END CERTIFICATE----- 13136</pre> 13137</blockquote> 13138 13139<blockquote> 13140<pre> 13141/etc/postfix/ed448.pem: 13142 -----BEGIN PRIVATE KEY----- 13143 MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe 13144 LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== 13145 -----END PRIVATE KEY----- 13146 -----BEGIN CERTIFICATE----- 13147 MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG 13148 ... 13149 pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA 13150 -----END CERTIFICATE----- 13151</pre> 13152</blockquote> 13153 13154<blockquote> 13155<pre> 13156/etc/postfix/rsa.pem: 13157 -----BEGIN PRIVATE KEY----- 13158 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL 13159 ... 13160 ahQkZ3+krcaJvDSMgvu0tDc= 13161 -----END PRIVATE KEY----- 13162 -----BEGIN CERTIFICATE----- 13163 MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL 13164 ... 13165 Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= 13166 -----END CERTIFICATE----- 13167</pre> 13168</blockquote> 13169 13170<p> 13171Example (all keys and certificates in a single file): 13172</p> 13173<blockquote> 13174<pre> 13175/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13176 <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/chains.pem 13177</pre> 13178</blockquote> 13179 13180<blockquote> 13181<pre> 13182/etc/postfix/chains.pem: 13183 -----BEGIN PRIVATE KEY----- 13184 MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 13185 -----END PRIVATE KEY----- 13186 -----BEGIN CERTIFICATE----- 13187 MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG 13188 ... 13189 nC0egv51YPDWxEHom4QA 13190 -----END CERTIFICATE----- 13191 -----BEGIN PRIVATE KEY----- 13192 MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe 13193 LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== 13194 -----END PRIVATE KEY----- 13195 -----BEGIN CERTIFICATE----- 13196 MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG 13197 ... 13198 pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA 13199 -----END CERTIFICATE----- 13200 -----BEGIN PRIVATE KEY----- 13201 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL 13202 ... 13203 ahQkZ3+krcaJvDSMgvu0tDc= 13204 -----END PRIVATE KEY----- 13205 -----BEGIN CERTIFICATE----- 13206 MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL 13207 ... 13208 Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= 13209 -----END CERTIFICATE----- 13210</pre> 13211</blockquote> 13212 13213<p> This feature is available in Postfix 3.4 and later. </p> 13214 13215 13216</DD> 13217 13218<DT><b><a name="smtp_tls_cipherlist">smtp_tls_cipherlist</a> 13219(default: empty)</b></DT><DD> 13220 13221<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 13222cipher list. As this feature applies to all TLS security levels, it is easy 13223to create interoperability problems by choosing a non-default cipher 13224list. Do not use a non-default TLS cipher list on hosts that deliver email 13225to the public Internet: you will be unable to send email to servers that 13226only support the ciphers you exclude. Using a restricted cipher list 13227may be more appropriate for an internal MTA, where one can exert some 13228control over the TLS software and settings of the peer servers. </p> 13229 13230<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 13231 13232<p> This feature is available in Postfix version 2.2. It is not used with 13233Postfix 2.3 and later; use <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> instead. </p> 13234 13235 13236</DD> 13237 13238<DT><b><a name="smtp_tls_ciphers">smtp_tls_ciphers</a> 13239(default: medium)</b></DT><DD> 13240 13241<p> The minimum TLS cipher grade that the Postfix SMTP client 13242will use with opportunistic TLS encryption. Cipher types listed in 13243<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> are excluded from the base definition of 13244the selected cipher grade. The default value is "medium" for 13245Postfix releases after the middle of 2015, "export" for older 13246releases. </p> 13247 13248<p> When TLS is mandatory the cipher grade is chosen via the 13249<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 13250details. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure 13251ciphers on a per-destination basis. </p> 13252 13253<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 13254releases only the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter is implemented, 13255and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 13256 13257 13258</DD> 13259 13260<DT><b><a name="smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> 13261(default: no)</b></DT><DD> 13262 13263<p> Try to make multiple deliveries per TLS-encrypted connection. 13264This uses the <a href="tlsproxy.8.html">tlsproxy(8)</a> service to encrypt an SMTP connection, 13265uses the <a href="scache.8.html">scache(8)</a> service to save that connection, and relies on 13266hints from the <a href="qmgr.8.html">qmgr(8)</a> daemon. </p> 13267 13268<p> See "<a href="TLS_README.html#client_tls_reuse">Client-side 13269TLS connection reuse</a>" for background details. </p> 13270 13271<p> This feature is available in Postfix 3.4 and later. </p> 13272 13273 13274</DD> 13275 13276<DT><b><a name="smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> 13277(default: dane)</b></DT><DD> 13278 13279<p> The TLS policy for MX hosts with "secure" TLSA records when the 13280nexthop destination security level is <b>dane</b>, but the MX 13281record was found via an "insecure" MX lookup. The choices are: 13282</p> 13283 13284<dl> 13285<dt><b>may</b></dt> 13286<dd> The TLSA records will be ignored and TLS will be optional. If 13287the MX host does not appear to support STARTTLS, or the STARTTLS 13288handshake fails, mail may be sent in the clear. </dd> 13289<dt><b>encrypt</b></dt> 13290<dd> The TLSA records will signal a requirement to use TLS. While 13291TLS encryption will be required, authentication will not be performed. 13292</dd> 13293<dt><b>dane</b></dt> 13294<dd>The TLSA records will be used just as with "secure" MX records. 13295TLS encryption will be required, and, if at least one of the TLSA 13296records is "usable", authentication will be required. When 13297authentication succeeds, it will be logged only as "Trusted", not 13298"Verified", because the MX host name could have been forged. </dd> 13299</dl> 13300 13301<p> The default setting is "dane" as of Postfix versions 3.6.17, 133023.7.13, 3.8.8, 3.9.2, and 3.10.0. With earlier versions the default 13303was mistakenly dependent on the <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> setting. 13304</p> 13305 13306<p> Though with "insecure" MX records an active attacker can 13307compromise SMTP transport security by returning forged MX records, 13308such attacks are "tamper-evident" since any forged MX hostnames 13309will be recorded in the mail logs. Attackers who place a high value 13310on staying hidden may be deterred from forging MX records. </p> 13311 13312<p> 13313This feature is available in Postfix 3.1 and later. The <b>may</b> 13314policy is backwards-compatible with earlier Postfix versions. 13315</p> 13316 13317 13318</DD> 13319 13320<DT><b><a name="smtp_tls_dcert_file">smtp_tls_dcert_file</a> 13321(default: empty)</b></DT><DD> 13322 13323<p> File with the Postfix SMTP client DSA certificate in PEM format. 13324This file may also contain the Postfix SMTP client private DSA key. 13325The DSA algorithm is obsolete and should not be used. </p> 13326 13327<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 13328</p> 13329 13330<p> Example: </p> 13331 13332<pre> 13333<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem 13334</pre> 13335 13336<p> This feature is available in Postfix 2.2 and later. </p> 13337 13338 13339</DD> 13340 13341<DT><b><a name="smtp_tls_dkey_file">smtp_tls_dkey_file</a> 13342(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD> 13343 13344<p> File with the Postfix SMTP client DSA private key in PEM format. 13345This file may be combined with the Postfix SMTP client DSA certificate 13346file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. The DSA algorithm is obsolete 13347and should not be used. </p> 13348 13349<p> The private key must be accessible without a pass-phrase, i.e. it 13350must not be encrypted. File permissions should grant read-only 13351access to the system superuser account ("root"), and no access 13352to anyone else. </p> 13353 13354<p> This feature is available in Postfix 2.2 and later. </p> 13355 13356 13357</DD> 13358 13359<DT><b><a name="smtp_tls_eccert_file">smtp_tls_eccert_file</a> 13360(default: empty)</b></DT><DD> 13361 13362<p> File with the Postfix SMTP client ECDSA certificate in PEM format. 13363This file may also contain the Postfix SMTP client ECDSA private key. 13364With Postfix ≥ 3.4 the preferred way to configure client keys and 13365certificates is via the "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p> 13366 13367<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 13368</p> 13369 13370<p> Example: </p> 13371 13372<pre> 13373<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = /etc/postfix/ecdsa-ccert.pem 13374</pre> 13375 13376<p> This feature is available in Postfix 2.6 and later, when Postfix is 13377compiled and linked with OpenSSL 1.0.0 or later. </p> 13378 13379 13380</DD> 13381 13382<DT><b><a name="smtp_tls_eckey_file">smtp_tls_eckey_file</a> 13383(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD> 13384 13385<p> File with the Postfix SMTP client ECDSA private key in PEM format. 13386This file may be combined with the Postfix SMTP client ECDSA certificate 13387file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. With Postfix ≥ 3.4 the 13388preferred way to configure client keys and certificates is via the 13389"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p> 13390 13391<p> The private key must be accessible without a pass-phrase, i.e. it 13392must not be encrypted. File permissions should grant read-only 13393access to the system superuser account ("root"), and no access 13394to anyone else. </p> 13395 13396<p> This feature is available in Postfix 2.6 and later, when Postfix is 13397compiled and linked with OpenSSL 1.0.0 or later. </p> 13398 13399 13400</DD> 13401 13402<DT><b><a name="smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> 13403(default: no)</b></DT><DD> 13404 13405<p> Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key 13406instead of an X.509 certificate. This feature and the enable_rpk 13407policy attribute are ignored when there is no raw public key support 13408in the local TLS implementation. </p> 13409 13410<ul> 13411 13412<li> <p> At the "may", "encrypt" and "fingerprint" security levels, 13413with parameter setting "<a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> = yes" or with "enable_rpk 13414= yes" in a policy entry, the Postfix SMTP client will indicate in 13415the TLS handshake that it prefers to receive a raw server public 13416key, but it will still accept a server public key certificate. </p> 13417 13418<li> <p> At the "fingerprint" security level, with parameter setting 13419"<a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> = yes" or with "enable_rpk = yes" in a policy 13420entry, server authentication based on certificate fingerprints 13421becomes more fragile. Even if the server private key and certificate 13422remain unchanged, the remote SMTP server will fail fingerprint 13423authentication (won't match the configured list of fingerprints) 13424when it starts sending a raw public key instead of a certificate, 13425after its TLS implementation is updated with raw public key support. 13426Therefore, <b>DO NOT</b> enable raw public keys to remote destinations 13427authenticated by server <b>certificate</b> fingerprints. You should 13428enable raw public keys only for servers matched via their public 13429key fingerprint. </p> 13430 13431<li> <p> At the "verify" and "secure" security levels, the Postfix 13432SMTP client always ignores the parameter setting <a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> 13433or the enable_rpk policy attribute. </p> 13434 13435<li> <p> At the opportunistic "dane" security level, the Postfix 13436SMTP client ignores the parameter setting <a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> or 13437the enable_rpk policy attribute (but it will respect them when it 13438falls back to the "may" or "encrypt" level). When all valid TLSA 13439records specify only server public keys (no certificates) and the 13440local TLS implementation supports raw public keys, the client will 13441indicate in the TLS handshake that it prefers to receive a raw 13442public key, but it will still accept a public key certificate. </p> 13443 13444<li> <p> At the mandatory "dane-only" security level, the Postfix 13445SMTP client always ignores the parameter setting <a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> 13446or the enable_rpk policy attribute. When all valid TLSA records 13447specify only server public keys (no certificates) and the local TLS 13448implementation supports raw public keys, the client will indicate 13449in the TLS handshake that it prefers to receive a raw public key, 13450but it will still accept a public key certificate. </p> 13451 13452</ul> 13453 13454<p>The Postfix SMTP client is always willing to send raw public keys 13455to servers that solicit them when a client certificate is configured 13456and the local TLS implementation supports raw public keys. </p> 13457 13458<p> Sample commands to compute certificate and public key SHA256 digests: </p> 13459 13460<pre> 13461# SHA256 digest of the first certificate in "cert.pem" 13462$ openssl x509 -in cert.pem -outform DER | openssl dgst -sha256 -c 13463</pre> 13464 13465<pre> 13466# SHA256 digest of the SPKI of the first certificate in "cert.pem" 13467$ openssl x509 -in cert.pem -pubkey -noout | 13468 openssl pkey -pubin -outform DER | openssl dgst -sha256 -c 13469</pre> 13470 13471<pre> 13472# SHA256 digest of the SPKI of the first private key in "pkey.pem" 13473$ openssl pkey -in pkey.pem -pubout -outform DER | 13474 openssl dgst -sha256 -c 13475</pre> 13476 13477<p> This feature is available in Postfix 3.9 and later. </p> 13478 13479 13480</DD> 13481 13482<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 13483(default: yes)</b></DT><DD> 13484 13485<p> With mandatory TLS encryption, require that the remote SMTP 13486server hostname matches the information in the remote SMTP server 13487certificate. As of <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking 13488for MTA clients are not specified. </p> 13489 13490<p> This option can be set to "no" to disable strict peer name 13491checking. This setting has no effect on sessions that are controlled 13492via the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table. </p> 13493 13494<p> Disabling the hostname verification can make sense in a closed 13495environment where special CAs are created. If not used carefully, 13496this option opens the danger of a "man-in-the-middle" attack (the 13497CommonName of this attacker will be logged). </p> 13498 13499<p> This feature is available in Postfix 2.2 and later. With 13500Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 13501 13502 13503</DD> 13504 13505<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 13506(default: empty)</b></DT><DD> 13507 13508<p> List of ciphers or cipher types to exclude from the Postfix 13509SMTP client cipher 13510list at all TLS security levels. This is not an OpenSSL cipherlist, it is 13511a simple list separated by whitespace and/or commas. The elements are a 13512single cipher, or one or more "+" separated cipher properties, in which 13513case only ciphers matching <b>all</b> the properties are excluded. </p> 13514 13515<p> Examples (some of these will cause problems): </p> 13516 13517<blockquote> 13518<pre> 13519<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL 13520<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = MD5, DES 13521<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = DES+MD5 13522<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 13523<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = kEDH+aRSA 13524</pre> 13525</blockquote> 13526 13527<p> The first setting disables anonymous ciphers. The next setting 13528disables ciphers that use the MD5 digest algorithm or the (single) DES 13529encryption algorithm. The next setting disables ciphers that use MD5 and 13530DES together. The next setting disables the two ciphers "AES256-SHA" 13531and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 13532key exchange with RSA authentication. </p> 13533 13534<p> This feature is available in Postfix 2.3 and later. </p> 13535 13536 13537</DD> 13538 13539<DT><b><a name="smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 13540(default: empty)</b></DT><DD> 13541 13542<p> List of acceptable remote SMTP server certificate fingerprints for 13543the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = 13544fingerprint). At this security level, Certification Authorities are not 13545used, and certificate expiration times are ignored. Instead, server 13546certificates are verified directly via their certificate fingerprint 13547or public key fingerprint (Postfix 2.9 and later). The fingerprint 13548is a message digest of the server certificate (or public key). The 13549digest algorithm is selected via the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> 13550parameter. </p> 13551 13552<p> The colons between each pair of nibbles in the fingerprint value 13553are optional (Postfix ≥ 3.6). These were required in earlier 13554Postfix releases. </p> 13555 13556<p> When an <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a></b> table entry specifies the 13557"fingerprint" security level, any "match" attributes in that entry specify 13558the list of valid fingerprints for the corresponding destination. Multiple 13559fingerprints can be combined with a "|" delimiter in a single match 13560attribute, or multiple match attributes can be employed. </p> 13561 13562<p> Example: Certificate fingerprint verification with internal mailhub. 13563Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple 13564physical hosts behind a load-balancer, each with its own private/public 13565key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may 13566be in the process of switching from one set of private/public keys to 13567another, and both keys are trusted just prior to the transition. </p> 13568 13569<blockquote> 13570<pre> 13571<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 13572<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 13573<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256 13574<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 13575 cd:fc:d8:db:f8:c4:82:96:6c:...:28:71:e8:f5:8d:a5:0d:9b:d4:a6 13576 dd:5c:ef:f5:c3:bc:64:25:36:...:99:36:06:ce:40:ef:de:2e:ad:a4 13577</pre> 13578</blockquote> 13579 13580<p> Example: Certificate fingerprint verification with selected destinations. 13581As in the example above, we show two matching fingerprints: </p> 13582 13583<blockquote> 13584<pre> 13585/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13586 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy 13587 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256 13588</pre> 13589</blockquote> 13590 13591<blockquote> 13592<pre> 13593/etc/postfix/tls_policy: 13594 example.com fingerprint 13595 match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76 13596 match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f 13597</pre> 13598</blockquote> 13599 13600<p> This feature is available in Postfix 2.5 and later. </p> 13601 13602 13603</DD> 13604 13605<DT><b><a name="smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 13606(default: see "postconf -d" output)</b></DT><DD> 13607 13608<p> The message digest algorithm used to construct remote SMTP server 13609certificate fingerprints. At the "fingerprint" TLS security level 13610(<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint), the server certificate is 13611verified by directly matching its certificate fingerprint or its public 13612key fingerprint (Postfix 2.9 and later). The fingerprint is the 13613message digest of the server certificate (or its public key) 13614using the selected 13615algorithm. With a digest algorithm resistant to "second pre-image" 13616attacks, it is not feasible to create a new public key and a matching 13617certificate (or public/private key-pair) that has the same fingerprint. </p> 13618 13619<p> The default algorithm is <b>sha256</b> with Postfix ≥ 3.6 13620and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix 13621≤ 3.5, the default algorithm is <b>md5</b>. </p> 13622 13623<p> The best-practice algorithm is now <b>sha256</b>. Recent advances in hash 13624function cryptanalysis have led to md5 and sha1 being deprecated in favor of 13625sha256. However, as long as there are no known "second pre-image" attacks 13626against the older algorithms, their use in this context, though not 13627recommended, is still likely safe. </p> 13628 13629<p> While additional digest algorithms are often available with OpenSSL's 13630libcrypto, only those used by libssl in SSL cipher suites are available to 13631Postfix. You'll likely find support for md5, sha1, sha256 and sha512. </p> 13632 13633<p> To find the fingerprint of a specific certificate file, with a 13634specific digest algorithm, run: 13635</p> 13636 13637<blockquote> 13638<pre> 13639$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 13640</pre> 13641</blockquote> 13642 13643<p> The text to the right of the "=" sign is the desired fingerprint. 13644For example: </p> 13645 13646<blockquote> 13647<pre> 13648$ openssl x509 -noout -fingerprint -sha256 -in cert.pem 13649SHA256 Fingerprint=D4:6A:AB:19:24:...:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 13650</pre> 13651</blockquote> 13652 13653<p> To extract the public key fingerprint from an X.509 certificate, 13654you need to extract the public key from the certificate and compute 13655the appropriate digest of its DER (ASN.1) encoding. With OpenSSL 13656the "-pubkey" option of the "x509" command extracts the public 13657key always in "PEM" format. We pipe the result to another OpenSSL 13658command that converts the key to DER and then to the "dgst" command 13659to compute the fingerprint. </p> 13660 13661<p> The actual command to transform the key to DER format depends on the 13662version of OpenSSL used. As of OpenSSL 1.0.0, the "pkey" command supports 13663all key types. </p> 13664<blockquote> 13665<pre> 13666# OpenSSL ≥ 1.0 with SHA-256 fingerprints. 13667$ openssl x509 -in cert.pem -noout -pubkey | 13668 openssl pkey -pubin -outform DER | 13669 openssl dgst -sha256 -c 13670(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:...:fc:09:1a:61:98:b5:bc:7c:60:58 13671</pre> 13672</blockquote> 13673 13674<p> The Postfix SMTP server and client log the peer (leaf) certificate 13675fingerprint and the public key fingerprint when the TLS loglevel is 2 or 13676higher. </p> 13677 13678<p> This feature is available in Postfix 2.5 and later. </p> 13679 13680 13681</DD> 13682 13683<DT><b><a name="smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> 13684(default: no)</b></DT><DD> 13685 13686<p> Lookup the associated DANE TLSA RRset even when a hostname is 13687not an alias and its address records lie in an unsigned zone. This 13688is unlikely to ever yield DNSSEC validated results, since child 13689zones of unsigned zones are also unsigned in the absence of DLV or 13690locally configured non-root trust-anchors. We anticipate that such 13691mechanisms will not be used for just the "_tcp" subdomain of a host. 13692Suppressing the TLSA RRset lookup reduces latency and avoids potential 13693interoperability problems with nameservers for unsigned zones that 13694are not prepared to handle the new TLSA RRset. </p> 13695 13696<p> This feature is available in Postfix 2.11. </p> 13697 13698 13699</DD> 13700 13701<DT><b><a name="smtp_tls_key_file">smtp_tls_key_file</a> 13702(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD> 13703 13704<p> File with the Postfix SMTP client RSA private key in PEM format. 13705This file may be combined with the Postfix SMTP client RSA certificate 13706file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. With Postfix ≥ 3.4 the 13707preferred way to configure client keys and certificates is via the 13708"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p> 13709 13710<p> The private key must be accessible without a pass-phrase, i.e. it 13711must not be encrypted. File permissions should grant read-only 13712access to the system superuser account ("root"), and no access 13713to anyone else. </p> 13714 13715<p> Example: </p> 13716 13717<pre> 13718<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 13719</pre> 13720 13721<p> This feature is available in Postfix 2.2 and later. </p> 13722 13723 13724</DD> 13725 13726<DT><b><a name="smtp_tls_loglevel">smtp_tls_loglevel</a> 13727(default: 0)</b></DT><DD> 13728 13729<p> Enable additional Postfix SMTP client logging of TLS activity. 13730Each logging level also includes the information that is logged at 13731a lower logging level. </p> 13732 13733<dl compact> 13734 13735<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 13736 13737<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion 13738— no logging of remote SMTP server certificate trust-chain 13739verification errors if server certificate verification is not required. 13740With Postfix 2.8 and earlier, log the summary message and unconditionally 13741log trust-chain verification errors. </dd> 13742 13743<dt> </dt> <dd> 2 Also enable verbose logging in the Postfix TLS 13744library, log session cache operations, and enable OpenSSL logging 13745of the progress of the SSL handshake. </dd> 13746 13747<dt> </dt> <dd> 3 Also log the hexadecimal and ASCII dump of the 13748TLS negotiation process. </dd> 13749 13750<dt> </dt> <dd> 4 Also log the hexadecimal and ASCII dump of complete 13751transmission after STARTTLS. </dd> 13752 13753</dl> 13754 13755<p> Do not use "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 2" or higher except in case of 13756problems. Use of loglevel 4 is strongly discouraged. </p> 13757 13758<p> This feature is available in Postfix 2.2 and later. </p> 13759 13760 13761</DD> 13762 13763<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 13764(default: medium)</b></DT><DD> 13765 13766<p> The minimum TLS cipher grade that the Postfix SMTP client will 13767use with 13768mandatory TLS encryption. The default value "medium" is suitable 13769for most destinations with which you may want to enforce TLS, and 13770is beyond the reach of today's cryptanalytic methods. See 13771<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers 13772on a per-destination basis. </p> 13773 13774<p> The following cipher grades are supported: </p> 13775 13776<dl> 13777<dt><b>high</b></dt> 13778<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may 13779be appropriate when all mandatory TLS destinations (e.g. when all 13780mail is routed to a suitably capable <a href="postconf.5.html#relayhost">relayhost</a>) support at least one 13781"HIGH" grade cipher. The underlying cipherlist is specified via the 13782<a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration parameter, which you are strongly 13783encouraged not to change. </dd> 13784 13785<dt><b>medium</b></dt> 13786<dd> Enable "MEDIUM" grade or better OpenSSL ciphers. 13787The underlying cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> 13788configuration parameter, which you are strongly encouraged not to change. 13789</dd> 13790 13791<dt><b>null</b></dt> 13792<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 13793without encryption. This setting is only appropriate in the rare case 13794that all servers are prepared to use NULL ciphers (not normally enabled 13795in TLS servers). A plausible use-case is an LMTP server listening on a 13796UNIX-domain socket that is configured to support "NULL" ciphers. The 13797underlying cipherlist is specified via the <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> 13798configuration parameter, which you are strongly encouraged not to 13799change. </dd> 13800 13801<dt><b>low</b></dt> 13802<dd> Enable "LOW" grade or stronger OpenSSL ciphers. In Postfix 13803≥ 3.8 this cipher grade is always identical to "medium". Recent 13804versions of OpenSSL do not support any "LOW" grade ciphers. In 13805earlier Postfix releases the underlying cipherlist was specified 13806via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration parameter, which you are 13807strongly encouraged not to change. This obsolete cipher grade 13808SHOULD NOT be used. </dd> 13809 13810<dt><b>export</b></dt> 13811<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. In Postfix 13812≥ 3.8 this cipher grade is always identical to "medium". Recent 13813versions of OpenSSL do not support any "EXPORT" grade ciphers. In 13814earlier Postfix releases the underlying cipherlist was specified 13815via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, which you are 13816strongly encouraged not to change. This obsolete cipher grade 13817SHOULD NOT be used. </dd> 13818 13819</dl> 13820 13821<p> The underlying cipherlists for grades other than "null" include 13822anonymous ciphers, but these are automatically filtered out if the 13823Postfix SMTP client is configured to verify server certificates. 13824You are very unlikely to need to take any steps to exclude anonymous 13825ciphers, they are excluded automatically as necessary. If you must 13826exclude anonymous ciphers at the "may" or "encrypt" security levels, 13827when the Postfix SMTP client does not need or use peer certificates, set 13828"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only when 13829TLS is enforced, set "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 13830 13831<p> This feature is available in Postfix 2.3 and later. </p> 13832 13833 13834</DD> 13835 13836<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 13837(default: empty)</b></DT><DD> 13838 13839<p> Additional list of ciphers or cipher types to exclude from the 13840Postfix SMTP client cipher list at mandatory TLS security levels. This list 13841works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 13842(see there for syntax details). </p> 13843 13844<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be 13845specified on a per-destination basis via the TLS policy "exclude" 13846attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for notes and examples. </p> 13847 13848<p> This feature is available in Postfix 2.3 and later. </p> 13849 13850 13851</DD> 13852 13853<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 13854(default: see "postconf -d" output)</b></DT><DD> 13855 13856<p> TLS protocols that the Postfix SMTP client will use with mandatory 13857TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, 13858commas or colons. In the policy table "protocols" attribute (see 13859<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty value 13860means allow all protocols. </p> 13861 13862<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2", 13863"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with 13864Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as 13865the lowest supported TLS protocol version (see below). Older releases 13866use the "!" exclusion syntax, also described below. </p> 13867 13868<p> As of Postfix 3.6, the preferred way to limit the range of 13869acceptable protocols is to set a lowest acceptable TLS protocol version 13870and/or a highest acceptable TLS protocol version. To set the lower 13871bound include an element of the form: ">=<i>version</i>" where 13872<i>version</i> is a either one of the TLS protocol names listed above, 13873or a hexadecimal number corresponding to the desired TLS protocol 13874version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper 13875bound, use "<=<i>version</i>". There must be no whitespace between 13876the ">=" or "<=" symbols and the protocol name or number. </p> 13877 13878<p> Hexadecimal protocol numbers make it possible to specify protocol 13879bounds for TLS versions that are known to OpenSSL, but might not be 13880known to Postfix. They cannot be used with the legacy exclusion syntax. 13881Leading "0" or "0x" prefixes are supported, but not required. 13882Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to 13883"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the 13884upper or lower bound, and a warning will be logged. Hexadecimal 13885versions should only be used when Postfix is linked with some future 13886version of OpenSSL that supports TLS 1.4 or later, but Postfix does not 13887yet support a symbolic name for that protocol version. </p> 13888 13889<p>Hexadecimal example (Postfix ≥ 3.6):</p> 13890<blockquote> 13891<pre> 13892# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported 13893# in some future version of OpenSSL (presently a warning is logged). 13894<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2, <=0305 13895# Allow only TLS 1.2 and up: 13896<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=0x0303 13897</pre> 13898</blockquote> 13899 13900<p> With Postfix < 3.6 there is no support for a minimum or maximum 13901version, and the protocol range is configured via protocol exclusions. 13902To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, 13903!SSLv3". Listing the protocols to include, rather than the protocols to 13904exclude, is supported, but not recommended. The exclusion syntax more 13905accurately matches the underlying OpenSSL interface. </p> 13906 13907<p> When using the exclusion syntax, take care to ensure that the range 13908of protocols supported by the Postfix SMTP client is contiguous. When 13909a protocol version is enabled, disabling any higher version implicitly 13910disables all versions above that higher version. Thus, for example: </p> 13911 13912<blockquote> 13913<pre> 13914<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1 13915</pre> 13916</blockquote> 13917 13918<p> also disables any protocol versions higher than TLSv1.1 leaving 13919only "TLSv1" enabled. </p> 13920 13921<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling 13922this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch 13923releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p> 13924 13925<p> While the vast majority of SMTP servers with DANE TLSA records now 13926support at least TLS 1.2, a few still only support TLS 1.0. If you use 13927"dane" or "dane-only" it is best not to disable TLSv1, except perhaps 13928via the policy table for destinations which you are sure will support 13929"TLSv1.2". </p> 13930 13931<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and 13932<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p> 13933 13934<p> Example: </p> 13935<pre> 13936# Preferred syntax with Postfix ≥ 3.6: 13937<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2, <=TLSv1.3 13938# Legacy syntax: 13939<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 13940</pre> 13941 13942<p> This feature is available in Postfix 2.3 and later. </p> 13943 13944 13945</DD> 13946 13947<DT><b><a name="smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 13948(default: no)</b></DT><DD> 13949 13950<p> Log the hostname of a remote SMTP server that offers STARTTLS, 13951when TLS is not already enabled for that server. </p> 13952 13953<p> The logfile record looks like: </p> 13954 13955<pre> 13956postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] 13957</pre> 13958 13959<p> This feature is available in Postfix 2.2 and later. </p> 13960 13961 13962</DD> 13963 13964<DT><b><a name="smtp_tls_per_site">smtp_tls_per_site</a> 13965(default: empty)</b></DT><DD> 13966 13967<p> Optional lookup tables with the Postfix SMTP client TLS usage 13968policy by next-hop destination and by remote SMTP server hostname. 13969When both lookups succeed, the more specific per-site policy (NONE, 13970MUST, etc.) overrides the less specific one (MAY), and the more secure 13971per-site policy (MUST, etc.) overrides the less secure one (NONE). 13972With Postfix 2.3 and later <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> is strongly discouraged: 13973use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 13974 13975<p> Use of the bare hostname as the per-site table lookup key is 13976discouraged. Always use the full destination nexthop (enclosed in 13977[] with a possible ":port" suffix). A recipient domain or MX-enabled 13978transport next-hop with no port suffix may look like a bare hostname, 13979but is still a suitable <i>destination</i>. </p> 13980 13981<p> Specify a next-hop destination or server hostname on the left-hand 13982side; no wildcards are allowed. The next-hop destination is either 13983the recipient domain, or the destination specified with a <a href="transport.5.html">transport(5)</a> 13984table, the <a href="postconf.5.html#relayhost">relayhost</a> parameter, or the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter. 13985On the right hand side specify one of the following keywords: </p> 13986 13987<dl> 13988 13989<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less 13990specific <b>MAY</b> lookup result from the alternate host or next-hop 13991lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, 13992and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 13993 13994<dt> MAY </dt> <dd> Try to use TLS if the server announces support, 13995otherwise use an unencrypted connection; after a failed TLS handshake 13996or TLS session, fall back to plaintext if the message has spent 13997<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> in the mail queue. This level has less precedence 13998than a more specific result (including <b>NONE</b>) from the alternate 13999host or next-hop lookup key, and has less precedence than the more 14000specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 14001= yes". </dd> 14002 14003<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not 14004require that the remote SMTP server hostname matches the information 14005in the remote SMTP server certificate, or that the server certificate 14006was issued by a trusted CA. This overrides a less secure <b>NONE</b> 14007or a less specific <b>MAY</b> lookup result from the alternate host 14008or next-hop lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, 14009<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 14010 14011<dt> MUST </dt> <dd> Require TLS encryption, require that the remote 14012SMTP server hostname matches the information in the remote SMTP 14013server certificate, and require that the remote SMTP server certificate 14014was issued by a trusted CA. This overrides a less secure <b>NONE</b> 14015or <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup 14016result from the alternate host or next-hop lookup key, and overrides 14017the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 14018settings. </dd> 14019 14020</dl> 14021 14022<p> The above keywords correspond to the "none", "may", "encrypt" and 14023"verify" security levels for the new <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> parameter 14024introduced in Postfix 2.3. Starting with Postfix 2.3, and independently 14025of how the policy is specified, the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 14026<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters apply when TLS encryption 14027is mandatory. Connections for which encryption is optional typically 14028enable all "export" grade and better ciphers (see <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> 14029and <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>). </p> 14030 14031<p> As long as no secure DNS lookup mechanism is available, false 14032hostnames in MX or CNAME responses can change the server hostname 14033that Postfix uses for TLS policy lookup and server certificate 14034verification. Even with a perfect match between the server hostname and 14035the server certificate, there is no guarantee that Postfix is connected 14036to the right server. See <a href="TLS_README.html">TLS_README</a> (Closing a DNS loophole with obsolete 14037per-site TLS policies) for a possible work-around. </p> 14038 14039<p> This feature is available in Postfix 2.2 and later. With 14040Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 14041 14042 14043</DD> 14044 14045<DT><b><a name="smtp_tls_policy_maps">smtp_tls_policy_maps</a> 14046(default: empty)</b></DT><DD> 14047 14048<p> Optional lookup tables with the Postfix SMTP client TLS security 14049policy by next-hop destination; when a non-empty value is specified, 14050this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. See 14051<a href="TLS_README.html">TLS_README</a> for a more detailed discussion of TLS security levels, 14052and see <a href="TLSRPT_README.html">TLSRPT_README</a> for additional configuration that may be 14053needed for MTA-STS plugins. </p> 14054 14055<p> 14056Specify zero or more "type:name" lookup tables, separated by 14057whitespace or comma. Tables will be searched in the specified order 14058until a match is found. 14059</p> 14060 14061<p> The TLS policy table is indexed by the full next-hop destination, 14062which is either the recipient domain, or the verbatim next-hop 14063specified in the transport table, $<a href="postconf.5.html#local_transport">local_transport</a>, $<a href="postconf.5.html#virtual_transport">virtual_transport</a>, 14064$<a href="postconf.5.html#relay_transport">relay_transport</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. This includes any enclosing 14065square brackets and any non-default destination server port suffix. The 14066LMTP socket type prefix (inet: or unix:) is not included in the lookup 14067key. </p> 14068 14069<p> Only the next-hop domain, or $<a href="postconf.5.html#myhostname">myhostname</a> with LMTP over UNIX-domain 14070sockets, is used as the nexthop name for certificate verification. The 14071port and any enclosing square brackets are used in the table lookup key, 14072but are not used for server name verification. </p> 14073 14074<p> When the lookup key is a domain name without enclosing square brackets 14075or any <i>:port</i> suffix (typically the recipient domain), and the full 14076domain is not found in the table, just as with the <a href="transport.5.html">transport(5)</a> table, 14077the parent domain starting with a leading "." is matched recursively. This 14078allows one to specify a security policy for a recipient domain and all 14079its sub-domains. </p> 14080 14081<p> The lookup result is a security level, followed by an optional list 14082of whitespace and/or comma separated name=value attributes that override 14083related <a href="postconf.5.html">main.cf</a> settings. The TLS security levels in order of increasing 14084security are: </p> 14085 14086<dl> 14087 14088<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt> 14089<dd>No TLS. No additional attributes are supported at this level. </dd> 14090 14091<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt> 14092<dd>Opportunistic TLS. Since sending in the clear is acceptable, 14093demanding stronger than default TLS security merely reduces 14094interoperability. The optional "ciphers", "exclude", and "protocols" 14095attributes (available for opportunistic TLS with Postfix ≥ 2.6) and 14096"connection_reuse" attribute (Postfix ≥ 3.4) override the 14097"<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>", "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>", 14098and "<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a>" configuration parameters. In the policy 14099table, multiple ciphers, protocols or excluded ciphers must be separated 14100by colons, as attribute values may not contain whitespace or commas. At 14101this level and higher, the optional "servername" attribute (available 14102with Postfix ≥ 3.4) overrides the global "<a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a>" 14103parameter, enabling per-destination configuration of the SNI extension 14104sent to the remote SMTP server. The optional "enable_rpk" attribute 14105(Postfix ≥ 3.9) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> parameter. 14106When opportunistic TLS handshakes fail, Postfix retries the connection 14107with TLS disabled. This allows mail delivery to sites with 14108non-interoperable TLS implementations.</dd> 14109 14110<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt> 14111<dd>Mandatory TLS encryption. Mail is delivered only if the remote SMTP 14112server offers STARTTLS and the TLS handshake succeeds. At this level and 14113higher, the optional "protocols" attribute overrides the <a href="postconf.5.html">main.cf</a> 14114<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter, the optional "ciphers" attribute 14115overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, the optional 14116"exclude" attribute (Postfix ≥ 2.6) overrides the <a href="postconf.5.html">main.cf</a> 14117<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter, and the optional 14118"connection_reuse" attribute (Postfix ≥ 3.4) overrides the <a href="postconf.5.html">main.cf</a> 14119<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. In the policy table, multiple 14120ciphers, protocols or excluded ciphers must be separated by colons, as 14121attribute values may not contain whitespace or commas. The optional 14122"enable_rpk" attribute (Postfix ≥ 3.9) overrides the <a href="postconf.5.html">main.cf</a> 14123<a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> parameter. </dd> 14124 14125<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt> 14126<dd>Opportunistic DANE TLS. The TLS policy for the destination is 14127obtained via TLSA records in DNSSEC. If no TLSA records are found, 14128the effective security level used is <a 14129href="TLS_README.html#client_tls_may">may</a>. If TLSA records are 14130found, but none are usable, the effective security level is <a 14131href="TLS_README.html#client_tls_encrypt">encrypt</a>. When usable 14132TLSA records are obtained for the remote SMTP server, the 14133server certificate must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) 14134TLS authentication and DNSSEC support is available with Postfix 141352.11 and later. The optional "connection_reuse" attribute (Postfix 14136≥ 3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. 14137When the effective security level used is <a 14138href="TLS_README.html#client_tls_may">may</a>, the optional "ciphers", 14139"exclude", and "protocols" attributes (Postfix ≥ 2.6) override the 14140"<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" 14141configuration parameters. 14142When the effective security level used is <a 14143href="TLS_README.html#client_tls_encrypt">encrypt</a>, the optional "ciphers", 14144"exclude", and "protocols" attributes (Postfix ≥ 2.6) override the 14145"<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and 14146"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" configuration parameters. 14147</dd> 14148 14149<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt> 14150<dd>Mandatory DANE TLS. The TLS policy for the destination is 14151obtained via TLSA records in DNSSEC. If no TLSA records are found, 14152or none are usable, no connection is made to the server. When 14153usable TLSA records are obtained for the remote SMTP server, the 14154server certificate must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS 14155authentication and DNSSEC support is available with Postfix 2.11 14156and later. The optional "ciphers", "exclude", and "protocols" attributes 14157(Postfix ≥ 2.6) override the "<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", 14158"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" 14159configuration parameters. The optional "connection_reuse" attribute 14160(Postfix ≥ 3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. 14161</dd> 14162 14163<dt><b><a href="TLS_README.html#client_tls_fprint">fingerprint</a></b></dt> 14164<dd>Certificate fingerprint 14165verification. Available with Postfix 2.5 and later. At this security 14166level, there are no trusted Certification Authorities. The certificate 14167trust chain, expiration date, ... are not checked. Instead, 14168the optional policy table "match" attribute, or else the <a href="postconf.5.html">main.cf</a> 14169<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter, lists the certificate 14170fingerprints or the public key fingerprints (Postfix 2.9 and later) 14171of acceptable server certificates. The digest 14172algorithm used to calculate the fingerprint is selected by the 14173<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can 14174be combined with a "|" delimiter in a single match attribute, or multiple 14175match attributes can be employed. The ":" character is not used as a 14176delimiter as it occurs between each pair of fingerprint (hexadecimal) 14177digits. The optional "ciphers", "exclude", and "protocols" attributes 14178(Postfix ≥ 2.6) override the "<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", 14179"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" 14180configuration parameters. The optional "connection_reuse" attribute 14181(Postfix ≥ 3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> 14182parameter. The optional "enable_rpk" attribute (Postfix ≥ 3.9) 14183overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> parameter. </dd> 14184 14185<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt> 14186<dd>Mandatory TLS verification. Mail is delivered only if the TLS 14187handshake succeeds, the remote SMTP server certificate chain can be 14188validated, and a DNS name in the certificate matches the specified match 14189criteria. At this security level, DNS MX lookups are presumed to be 14190secure enough, and the name verified in the server certificate is 14191potentially obtained via unauthenticated DNS MX lookups. The optional 14192"match" attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 14193parameter. In the policy table, multiple match patterns and strategies 14194must be separated by colons. In practice explicit control over matching 14195is more common with the "secure" policy, described below. The optional 14196"ciphers", "exclude", and "protocols" attributes (Postfix ≥ 2.6) 14197override the "<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", 14198"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" 14199configuration parameters. With Postfix ≥ 2.11 the optional "tafile" 14200policy table attribute modifies trust chain verification in the same 14201manner as the "<a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>" parameter. The "tafile" 14202attribute may be specified multiple times to load multiple trust-anchor 14203files. The optional "connection_reuse" attribute (Postfix ≥ 3.4) 14204overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. </dd> 14205 14206<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt> 14207<dd>Secure certificate verification. Mail is delivered only if the TLS 14208handshake succeeds, the remote SMTP server certificate chain can be 14209validated, and a DNS name in the certificate matches the specified match 14210criteria. At this security level, DNS MX lookups, though potentially 14211used to determine the candidate next-hop gateway IP addresses, are 14212<b>not</b> presumed to be secure enough for TLS peername verification. 14213Instead, the default name verified in the server certificate is obtained 14214directly from the next-hop, or is explicitly specified via the optional 14215"match" attribute which overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 14216parameter. In the policy table, multiple match patterns and strategies 14217must be separated by colons. The match attribute is most useful when 14218multiple domains are supported by a common server: the policy entries 14219for additional domains specify matching rules for the primary domain 14220certificate. While transport table overrides that route the secondary 14221domains to the primary nexthop also allow secure verification, they risk 14222delivery to the wrong destination when domains change hands or are 14223re-assigned to new gateways. With the "match" attribute approach, 14224routing is not perturbed, and mail is deferred if verification of a new 14225MX host fails. The optional "ciphers", "exclude", and "protocols" 14226attributes (Postfix ≥ 2.6) override the "<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", 14227"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" 14228configuration parameters. With Postfix ≥ 2.11 the "tafile" attribute 14229optionally modifies trust chain verification in the same manner as the 14230"<a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>" parameter. The "tafile" attribute may be 14231specified multiple times to load multiple trust-anchor files. The 14232optional "connection_reuse" attribute (Postfix ≥ 3.4) overrides the 14233<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. </dd> 14234 14235</dl> 14236 14237<p> 14238Example: 14239</p> 14240 14241<pre> 14242/etc/postfix/<a href="postconf.5.html">main.cf</a>: 14243 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy 14244 # Postfix 2.5 and later. 14245 # 14246 # The default digest is sha256 with Postfix ≥ 3.6 and 14247 # compatibility level ≥ 3. 14248 # 14249 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256 14250</pre> 14251 14252<pre> 14253/etc/postfix/tls_policy: 14254 example.edu none 14255 example.mil may 14256 example.gov encrypt protocols=TLSv1 14257 example.com verify ciphers=high 14258 example.net secure 14259 .example.net secure match=.example.net:example.net 14260 [mail.example.org]:587 secure match=nexthop 14261 # Postfix 2.5 and later 14262 [thumb.example.org] fingerprint 14263 match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f 14264 match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76 14265</pre> 14266 14267<p> <b>Note:</b> The "hostname" strategy if listed in a non-default 14268setting of <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> or in the "match" attribute 14269in the policy table can render the "secure" level vulnerable to 14270DNS forgery. Do not use the "hostname" strategy for secure-channel 14271configurations in environments where DNS security is not assured. </p> 14272 14273<p> This feature is available in Postfix 2.3 and later. </p> 14274 14275 14276</DD> 14277 14278<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a> 14279(default: see 'postconf -d' output)</b></DT><DD> 14280 14281<p> TLS protocols that the Postfix SMTP client will use with 14282opportunistic TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by 14283whitespace, commas or colons. In the policy table "protocols" attribute 14284(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty 14285value means allow all protocols. </p> 14286 14287<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2", 14288"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with 14289Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as 14290the lowest supported TLS protocol version (see below). Older releases 14291use the "!" exclusion syntax, also described below. </p> 14292 14293<p> As of Postfix 3.6, the preferred way to limit the range of 14294acceptable protocols is to set the lowest acceptable TLS protocol 14295version and/or the highest acceptable TLS protocol version. To set the 14296lower bound include an element of the form: ">=<i>version</i>" where 14297<i>version</i> is either one of the TLS protocol names listed above, 14298or a hexadecimal number corresponding to the desired TLS protocol 14299version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper 14300bound, use "<=<i>version</i>". There must be no whitespace between 14301the ">=" or "<=" symbols and the protocol name or number. </p> 14302 14303<p> Hexadecimal protocol numbers make it possible to specify protocol 14304bounds for TLS versions that are known to OpenSSL, but might not be 14305known to Postfix. They cannot be used with the legacy exclusion syntax. 14306Leading "0" or "0x" prefixes are supported, but not required. 14307Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to 14308"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the 14309upper or lower bound, and a warning will be logged. Hexadecimal 14310versions should only be used when Postfix is linked with some future 14311version of OpenSSL that supports TLS 1.4 or later, but Postfix does not 14312yet support a symbolic name for that protocol version. </p> 14313 14314<p>Hexadecimal example (Postfix ≥ 3.6):</p> 14315<blockquote> 14316<pre> 14317# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported 14318# in some future version of OpenSSL (presently a warning is logged). 14319<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=TLSv1, <=0305 14320# Allow only TLS 1.0 and up: 14321<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=0x0301 14322</pre> 14323</blockquote> 14324 14325<p> With Postfix < 3.6 there is no support for a minimum or maximum 14326version, and the protocol range is configured via protocol exclusions. 14327To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". 14328Listing the protocols to include, rather than protocols to exclude, is 14329supported, but not recommended. The exclusion form more accurately 14330matches the underlying OpenSSL interface. </p> 14331 14332<p> When using the exclusion syntax, take care to ensure that the range of 14333protocols advertised by an SSL/TLS client is contiguous. When a protocol 14334version is enabled, disabling any higher version implicitly disables all 14335versions above that higher version. Thus, for example: 14336</p> 14337<blockquote> 14338<pre> 14339<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1 14340</pre> 14341</blockquote> 14342<p> also disables any protocols version higher than TLSv1.1 leaving 14343only "TLSv1" enabled. </p> 14344 14345<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling 14346this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch 14347releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p> 14348 14349<p> Example: </p> 14350<pre> 14351# Preferred syntax with Postfix ≥ 3.6: 14352<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=TLSv1, <=TLSv1.3 14353# Legacy syntax: 14354<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3 14355</pre> 14356 14357<p> This feature is available in Postfix 2.6 and later. </p> 14358 14359 14360</DD> 14361 14362<DT><b><a name="smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 14363(default: 9)</b></DT><DD> 14364 14365<p> The verification depth for remote SMTP server certificates. A depth 14366of 1 is sufficient if the issuing CA is listed in a local CA file. </p> 14367 14368<p> The default verification depth is 9 (the OpenSSL default) for 14369compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 14370the default value was 5, but the limit was not actually enforced. If 14371you have set this to a lower non-default value, certificates with longer 14372trust chains may now fail to verify. Certificate chains with 1 or 2 14373CAs are common, deeper chains are more rare and any number between 5 14374and 9 should suffice in practice. You can choose a lower number if, 14375for example, you trust certificates directly signed by an issuing CA 14376but not any CAs it delegates to. </p> 14377 14378<p> This feature is available in Postfix 2.2 and later. </p> 14379 14380 14381</DD> 14382 14383<DT><b><a name="smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 14384(default: nexthop, dot-nexthop)</b></DT><DD> 14385 14386<p> How the Postfix SMTP client verifies the server certificate 14387peername for the "secure" TLS security level. In a "secure" TLS policy table 14388($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 14389overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 14390 14391<p> This parameter specifies one or more patterns or strategies separated 14392by commas, whitespace or colons. In the policy table the only valid 14393separator is the colon character. </p> 14394 14395<p> For a description of the pattern and strategy syntax see the 14396<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. The "hostname" strategy should 14397be avoided in this context, as in the absence of a secure global DNS, using 14398the results of MX lookups in certificate verification is not immune to active 14399(man-in-the-middle) attacks on DNS. </p> 14400 14401<p> 14402Sample <a href="postconf.5.html">main.cf</a> setting: 14403</p> 14404 14405<blockquote> 14406<pre> 14407<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop 14408</pre> 14409</blockquote> 14410 14411<p> 14412Sample policy table override: 14413</p> 14414 14415<blockquote> 14416<pre> 14417example.net secure match=example.com:.example.com 14418.example.net secure match=example.com:.example.com 14419</pre> 14420</blockquote> 14421 14422<p> This feature is available in Postfix 2.3 and later. </p> 14423 14424 14425</DD> 14426 14427<DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a> 14428(default: empty)</b></DT><DD> 14429 14430<p> The default SMTP TLS security level for the Postfix SMTP client. 14431When a non-empty value is specified, this overrides the obsolete 14432parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>; 14433when no value is specified for <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> or the obsolete 14434parameters, the default SMTP TLS security level is 14435<a href="TLS_README.html#client_tls_none">none</a>. </p> 14436 14437<p> Specify one of the following security levels: </p> 14438 14439<dl> 14440 14441<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt> 14442<dd> No TLS. TLS will not be used unless enabled for specific 14443destinations via <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </dd> 14444 14445<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt> 14446<dd> Opportunistic TLS. Use TLS if this is supported by the remote 14447SMTP server, otherwise use plaintext; after a failed TLS handshake 14448or TLS session, fall back to plaintext if the message has spent 14449<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> in the mail queue. Since 14450sending in the clear is acceptable, demanding stronger than default TLS 14451security merely reduces interoperability. 14452The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" (Postfix ≥ 2.6) 14453configuration parameters provide control over the protocols and 14454cipher grade used with opportunistic TLS. With earlier releases the 14455opportunistic TLS cipher grade is always "export" and no protocols 14456are disabled. 14457When TLS handshakes fail, the connection is retried with TLS disabled. 14458This allows mail delivery to sites with non-interoperable TLS 14459implementations. </dd> 14460 14461<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt> 14462<dd>Mandatory TLS encryption. Since a minimum 14463level of security is intended, it is reasonable to be specific about 14464sufficiently secure protocol versions and ciphers. At this security level 14465and higher, the <a href="postconf.5.html">main.cf</a> parameters <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> and 14466<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> specify the TLS protocols and minimum 14467cipher grade which the administrator considers secure enough for 14468mandatory encrypted sessions. This security level is not an appropriate 14469default for systems delivering mail to the Internet. </dd> 14470 14471<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt> 14472<dd>Opportunistic DANE TLS. At this security level, the TLS policy 14473for the destination is obtained via DNSSEC. For TLSA policy to be 14474in effect, the destination domain's containing DNS zone must be 14475signed and the Postfix SMTP client's operating system must be 14476configured to send its DNS queries to a recursive DNS nameserver 14477that is able to validate the signed records. Each MX host's DNS 14478zone should also be signed, and should publish DANE TLSA (<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) 14479records that specify how that MX host's TLS certificate is to be 14480verified. TLSA records do not preempt the normal SMTP MX host 14481selection algorithm, if some MX hosts support TLSA and others do 14482not, TLS security will vary from delivery to delivery. It is up 14483to the domain owner to configure their MX hosts and their DNS 14484sensibly. To configure the Postfix SMTP client for DNSSEC lookups 14485see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> <a href="postconf.5.html">main.cf</a> 14486parameter. When DNSSEC-validated TLSA records are not found the 14487effective tls security level is "may". When TLSA records are found, 14488but are all unusable the effective security level is "encrypt". For 14489purposes of protocol and cipher selection, the "dane" security level 14490is treated like a "mandatory" TLS security level, and weak ciphers 14491and protocols are disabled. Since DANE authenticates server 14492certificates the "aNULL" cipher-suites are transparently excluded 14493at this level, no need to configure this manually. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) 14494TLS authentication is available with Postfix 2.11 and later. </dd> 14495 14496<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt> 14497<dd>Mandatory DANE TLS. This is just like "dane" above, but DANE 14498TLSA authentication is required. There is no fallback to "may" or 14499"encrypt" when TLSA records are missing or unusable. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> 14500(DANE) TLS authentication is available with Postfix 2.11 and later. 14501</dd> 14502 14503<dt><b><a href="TLS_README.html#client_tls_fprint">fingerprint</a></b></dt> 14504<dd>Certificate fingerprint verification. 14505At this security level, there are no trusted Certification Authorities. 14506The certificate trust chain, expiration date, etc., are 14507not checked. Instead, the <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> 14508parameter lists the certificate fingerprint or public key fingerprint 14509(Postfix 2.9 and later) of the valid server certificate. The digest 14510algorithm used to calculate the fingerprint is selected by the 14511<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Available with Postfix 145122.5 and later. </dd> 14513 14514<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt> 14515<dd>Mandatory TLS verification. At this security 14516level, DNS MX lookups are trusted to be secure enough, and the name 14517verified in the server certificate is usually obtained indirectly 14518via unauthenticated DNS MX lookups. The <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 14519parameter controls how the server name is verified. In practice explicit 14520control over matching is more common at the "secure" level, described 14521below. This security level is not an appropriate default for systems 14522delivering mail to the Internet. </dd> 14523 14524<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt> 14525<dd>Secure-channel TLS. At this security level, 14526DNS MX lookups, though potentially used to determine the candidate 14527next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough 14528for TLS peername verification. Instead, the default name verified in 14529the server certificate is obtained from the next-hop domain as specified 14530in the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> configuration parameter. The default 14531matching rule is that a server certificate matches when its name is equal 14532to or is a sub-domain of the nexthop domain. This security level is not 14533an appropriate default for systems delivering mail to the Internet. </dd> 14534 14535</dl> 14536 14537<p> 14538Examples: 14539</p> 14540 14541<pre> 14542# No TLS. Formerly: <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>=no and <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>=no. 14543<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none 14544</pre> 14545 14546<pre> 14547# Opportunistic TLS. 14548<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may 14549# Do not tweak opportunistic ciphers or protocols unless it is essential 14550# to do so (if a security vulnerability is found in the SSL library that 14551# can be mitigated by disabling a particular protocol or raising the 14552# cipher grade). 14553<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = medium 14554<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=TLSv1 14555# Legacy (Postfix < 3.6) syntax: 14556<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3 14557</pre> 14558 14559<pre> 14560# Mandatory (high-grade) TLS encryption. 14561<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt 14562<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 14563</pre> 14564 14565<pre> 14566# Authenticated TLS 1.2 or better matching the nexthop domain or a 14567# subdomain. 14568<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure 14569<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 14570<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2 14571<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop, dot-nexthop 14572</pre> 14573 14574<pre> 14575# Certificate fingerprint verification (Postfix ≥ 2.5). 14576# The CA-less "fingerprint" security level only scales to a limited 14577# number of destinations. As a global default rather than a per-site 14578# setting, this is practical only when mail for all recipients is sent 14579# to a central mail hub. 14580<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 14581<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 14582<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2 14583<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 14584<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 14585 3D:95:34:51:...:40:99:C0:C1 14586 EC:3B:2D:B0:...:A3:9D:72:F6 14587</pre> 14588 14589<p> This feature is available in Postfix 2.3 and later. </p> 14590 14591 14592</DD> 14593 14594<DT><b><a name="smtp_tls_servername">smtp_tls_servername</a> 14595(default: empty)</b></DT><DD> 14596 14597<p> Optional name to send to the remote SMTP server in the TLS Server 14598Name Indication (SNI) extension. The SNI extension is always on when 14599DANE is used to authenticate the server, and in that case the SNI name 14600sent is the one required by <a href="https://tools.ietf.org/html/rfc7672">RFC7672</a> and this parameter is ignored. </p> 14601 14602<p> Some SMTP servers use the received SNI name to select an appropriate 14603certificate chain to present to the client. While this may improve 14604interoperability with such servers, it may reduce interoperability with 14605other servers that choose to abort the connection when they don't have a 14606certificate chain configured for the requested name. Such servers 14607should select a default certificate chain and continue the handshake, 14608but some may not. Therefore, absent DANE, no SNI name is sent by 14609default. </p> 14610 14611<p> The SNI name must be either a valid DNS hostname, or else one of the 14612special values <b>hostname</b> or <b>nexthop</b>, which select either the 14613remote hostname or the nexthop domain respectively. DNS names for SNI must be 14614in A-label (punycode) form. Invalid DNS names log a configuration error 14615warning and mail delivery is deferred. </p> 14616 14617<p> Except when using a <a href="postconf.5.html#relayhost">relayhost</a> to forward all email, the only 14618sensible non-empty <a href="postconf.5.html">main.cf</a> setting for this parameter is 14619<b>hostname</b>. Other non-empty values are only practical on a 14620per-destination basis via the <b>servername</b> attribute of the Postfix 14621TLS <a href="TLS_README.html#client_tls_policy">policy table</a>. When 14622in doubt, leave this parameter empty, and configure per-destination SNI 14623as needed. </p> 14624 14625<p> This feature is available in Postfix 3.4 and later. </p> 14626 14627 14628</DD> 14629 14630<DT><b><a name="smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 14631(default: empty)</b></DT><DD> 14632 14633<p> Name of the file containing the optional Postfix SMTP client 14634TLS session cache. Specify a database type that supports enumeration, 14635such as <b>btree</b> or <b>sdbm</b>; there is no need to support 14636concurrent access. The file is created if it does not exist. The <a href="smtp.8.html">smtp(8)</a> 14637daemon does not use this parameter directly, rather the cache is 14638implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 14639per-smtp-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not effective. 14640Note that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon: 14641$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 14642(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to 14643be stored separately. It is not at this time possible to store multiple 14644caches in a single database. </p> 14645 14646<p> Note: <b>dbm</b> databases are not suitable. TLS 14647session objects are too large. </p> 14648 14649<p> As of version 2.5, Postfix no longer uses root privileges when 14650opening this file. The file should now be stored under the Postfix-owned 14651<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 14652under a non-Postfix directory is redirected to the Postfix-owned 14653<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 14654 14655<p> Example: </p> 14656 14657<pre> 14658<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/smtp_scache 14659</pre> 14660 14661<p> This feature is available in Postfix 2.2 and later. </p> 14662 14663 14664</DD> 14665 14666<DT><b><a name="smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 14667(default: 3600s)</b></DT><DD> 14668 14669<p> The expiration time of Postfix SMTP client TLS session cache 14670information. A cache cleanup is performed periodically 14671every $<a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> seconds. As with 14672$<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>, this parameter is implemented in the 14673<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtp-instance <a href="master.5.html">master.cf</a> overrides 14674are not possible. </p> 14675 14676<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set 14677≤ 0, session caching is disabled. If set to a positive value 14678less than 2 minutes, the minimum value of 2 minutes is used instead. </p> 14679 14680<p> Specify a non-zero time value (an integral value plus an optional 14681one-letter suffix that specifies the time unit). Time units: s 14682(seconds), m (minutes), h (hours), d (days), w (weeks). 14683The default time unit is s (seconds). </p> 14684 14685<p> This feature is available in Postfix 2.2 and later. </p> 14686 14687 14688</DD> 14689 14690<DT><b><a name="smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> 14691(default: empty)</b></DT><DD> 14692 14693<p> Zero or more PEM-format files with trust-anchor certificates 14694and/or public keys. If the parameter is not empty the root CAs in 14695CAfile and CApath are no longer trusted. Rather, the Postfix SMTP 14696client will only trust certificate-chains signed by one of the 14697trust-anchors contained in the chosen files. The specified 14698trust-anchor certificates and public keys are not subject to 14699expiration, and need not be (self-signed) root CAs. They may, if 14700desired, be intermediate certificates. Therefore, these certificates 14701also may be found "in the middle" of the trust chain presented by 14702the remote SMTP server, and any untrusted issuing parent certificates 14703will be ignored. Specify a list of pathnames separated by comma 14704or whitespace. </p> 14705 14706<p> Whether specified in <a href="postconf.5.html">main.cf</a>, or on a per-destination basis, 14707the trust-anchor PEM file must be accessible to the Postfix SMTP 14708client in the chroot jail if applicable. The trust-anchor file 14709should contain only certificates and public keys, no private key 14710material, and must be readable by the non-privileged $<a href="postconf.5.html#mail_owner">mail_owner</a> 14711user. This allows destinations to be bound to a set of specific 14712CAs or public keys without trusting the same CAs for all destinations. 14713</p> 14714 14715<p> The <a href="postconf.5.html">main.cf</a> parameter supports single-purpose Postfix installations 14716that send mail to a fixed set of SMTP peers. At most sites, if 14717trust-anchor files are used at all, they will be specified on a 14718per-destination basis via the "tafile" attribute of the "verify" 14719and "secure" levels in <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </p> 14720 14721<p> The underlying mechanism is in support of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE TLSA), 14722which defines mechanisms for an SMTP client MTA to securely determine 14723server TLS certificates via DNS. </p> 14724 14725<p> If you want your trust anchors to be public keys, with OpenSSL 14726you can extract a single PEM public key from a PEM X.509 file 14727containing a single certificate, as follows: </p> 14728 14729<blockquote> 14730<pre> 14731$ openssl x509 -in cert.pem -out ta-key.pem -noout -pubkey 14732</pre> 14733</blockquote> 14734 14735<p> This feature is available in Postfix 2.11 and later. </p> 14736 14737 14738</DD> 14739 14740<DT><b><a name="smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 14741(default: hostname)</b></DT><DD> 14742 14743<p> How the Postfix SMTP client verifies the server certificate 14744peername for the 14745"verify" TLS security level. In a "verify" TLS policy table 14746($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 14747overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 14748 14749<p> This parameter specifies one or more patterns or strategies separated 14750by commas, whitespace or colons. In the policy table the only valid 14751separator is the colon character. </p> 14752 14753<p> Patterns specify domain names, or domain name suffixes: </p> 14754 14755<dl> 14756 14757<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain, 14758i.e. one of the names in the server certificate must be <i>example.com</i>. 14759Upper and lower case distinctions are ignored. </dd> 14760 14761<dt><i>.example.com</i></dt> 14762<dd> Match subdomains of the <i>example.com</i> domain, i.e. match 14763a name in the server certificate that consists of a non-zero number of 14764labels followed by a <i>.example.com</i> suffix. Case distinctions are 14765ignored.</dd> 14766 14767</dl> 14768 14769<p> Strategies specify a transformation from the next-hop domain 14770to the expected name in the server certificate: </p> 14771 14772<dl> 14773 14774<dt>nexthop</dt> 14775<dd> Match against the next-hop domain, which is either the recipient 14776domain, or the transport next-hop configured for the domain stripped of 14777any optional socket type prefix, enclosing square brackets and trailing 14778port. When MX lookups are not suppressed, this is the original nexthop 14779domain prior to the MX lookup, not the result of the MX lookup. For 14780LMTP delivery via UNIX-domain sockets, the verified next-hop name is 14781$<a href="postconf.5.html#myhostname">myhostname</a>. This strategy is suitable for use with the "secure" 14782policy. Case is ignored.</dd> 14783 14784<dt>dot-nexthop</dt> 14785<dd> As above, but match server certificate names that are subdomains 14786of the next-hop domain. Case is ignored.</dd> 14787 14788<dt>hostname</dt> <dd> Match against the hostname of the server, often 14789obtained via an unauthenticated DNS MX lookup. For LMTP delivery via 14790UNIX-domain sockets, the verified name is $<a href="postconf.5.html#myhostname">myhostname</a>. This matches 14791the verification strategy of the "MUST" keyword in the obsolete 14792<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, and is suitable for use with the "verify" 14793security level. When the next-hop name is enclosed in square brackets 14794to suppress MX lookups, the "hostname" strategy is the same as the 14795"nexthop" strategy. Case is ignored.</dd> 14796 14797</dl> 14798 14799<p> 14800Sample <a href="postconf.5.html">main.cf</a> setting: 14801</p> 14802 14803<pre> 14804<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop 14805</pre> 14806 14807<p> 14808Sample policy table override: 14809</p> 14810 14811<pre> 14812example.com verify match=hostname:nexthop 14813.example.com verify match=example.com:.example.com:hostname 14814</pre> 14815 14816<p> This feature is available in Postfix 2.3 and later. </p> 14817 14818 14819</DD> 14820 14821<DT><b><a name="smtp_tls_wrappermode">smtp_tls_wrappermode</a> 14822(default: no)</b></DT><DD> 14823 14824<p> Request that the Postfix SMTP client connects using the 14825SUBMISSIONS (formerly called SMTPS) protocol instead of using the 14826STARTTLS command. </p> 14827 14828<p> This mode requires "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt" or 14829stronger. </p> 14830 14831<p> Example: deliver all remote mail via a provider's submissions 14832service at "mail.example.com". </p> 14833 14834<pre> 14835/etc/postfix/<a href="postconf.5.html">main.cf</a>: 14836 # Client-side SUBMISSIONS requires "encrypt" or stronger. 14837 <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt 14838 <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> = yes 14839 # The [] suppress MX lookups. 14840 <a href="postconf.5.html#relayhost">relayhost</a> = [mail.example.com]:submissions 14841</pre> 14842 14843<p> More examples are in <a href="TLS_README.html">TLS_README</a>, including examples for older 14844Postfix versions. </p> 14845 14846<p> This feature is available in Postfix 3.0 and later. </p> 14847 14848 14849</DD> 14850 14851<DT><b><a name="smtp_tlsrpt_enable">smtp_tlsrpt_enable</a> 14852(default: no)</b></DT><DD> 14853 14854<p> Enable support for <a href="https://tools.ietf.org/html/rfc8460">RFC 8460</a> TLSRPT notifications. A mail receiving 14855domain can publish a TLSRPT policy in DNS, to request periodic 14856summaries of successful and failed SMTP over TLS connections to 14857their MX servers. This feature requires that Postfix is built 14858with a TLSRPT supporting library. </p> 14859 14860<p> See <a href="TLSRPT_README.html">TLSRPT_README</a> for configuration examples and additional 14861requirements for MTA-STS <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plugins. </p> 14862 14863<p> This feature is available in Postfix ≥ 3.10. </p> 14864 14865 14866</DD> 14867 14868<DT><b><a name="smtp_tlsrpt_skip_reused_handshakes">smtp_tlsrpt_skip_reused_handshakes</a> 14869(default: yes)</b></DT><DD> 14870 14871<p> Do not report the TLSRPT status for TLS protocol handshakes 14872that reuse a previously-negotiated TLS session (there is no new 14873information to report). Report the TLSRPT status only for "new" TLS 14874sessions. Set this to "no" to log the TLSRPT status of all TLS 14875handshakes, for example to troubleshoot Postfix TLSRPT support. 14876</p> 14877 14878<p> Note: if an SMTP over TLS connection is reused, there is no 14879second etc. TLS handshake to report. </p> 14880 14881<p> This feature is available in Postfix ≥ 3.10. </p> 14882 14883 14884</DD> 14885 14886<DT><b><a name="smtp_tlsrpt_socket_name">smtp_tlsrpt_socket_name</a> 14887(default: empty)</b></DT><DD> 14888 14889<p> The pathname of a UNIX-domain datagram socket that is managed 14890by a local TLSRPT reporting service. This parameter must specify a 14891pathname (absolute, or relative to $<a href="postconf.5.html#queue_directory">queue_directory</a>) when 14892"<a href="postconf.5.html#smtp_tlsrpt_enable">smtp_tlsrpt_enable</a> = yes". </p> 14893 14894<p> See <a href="TLSRPT_README.html">TLSRPT_README</a> for configuration examples and additional 14895requirements for MTA-STS <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plugins. </p> 14896 14897<p> This feature is available in Postfix ≥ 3.10. </p> 14898 14899 14900</DD> 14901 14902<DT><b><a name="smtp_use_tls">smtp_use_tls</a> 14903(default: no)</b></DT><DD> 14904 14905<p> Opportunistic mode: use TLS when a remote SMTP server announces 14906STARTTLS support, otherwise send the mail in the clear. Beware: 14907some SMTP servers offer STARTTLS even if it is not configured. With 14908Postfix < 2.3, if the TLS handshake fails, and no other server is 14909available, delivery is deferred and mail stays in the queue. If this 14910is a concern for you, use the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> feature instead. </p> 14911 14912<p> This feature is available in Postfix 2.2 and later. With 14913Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 14914 14915 14916</DD> 14917 14918<DT><b><a name="smtp_xforward_timeout">smtp_xforward_timeout</a> 14919(default: 300s)</b></DT><DD> 14920 14921<p> 14922The Postfix SMTP client time limit for sending the XFORWARD command, 14923and for receiving the remote SMTP server response. 14924</p> 14925 14926<p> Specify a non-zero time value (an integral value plus an optional 14927one-letter suffix that specifies the time unit). Time units: s 14928(seconds), m (minutes), h (hours), d (days), w (weeks). 14929The default time unit is s (seconds). </p> 14930 14931<p> 14932This feature is available in Postfix 2.1 and later. 14933</p> 14934 14935 14936</DD> 14937 14938<DT><b><a name="smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 14939(default: $<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b></DT><DD> 14940 14941<p> What remote SMTP clients are allowed to specify the XVERP command. 14942This command requests that mail be delivered one recipient at a 14943time with a per recipient return address. </p> 14944 14945<p> By default, no clients are allowed to specify XVERP. </p> 14946 14947<p> This parameter was renamed with Postfix version 2.1. The default value 14948is backwards compatible with Postfix version 2.0. </p> 14949 14950<p> Specify a list of network/netmask patterns, separated by commas 14951and/or whitespace. The mask specifies the number of bits in the 14952network part of a host address. You can also specify hostnames or 14953.domain names (the initial dot causes the domain to match any name 14954below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 14955pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 14956is matched when a table entry matches a lookup string (the lookup 14957result is ignored). Continue long lines by starting the next line 14958with whitespace. Specify "!pattern" to exclude an address or network 14959block from the list. The form "!/file/name" is supported only in 14960Postfix version 2.4 and later. </p> 14961 14962<p> Note: IP version 6 address information must be specified inside 14963<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> value, and in 14964files specified with "/file/name". IP version 6 addresses contain 14965the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 14966pattern. </p> 14967 14968 14969</DD> 14970 14971<DT><b><a name="smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> 14972(default: empty)</b></DT><DD> 14973 14974<p> 14975What remote SMTP clients are allowed to use the XCLIENT feature. This 14976command overrides remote SMTP client information that is used for access 14977control. Typical use is for SMTP-based content filters, fetchmail-like 14978programs, or SMTP server access rule testing. See the <a href="XCLIENT_README.html">XCLIENT_README</a> 14979document for details. 14980</p> 14981 14982<p> 14983This feature is available in Postfix 2.1 and later. 14984</p> 14985 14986<p> 14987By default, no clients are allowed to specify XCLIENT. 14988</p> 14989 14990<p> 14991Specify a list of network/netmask patterns, separated by commas 14992and/or whitespace. The mask specifies the number of bits in the 14993network part of a host address. You can also specify hostnames or 14994.domain names (the initial dot causes the domain to match any name 14995below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 14996pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 14997is matched when a table entry matches a lookup string (the lookup 14998result is ignored). Continue long lines by starting the next line 14999with whitespace. Specify "!pattern" to exclude an address or network 15000block from the list. The form "!/file/name" is supported only in 15001Postfix version 2.4 and later. </p> 15002 15003<p> Note: IP version 6 address information must be specified inside 15004<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> value, and in 15005files specified with "/file/name". IP version 6 addresses contain 15006the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 15007pattern. </p> 15008 15009 15010</DD> 15011 15012<DT><b><a name="smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> 15013(default: empty)</b></DT><DD> 15014 15015<p> 15016What remote SMTP clients are allowed to use the XFORWARD feature. This 15017command forwards information that is used to improve logging after 15018SMTP-based content filters. See the <a href="XFORWARD_README.html">XFORWARD_README</a> document for 15019details. 15020</p> 15021 15022<p> 15023This feature is available in Postfix 2.1 and later. 15024</p> 15025 15026<p> 15027By default, no clients are allowed to specify XFORWARD. 15028</p> 15029 15030<p> 15031Specify a list of network/netmask patterns, separated by commas 15032and/or whitespace. The mask specifies the number of bits in the 15033network part of a host address. You can also specify hostnames or 15034.domain names (the initial dot causes the domain to match any name 15035below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 15036pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 15037is matched when a table entry matches a lookup string (the lookup 15038result is ignored). Continue long lines by starting the next line 15039with whitespace. Specify "!pattern" to exclude an address or network 15040block from the list. The form "!/file/name" is supported only in 15041Postfix version 2.4 and later. </p> 15042 15043<p> Note: IP version 6 address information must be specified inside 15044<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> value, and in 15045files specified with "/file/name". IP version 6 addresses contain 15046the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 15047pattern. </p> 15048 15049 15050</DD> 15051 15052<DT><b><a name="smtpd_banner">smtpd_banner</a> 15053(default: $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b></DT><DD> 15054 15055<p> 15056The text that follows the 220 status code in the SMTP greeting 15057banner. Some people like to see the mail version advertised. By 15058default, Postfix shows no version. 15059</p> 15060 15061<p> 15062You MUST specify $<a href="postconf.5.html#myhostname">myhostname</a> at the start of the text. This is 15063required by the SMTP protocol. 15064</p> 15065 15066<p> 15067Example: 15068</p> 15069 15070<pre> 15071<a href="postconf.5.html#smtpd_banner">smtpd_banner</a> = $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a> ($<a href="postconf.5.html#mail_version">mail_version</a>) 15072</pre> 15073 15074 15075</DD> 15076 15077<DT><b><a name="smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> 15078(default: 0)</b></DT><DD> 15079 15080<p> 15081The maximal number of AUTH commands that any client is allowed to 15082send to this service per time unit, regardless of whether or not 15083Postfix actually accepts those commands. The time unit is specified 15084with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 15085</p> 15086 15087<p> 15088By default, there is no limit on the number of AUTH commands that a 15089client may send. 15090</p> 15091 15092<p> 15093To disable this feature, specify a limit of 0. 15094</p> 15095 15096<p> 15097WARNING: The purpose of this feature is to limit abuse. It must 15098not be used to regulate legitimate mail traffic. 15099</p> 15100 15101<p> 15102This feature is available in Postfix 3.1 and later. 15103</p> 15104 15105 15106</DD> 15107 15108<DT><b><a name="smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> 15109(default: 50)</b></DT><DD> 15110 15111<p> 15112How many simultaneous connections any client is allowed to 15113make to this service. By default, the limit is set to half 15114the default process limit value. 15115</p> 15116 15117<p> 15118To disable this feature, specify a limit of 0. 15119</p> 15120 15121<p> 15122WARNING: The purpose of this feature is to limit abuse. It must 15123not be used to regulate legitimate mail traffic. 15124</p> 15125 15126<p> 15127This feature is available in Postfix 2.2 and later. 15128</p> 15129 15130 15131</DD> 15132 15133<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> 15134(default: 0)</b></DT><DD> 15135 15136<p> 15137The maximal number of connection attempts any client is allowed to 15138make to this service per time unit. The time unit is specified 15139with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 15140</p> 15141 15142<p> 15143By default, a client can make as many connections per time unit as 15144Postfix can accept. 15145</p> 15146 15147<p> 15148To disable this feature, specify a limit of 0. 15149</p> 15150 15151<p> 15152WARNING: The purpose of this feature is to limit abuse. It must 15153not be used to regulate legitimate mail traffic. 15154</p> 15155 15156<p> 15157This feature is available in Postfix 2.2 and later. 15158</p> 15159 15160<p> 15161Example: 15162</p> 15163 15164<pre> 15165<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000 15166</pre> 15167 15168 15169</DD> 15170 15171<DT><b><a name="smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> 15172(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 15173 15174<p> 15175Clients that are excluded from smtpd_client_*_count/rate_limit 15176restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter 15177description for the parameter value syntax. 15178</p> 15179 15180<p> 15181By default, clients in trusted networks are excluded. Specify a 15182list of network blocks, hostnames or .domain names (the initial 15183dot causes the domain to match any name below it). 15184</p> 15185 15186<p> Note: IP version 6 address information must be specified inside 15187<tt>[]</tt> in the <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> value, and 15188in files specified with "/file/name". IP version 6 addresses 15189contain the ":" character, and would otherwise be confused with a 15190"<a href="DATABASE_README.html">type:table</a>" pattern. </p> 15191 15192<p> Pattern matching of domain names is controlled by the presence 15193or absence of "<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>" in the 15194<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value (Postfix 3.0 and 15195later). </p> 15196 15197<p> 15198This feature is available in Postfix 2.2 and later. 15199</p> 15200 15201 15202</DD> 15203 15204<DT><b><a name="smtpd_client_ipv4_prefix_length">smtpd_client_ipv4_prefix_length</a> 15205(default: 32)</b></DT><DD> 15206 15207<p> Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics 15208by IPv4 network blocks with the specified network prefix. Aggregation 15209uses fewer <a href="anvil.8.html">anvil(8)</a> resources to maintain counters. By default, 15210aggregation is disabled for IPv4. </p> 15211 15212<p> This feature is available in Postfix 3.8 and later. </p> 15213 15214 15215</DD> 15216 15217<DT><b><a name="smtpd_client_ipv6_prefix_length">smtpd_client_ipv6_prefix_length</a> 15218(default: 84)</b></DT><DD> 15219 15220<p> Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics 15221by IPv6 network blocks with the specified network prefix. Aggregation 15222uses fewer the <a href="anvil.8.html">anvil(8)</a> resources to maintain counters. By default, 15223aggregation is enabled for IPv6. </p> 15224 15225<p> This feature is available in Postfix 3.8 and later. </p> 15226 15227 15228</DD> 15229 15230<DT><b><a name="smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> 15231(default: 0)</b></DT><DD> 15232 15233<p> 15234The maximal number of message delivery requests that any client is 15235allowed to make to this service per time unit, regardless of whether 15236or not Postfix actually accepts those messages. The time unit is 15237specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 15238</p> 15239 15240<p> 15241By default, a client can send as many message delivery requests 15242per time unit as Postfix can accept. 15243</p> 15244 15245<p> 15246To disable this feature, specify a limit of 0. 15247</p> 15248 15249<p> 15250WARNING: The purpose of this feature is to limit abuse. It must 15251not be used to regulate legitimate mail traffic. 15252</p> 15253 15254<p> 15255This feature is available in Postfix 2.2 and later. 15256</p> 15257 15258<p> 15259Example: 15260</p> 15261 15262<pre> 15263<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> = 1000 15264</pre> 15265 15266 15267</DD> 15268 15269<DT><b><a name="smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> 15270(default: 0)</b></DT><DD> 15271 15272<p> 15273The maximal number of new (i.e., uncached) TLS sessions that a 15274remote SMTP client is allowed to negotiate with this service per 15275time unit. The time unit is specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> 15276configuration parameter. 15277</p> 15278 15279<p> 15280By default, a remote SMTP client can negotiate as many new TLS 15281sessions per time unit as Postfix can accept. 15282</p> 15283 15284<p> 15285To disable this feature, specify a limit of 0. Otherwise, specify 15286a limit that is at least the per-client concurrent session limit, 15287or else legitimate client sessions may be rejected. 15288</p> 15289 15290<p> 15291WARNING: The purpose of this feature is to limit abuse. It must 15292not be used to regulate legitimate mail traffic. 15293</p> 15294 15295<p> 15296This feature is available in Postfix 2.3 and later. 15297</p> 15298 15299<p> 15300Example: 15301</p> 15302 15303<pre> 15304<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> = 100 15305</pre> 15306 15307 15308</DD> 15309 15310<DT><b><a name="smtpd_client_port_logging">smtpd_client_port_logging</a> 15311(default: no)</b></DT><DD> 15312 15313<p> Enable logging of the remote SMTP client port in addition to 15314the hostname and IP address. The logging format is "host[address]:port". 15315</p> 15316 15317<p> This feature is available in Postfix 2.5 and later. </p> 15318 15319 15320</DD> 15321 15322<DT><b><a name="smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> 15323(default: 0)</b></DT><DD> 15324 15325<p> 15326The maximal number of recipient addresses that any client is allowed 15327to send to this service per time unit, regardless of whether or not 15328Postfix actually accepts those recipients. The time unit is specified 15329with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 15330</p> 15331 15332<p> 15333By default, a client can send as many recipient addresses per time 15334unit as Postfix can accept. 15335</p> 15336 15337<p> 15338To disable this feature, specify a limit of 0. 15339</p> 15340 15341<p> 15342WARNING: The purpose of this feature is to limit abuse. It must 15343not be used to regulate legitimate mail traffic. 15344</p> 15345 15346<p> 15347This feature is available in Postfix 2.2 and later. 15348</p> 15349 15350<p> 15351Example: 15352</p> 15353 15354<pre> 15355<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> = 1000 15356</pre> 15357 15358 15359</DD> 15360 15361<DT><b><a name="smtpd_client_restrictions">smtpd_client_restrictions</a> 15362(default: empty)</b></DT><DD> 15363 15364<p> 15365Optional restrictions that the Postfix SMTP server applies in the 15366context of a client connection request. 15367See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 15368restriction lists" for a discussion of evaluation context and time. 15369</p> 15370 15371<p> 15372The default is to allow all connection requests. 15373</p> 15374 15375<p> 15376Specify a list of restrictions, separated by commas and/or whitespace. 15377Continue long lines by starting the next line with whitespace. 15378Restrictions are applied in the order as specified; the first 15379restriction that matches wins. 15380</p> 15381 15382<p> 15383The following restrictions are specific to client hostname or 15384client network address information. 15385</p> 15386 15387<dl> 15388 15389<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15390 15391<dd> By default use the remote SMTP client certificate fingerprint 15392or the public key 15393fingerprint (Postfix 2.9 and later) as the lookup key for the specified 15394<a href="access.5.html">access(5)</a> database; with Postfix version 2.2, also require that the 15395remote SMTP client certificate is verified successfully. 15396The fingerprint digest algorithm is configurable via the 15397<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 15398Postfix version 2.5). This feature requires "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> 15399= yes" and is available with Postfix version 154002.2 and later. </dd> 15401 15402<dd> The default algorithm is <b>sha256</b> with Postfix ≥ 3.6 15403and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix 15404≤ 3.5, the default algorithm is <b>md5</b>. The best-practice 15405algorithm is now <b>sha256</b>. Recent advances in hash function 15406cryptanalysis have led to md5 and sha1 being deprecated in favor of 15407sha256. However, as long as there are no known "second pre-image" 15408attacks against the older algorithms, their use in this context, though 15409not recommended, is still likely safe. </dd> 15410 15411<dd> Alternatively, <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> accepts an explicit search 15412order (Postfix 3.5 and later). The default search order as described 15413above corresponds with: </dd> 15414 15415<dd> <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> { <a href="DATABASE_README.html">type:table</a>, { search_order = cert_fingerprint, 15416pubkey_fingerprint } } </dd> 15417 15418<dd> The commas are optional. </dd> 15419 15420<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15421 15422<dd>Search the specified access database for the client hostname 15423or IP address. See the <a href="access.5.html">access(5)</a> manual page for details. </dd> 15424 15425<dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15426 15427<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for the 15428client hostname, and execute the corresponding action. Note: a result 15429of "OK" is not allowed for safety reasons. Instead, use DUNNO in order 15430to exclude specific hosts from denylists. This feature is available 15431in Postfix 3.0 and later. </dd> 15432 15433<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15434 15435<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 15436client hostname, and execute the corresponding action. If no MX 15437record is found, look up A or AAAA records, just like the Postfix 15438SMTP client would. Note: a result 15439of "OK" is not allowed for safety reasons. Instead, use DUNNO in order 15440to exclude specific hosts from denylists. This feature is available 15441in Postfix 2.7 and later. </dd> 15442 15443<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15444 15445<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 15446the client hostname, and execute the corresponding action. Note: a 15447result of "OK" is not allowed for safety reasons. Instead, use DUNNO 15448in order to exclude specific hosts from denylists. This feature is 15449available in Postfix 2.7 and later. </dd> 15450 15451<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15452 15453<dd>Search the specified access database for the unverified reverse 15454client hostname or IP address. See the <a href="access.5.html">access(5)</a> 15455manual page for details. Note: a result of "OK" is not allowed for 15456safety reasons. Instead, use DUNNO in order to exclude specific 15457hosts from denylists. This feature is available in Postfix 2.6 15458and later.</dd> 15459 15460<dt><b><a name="check_reverse_client_hostname_a_access">check_reverse_client_hostname_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15461 15462<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for the 15463unverified reverse client hostname, and execute the corresponding 15464action. Note: a result of "OK" is not allowed for safety reasons. 15465Instead, use DUNNO in order to exclude specific hosts from denylists. 15466This feature is available in Postfix 3.0 and later. </dd> 15467 15468<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15469 15470<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 15471unverified reverse client hostname, and execute the corresponding 15472action. If no MX record is found, look up A or AAAA records, just 15473like the Postfix SMTP client would. 15474Note: a result of "OK" is not allowed for safety reasons. 15475Instead, use DUNNO in order to exclude specific hosts from denylists. 15476This feature is available in Postfix 2.7 and later. </dd> 15477 15478<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15479 15480<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 15481the unverified reverse client hostname, and execute the corresponding 15482action. Note: a result of "OK" is not allowed for safety reasons. 15483Instead, use DUNNO in order to exclude specific hosts from denylists. 15484This feature is available in Postfix 2.7 and later. </dd> 15485 15486<dt><b><a name="check_sasl_access">check_sasl_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 15487 15488<dd> Use the remote SMTP client SASL user name as the lookup key for 15489the specified <a href="access.5.html">access(5)</a> database. The lookup key has the form 15490"username@domainname" when the <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> parameter 15491value is non-empty. Unlike the <a href="postconf.5.html#check_client_access">check_client_access</a> feature, 15492<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> does not perform matches of parent domains or IP 15493subnet ranges. This feature is available with Postfix version 2.11 15494and later. </dd> 15495 15496<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 15497 15498<dd>Permit the request when the client IP address matches 15499$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. </dd> 15500 15501<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt> 15502 15503<dd>Permit the request when the client IP address matches any 15504network or network address listed in $<a href="postconf.5.html#mynetworks">mynetworks</a>. </dd> 15505 15506<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> 15507 15508<dd> Permit the request when the client is successfully 15509authenticated via the <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd> 15510 15511<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> 15512 15513<dd> Permit the request when the remote SMTP client certificate is 15514verified successfully. This option must be used only if a special 15515CA issues the certificates and only this CA is listed as a trusted 15516CA. Otherwise, clients with a third-party certificate would also 15517be allowed to relay. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" when the 15518trusted CA is specified with <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>, 15519to prevent Postfix from appending the system-supplied default CAs. 15520This feature requires "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes" and is available 15521with Postfix version 2.2 and later.</dd> 15522 15523<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt> 15524 15525<dd>Permit the request when the remote SMTP client certificate 15526fingerprint or public key fingerprint (Postfix 2.9 and later) is 15527listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 15528The fingerprint digest algorithm is configurable via the 15529<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 15530Postfix version 2.5). This feature requires "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> 15531= yes" and is available with Postfix version 2.2 and later.</dd> 15532 15533<dd> The default algorithm is <b>sha256</b> with Postfix ≥ 3.6 15534and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix 15535≤ 3.5, the default algorithm is <b>md5</b>. The best-practice 15536algorithm is now <b>sha256</b>. Recent advances in hash function 15537cryptanalysis have led to md5 and sha1 being deprecated in favor of 15538sha256. However, as long as there are no known "second pre-image" 15539attacks against the older algorithms, their use in this context, though 15540not recommended, is still likely safe. </dd> 15541 15542<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 15543 15544<dd>Reject the request when the reversed client network address is 15545listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 15546(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 15547or a pattern inside "[]" that contains one or more ";"-separated 15548numbers or number..number ranges (Postfix version 2.8 and later). 15549If no "<i>=d.d.d.d</i>" is specified, reject the request when the 15550reversed client network address is listed with any A record under 15551<i>rbl_domain</i>. <br> 15552The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 15553rejected requests (default: 554), the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 15554specifies the default server reply, and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 15555specifies tables with server replies indexed by <i>rbl_domain</i>. 15556This feature is available in Postfix 2.0 and later. </dd> 15557 15558<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt> 15559 15560<dd>Accept the request when the reversed client network address is 15561listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>. 15562Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 15563one or more ";"-separated numbers or number..number ranges. 15564If no "<i>=d.d.d.d</i>" is specified, accept the request when the 15565reversed client network address is listed with any A record under 15566<i>dnswl_domain</i>. <br> For safety, <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> is silently 15567ignored when it would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The 15568result is DEFER_IF_REJECT when allowlist lookup fails. This feature 15569is available in Postfix 2.8 and later. </dd> 15570 15571<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 15572 15573<dd>Reject the request when the client hostname is listed with the 15574A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 155752.1 and later only). Each "<i>d</i>" is a number, or a pattern 15576inside "[]" that contains one or more ";"-separated numbers or 15577number..number ranges (Postfix version 2.8 and later). If no 15578"<i>=d.d.d.d</i>" is specified, reject the request when the client 15579hostname is listed with 15580any A record under <i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> 15581description above for additional RBL related configuration parameters. 15582This feature is available in Postfix 2.0 and later; with Postfix 15583version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually 15584produce better results. </dd> 15585 15586<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt> 15587 15588<dd>Accept the request when the client hostname is listed with the 15589A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>" 15590is a number, or a pattern inside "[]" that contains one or more 15591";"-separated numbers or number..number ranges. If no 15592"<i>=d.d.d.d</i>" is specified, accept the request when the client 15593hostname is listed with any A record under <i>rhswl_domain</i>. 15594<br> Caution: client name allowlisting is fragile, since the client 15595name lookup can fail due to temporary outages. Client name 15596allowlisting should be used only to reduce false positives in e.g. 15597DNS-based blocklists, and not for making access rule exceptions. 15598<br> For safety, <a href="postconf.5.html#permit_rhswl_client">permit_rhswl_client</a> is silently ignored when it 15599would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The result is DEFER_IF_REJECT 15600when allowlist lookup fails. This feature is available in Postfix 156012.8 and later. </dd> 15602 15603<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 15604 15605<dd>Reject the request when the unverified reverse client hostname 15606is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>. 15607Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 15608one or more ";"-separated numbers or number..number ranges. 15609If no "<i>=d.d.d.d</i>" is specified, reject the request when the 15610unverified reverse client hostname is listed with any A record under 15611<i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description above for 15612additional RBL related configuration parameters. This feature is 15613available in Postfix 2.8 and later. </dd> 15614 15615<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt> 15616 15617<dd>Reject the request when 1) the client IP address->name mapping 15618fails, or 2) the name->address mapping fails, or 3) the name->address 15619mapping does not match the client IP address. <br> This is a 15620stronger restriction than the <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> 15621feature, which triggers only under condition 1) above. <br> The 15622<a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response code 15623for rejected requests (default: 450). The reply is always 450 in 15624case the address->name or name->address lookup failed due to 15625a temporary problem. </dd> 15626 15627<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt> 15628 15629<dd>Reject the request when the client IP address has no address->name 15630mapping. <br> This is a weaker restriction than the 15631<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> feature, which requires not only 15632that the address->name and name->address mappings exist, but 15633also that the two mappings reproduce the client IP address. <br> 15634The <a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response 15635code for rejected requests (default: 450). The reply is always 450 15636in case the address->name lookup failed due to a temporary 15637problem. <br> This feature is available in Postfix 2.3 and 15638later. </dd> 15639 15640</dl> 15641 15642<p> 15643In addition, you can use any of the following <a name="generic"> 15644generic</a> restrictions. These restrictions are applicable in 15645any SMTP command context. 15646</p> 15647 15648<dl> 15649 15650<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt> 15651 15652<dd>Query the specified policy server. See the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> 15653document for details. This feature is available in Postfix 2.1 15654and later. </dd> 15655 15656<dt><b><a name="defer">defer</a></b></dt> 15657 15658<dd>Defer the request. The client is told to try again later. This 15659restriction is useful at the end of a restriction list, to make 15660the default policy explicit. <br> The <a href="postconf.5.html#defer_code">defer_code</a> parameter specifies 15661the SMTP server reply code (default: 450).</dd> 15662 15663<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt> 15664 15665<dd>Defer the request if some later restriction would result in an 15666explicit or implicit PERMIT action. This is useful when a denylisting 15667feature fails due to a temporary problem. This feature is available 15668in Postfix version 2.1 and later. </dd> 15669 15670<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt> 15671 15672<dd>Defer the request if some later restriction would result in a 15673REJECT action. This is useful when an allowlisting feature fails 15674due to a temporary problem. This feature is available in Postfix 15675version 2.1 and later. </dd> 15676 15677<dt><b><a name="permit">permit</a></b></dt> 15678 15679<dd>Permit the request. This restriction is useful at the end of 15680a restriction list, to make the default policy explicit.</dd> 15681 15682<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt> 15683 15684<dd>Reject the request when the envelope sender is the null address, 15685and the message has multiple envelope recipients. This usage has 15686rare but legitimate applications: under certain conditions, 15687multi-recipient mail that was posted with the DSN option NOTIFY=NEVER 15688may be forwarded with the null sender address. 15689<br> Note: this restriction can only work reliably 15690when used in <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> or 15691<a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>, because the total number of 15692recipients is not known at an earlier stage of the SMTP conversation. 15693Use at the RCPT stage will only reject the second etc. recipient. 15694<br> 15695The <a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> parameter specifies the 15696response code for rejected requests (default: 550). This feature 15697is available in Postfix 2.1 and later. </dd> 15698 15699<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt> 15700 15701<dd>Reject the request when the connection is not encrypted. This 15702restriction should not be used before the client has had a chance 15703to negotiate encryption with the AUTH or STARTTLS commands. 15704<br> 15705The <a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> parameter specifies the response 15706code for rejected requests (default: 450). This feature is available 15707in Postfix 2.3 and later. </dd> 15708 15709<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt> 15710 15711<dd>Reject the request when the client sends SMTP commands ahead 15712of time where it is not allowed, or when the client sends SMTP 15713commands ahead of time without knowing that Postfix actually supports 15714ESMTP command pipelining. This stops mail from bulk mail software 15715that improperly uses ESMTP command pipelining in order to speed up 15716deliveries. 15717<br> With Postfix 2.6 and later, the SMTP server sets a per-session 15718flag whenever it detects illegal pipelining, including pipelined 15719HELO or EHLO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply 15720tests whether the flag was set at any point in time during the 15721session. 15722<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks 15723the current status of the input read queue, and its usage is not 15724recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd> 15725 15726<dt><b><a name="reject">reject</a></b></dt> 15727 15728<dd>Reject the request. This restriction is useful at the end of 15729a restriction list, to make the default policy explicit. The 15730<a href="postconf.5.html#reject_code">reject_code</a> configuration parameter specifies the response code for 15731rejected requests (default: 554).</dd> 15732 15733<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt> 15734 15735<dd>Pause for the specified number of seconds and proceed with 15736the next restriction in the list, if any. This may stop zombie 15737mail when used as: 15738<pre> 15739/etc/postfix/<a href="postconf.5.html">main.cf</a>: 15740 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 15741 sleep 1, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 15742 <a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = no 15743</pre> 15744This feature is available in Postfix 2.3. </dd> 15745 15746<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt> 15747 15748<dd> A safety net for testing. When "<a href="postconf.5.html#warn_if_reject">warn_if_reject</a>" is placed 15749before a reject-type restriction, access table query, or 15750<a href="postconf.5.html#check_policy_service">check_policy_service</a> query, this logs a "reject_warning" message 15751instead of rejecting a request (when a reject-type restriction fails 15752due to a temporary error, this logs a "reject_warning" message for 15753any implicit "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" actions that would normally prevent 15754mail from being accepted by some later access restriction). This 15755feature has no effect on <a href="postconf.5.html#defer_if_reject">defer_if_reject</a> restrictions. </dd> 15756 15757</dl> 15758 15759<p> 15760Other restrictions that are valid in this context: 15761</p> 15762 15763<ul> 15764 15765<li> SMTP command specific restrictions that are described under 15766the <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or 15767<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameters. When helo, sender or 15768recipient restrictions are listed under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, 15769they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 15770$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> is evaluated at the time of the RCPT TO 15771command. 15772 15773</ul> 15774 15775<p> 15776Example: 15777</p> 15778 15779<pre> 15780<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 15781</pre> 15782 15783 15784</DD> 15785 15786<DT><b><a name="smtpd_command_filter">smtpd_command_filter</a> 15787(default: empty)</b></DT><DD> 15788 15789<p> A mechanism to transform commands from remote SMTP clients. 15790This is a last-resort tool to work around client commands that break 15791interoperability with the Postfix SMTP server. Other uses involve 15792fault injection to test Postfix's handling of invalid commands. 15793</p> 15794 15795<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 15796string is the SMTP command as received from the remote SMTP client, 15797except that initial whitespace and the trailing <CR><LF> 15798are removed. The result value is executed by the Postfix SMTP 15799server. </p> 15800 15801<p> There is no need to use <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for the following 15802cases: </p> 15803 15804<ul> 15805 15806<li> <p> Use "<a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> = yes" to accept 15807"<i>user@ipaddress</i>". </p> 15808 15809<li> <p> Postfix already accepts the correct form 15810"<i>user@[ipaddress]</i>". Use <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> or <a href="postconf.5.html#canonical_maps">canonical_maps</a> 15811to translate these into domain names if necessary. </p> 15812 15813<li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:<<i>User 15814Name <user@example.com>></i>". Postfix will ignore the "<i>User 15815Name</i>" part and deliver to the <i><user@example.com></i> address. 15816</p> 15817 15818</ul> 15819 15820<p> Examples of problems that can be solved with the <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> 15821feature: </p> 15822 15823<pre> 15824/etc/postfix/<a href="postconf.5.html">main.cf</a>: 15825 <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/command_filter 15826</pre> 15827 15828<pre> 15829/etc/postfix/command_filter: 15830 # Work around clients that send malformed HELO commands. 15831 /^HELO\s*$/ HELO domain.invalid 15832</pre> 15833 15834<pre> 15835 # Work around clients that send empty lines. 15836 /^\s*$/ NOOP 15837</pre> 15838 15839<pre> 15840 # Work around clients that send RCPT TO:<'user@domain'>. 15841 # WARNING: do not lose the parameters that follow the address. 15842 /^(RCPT\s+TO:\s*<)'([^[:space:]]+)'(>.*)/ $1$2$3 15843</pre> 15844 15845<pre> 15846 # Append XVERP to MAIL FROM commands to request VERP-style delivery. 15847 # See <a href="VERP_README.html">VERP_README</a> for more information on how to use Postfix VERP. 15848 /^(MAIL\s+FROM:\s*<listname@example\.com>.*)/ $1 XVERP 15849</pre> 15850 15851<pre> 15852 # Bounce-never mail sink. Use <a href="postconf.5.html#notify_classes">notify_classes</a>=bounce,resource,software 15853 # to send bounced mail to the postmaster (with message body removed). 15854 /^(RCPT\s+TO:\s*<.*>.*)\s+NOTIFY=\S+(.*)/ $1 NOTIFY=NEVER$2 15855 /^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER 15856</pre> 15857 15858<p> This feature is available in Postfix 2.7. </p> 15859 15860 15861</DD> 15862 15863<DT><b><a name="smtpd_data_restrictions">smtpd_data_restrictions</a> 15864(default: empty)</b></DT><DD> 15865 15866<p> 15867Optional access restrictions that the Postfix SMTP server applies 15868in the context of the SMTP DATA command. 15869See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 15870restriction lists" for a discussion of evaluation context and time. 15871</p> 15872 15873<p> 15874This feature is available in Postfix 2.0 and later. 15875</p> 15876 15877<p> 15878Specify a list of restrictions, separated by commas and/or whitespace. 15879Continue long lines by starting the next line with whitespace. 15880Restrictions are applied in the order as specified; the first 15881restriction that matches wins. 15882</p> 15883 15884<p> 15885The following restrictions are valid in this context: 15886</p> 15887 15888<ul> 15889 15890<li><a href="#generic">Generic</a> restrictions that can be used 15891in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 15892 15893<li>SMTP command specific restrictions described under 15894<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 15895<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 15896 15897<li>However, no recipient information is available in the case of 15898multi-recipient mail. Acting on only one recipient would be misleading, 15899because any decision will affect all recipients equally. Acting on 15900all recipients would require a possibly very large amount of memory, 15901and would also be misleading for the reasons mentioned before. 15902 15903</ul> 15904 15905<p> 15906Examples: 15907</p> 15908 15909<pre> 15910<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 15911<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 15912</pre> 15913 15914 15915</DD> 15916 15917<DT><b><a name="smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> 15918(default: yes)</b></DT><DD> 15919 15920<p> Postpone the start of an SMTP mail transaction until a valid 15921RCPT TO command is received. Specify "no" to create a mail transaction 15922as soon as the Postfix SMTP server receives a valid MAIL FROM 15923command. </p> 15924 15925<p> With sites that reject lots of mail, the default setting reduces 15926the use of 15927disk, CPU and memory resources. The downside is that rejected 15928recipients are logged with NOQUEUE instead of a mail transaction 15929ID (also known as a queue ID). 15930</p> 15931 15932<p> This feature is available in Postfix 2.3 and later. </p> 15933 15934 15935</DD> 15936 15937<DT><b><a name="smtpd_delay_reject">smtpd_delay_reject</a> 15938(default: yes)</b></DT><DD> 15939 15940<p> 15941Wait until the RCPT TO command before evaluating 15942$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 15943$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command before 15944evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 15945</p> 15946 15947<p> 15948This feature is turned on by default because some clients apparently 15949mis-behave when the Postfix SMTP server rejects commands before 15950RCPT TO. 15951</p> 15952 15953<p> 15954The default setting has one major benefit: it allows Postfix to log 15955recipient address information when rejecting a client name/address 15956or sender address, so that it is possible to find out whose mail 15957is being rejected. 15958</p> 15959 15960 15961</DD> 15962 15963<DT><b><a name="smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> 15964(default: empty)</b></DT><DD> 15965 15966<p> Lookup tables, indexed by the remote SMTP client address, with 15967case insensitive lists of EHLO keywords (pipelining, starttls, auth, 15968etc.) that the Postfix SMTP server will not send in the EHLO response 15969to a 15970remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 15971The tables are not searched by hostname for robustness reasons. </p> 15972 15973<p> 15974Specify zero or more "type:name" lookup tables, separated by 15975whitespace or comma. Tables will be searched in the specified order 15976until a match is found. 15977</p> 15978 15979<p> This feature is available in Postfix 2.2 and later. </p> 15980 15981 15982</DD> 15983 15984<DT><b><a name="smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 15985(default: empty)</b></DT><DD> 15986 15987<p> A case insensitive list of EHLO keywords (pipelining, starttls, 15988auth, etc.) that the Postfix SMTP server will not send in the EHLO 15989response 15990to a remote SMTP client. </p> 15991 15992<p> This feature is available in Postfix 2.2 and later. </p> 15993 15994<p> Notes: </p> 15995 15996<ul> 15997 15998<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 15999this action from being logged. </p> 16000 16001<li> <p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature 16002to discard EHLO keywords selectively. </p> 16003 16004</ul> 16005 16006 16007</DD> 16008 16009<DT><b><a name="smtpd_dns_reply_filter">smtpd_dns_reply_filter</a> 16010(default: empty)</b></DT><DD> 16011 16012<p> Optional filter for Postfix SMTP server DNS lookup results. 16013See <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> for details including an example. 16014</p> 16015 16016<p> This feature is available in Postfix 3.0 and later. </p> 16017 16018 16019</DD> 16020 16021<DT><b><a name="smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> 16022(default: empty)</b></DT><DD> 16023 16024<p> Optional access restrictions that the Postfix SMTP server 16025applies in the context of the SMTP END-OF-DATA command. 16026See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 16027restriction lists" for a discussion of evaluation context and time. 16028</p> 16029 16030<p> This feature is available in Postfix 2.2 and later. </p> 16031 16032<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for details and limitations. </p> 16033 16034 16035</DD> 16036 16037<DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a> 16038(default: no)</b></DT><DD> 16039 16040<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, 16041and reject all plaintext commands except HELO, EHLO, XCLIENT, 16042STARTTLS, NOOP, QUIT, and (Postfix ≥ 3.9) HELP. 16043According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> 16044this MUST NOT be applied in case of a publicly-referenced SMTP 16045server. Instead, this should be used on dedicated servers, for 16046example submission (port 587). This option is therefore off by 16047default. </p> 16048 16049<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p> 16050 16051<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 16052STARTTLS due to insufficient privileges to access the server private 16053key. This is intended behavior. </p> 16054 16055<p> This feature is deprecated as of Postfix 3.9. Specify 16056<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 16057 16058<p> This feature is available in Postfix 2.2 and later. With 16059Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 16060 16061 16062</DD> 16063 16064<DT><b><a name="smtpd_error_sleep_time">smtpd_error_sleep_time</a> 16065(default: 1s)</b></DT><DD> 16066 16067<p>With Postfix version 2.1 and later: the SMTP server response delay after 16068a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and 16069fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering mail. 16070</p> 16071 16072<p>With Postfix version 2.0 and earlier: the SMTP server delay 16073before sending a reject (4xx or 5xx) response, when the client has 16074made fewer than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors without delivering 16075mail. When the client has made $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> or more errors, 16076delay all responses with the larger of (number of errors) seconds 16077or $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p> 16078 16079<p> Specify a non-negative time value (an integral value plus an optional 16080one-letter suffix that specifies the time unit). Time units: s 16081(seconds), m (minutes), h (hours), d (days), w (weeks). 16082The default time unit is s (seconds). </p> 16083 16084 16085</DD> 16086 16087<DT><b><a name="smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> 16088(default: empty)</b></DT><DD> 16089 16090<p> 16091Optional restrictions that the Postfix SMTP server applies in the 16092context of a client ETRN command. 16093See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 16094restriction lists" for a discussion of evaluation context and time. 16095</p> 16096 16097<p> 16098The Postfix ETRN implementation accepts only destinations that are 16099eligible for the Postfix "fast flush" service. See the <a href="ETRN_README.html">ETRN_README</a> 16100file for details. 16101</p> 16102 16103<p> 16104Specify a list of restrictions, separated by commas and/or whitespace. 16105Continue long lines by starting the next line with whitespace. 16106Restrictions are applied in the order as specified; the first 16107restriction that matches wins. 16108</p> 16109 16110<p> 16111The following restrictions are specific to the domain name information 16112received with the ETRN command. 16113</p> 16114 16115<dl> 16116 16117<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 16118 16119<dd>Search the specified access database for the ETRN domain name. 16120See the <a href="access.5.html">access(5)</a> manual page for details. 16121</dd> 16122 16123</dl> 16124 16125<p> 16126Other restrictions that are valid in this context: 16127</p> 16128 16129<ul> 16130 16131<li><a href="#generic">Generic</a> restrictions that can be used 16132in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 16133 16134<li>SMTP command specific restrictions described under 16135<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 16136 16137</ul> 16138 16139<p> 16140Example: 16141</p> 16142 16143<pre> 16144<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject 16145</pre> 16146 16147 16148</DD> 16149 16150<DT><b><a name="smtpd_expansion_filter">smtpd_expansion_filter</a> 16151(default: see "postconf -d" output)</b></DT><DD> 16152 16153<p> 16154What characters are allowed in $name expansions of RBL reply 16155templates. Characters not in the allowed set are replaced by "_". 16156Use C like escapes to specify special characters such as whitespace. 16157</p> 16158 16159<p> 16160The <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> value is not subject to Postfix configuration 16161parameter $name expansion. 16162</p> 16163 16164<p> 16165This feature is available in Postfix 2.0 and later. 16166</p> 16167 16168 16169</DD> 16170 16171<DT><b><a name="smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> 16172(default: Postfix ≥ 3.9: normalize)</b></DT><DD> 16173 16174<p> Reject or restrict input lines from an SMTP client that end in 16175<LF> instead of the standard <CR><LF>. Such line 16176endings are commonly allowed with UNIX-based SMTP servers, but they 16177violate <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>, and allowing such line endings can make a server 16178vulnerable to <a href="https://www.postfix.org/smtp-smuggling.html"> 16179SMTP smuggling</a>. </p> 16180 16181<p> Specify one of the following values (case does not matter): </p> 16182 16183<dl compact> 16184 16185<dt> <b>normalize</b> (default for Postfix ≥ 3.9) </dt> 16186<dd> Require the standard 16187End-of-DATA sequence <CR><LF>.<CR><LF>. 16188Otherwise, allow command or message content lines ending in the 16189non-standard <LF>, and process them as if the client sent the 16190standard <CR><LF>. <br> <br> This maintains compatibility 16191with many legitimate SMTP client applications that send a mix of 16192standard and non-standard line endings, but will fail to receive 16193email from client implementations that do not terminate DATA content 16194with the standard End-of-DATA sequence 16195<CR><LF>.<CR><LF>. <br> <br> Such clients 16196can be excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd> 16197 16198<dt> <b>note</b> </dt> <dd> Same as "normalize", but also notes in 16199the log whether the Postfix SMTP server received any lines with 16200"bare <LF>". The information is formatted as "<tt>disconnect 16201from name[address] ... notes=bare_lf</tt>". The notes value is 16202expected to become a list of comma-separated names. <br> <br> This 16203feature is available in Postfix 3.9 and later. </dd> 16204 16205<dt> <b>yes</b> </dt> <dd> Compatibility alias for <b>normalize</b>. </dd> 16206 16207<dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA 16208sequence <CR><LF>.<CR><LF>. Reject a command 16209or message content when a line contains bare <LF>, log a "bare 16210<LF> received" error, and reply with the SMTP status code in 16211$<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a>. <br> <br> This will reject 16212email from SMTP clients that send any non-standard line endings 16213such as web applications, netcat, or load balancer health checks. 16214<br> <br> This will also reject email from services that use BDAT 16215to send MIME text containing a bare newline (<a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> Section 3 16216requires canonical MIME format for text message types, defined in 16217<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> Sections 2.7 and 2.8). <br> <br> Such clients can be 16218excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> (or, in the case 16219of BDAT violations, BDAT can be selectively disabled with 16220<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>, or globally disabled with 16221<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>). </dd> 16222 16223<dt> <b>no</b> (default for Postfix < 3.9) </dt> 16224<dd> Do not require the standard End-of-DATA 16225sequence <CR><LF>.<CR><LF>. Always process 16226a bare <LF> as if the client sent <CR><LF>. This 16227option is fully backwards compatible, but is not recommended for 16228an Internet-facing SMTP server, because it is vulnerable to <a 16229href="https://www.postfix.org/smtp-smuggling.html"> SMTP smuggling</a>. 16230</dd> 16231 16232</dl> 16233 16234<p> Recommended settings: </p> 16235 16236<blockquote> 16237<pre> 16238# Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>. 16239# Otherwise, allow bare <LF> and process it as if the client sent 16240# <CR><LF>. 16241# 16242# This maintains compatibility with many legitimate SMTP client 16243# applications that send a mix of standard and non-standard line 16244# endings, but will fail to receive email from client implementations 16245# that do not terminate DATA content with the standard End-of-DATA 16246# sequence <CR><LF>.<CR><LF>. 16247# 16248# Such clients can be allowlisted with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. 16249# The example below allowlists SMTP clients in trusted networks. 16250# 16251<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = normalize 16252<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a> 16253</pre> 16254</blockquote> 16255 16256<p> Alternative: </p> 16257 16258<blockquote> 16259<pre> 16260# Reject input lines that contain <LF> and log a "bare <LF> received" 16261# error. Require that input lines end in <CR><LF>, and require the 16262# standard End-of-DATA sequence <CR><LF>.<CR><LF>. 16263# 16264# This will reject email from SMTP clients that send any non-standard 16265# line endings such as web applications, netcat, or load balancer 16266# health checks. 16267# 16268# This will also reject email from services that use BDAT to send 16269# MIME text containing a bare newline (<a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> Section 3 requires 16270# canonical MIME format for text message types, defined in <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> 16271# Sections 2.7 and 2.8). 16272# 16273# Such clients can be allowlisted with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. 16274# The example below allowlists SMTP clients in trusted networks. 16275# 16276<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject 16277<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a> 16278# 16279# Alternatively, in the case of BDAT violations, BDAT can be selectively 16280# disabled with <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>, or globally 16281# disabled with <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>. 16282# 16283# <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> = <a href="cidr_table.5.html">cidr</a>:/path/to/file 16284# /path/to/file: 16285# 10.0.0.0/24 chunking, silent-discard 16286# <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking, silent-discard 16287</pre> 16288</blockquote> 16289 16290<p> This feature with settings <b>yes</b> and <b>no</b> is available 16291in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the 16292settings <b>reject</b>, and <b>normalize</b> are available with 16293Postfix ≥ 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24. </p> 16294 16295 16296</DD> 16297 16298<DT><b><a name="smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> 16299(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 16300 16301<p> Exclude the specified clients from <a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> 16302enforcement. This setting uses the same syntax and parent-domain 16303matching behavior as <a href="postconf.5.html#mynetworks">mynetworks</a>. </p> 16304 16305<p> This feature is available in Postfix ≥ 3.9, 3.8.4, 3.7.9, 163063.6.13, and 3.5.23. </p> 16307 16308 16309</DD> 16310 16311<DT><b><a name="smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a> 16312(default: 550)</b></DT><DD> 16313 16314<p> 16315The numerical Postfix SMTP server response code when rejecting a 16316request with "<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject". 16317Specify a 5XX status code (521 to disconnect). 16318</p> 16319 16320<p> This feature is available in Postfix ≥ 3.9, 3.8.5, 3.7.10, 163213.6.14, and 3.5.24. </p> 16322 16323 16324</DD> 16325 16326<DT><b><a name="smtpd_forbid_unauth_pipelining">smtpd_forbid_unauth_pipelining</a> 16327(default: Postfix ≥ 3.9: yes)</b></DT><DD> 16328 16329<p> Disconnect remote SMTP clients that violate <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (or 5321) 16330command pipelining constraints. The server replies with "554 5.5.0 16331Error: SMTP protocol synchronization" and logs the unexpected remote 16332SMTP client input. This feature is enabled by default with Postfix 16333≥ 3.9. Specify "<a href="postconf.5.html#smtpd_forbid_unauth_pipelining">smtpd_forbid_unauth_pipelining</a> = no" to disable. 16334</p> 16335 16336<p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, 163373.6.10, and 3.5.20. </p> 16338 16339 16340</DD> 16341 16342<DT><b><a name="smtpd_forbidden_commands">smtpd_forbidden_commands</a> 16343(default: CONNECT GET POST <a href="regexp_table.5.html">regexp</a>:{{/^[^A-Z]/ Bogus}})</b></DT><DD> 16344 16345<p> 16346List of commands that cause the Postfix SMTP server to immediately 16347terminate the session with a 221 code. This can be used to disconnect 16348clients that obviously attempt to abuse the system. In addition to the 16349commands listed in this parameter, commands that follow the "Label:" 16350format of message headers will also cause a disconnect. With Postfix 16351versions 3.6 and earlier, the default value is "CONNECT GET POST". 16352</p> 16353 16354<p> 16355This feature is available in Postfix 2.2 and later. 16356</p> 16357 16358<p> 16359Support for inline regular expressions was added in Postfix version 163603.7. See <a href="regexp_table.5.html">regexp_table(5)</a> for a description of the syntax and features. 16361</p> 16362 16363 16364</DD> 16365 16366<DT><b><a name="smtpd_hard_error_limit">smtpd_hard_error_limit</a> 16367(default: normal: 20, <a href="STRESS_README.html">overload</a>: 1)</b></DT><DD> 16368 16369<p> 16370The maximal number of errors a remote SMTP client is allowed to 16371make without delivering mail. The Postfix SMTP server disconnects 16372when the limit is reached. Normally the default limit is 20, but 16373it changes under overload to just 1. With Postfix 2.5 and earlier, 16374the SMTP server always allows up to 20 errors by default. 16375Valid values are greater than zero. 16376 16377</p> 16378 16379 16380</DD> 16381 16382<DT><b><a name="smtpd_helo_required">smtpd_helo_required</a> 16383(default: no)</b></DT><DD> 16384 16385<p> 16386Require that a remote SMTP client introduces itself with the HELO 16387or EHLO command before sending the MAIL command or other commands 16388that require EHLO negotiation. 16389</p> 16390 16391<p> 16392Example: 16393</p> 16394 16395<pre> 16396<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes 16397</pre> 16398 16399 16400</DD> 16401 16402<DT><b><a name="smtpd_helo_restrictions">smtpd_helo_restrictions</a> 16403(default: empty)</b></DT><DD> 16404 16405<p> 16406Optional restrictions that the Postfix SMTP server applies in the 16407context of a client HELO command. 16408See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 16409restriction lists" for a discussion of evaluation context and time. 16410</p> 16411 16412<p> 16413The default is to permit everything. 16414</p> 16415 16416<p> Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 16417restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 16418simply skip <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> by not sending HELO or EHLO). 16419</p> 16420 16421<p> 16422Specify a list of restrictions, separated by commas and/or whitespace. 16423Continue long lines by starting the next line with whitespace. 16424Restrictions are applied in the order as specified; the first 16425restriction that matches wins. 16426</p> 16427 16428<p> 16429The following restrictions are specific to the hostname information 16430received with the HELO or EHLO command. 16431</p> 16432 16433<dl> 16434 16435<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 16436 16437<dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO 16438hostname, and execute the corresponding action. 16439Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 16440restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 16441simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO). </dd> 16442 16443<dt><b><a name="check_helo_a_access">check_helo_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 16444 16445<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for 16446the HELO or EHLO hostname, and execute the corresponding action. 16447Note 1: a result of "OK" is not allowed for safety reasons. Instead, 16448use DUNNO in order to exclude specific hosts from denylists. Note 164492: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 16450restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 16451simply skip check_helo_a_access by not sending HELO or EHLO). This 16452feature is available in Postfix 3.0 and later. 16453</dd> 16454 16455<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 16456 16457<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 16458the HELO or EHLO hostname, and execute the corresponding action. 16459If no MX record is found, look up A or AAAA records, just like the 16460Postfix SMTP client would. 16461Note 1: a result of "OK" is not allowed for safety reasons. Instead, 16462use DUNNO in order to exclude specific hosts from denylists. Note 164632: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 16464restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 16465simply skip <a href="postconf.5.html#check_helo_mx_access">check_helo_mx_access</a> by not sending HELO or EHLO). This 16466feature is available in Postfix 2.1 and later. 16467</dd> 16468 16469<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 16470 16471<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 16472for the HELO or EHLO hostname, and execute the corresponding action. 16473Note 1: a result of "OK" is not allowed for safety reasons. Instead, 16474use DUNNO in order to exclude specific hosts from denylists. Note 164752: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 16476restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 16477simply skip <a href="postconf.5.html#check_helo_ns_access">check_helo_ns_access</a> by not sending HELO or EHLO). This 16478feature is available in Postfix 2.1 and later. 16479</dd> 16480 16481<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt> 16482 16483<dd>Reject the request when the HELO or EHLO hostname is malformed. 16484Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce 16485this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply 16486skip <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> by not sending HELO or EHLO). 16487<br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies the response code 16488for rejected requests (default: 501).</dd> 16489 16490<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt> 16491 16492<dd>Reject the request when the HELO or EHLO hostname is not in 16493fully-qualified domain or address literal form, as required by the 16494RFC. Note: specify 16495"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction 16496(without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply skip 16497<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a> by not sending HELO or EHLO). <br> 16498The <a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 16499rejected requests (default: 504).</dd> 16500 16501<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt> 16502 16503<dd>Reject the request when the HELO or EHLO hostname is 16504listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 16505(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 16506or a pattern inside "[]" that contains one or more ";"-separated 16507numbers or number..number ranges (Postfix version 2.8 and later). 16508If no "<i>=d.d.d.d</i>" is 16509specified, reject the request when the HELO or EHLO hostname is 16510listed with any A record under <i>rbl_domain</i>. See the 16511<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description for additional RBL related configuration 16512parameters. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 16513enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 16514client can simply skip <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> by not sending HELO or 16515EHLO). This feature is available in Postfix 2.0 16516and later. </dd> 16517 16518<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt> 16519 16520<dd>Reject the request when the HELO or EHLO hostname has no DNS A 16521or MX record. <br> The reply is specified with the 16522<a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> parameter (default: 450) or 16523<a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). 16524See the respective parameter descriptions for details. <br> 16525Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 16526enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 16527client can simply skip <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> by not sending 16528HELO or EHLO). </dd> 16529 16530</dl> 16531 16532<p> 16533Other restrictions that are valid in this context: 16534</p> 16535 16536<ul> 16537 16538<li> <a href="#generic">Generic</a> restrictions that can be used 16539in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 16540 16541<li> Client hostname or network address specific restrictions 16542described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 16543 16544<li> SMTP command specific restrictions described under 16545<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When 16546sender or recipient restrictions are listed under <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 16547they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 16548$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> is evaluated at the time of the RCPT TO 16549command. 16550 16551</ul> 16552 16553<p> 16554Examples: 16555</p> 16556 16557<pre> 16558<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 16559<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 16560</pre> 16561 16562 16563</DD> 16564 16565<DT><b><a name="smtpd_hide_client_session">smtpd_hide_client_session</a> 16566(default: no)</b></DT><DD> 16567 16568<p> Do not include SMTP client session information in the Postfix 16569SMTP server's Received: message header. </p> 16570 16571<ul> 16572 16573<li> <p> The default setting, "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = no", 16574must be used for the port 25 MTA service. It provides information 16575that is required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. </p> 16576 16577<li> <p> The setting "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = yes" may be used 16578for the port 587 and 465 MUA services. This hides the SMTP client 16579hostname and IP address, TLS session details, SASL login details, 16580and SMTP protocol details. </p> 16581 16582</ul> 16583 16584<p> Depending on the number of recipients, a redacted Received: 16585header has one of the following forms: </p> 16586 16587<blockquote> 16588<pre> 16589Received: by mail.example.com (Postfix) id postfix-queue-id 16590 for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz-offset (zone) 16591<br> 16592Received: by mail.example.com (Postfix) id postfix-queue-id 16593 Day, dd Mon yyyy hh:mm:ss tz-offset (zone) 16594</pre> 16595</blockquote> 16596 16597<p> The redacted form hides that a message was received with SMTP, 16598and therefore it does not need to provide the information required by 16599<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. The form does still meet <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> requirements. </p> 16600 16601<p> This feature is available in Postfix ≥ 3.10. </p> 16602 16603 16604</DD> 16605 16606<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> 16607(default: 100)</b></DT><DD> 16608 16609<p> 16610The maximal number of lines in the Postfix SMTP server command history 16611before it is flushed upon receipt of EHLO, RSET, or end of DATA. 16612</p> 16613 16614 16615</DD> 16616 16617<DT><b><a name="smtpd_junk_command_limit">smtpd_junk_command_limit</a> 16618(default: normal: 100, <a href="STRESS_README.html">overload</a>: 1)</b></DT><DD> 16619 16620<p> 16621The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote 16622SMTP client can send before the Postfix SMTP server starts to 16623increment the error counter with each junk command. The junk 16624command count is reset after mail is delivered. See also the 16625<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> and <a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> configuration 16626parameters. Normally the default limit is 100, but it changes under 16627overload to just 1. With Postfix 2.5 and earlier, the SMTP server 16628always allows up to 100 junk commands by default. </p> 16629 16630 16631</DD> 16632 16633<DT><b><a name="smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> 16634(default: empty)</b></DT><DD> 16635 16636<p> Enable logging of the named "permit" actions in SMTP server 16637access lists (by default, the SMTP server logs "reject" actions but 16638not "permit" actions). This feature does not affect conditional 16639actions such as "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>". </p> 16640 16641<p> Specify a list of "permit" action names, "/file/name" or 16642"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. The 16643list is matched left to right, and the search stops on the first 16644match. A "/file/name" pattern is replaced by its contents; a 16645"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup 16646key (the lookup result is ignored). Continue long lines by starting 16647the next line with whitespace. Specify "!pattern" to exclude a name 16648from the list. </p> 16649 16650<p> Examples: </p> 16651 16652<pre> 16653/etc/postfix/<a href="postconf.5.html">main.cf</a>: 16654 # Log all "permit" actions. 16655 <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="DATABASE_README.html#types">static</a>:all 16656</pre> 16657 16658<pre> 16659/etc/postfix/<a href="postconf.5.html">main.cf</a>: 16660 # Log "<a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a>" only. 16661 <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> 16662</pre> 16663 16664<p> This feature is available in Postfix 2.10 and later. </p> 16665 16666 16667</DD> 16668 16669<DT><b><a name="smtpd_milter_maps">smtpd_milter_maps</a> 16670(default: empty)</b></DT><DD> 16671 16672<p> Lookup tables with Milter settings per remote SMTP client IP 16673address. The lookup result overrides the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> setting, 16674and has the same syntax. </p> 16675 16676<p> Note: lookup tables cannot return empty responses. Specify a 16677lookup result of DISABLE (case does not matter) to indicate that 16678Milter support should be disabled. </p> 16679 16680<p> Example to disable Milters for local clients: </p> 16681 16682<pre> 16683/etc/postfix/<a href="postconf.5.html">main.cf</a>: 16684 <a href="postconf.5.html#smtpd_milter_maps">smtpd_milter_maps</a> = <a href="cidr_table.5.html">cidr</a>:/etc/postfix/smtpd_milter_map 16685 <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> = inet:host:port, { inet:host:port, ... }, ... 16686</pre> 16687 16688<pre> 16689/etc/postfix/smtpd_milter_map: 16690 # Disable Milters for local clients. 16691 127.0.0.0/8 DISABLE 16692 192.168.0.0/16 DISABLE 16693 ::/64 DISABLE 16694 2001:db8::/32 DISABLE 16695</pre> 16696 16697<p> This feature is available in Postfix 3.2 and later. </p> 16698 16699 16700</DD> 16701 16702<DT><b><a name="smtpd_milters">smtpd_milters</a> 16703(default: empty)</b></DT><DD> 16704 16705<p> A list of Milter (mail filter) applications for new mail that 16706arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. Specify space or comma as 16707separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 16708 16709<p> This feature is available in Postfix 2.3 and later. </p> 16710 16711 16712</DD> 16713 16714<DT><b><a name="smtpd_min_data_rate">smtpd_min_data_rate</a> 16715(default: 500)</b></DT><DD> 16716 16717<p> The minimum plaintext data transfer rate in bytes/second for 16718DATA and BDAT requests, when deadlines are enabled with 16719<a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>. After a read operation transfers N 16720plaintext message bytes (possibly after TLS decryption), and after 16721the DATA or BDAT request deadline is decremented by the elapsed 16722time of that read operation, the DATA or BDAT request deadline is 16723incremented by N/smtpd_min_data_rate seconds. However, the deadline 16724will never be incremented beyond the time limit specified with 16725<a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>. </p> 16726 16727<p> This feature is available in Postfix 3.7 and later. </p> 16728 16729 16730</DD> 16731 16732<DT><b><a name="smtpd_noop_commands">smtpd_noop_commands</a> 16733(default: empty)</b></DT><DD> 16734 16735<p> 16736List of commands that the Postfix SMTP server replies to with "250 16737Ok", without doing any syntax checks and without changing state. 16738This list overrides any commands built into the Postfix SMTP server. 16739</p> 16740 16741 16742</DD> 16743 16744<DT><b><a name="smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> 16745(default: <>)</b></DT><DD> 16746 16747<p> 16748The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables instead of the 16749null sender address. 16750</p> 16751 16752 16753</DD> 16754 16755<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a> 16756(default: yes)</b></DT><DD> 16757 16758<p> Attempt to look up the remote SMTP client hostname, and verify that 16759the name matches the client IP address. A client name is set to 16760"unknown" when it cannot be looked up or verified, or when name 16761lookup is disabled. Turning off name lookup reduces delays due to 16762DNS lookup and increases the maximal inbound delivery rate. </p> 16763 16764<p> This feature is available in Postfix 2.3 and later. </p> 16765 16766 16767</DD> 16768 16769<DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a> 16770(default: normal: no, <a href="STRESS_README.html">overload</a>: yes)</b></DT><DD> 16771 16772<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> 16773time limits, from a 16774time limit per read or write system call, to a time limit to send 16775or receive a complete record (an SMTP command line, SMTP response 16776line, SMTP message content line, or TLS protocol message). This 16777limits the impact from hostile peers that trickle data one byte at 16778a time. </p> 16779 16780<p> Note: when per-record deadlines are enabled, a short timeout 16781may cause problems with TLS over very slow network connections. 16782The reasons are that a TLS protocol message can be up to 16 kbytes 16783long (with TLSv1), and that an entire TLS protocol message must be 16784sent or received within the per-record deadline. </p> 16785 16786<p> This feature is available in Postfix 2.9-3.6. With older 16787Postfix releases, the behavior is as if this parameter is set to 16788"no". Postfix 3.7 and later use <a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>. </p> 16789 16790 16791</DD> 16792 16793<DT><b><a name="smtpd_per_request_deadline">smtpd_per_request_deadline</a> 16794(default: normal: no, <a href="STRESS_README.html">overload</a>: yes)</b></DT><DD> 16795 16796<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> 16797time limits, from a time limit per plaintext or TLS read or write 16798call, to a combined time limit for receiving a complete SMTP request 16799and for sending a complete SMTP response. The deadline limits only 16800the time spent waiting for plaintext or TLS read or write calls, 16801not time spent elsewhere. The per-request deadline limits the impact 16802from hostile peers that trickle data one byte at a time. </p> 16803 16804<p> See <a href="postconf.5.html#smtpd_min_data_rate">smtpd_min_data_rate</a> for how the per-request deadline is 16805managed during the DATA and BDAT phase. </p> 16806 16807<p> Note: when per-request deadlines are enabled, a short time limit 16808may cause problems with TLS over very slow network connections. The 16809reason is that a TLS protocol message can be up to 16 kbytes long 16810(with TLSv1), and that an entire TLS protocol message must be 16811transferred within the per-request deadline. </p> 16812 16813<p> This feature is available in Postfix 3.7 and later. A weaker 16814feature, called <a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a>, is available with Postfix 168152.9-3.6. With older Postfix releases, the behavior is as if this 16816parameter is set to "no". </p> 16817 16818<p> This feature is available in Postfix 3.7 and later. </p> 16819 16820 16821</DD> 16822 16823<DT><b><a name="smtpd_policy_service_default_action">smtpd_policy_service_default_action</a> 16824(default: 451 4.3.5 Server configuration problem)</b></DT><DD> 16825 16826<p> The default action when an SMTPD policy service request fails. 16827Specify "DUNNO" to behave as if the failed SMTPD policy service 16828request was not sent, and to continue processing other access 16829restrictions, if any. </p> 16830 16831<p> Limitations: </p> 16832 16833<ul> 16834 16835<li> <p> This parameter may specify any value that would be a valid 16836SMTPD policy server response (or <a href="access.5.html">access(5)</a> map lookup result). An 16837<a href="access.5.html">access(5)</a> map or policy server in this parameter value may need to 16838be declared in advance with a restriction_class setting. </p> 16839 16840<li> <p> If the specified action invokes another <a href="postconf.5.html#check_policy_service">check_policy_service</a> 16841request, that request will have the built-in default action. </p> 16842 16843</ul> 16844 16845<p> This feature is available in Postfix 3.0 and later. </p> 16846 16847 16848</DD> 16849 16850<DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> 16851(default: 300s)</b></DT><DD> 16852 16853<p> 16854The time after which an idle SMTPD policy service connection is 16855closed. 16856</p> 16857 16858<p> Specify a non-zero time value (an integral value plus an optional 16859one-letter suffix that specifies the time unit). Time units: s 16860(seconds), m (minutes), h (hours), d (days), w (weeks). 16861The default time unit is s (seconds). </p> 16862 16863<p> 16864This feature is available in Postfix 2.1 and later. 16865</p> 16866 16867 16868</DD> 16869 16870<DT><b><a name="smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> 16871(default: 1000s)</b></DT><DD> 16872 16873<p> 16874The time after which an active SMTPD policy service connection is 16875closed. 16876</p> 16877 16878<p> Specify a non-zero time value (an integral value plus an optional 16879one-letter suffix that specifies the time unit). Time units: s 16880(seconds), m (minutes), h (hours), d (days), w (weeks). 16881The default time unit is s (seconds). </p> 16882 16883<p> 16884This feature is available in Postfix 2.1 and later. 16885</p> 16886 16887 16888</DD> 16889 16890<DT><b><a name="smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> 16891(default: empty)</b></DT><DD> 16892 16893<p> Optional information that the Postfix SMTP server specifies in 16894the "policy_context" attribute of a policy service request (originally, 16895to share the same service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a> 16896clients). </p> 16897 16898<p> 16899This feature is available in Postfix 3.1 and later. 16900</p> 16901 16902 16903</DD> 16904 16905<DT><b><a name="smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> 16906(default: 0)</b></DT><DD> 16907 16908<p> 16909The maximal number of requests per SMTPD policy service connection, 16910or zero (no limit). Once a connection reaches this limit, the 16911connection is closed and the next request will be sent over a new 16912connection. This is a workaround to avoid error-recovery delays 16913with policy servers that cannot maintain a persistent connection. 16914</p> 16915 16916<p> 16917This feature is available in Postfix 3.0 and later. 16918</p> 16919 16920 16921</DD> 16922 16923<DT><b><a name="smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a> 16924(default: 1s)</b></DT><DD> 16925 16926<p> The delay between attempts to resend a failed SMTPD policy 16927service request. Specify a value greater than zero. </p> 16928 16929<p> Specify a non-zero time value (an integral value plus an optional 16930one-letter suffix that specifies the time unit). Time units: s 16931(seconds), m (minutes), h (hours), d (days), w (weeks). 16932The default time unit is s (seconds). </p> 16933 16934<p> This feature is available in Postfix 3.0 and later. </p> 16935 16936 16937</DD> 16938 16939<DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> 16940(default: 100s)</b></DT><DD> 16941 16942<p> 16943The time limit for connecting to, writing to, or receiving from a 16944delegated SMTPD policy server. 16945</p> 16946 16947<p> Specify a non-zero time value (an integral value plus an optional 16948one-letter suffix that specifies the time unit). Time units: s 16949(seconds), m (minutes), h (hours), d (days), w (weeks). 16950The default time unit is s (seconds). </p> 16951 16952<p> 16953This feature is available in Postfix 2.1 and later. 16954</p> 16955 16956 16957</DD> 16958 16959<DT><b><a name="smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a> 16960(default: 2)</b></DT><DD> 16961 16962<p> The maximal number of attempts to send an SMTPD policy service 16963request before giving up. Specify a value greater than zero. </p> 16964 16965<p> This feature is available in Postfix 3.0 and later. </p> 16966 16967 16968</DD> 16969 16970<DT><b><a name="smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> 16971(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 16972 16973<p> 16974How the Postfix SMTP server announces itself to the proxy filter. 16975By default, the Postfix hostname is used. 16976</p> 16977 16978<p> 16979This feature is available in Postfix 2.1 and later. 16980</p> 16981 16982 16983</DD> 16984 16985<DT><b><a name="smtpd_proxy_filter">smtpd_proxy_filter</a> 16986(default: empty)</b></DT><DD> 16987 16988<p> The hostname and TCP port of the mail filtering proxy server. 16989The proxy receives all mail from the Postfix SMTP server, and is 16990supposed to give the result to another Postfix SMTP server process. 16991</p> 16992 16993<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or 16994"unix:pathname" for a UNIX-domain endpoint. The host can be specified 16995as an IP address or as a symbolic name; no MX lookups are done. 16996When no "host" or "host:" is specified, the local machine is 16997assumed. Pathname interpretation is relative to the Postfix queue 16998directory. </p> 16999 17000<p> This feature is available in Postfix 2.1 and later. </p> 17001 17002<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3 17003and later. </p> 17004 17005 17006</DD> 17007 17008<DT><b><a name="smtpd_proxy_options">smtpd_proxy_options</a> 17009(default: empty)</b></DT><DD> 17010 17011<p> 17012List of options that control how the Postfix SMTP server 17013communicates with a before-queue content filter. Specify zero or 17014more of the following, separated by comma or whitespace. </p> 17015 17016<dl> 17017 17018<dt><b>speed_adjust</b></dt> 17019 17020<dd> <p> Do not connect to a before-queue content filter until an entire 17021message has been received. This reduces the number of simultaneous 17022before-queue content filter processes. </p> 17023 17024<p> NOTE 1: A filter must not <i>selectively</i> reject recipients 17025of a multi-recipient message. Rejecting all recipients is OK, as 17026is accepting all recipients. </p> 17027 17028<p> NOTE 2: This feature increases the minimum amount of free queue 17029space by $<a href="postconf.5.html#message_size_limit">message_size_limit</a>. The extra space is needed to save the 17030message to a temporary file. </p> </dd> 17031 17032</dl> 17033 17034<p> 17035This feature is available in Postfix 2.7 and later. 17036</p> 17037 17038 17039</DD> 17040 17041<DT><b><a name="smtpd_proxy_timeout">smtpd_proxy_timeout</a> 17042(default: 100s)</b></DT><DD> 17043 17044<p> 17045The time limit for connecting to a proxy filter and for sending or 17046receiving information. When a connection fails the client gets a 17047generic error message while more detailed information is logged to 17048the maillog file. 17049</p> 17050 17051<p> Specify a non-zero time value (an integral value plus an optional 17052one-letter suffix that specifies the time unit). Time units: s 17053(seconds), m (minutes), h (hours), d (days), w (weeks). 17054The default time unit is s (seconds). </p> 17055 17056<p> 17057This feature is available in Postfix 2.1 and later. 17058</p> 17059 17060 17061</DD> 17062 17063<DT><b><a name="smtpd_recipient_limit">smtpd_recipient_limit</a> 17064(default: 1000)</b></DT><DD> 17065 17066<p> 17067The maximal number of recipients that the Postfix SMTP server 17068accepts per message delivery request. 17069</p> 17070 17071 17072</DD> 17073 17074<DT><b><a name="smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> 17075(default: 1000)</b></DT><DD> 17076 17077<p> The number of recipients that a remote SMTP client can send in 17078excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before 17079the Postfix SMTP server increments the per-session error count 17080for each excess recipient. </p> 17081 17082 17083</DD> 17084 17085<DT><b><a name="smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> 17086(default: see "postconf -d" output)</b></DT><DD> 17087 17088<p> 17089Optional restrictions that the Postfix SMTP server applies in the 17090context of a client RCPT TO command, after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 17091See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 17092restriction lists" for a discussion of evaluation context and time. 17093</p> 17094 17095<p> With Postfix versions before 2.10, the rules for relay permission 17096and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, 17097resulting in error-prone configuration. As of Postfix 2.10, relay 17098permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, 17099so that a permissive spam blocking policy under 17100<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive 17101mail relay policy. </p> 17102 17103<p> For backwards compatibility, sites that migrate from Postfix 17104versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty 17105value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p> 17106 17107<p> 17108IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the 17109<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify 17110at least one of the following restrictions. Otherwise Postfix will 17111refuse to receive mail: 17112</p> 17113 17114<blockquote> 17115<pre> 17116reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 17117</pre> 17118</blockquote> 17119 17120<blockquote> 17121<pre> 17122defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a> 17123</pre> 17124</blockquote> 17125 17126<p> 17127Specify a list of restrictions, separated by commas and/or whitespace. 17128Continue long lines by starting the next line with whitespace. 17129Restrictions are applied in the order as specified; the first 17130restriction that matches wins. 17131</p> 17132 17133<p> 17134The following restrictions are specific to the recipient address 17135that is received with the RCPT TO command. 17136</p> 17137 17138<dl> 17139 17140<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 17141 17142<dd>Search the specified <a href="access.5.html">access(5)</a> database for the resolved RCPT 17143TO address, and execute the corresponding action. </dd> 17144 17145<dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 17146 17147<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for 17148the RCPT TO domain, and execute the corresponding action. Note: 17149a result of "OK" is not allowed for safety reasons. Instead, use 17150DUNNO in order to exclude specific hosts from denylists. This 17151feature is available in Postfix 3.0 and later. </dd> 17152 17153<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 17154 17155<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 17156the RCPT TO domain, and execute the corresponding action. If no 17157MX record is found, look up A or AAAA records, just like the Postfix 17158SMTP client would. Note: 17159a result of "OK" is not allowed for safety reasons. Instead, use 17160DUNNO in order to exclude specific hosts from denylists. This 17161feature is available in Postfix 2.1 and later. </dd> 17162 17163<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 17164 17165<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 17166for the RCPT TO domain, and execute the corresponding action. 17167Note: a result of "OK" is not allowed for safety reasons. Instead, 17168use DUNNO in order to exclude specific hosts from denylists. This 17169feature is available in Postfix 2.1 and later. </dd> 17170 17171<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt> 17172 17173<dd>Permit the request when one of the following is true: 17174 17175<ul> 17176 17177<li> Postfix is a mail forwarder: the resolved RCPT TO domain matches 17178$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and the address contains no 17179sender-specified routing (user@elsewhere@domain), 17180 17181<li> Postfix is the final destination: the resolved RCPT TO domain 17182matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 17183$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and the address 17184contains no sender-specified routing (user@elsewhere@domain). 17185 17186</ul></dd> 17187 17188<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> 17189 17190<dd>Permit the request when the local mail system is a backup MX for 17191the RCPT TO domain, or when the domain is an authorized destination 17192(see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition). 17193 17194<ul> 17195 17196<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have 17197sender-specified routing information (example: user@elsewhere@domain). 17198 17199<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when 17200access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>. 17201 17202<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer 17203accepts the address when the local mail system is a primary MX for 17204the recipient domain. Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address 17205when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 17206for definition). 17207 17208<li> Limitation: mail may be rejected in case of a temporary DNS 17209lookup problem with Postfix prior to version 2.0. 17210 17211</ul></dd> 17212 17213<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> 17214 17215<dd>Reject the request when the RCPT TO address specifies a 17216domain that is not in 17217fully-qualified domain form, as required by the RFC. <br> The 17218<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 17219rejected requests (default: 504). </dd> 17220 17221<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt> 17222 17223<dd>Reject the request when the RCPT TO domain is listed with the 17224A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 172252.1 and later only). Each "<i>d</i>" is a number, or a pattern 17226inside "[]" that contains one or more ";"-separated numbers or 17227number..number ranges (Postfix version 2.8 and later). If no 17228"<i>=d.d.d.d</i>" is specified, reject 17229the request when the RCPT TO domain is listed with 17230any A record under <i>rbl_domain</i>. <br> The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> 17231parameter specifies the response code for rejected requests (default: 17232554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter specifies the default server 17233reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter specifies tables with server 17234replies indexed by <i>rbl_domain</i>. This feature is available 17235in Postfix version 2.0 and later.</dd> 17236 17237<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt> 17238 17239<dd>Reject the request unless one of the following is true: 17240 17241<ul> 17242 17243<li> Postfix is a mail forwarder: the resolved RCPT TO domain matches 17244$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and contains no sender-specified 17245routing (user@elsewhere@domain), 17246 17247<li> Postfix is the final destination: the resolved RCPT TO domain 17248matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 17249$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and contains 17250no sender-specified routing (user@elsewhere@domain). 17251 17252</ul>The <a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> parameter specifies the response 17253code for rejected requests (default: 554). </dd> 17254 17255<dt><b><a name="defer_unauth_destination">defer_unauth_destination</a></b></dt> 17256 17257<dd> Reject the same requests as <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>, with a 17258non-permanent error code. This feature is available in Postfix 172592.10 and later.</dd> 17260 17261<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt> 17262 17263<dd>Reject the request when Postfix is not final destination for 17264the recipient domain, and the RCPT TO domain has 1) no DNS MX and 17265no DNS A 17266record or 2) a malformed MX record such as a record with 17267a zero-length MX hostname (Postfix version 2.3 and later). <br> The 17268reply is specified with the <a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter 17269(default: 450), <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> (default: 17270<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>), or 556 (nullmx, Postfix 3.0 and 17271later). See the respective parameter descriptions for details. 17272</dd> 17273 17274<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt> 17275 17276<dd> Reject the request when the RCPT TO address is not listed in 17277the list of valid recipients for its domain class. See the 17278<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> parameter description for details. 17279This feature is available in Postfix 2.1 and later.</dd> 17280 17281<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt> 17282 17283<dd>Reject the request when mail to the RCPT TO address is known 17284to bounce, or when the recipient address destination is not reachable. 17285Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 17286see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 17287<a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter specifies the numerical 17288response code when an address is known to bounce (default: 450, 17289change it to 550 when you are confident that it is safe to do so). 17290<br>The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter specifies the 17291numerical response code when an address probe failed due to a 17292temporary problem (default: 450). <br> The 17293<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action 17294after address probe failure due to a temporary problem (default: 17295<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature breaks for aliased addresses 17296with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix ≤ 3.2). <br> 17297This feature is available in Postfix 2.1 and later. </dd> 17298 17299</dl> 17300 17301<p> 17302Other restrictions that are valid in this context: 17303</p> 17304 17305<ul> 17306 17307<li><a href="#generic">Generic</a> restrictions that can be used 17308in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 17309 17310<li>SMTP command specific restrictions described under 17311<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 17312<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>. 17313 17314</ul> 17315 17316<p> 17317Example: 17318</p> 17319 17320<pre> 17321# The Postfix before 2.10 default mail relay policy. Later Postfix 17322# versions implement this preferably with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 17323<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 17324</pre> 17325 17326 17327</DD> 17328 17329<DT><b><a name="smtpd_reject_footer">smtpd_reject_footer</a> 17330(default: empty)</b></DT><DD> 17331 17332<p> Optional information that is appended after each Postfix SMTP 17333server 173344XX or 5XX response. </p> 17335 17336<p> The following example uses "\c" at the start of the template 17337(supported in Postfix 2.10 and later) to suppress the line break 17338between the reply text and the footer text. With earlier Postfix 17339versions, the footer text always begins on a new line, and the "\c" 17340is output literally. </p> 17341 17342<pre> 17343/etc/postfix/<a href="postconf.5.html">main.cf</a>: 17344 <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = \c. For assistance, call 800-555-0101. 17345 Please provide the following information in your problem report: 17346 time ($localtime), client ($client_address) and server 17347 ($server_name). 17348</pre> 17349 17350<p> Server response: </p> 17351 17352<pre> 17353 550-5.5.1 <user@example> Recipient address rejected: User 17354 unknown. For assistance, call 800-555-0101. Please provide the 17355 following information in your problem report: time (Jan 4 15:42:00), 17356 client (192.168.1.248) and server (mail1.example.com). 17357</pre> 17358 17359<p> Note: the above text is meant to make it easier to find the 17360Postfix logfile records for a failed SMTP session. The text itself 17361is not logged to the Postfix SMTP server's maillog file. </p> 17362 17363<p> Be sure to keep the text as short as possible. Long text may 17364be truncated before it is logged to the remote SMTP client's maillog 17365file, or before it is returned to the sender in a delivery status 17366notification. </p> 17367 17368<p> The template text is not subject to Postfix configuration 17369parameter $name expansion. Instead, this feature supports a limited 17370number of $name attributes in the footer text. These attributes are 17371replaced with their current value for the SMTP session. </p> 17372 17373<p> Note: specify $$name in footer text that is looked up from 17374<a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>:-based <a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a>, otherwise the 17375Postfix server will not use the footer text and will log a warning 17376instead. </p> 17377 17378<dl> 17379 17380<dt> <b>client_address</b> </dt> <dd> The Client IP address that 17381is logged in the maillog file. </dd> 17382 17383<dt> <b>client_port</b> </dt> <dd> The client TCP port that is 17384logged in the maillog file. </dd> 17385 17386<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd 17387hh:mm:ss) that is logged in the maillog file. </dd> 17388 17389<dt> <b>server_name</b> </dt> <dd> The server's <a href="postconf.5.html#myhostname">myhostname</a> value. 17390This attribute is made available for sites with multiple MTAs 17391(perhaps behind a load-balancer), where the server name can help 17392the server support team to quickly find the right log files. </dd> 17393 17394</dl> 17395 17396<p> Notes: </p> 17397 17398<ul> 17399 17400<li> <p> NOT SUPPORTED are other attributes such as sender, recipient, 17401or <a href="postconf.5.html">main.cf</a> parameters. </p> 17402 17403<li> <p> For safety reasons, text that does not match 17404$<a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> is censored. </p> 17405 17406</ul> 17407 17408<p> This feature supports the two-character sequence \n as a request 17409for a line break in the footer text. Postfix automatically inserts 17410after each line break the three-digit SMTP reply code (and optional 17411enhanced status code) from the original Postfix reject message. 17412</p> 17413 17414<p> To work around mail software that mis-handles multi-line replies, 17415specify the two-character sequence \c at the start of the template. 17416This suppresses the line break between the reply text and the footer 17417text (Postfix 2.10 and later). </p> 17418 17419<p> This feature is available in Postfix 2.8 and later. </p> 17420 17421 17422</DD> 17423 17424<DT><b><a name="smtpd_reject_footer_maps">smtpd_reject_footer_maps</a> 17425(default: empty)</b></DT><DD> 17426 17427<p> Lookup tables, indexed by the complete Postfix SMTP server 4xx or 174285xx response, with reject footer templates. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> 17429for details. </p> 17430 17431<p> 17432Specify zero or more "type:name" lookup tables, separated by 17433whitespace or comma. Tables will be searched in the specified order 17434until a match is found. 17435</p> 17436 17437<p> This feature is available in Postfix 3.4 and later. </p> 17438 17439 17440</DD> 17441 17442<DT><b><a name="smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> 17443(default: yes)</b></DT><DD> 17444 17445<p> 17446Request that the Postfix SMTP server rejects mail for unknown 17447recipient addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> 17448access restriction is specified. This prevents the Postfix queue 17449from filling up with undeliverable MAILER-DAEMON messages. 17450</p> 17451 17452<p> An address is considered "unknown" when 1) it does not match a 17453<a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not 17454valid for its address class. For a definition of class-based address 17455validation, see <a href="ADDRESS_CLASS_README.html#classes"> 17456ADDRESS_CLASS_README</a>. </p> 17457 17458<p> 17459This feature is available in Postfix 2.1 and later. 17460</p> 17461 17462 17463</DD> 17464 17465<DT><b><a name="smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> 17466(default: no)</b></DT><DD> 17467 17468<p> Request that the Postfix SMTP server rejects mail from unknown 17469sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> 17470access restriction is specified. This can slow down an explosion 17471of forged mail from worms or viruses. </p> 17472 17473<p> An address is considered "unknown" when 1) it does not match a 17474<a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not 17475valid for its address class. For a definition of class-based address 17476validation, see <a href="ADDRESS_CLASS_README.html#classes"> 17477ADDRESS_CLASS_README</a>. </p> 17478 17479<p> 17480This feature is available in Postfix 2.1 and later. 17481</p> 17482 17483 17484</DD> 17485 17486<DT><b><a name="smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a> 17487(default: see "postconf -d" output)</b></DT><DD> 17488 17489<p> Evaluate <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 17490Historically, <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> was evaluated after 17491<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, contradicting documented behavior. </p> 17492 17493<p> Background: the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> feature is primarily 17494designed to enforce a mail relaying policy, while 17495<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> is primarily designed to enforce spam 17496blocking policy. Both are evaluated while replying to the RCPT TO 17497command, and both support the same features. </p> 17498 17499<p> This feature is available in Postfix 3.6 and later. </p> 17500 17501 17502</DD> 17503 17504<DT><b><a name="smtpd_relay_restrictions">smtpd_relay_restrictions</a> 17505(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b></DT><DD> 17506 17507<p> Access restrictions for mail relay control that the Postfix 17508SMTP server applies in the context of the RCPT TO command, before 17509<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 17510See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 17511restriction lists" for a discussion of evaluation context and time. 17512</p> 17513 17514<p> With Postfix versions before 2.10, the rules for relay permission 17515and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, 17516resulting in error-prone configuration. As of Postfix 2.10, relay 17517permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, 17518so that a permissive spam blocking policy under 17519<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive 17520mail relay policy. </p> 17521 17522<p> For backwards compatibility, sites that migrate from Postfix 17523versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty 17524value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p> 17525 17526<p> 17527By default, the Postfix SMTP server accepts: 17528</p> 17529 17530<ul> 17531 17532<li> Mail from clients whose IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>, or: 17533 17534<li> Mail from clients who are SASL authenticated, or: 17535 17536<li> Mail to remote destinations that match $<a href="postconf.5.html#relay_domains">relay_domains</a>, except 17537for addresses that contain sender-specified routing 17538(user@elsewhere@domain), or: 17539 17540<li> Mail to local destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 17541or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or 17542$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 17543 17544</ul> 17545 17546<p> 17547IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the 17548<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify 17549at least one of the following restrictions. Otherwise Postfix will 17550refuse to receive mail: 17551</p> 17552 17553<blockquote> 17554<pre> 17555reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 17556</pre> 17557</blockquote> 17558 17559<blockquote> 17560<pre> 17561defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a> 17562</pre> 17563</blockquote> 17564 17565<p> 17566Specify a list of restrictions, separated by commas and/or whitespace. 17567Continue long lines by starting the next line with whitespace. 17568The same restrictions are available as documented under 17569<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 17570</p> 17571 17572<p> This feature is available in Postfix 2.10 and later. </p> 17573 17574 17575</DD> 17576 17577<DT><b><a name="smtpd_restriction_classes">smtpd_restriction_classes</a> 17578(default: empty)</b></DT><DD> 17579 17580<p> 17581User-defined aliases for groups of access restrictions. The aliases 17582can be specified in <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> etc., and on the 17583right-hand side of a Postfix <a href="access.5.html">access(5)</a> table. 17584</p> 17585 17586<p> 17587One major application is for implementing per-recipient UCE control. 17588See the <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a> document for other examples. 17589</p> 17590 17591 17592</DD> 17593 17594<DT><b><a name="smtpd_sasl_application_name">smtpd_sasl_application_name</a> 17595(default: smtpd)</b></DT><DD> 17596 17597<p> 17598The application name that the Postfix SMTP server uses for SASL 17599server initialization. This 17600controls the name of the SASL configuration file. The default value 17601is <b>smtpd</b>, corresponding to a SASL configuration file named 17602<b>smtpd.conf</b>. 17603</p> 17604 17605<p> 17606This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 17607it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>. 17608</p> 17609 17610 17611</DD> 17612 17613<DT><b><a name="smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> 17614(default: no)</b></DT><DD> 17615 17616<p> 17617Enable SASL authentication in the Postfix SMTP server. By default, 17618the Postfix SMTP server does not use authentication. 17619</p> 17620 17621<p> 17622If a remote SMTP client is authenticated, the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> 17623access restriction can be used to permit relay access, like this: 17624</p> 17625 17626<blockquote> 17627<pre> 17628# With Postfix 2.10 and later, the mail relay policy is 17629# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 17630<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = 17631 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ... 17632</pre> 17633 17634<pre> 17635# With Postfix before 2.10, the relay policy can be 17636# specified only under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 17637<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = 17638 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ... 17639</pre> 17640</blockquote> 17641 17642<p> To reject all SMTP connections from unauthenticated clients, 17643specify "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (which is the default) and use: 17644</p> 17645 17646<blockquote> 17647<pre> 17648<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, reject 17649</pre> 17650</blockquote> 17651 17652<p> 17653See the <a href="SASL_README.html">SASL_README</a> file for SASL configuration and operation details. 17654</p> 17655 17656 17657</DD> 17658 17659<DT><b><a name="smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> 17660(default: no)</b></DT><DD> 17661 17662<p> Report the SASL authenticated user name in the <a href="smtpd.8.html">smtpd(8)</a> Received 17663message header. </p> 17664 17665<p> This feature is available in Postfix 2.3 and later. </p> 17666 17667 17668</DD> 17669 17670<DT><b><a name="smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> 17671(default: empty)</b></DT><DD> 17672 17673<p> 17674What remote SMTP clients the Postfix SMTP server will not offer 17675AUTH support to. 17676</p> 17677 17678<p> 17679Some clients (Netscape 4 at least) have a bug that causes them to 17680require a login and password whenever AUTH is offered, whether it's 17681necessary or not. To work around this, specify, for example, 17682$<a href="postconf.5.html#mynetworks">mynetworks</a> to prevent Postfix from offering AUTH to local clients. 17683</p> 17684 17685<p> 17686Specify a list of network/netmask patterns, separated by commas 17687and/or whitespace. The mask specifies the number of bits in the 17688network part of a host address. You can also specify "/file/name" or 17689"<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" pattern is replaced by its 17690contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry 17691matches a lookup string (the lookup result is ignored). Continue 17692long lines by starting the next line with whitespace. Specify 17693"!pattern" to exclude an address or network block from the list. 17694The form "!/file/name" is supported only in Postfix version 2.4 and 17695later. </p> 17696 17697<p> Note: IP version 6 address information must be specified inside 17698<tt>[]</tt> in the <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> value, and in 17699files specified with "/file/name". IP version 6 addresses contain 17700the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 17701pattern. </p> 17702 17703<p> 17704Example: 17705</p> 17706 17707<pre> 17708<a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a> 17709</pre> 17710 17711<p> 17712This feature is available in Postfix 2.1 and later. 17713</p> 17714 17715 17716</DD> 17717 17718<DT><b><a name="smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> 17719(default: empty)</b></DT><DD> 17720 17721<p> 17722The name of the Postfix SMTP server's local SASL authentication 17723realm. 17724</p> 17725 17726<p> 17727By default, the local authentication realm name is the null string. 17728</p> 17729 17730<p> 17731Examples: 17732</p> 17733 17734<pre> 17735<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 17736<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#myhostname">myhostname</a> 17737</pre> 17738 17739 17740</DD> 17741 17742<DT><b><a name="smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> 17743(default: !external, <a href="DATABASE_README.html#types">static</a>:rest)</b></DT><DD> 17744 17745<p> If non-empty, a filter for the SASL mechanism names that the 17746Postfix SMTP server will announce in the EHLO response. By default, 17747the Postfix SMTP server will not announce the EXTERNAL mechanism, 17748because Postfix support for that is not implemented. </p> 17749 17750<p> Specify mechanism names, "/file/name" patterns, or "<a href="DATABASE_README.html">type:table</a>" 17751lookup tables, separated by comma or whitespace. The right-hand 17752side result from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. Specify "!pattern" 17753to exclude a mechanism name from the list. </p> 17754 17755<p> 17756Examples: 17757</p> 17758 17759<pre> 17760<a href="postconf.5.html#smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> = !external, !gssapi, <a href="DATABASE_README.html#types">static</a>:rest 17761<a href="postconf.5.html#smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> = login, plain 17762<a href="postconf.5.html#smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> = /etc/postfix/smtpd_mechs 17763</pre> 17764 17765<p> This feature is available in Postfix 3.6 and later. </p> 17766 17767 17768</DD> 17769 17770<DT><b><a name="smtpd_sasl_path">smtpd_sasl_path</a> 17771(default: smtpd)</b></DT><DD> 17772 17773<p> Implementation-specific information that the Postfix SMTP server 17774passes through to 17775the SASL plug-in implementation that is selected with 17776<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a 17777configuration file or rendezvous point. </p> 17778 17779<p> This feature is available in Postfix 2.3 and later. In earlier 17780releases it was called <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a></b>. </p> 17781 17782 17783</DD> 17784 17785<DT><b><a name="smtpd_sasl_response_limit">smtpd_sasl_response_limit</a> 17786(default: 12288)</b></DT><DD> 17787 17788<p> The maximum length of a SASL client's response to a server challenge. 17789When the client's "initial response" is longer than the normal limit for 17790SMTP commands, the client must omit its initial response, and wait for an 17791empty server challenge; it can then send what would have been its "initial 17792response" as a response to the empty server challenge. <a href="https://tools.ietf.org/html/rfc4954">RFC4954</a> requires the 17793server to accept client responses up to at least 12288 octets of 17794base64-encoded text. The default value is therefore also the minimum value 17795accepted for this parameter.</p> 17796 17797<p> This feature is available in Postfix 3.4 and later. Prior versions use 17798"<a href="postconf.5.html#line_length_limit">line_length_limit</a>", which may need to be raised to accommodate larger client 17799responses, as may be needed with GSSAPI authentication of Windows AD users 17800who are members of many groups. </p> 17801 17802 17803</DD> 17804 17805<DT><b><a name="smtpd_sasl_security_options">smtpd_sasl_security_options</a> 17806(default: noanonymous)</b></DT><DD> 17807 17808<p> Postfix SMTP server SASL security options; as of Postfix 2.3 17809the list of available 17810features depends on the SASL server implementation that is selected 17811with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. </p> 17812 17813<p> The following security features are defined for the <b>cyrus</b> 17814server SASL implementation: </p> 17815 17816<p> 17817Restrict what authentication mechanisms the Postfix SMTP server 17818will offer to the client. The list of available authentication 17819mechanisms is system dependent. 17820</p> 17821 17822<p> 17823Specify zero or more of the following: 17824</p> 17825 17826<dl> 17827 17828<dt><b>noplaintext</b></dt> 17829 17830<dd>Disallow methods that use plaintext passwords. </dd> 17831 17832<dt><b>noactive</b></dt> 17833 17834<dd>Disallow methods subject to active (non-dictionary) attack. </dd> 17835 17836<dt><b>nodictionary</b></dt> 17837 17838<dd>Disallow methods subject to passive (dictionary) attack. </dd> 17839 17840<dt><b>noanonymous</b></dt> 17841 17842<dd>Disallow methods that allow anonymous authentication. </dd> 17843 17844<dt><b>forward_secrecy</b></dt> 17845 17846<dd>Only allow methods that support forward secrecy (Dovecot only). 17847</dd> 17848 17849<dt><b>mutual_auth</b></dt> 17850 17851<dd>Only allow methods that provide mutual authentication (not available 17852with Cyrus SASL version 1). </dd> 17853 17854</dl> 17855 17856<p> 17857By default, the Postfix SMTP server accepts plaintext passwords but 17858not anonymous logins. 17859</p> 17860 17861<p> 17862Warning: it appears that clients try authentication methods in the 17863order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) 17864which means that if you disable plaintext passwords, clients will 17865log in anonymously, even when they should be able to use CRAM-MD5. 17866So, if you disable plaintext logins, disable anonymous logins too. 17867Postfix treats anonymous login as no authentication. 17868</p> 17869 17870<p> 17871Example: 17872</p> 17873 17874<pre> 17875<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous, noplaintext 17876</pre> 17877 17878 17879</DD> 17880 17881<DT><b><a name="smtpd_sasl_service">smtpd_sasl_service</a> 17882(default: smtp)</b></DT><DD> 17883 17884<p> The service name that is passed to the SASL plug-in that is 17885selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>. 17886</p> 17887 17888<p> This feature is available in Postfix 2.11 and later. Prior 17889versions behave as if "<b>smtp</b>" is specified. </p> 17890 17891 17892</DD> 17893 17894<DT><b><a name="smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> 17895(default: $<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b></DT><DD> 17896 17897<p> The SASL authentication security options that the Postfix SMTP 17898server uses for TLS encrypted SMTP sessions. </p> 17899 17900<p> This feature is available in Postfix 2.2 and later. </p> 17901 17902 17903</DD> 17904 17905<DT><b><a name="smtpd_sasl_type">smtpd_sasl_type</a> 17906(default: cyrus)</b></DT><DD> 17907 17908<p> The SASL plug-in type that the Postfix SMTP server should use 17909for authentication. The available types are listed with the 17910"<b>postconf -a</b>" command. </p> 17911 17912<p> This feature is available in Postfix 2.3 and later. </p> 17913 17914 17915</DD> 17916 17917<DT><b><a name="smtpd_sender_login_maps">smtpd_sender_login_maps</a> 17918(default: empty)</b></DT><DD> 17919 17920<p> 17921Optional lookup table with the SASL login names that own the 17922envelope sender 17923(MAIL FROM) addresses. 17924</p> 17925 17926<blockquote> <p> Note: to enforce that the From: header address 17927matches the envelope sender (MAIL FROM) address, use an external 17928filter such as a Milter, for the submission or submissions (formerly 17929called smtps ) 17930services. For example: <a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>. </p> 17931</blockquote> 17932 17933<p> 17934Specify zero or more "type:name" lookup tables, separated by 17935whitespace or comma. Tables will be searched in the specified order 17936until a match is found. With lookups from 17937indexed files such as DB or DBM, or from networked tables such as 17938NIS, LDAP or SQL, the following search operations are done with a 17939sender address of <i>user@domain</i>: </p> 17940 17941<dl> 17942 17943<dt> 1) <i>user@domain</i> </dt> 17944 17945<dd>This table lookup is always done and has the highest precedence. </dd> 17946 17947<dt> 2) <i>user</i> </dt> 17948 17949<dd>This table lookup is done only when the <i>domain</i> part of the 17950sender address matches $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 17951or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </dd> 17952 17953<dt> 3) <i>@domain</i> </dt> 17954 17955<dd>This table lookup is done last and has the lowest precedence. </dd> 17956 17957</dl> 17958 17959<p> 17960In all cases the result of table lookup must be either "not found" 17961or a list of SASL login names separated by comma and/or whitespace. 17962</p> 17963 17964 17965</DD> 17966 17967<DT><b><a name="smtpd_sender_restrictions">smtpd_sender_restrictions</a> 17968(default: empty)</b></DT><DD> 17969 17970<p> 17971Optional restrictions that the Postfix SMTP server applies in the 17972context of a client MAIL FROM command. 17973See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 17974restriction lists" for a discussion of evaluation context and time. 17975</p> 17976 17977<p> 17978The default is to permit everything. 17979</p> 17980 17981<p> 17982Specify a list of restrictions, separated by commas and/or whitespace. 17983Continue long lines by starting the next line with whitespace. 17984Restrictions are applied in the order as specified; the first 17985restriction that matches wins. 17986</p> 17987 17988<p> 17989The following restrictions are specific to the sender address 17990received with the MAIL FROM command. 17991</p> 17992 17993<dl> 17994 17995<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 17996 17997<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MAIL FROM 17998address, and execute the corresponding action. </dd> 17999 18000<dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 18001 18002<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for 18003the MAIL FROM domain, and execute the corresponding action. Note: 18004a result of "OK" is not allowed for safety reasons. Instead, use 18005DUNNO in order to exclude specific hosts from denylists. This 18006feature is available in Postfix 3.0 and later. </dd> 18007 18008<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 18009 18010<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 18011the MAIL FROM domain, and execute the corresponding action. If no 18012MX record is found, look up A or AAAA records, just like the Postfix 18013SMTP client would. Note: 18014a result of "OK" is not allowed for safety reasons. Instead, use 18015DUNNO in order to exclude specific hosts from denylists. This 18016feature is available in Postfix 2.1 and later. </dd> 18017 18018<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 18019 18020<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 18021for the MAIL FROM domain, and execute the corresponding action. 18022Note: a result of "OK" is not allowed for safety reasons. Instead, 18023use DUNNO in order to exclude specific hosts from denylists. This 18024feature is available in Postfix 2.1 and later. </dd> 18025 18026<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> 18027 18028<dd> Reject the request when the client is authenticated with SASL, 18029but either the MAIL FROM address is not listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, 18030or the SASL login name is not an owner for that address. 18031<br> 18032This prevents an authenticated client from using a MAIL FROM address 18033that they do not explicitly own. 18034<br> 18035Note: to enforce that the From: header address matches the envelope 18036sender (MAIL FROM) address, use an external filter such as a Milter, 18037for the submission or submissions (formerly called smtps) services. 18038For example: <a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>. 18039<br> 18040This feature is available in Postfix version 2.1 and later. </dd> 18041 18042<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt> 18043 18044<dd> When the client is authenticated with SASL, reject the request 18045when the MAIL FROM address is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, 18046but the SASL login name is not an owner for that address. 18047<br> 18048When the client is not authenticated with SASL, reject the request 18049when SASL is enabled, and the MAIL FROM address is listed in 18050$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>. 18051<br> 18052This protects any MAIL FROM address that is listed in 18053$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, while still allowing a client to use any 18054unlisted MAIL FROM address. 18055<br> 18056Note: to enforce that the From: header address matches the envelope 18057sender (MAIL FROM) address, use an external filter such as a Milter, 18058for the submission or submissions (formerly called smtps) services. 18059For example: <a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>. 18060<br> 18061This feature is available in Postfix version 2.11 and later.</dd> 18062 18063<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> 18064 18065<dd>Reject the request when the MAIL FROM address specifies a 18066domain that is not in 18067fully-qualified domain form as required by the RFC. <br> The 18068<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 18069rejected requests (default: 504). </dd> 18070 18071<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt> 18072 18073<dd>Reject the request when the MAIL FROM domain is listed with 18074the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix 18075version 2.1 and later only). Each "<i>d</i>" is a number, or a 18076pattern inside "[]" that contains one or more ";"-separated numbers 18077or number..number ranges (Postfix version 2.8 and later). If no 18078"<i>=d.d.d.d</i>" is specified, 18079reject the request when the MAIL FROM domain is 18080listed with any A record under <i>rbl_domain</i>. <br> The 18081<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 18082rejected requests (default: 554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 18083specifies the default server reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 18084specifies tables with server replies indexed by <i>rbl_domain</i>. 18085This feature is available in Postfix 2.0 and later.</dd> 18086 18087<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> 18088 18089<dd> As of Postfix 2.1, this is an alias for 18090"<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a>, 18091<a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>".</dd> 18092 18093<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> 18094 18095<dd> Reject the request when SASL is enabled, the MAIL FROM address 18096is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, but the client is not 18097authenticated with SASL. 18098<br> 18099With SASL enabled, this prevents an unauthenticated client from 18100using any MAIL FROM address that is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>. 18101<br> 18102Note: to enforce that the From: header address matches the envelope 18103sender (MAIL FROM) address, use an external filter such as a Milter, 18104for the submission or submissions (formerly called smtps) services. 18105For example: <a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>. 18106<br> 18107This feature is available in Postfix version 2.1 and later.</dd> 18108 18109<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> 18110 18111<dd>Reject the request when Postfix is not the final destination for 18112the sender address, and the MAIL FROM domain has 1) no DNS MX and 18113no DNS A 18114record, or 2) a malformed MX record such as a record with 18115a zero-length MX hostname (Postfix version 2.3 and later). <br> The 18116reply is specified with the <a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter 18117(default: 450), <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> (default: 18118<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>), or 550 (nullmx, Postfix 3.0 and 18119later). See the respective parameter descriptions for details. 18120</dd> 18121 18122<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt> 18123 18124<dd>Reject the request when the MAIL FROM address is not listed in 18125the list of valid recipients for its domain class. See the 18126<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> parameter description for details. 18127This feature is available in Postfix 2.1 and later.</dd> 18128 18129<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt> 18130 18131<dd>Reject the request when mail to the MAIL FROM address is known to 18132bounce, or when the sender address destination is not reachable. 18133Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 18134see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 18135<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter specifies the numerical 18136response code when an address is known to bounce (default: 450, 18137change into 550 when you are confident that it is safe to do so). 18138<br>The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the numerical response 18139code when an address probe failed due to a temporary problem 18140(default: 450). <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter 18141specifies the action after address probe failure due to a temporary 18142problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature breaks for 18143aliased addresses with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix 18144≤ 3.2). <br> This feature is available in Postfix 2.1 and later. 18145</dd> 18146 18147</dl> 18148 18149<p> 18150Other restrictions that are valid in this context: 18151</p> 18152 18153<ul> 18154 18155<li> <a href="#generic">Generic</a> restrictions that can be used 18156in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 18157 18158<li> SMTP command specific restrictions described under 18159<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 18160 18161<li> SMTP command specific restrictions described under 18162<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When recipient restrictions are listed 18163under <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, they have effect only with 18164"<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> is 18165evaluated at the time of the RCPT TO command. 18166 18167</ul> 18168 18169<p> 18170Examples: 18171</p> 18172 18173<pre> 18174<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 18175<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>, 18176 <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access 18177</pre> 18178 18179 18180</DD> 18181 18182<DT><b><a name="smtpd_service_name">smtpd_service_name</a> 18183(default: smtpd)</b></DT><DD> 18184 18185<p> The internal service that <a href="postscreen.8.html">postscreen(8)</a> hands off allowed 18186connections to. In a future version there may be different 18187classes of SMTP service. </p> 18188 18189<p> This feature is available in Postfix 2.8. </p> 18190 18191 18192</DD> 18193 18194<DT><b><a name="smtpd_soft_error_limit">smtpd_soft_error_limit</a> 18195(default: 10)</b></DT><DD> 18196 18197<p> 18198The number of errors a remote SMTP client is allowed to make without 18199delivering mail before the Postfix SMTP server slows down all its 18200responses. 18201</p> 18202 18203<ul> 18204 18205<li><p>With Postfix version 2.1 and later, when the error count 18206is > $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>, the Postfix SMTP server 18207delays all responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p> 18208 18209<li><p>With Postfix versions 2.0 and earlier, when the error count 18210is > $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>, the Postfix SMTP server delays all 18211responses by the larger of (number of errors) seconds or 18212$<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p> 18213 18214<li><p>With Postfix versions 2.0 and earlier, when the error count 18215is ≤ $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>, the Postfix SMTP server delays 4XX 18216and 5XX responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p> 18217 18218</ul> 18219 18220 18221</DD> 18222 18223<DT><b><a name="smtpd_starttls_timeout">smtpd_starttls_timeout</a> 18224(default: see "postconf -d" output)</b></DT><DD> 18225 18226<p> The time limit for Postfix SMTP server write and read operations 18227during TLS startup and shutdown handshake procedures. The current 18228default value is stress-dependent. Before Postfix version 2.8, it 18229was fixed at 300s. </p> 18230 18231<p> Specify a non-zero time value (an integral value plus an optional 18232one-letter suffix that specifies the time unit). Time units: s 18233(seconds), m (minutes), h (hours), d (days), w (weeks). 18234The default time unit is s (seconds). </p> 18235 18236<p> This feature is available in Postfix 2.2 and later. </p> 18237 18238 18239</DD> 18240 18241<DT><b><a name="smtpd_timeout">smtpd_timeout</a> 18242(default: normal: 300s, <a href="STRESS_README.html">overload</a>: 10s)</b></DT><DD> 18243 18244<p> When the Postfix SMTP server wants to send an SMTP server 18245response, how long the Postfix SMTP server will wait for an underlying 18246network write operation to complete; and when the Postfix SMTP 18247server Postfix wants to receive an SMTP client request, how long 18248the Postfix SMTP server will wait for an underlying network read 18249operation to complete. See the <a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> for how 18250this time limit may be enforced (with Postfix 2.9-3.6 see 18251<a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a>). </p> 18252 18253<p> Normally the default limit 18254is 300s, but it changes under overload to just 10s. With Postfix 182552.5 and earlier, the SMTP server always uses a time limit of 300s 18256by default. 18257</p> 18258 18259<p> 18260Note: if you set SMTP time limits to very large values you may have 18261to update the global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter. 18262</p> 18263 18264<p> Specify a non-zero time value (an integral value plus an optional 18265one-letter suffix that specifies the time unit). Time units: s 18266(seconds), m (minutes), h (hours), d (days), w (weeks). 18267The default time unit is s (seconds). </p> 18268 18269 18270</DD> 18271 18272<DT><b><a name="smtpd_tls_CAfile">smtpd_tls_CAfile</a> 18273(default: empty)</b></DT><DD> 18274 18275<p> A file containing (PEM format) CA certificates of root CAs trusted 18276to sign either remote SMTP client certificates or intermediate CA 18277certificates. These are loaded into memory before the <a href="smtpd.8.html">smtpd(8)</a> server 18278enters the chroot jail. If the number of trusted roots is large, consider 18279using <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> instead, but note that the latter directory must 18280be present in the chroot jail if the <a href="smtpd.8.html">smtpd(8)</a> server is chrooted. This 18281file may also be used to augment the server certificate trust chain, 18282but it is best to include all the required certificates directly in the 18283server certificate file. </p> 18284 18285<p> Specify "<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /path/to/system_CA_file" to use ONLY 18286the system-supplied default Certification Authority certificates. 18287</p> 18288 18289<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 18290appending the system-supplied default CAs and trusting third-party 18291certificates. </p> 18292 18293<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are not 18294requested, and <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> should remain empty. If you do make use 18295of client certificates, the distinguished names (DNs) of the Certification 18296Authorities listed in <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the remote SMTP client 18297in the client certificate request message. MUAs with multiple client 18298certificates may use the list of preferred Certification Authorities 18299to select the correct client certificate. You may want to put your 18300"preferred" CA or CAs in this file, and install other trusted CAs in 18301$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 18302 18303<p> Example: </p> 18304 18305<pre> 18306<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem 18307</pre> 18308 18309<p> This feature is available in Postfix 2.2 and later. </p> 18310 18311 18312</DD> 18313 18314<DT><b><a name="smtpd_tls_CApath">smtpd_tls_CApath</a> 18315(default: empty)</b></DT><DD> 18316 18317<p> A directory containing (PEM format) CA certificates of root CAs 18318trusted to sign either remote SMTP client certificates or intermediate CA 18319certificates. Do not forget to create the necessary "hash" links with, 18320for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use 18321<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be 18322inside the chroot jail. </p> 18323 18324<p> Specify "<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /path/to/system_CA_directory" to 18325use ONLY the system-supplied default Certification Authority certificates. 18326</p> 18327 18328<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 18329appending the system-supplied default CAs and trusting third-party 18330certificates. </p> 18331 18332<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are 18333not requested, and <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> should remain empty. In contrast 18334to <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, DNs of Certification Authorities installed 18335in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> are not included in the client certificate 18336request message. MUAs with multiple client certificates may use the 18337list of preferred Certification Authorities to select the correct 18338client certificate. You may want to put your "preferred" CA or 18339CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, and install the remaining trusted CAs in 18340$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 18341 18342<p> Example: </p> 18343 18344<pre> 18345<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs 18346</pre> 18347 18348<p> This feature is available in Postfix 2.2 and later. </p> 18349 18350 18351</DD> 18352 18353<DT><b><a name="smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> 18354(default: yes)</b></DT><DD> 18355 18356<p> Force the Postfix SMTP server to issue a TLS session id, even 18357when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 18358is empty). This behavior is compatible with Postfix < 2.3. </p> 18359 18360<p> With Postfix 2.3 and later the Postfix SMTP server can disable 18361session id generation when TLS session caching is turned off. This 18362keeps remote SMTP clients from caching sessions that almost certainly cannot 18363be re-used. </p> 18364 18365<p> By default, the Postfix SMTP server always generates TLS session 18366ids. This works around a known defect in mail client applications 18367such as MS Outlook, and may also prevent interoperability issues 18368with other MTAs. </p> 18369 18370<p> Example: </p> 18371 18372<pre> 18373<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> = no 18374</pre> 18375 18376<p> This feature is available in Postfix 2.3 and later. </p> 18377 18378 18379</DD> 18380 18381<DT><b><a name="smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> 18382(default: no)</b></DT><DD> 18383 18384<p> Ask a remote SMTP client for a client certificate. This 18385information is needed for certificate based mail relaying with, 18386for example, the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. </p> 18387 18388<p> Some clients such as Netscape will either complain if no 18389certificate is available (for the list of CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>) 18390or will offer multiple client certificates to choose from. This 18391may be annoying, so this option is "off" by default. </p> 18392 18393<p> This feature is available in Postfix 2.2 and later. </p> 18394 18395 18396</DD> 18397 18398<DT><b><a name="smtpd_tls_auth_only">smtpd_tls_auth_only</a> 18399(default: no)</b></DT><DD> 18400 18401<p> When TLS encryption is optional in the Postfix SMTP server, do 18402not announce or accept SASL authentication over unencrypted 18403connections. </p> 18404 18405<p> This feature is available in Postfix 2.2 and later. </p> 18406 18407 18408</DD> 18409 18410<DT><b><a name="smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> 18411(default: 9)</b></DT><DD> 18412 18413<p> The verification depth for remote SMTP client certificates. A 18414depth of 1 is sufficient if the issuing CA is listed in a local CA 18415file. </p> 18416 18417<p> The default verification depth is 9 (the OpenSSL default) for 18418compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 18419the default value was 5, but the limit was not actually enforced. If 18420you have set this to a lower non-default value, certificates with longer 18421trust chains may now fail to verify. Certificate chains with 1 or 2 18422CAs are common, deeper chains are more rare and any number between 5 18423and 9 should suffice in practice. You can choose a lower number if, 18424for example, you trust certificates directly signed by an issuing CA 18425but not any CAs it delegates to. </p> 18426 18427<p> This feature is available in Postfix 2.2 and later. </p> 18428 18429 18430</DD> 18431 18432<DT><b><a name="smtpd_tls_cert_file">smtpd_tls_cert_file</a> 18433(default: empty)</b></DT><DD> 18434 18435<p> File with the Postfix SMTP server RSA certificate in PEM format. 18436This file may also contain the Postfix SMTP server private RSA key. 18437With Postfix ≥ 3.4 the preferred way to configure server keys and 18438certificates is via the "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p> 18439 18440<p> Public Internet MX hosts without certificates signed by a "reputable" 18441CA must generate, and be prepared to present to most clients, a 18442self-signed or private-CA signed certificate. The client will not be 18443able to authenticate the server, but unless it is running Postfix 2.3 or 18444similar software, it will still insist on a server certificate. </p> 18445 18446<p> For servers that are <b>not</b> public Internet MX hosts, Postfix 18447supports configurations with no certificates. This entails the use of 18448just the anonymous TLS ciphers, which are not supported by typical SMTP 18449clients. Since some clients may not fall back to plain text after a TLS 18450handshake failure, a certificate-less Postfix SMTP server will be unable 18451to receive email from some TLS-enabled clients. To avoid accidental 18452configurations with no certificates, Postfix enables certificate-less 18453operation only when the administrator explicitly sets 18454"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix SMTP server 18455configurations will not accidentally enable TLS without certificates. </p> 18456 18457<p> Note that server certificates are not optional in TLS 1.3. To run 18458without certificates you'd have to disable the TLS 1.3 protocol by 18459including '!TLSv1.3' in "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also 18460"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>". It is simpler instead to just 18461configure a certificate chain. Certificate-less operation is not 18462recommended. <p> 18463 18464<p> Both RSA and DSA certificates are supported. When both types 18465are present, the cipher used determines which certificate will be 18466presented to the client. For Netscape and OpenSSL clients without 18467special cipher choices the RSA certificate is preferred. </p> 18468 18469<p> To enable a remote SMTP client to verify the Postfix SMTP server 18470certificate, the issuing CA certificates must be made available to the 18471client. You should include the required certificates in the server 18472certificate file, the server certificate first, then the issuing 18473CA(s) (bottom-up order). </p> 18474 18475<p> Example: the certificate for "server.example.com" was issued by 18476"intermediate CA" which itself has a certificate of "root CA". 18477Create the server.pem file with "cat server_cert.pem intermediate_CA.pem 18478root_CA.pem > server.pem". </p> 18479 18480<p> If you also want to verify client certificates issued by these 18481CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which 18482case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>, 18483<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (obsolete) or <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p> 18484 18485<p> A certificate supplied here must be usable as an SSL server certificate 18486and hence pass the "openssl verify -purpose sslserver ..." test. </p> 18487 18488<p> Example: </p> 18489 18490<pre> 18491<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem 18492</pre> 18493 18494<p> This feature is available in Postfix 2.2 and later. </p> 18495 18496 18497</DD> 18498 18499<DT><b><a name="smtpd_tls_chain_files">smtpd_tls_chain_files</a> 18500(default: empty)</b></DT><DD> 18501 18502<p> List of one or more PEM files, each holding one or more private keys 18503directly followed by a corresponding certificate chain. The file names 18504are separated by commas and/or whitespace. This parameter obsoletes the 18505legacy algorithm-specific key and certificate file settings. When this 18506parameter is non-empty, the legacy parameters are ignored, and a warning 18507is logged if any are also non-empty. </p> 18508 18509<p> With the proliferation of multiple private key algorithms—which, 18510as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 18511and Ed448—it is increasingly impractical to use separate 18512parameters to configure the key and certificate chain for each 18513algorithm. Therefore, Postfix now supports storing multiple keys and 18514corresponding certificate chains in a single file or in a set of files. 18515 18516<p> Each key must appear <b>immediately before</b> the corresponding 18517certificate, optionally followed by additional issuer certificates that 18518complete the certificate chain for that key. When multiple files are 18519specified, they are equivalent to a single file that is concatenated 18520from those files in the given order. Thus, while a key must always 18521precede its certificate and issuer chain, it can be in a separate file, 18522so long as that file is listed immediately before the file that holds 18523the corresponding certificate chain. Once all the files are 18524concatenated, the sequence of PEM objects must be: <i>key1, cert1, 18525[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p> 18526 18527<p> Storing the private key in the same file as the corresponding 18528certificate is more reliable. With the key and certificate in separate 18529files, there is a chance that during key rollover a Postfix process 18530might load a private key and certificate from separate files that don't 18531match. Various operational errors may even result in a persistent 18532broken configuration in which the certificate does not match the private 18533key. </p> 18534 18535<p> The file or files must contain at most one key of each type. If, 18536for example, two or more RSA keys and corresponding chains are listed, 18537depending on the version of OpenSSL either only the last one will be 18538used or a configuration error may be detected. Note that while 18539"Ed25519" and "Ed448" are considered separate algorithms, the various 18540ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are 18541considered as different parameters of a single "ECDSA" algorithm, so it 18542is not presently possible to configure keys for more than one ECDSA 18543curve. </p> 18544 18545<p> RSA is still the most widely supported algorithm. Presently (late 185462018), ECDSA support is common, but not yet universal, and Ed25519 and 18547Ed448 support is mostly absent. Therefore, an RSA key should generally 18548be configured, along with any additional keys for the other algorithms 18549when desired. </p> 18550 18551<p> 18552Example (separate files for each key and corresponding certificate chain): 18553</p> 18554<blockquote> 18555<pre> 18556/etc/postfix/<a href="postconf.5.html">main.cf</a>: 18557 <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> = 18558 ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed25519.pem, 18559 ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed448.pem, 18560 ${<a href="postconf.5.html#config_directory">config_directory</a>}/rsa.pem 18561</pre> 18562</blockquote> 18563 18564<blockquote> 18565<pre> 18566/etc/postfix/ed25519.pem: 18567 -----BEGIN PRIVATE KEY----- 18568 MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 18569 -----END PRIVATE KEY----- 18570 -----BEGIN CERTIFICATE----- 18571 MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG 18572 ... 18573 nC0egv51YPDWxEHom4QA 18574 -----END CERTIFICATE----- 18575</pre> 18576</blockquote> 18577 18578<blockquote> 18579<pre> 18580/etc/postfix/ed448.pem: 18581 -----BEGIN PRIVATE KEY----- 18582 MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe 18583 LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== 18584 -----END PRIVATE KEY----- 18585 -----BEGIN CERTIFICATE----- 18586 MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG 18587 ... 18588 pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA 18589 -----END CERTIFICATE----- 18590</pre> 18591</blockquote> 18592 18593<blockquote> 18594<pre> 18595/etc/postfix/rsa.pem: 18596 -----BEGIN PRIVATE KEY----- 18597 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL 18598 ... 18599 ahQkZ3+krcaJvDSMgvu0tDc= 18600 -----END PRIVATE KEY----- 18601 -----BEGIN CERTIFICATE----- 18602 MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL 18603 ... 18604 Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= 18605 -----END CERTIFICATE----- 18606</pre> 18607</blockquote> 18608 18609<p> 18610Example (all keys and certificates in a single file): 18611</p> 18612<blockquote> 18613<pre> 18614/etc/postfix/<a href="postconf.5.html">main.cf</a>: 18615 <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/chains.pem 18616</pre> 18617</blockquote> 18618 18619<blockquote> 18620<pre> 18621/etc/postfix/chains.pem: 18622 -----BEGIN PRIVATE KEY----- 18623 MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 18624 -----END PRIVATE KEY----- 18625 -----BEGIN CERTIFICATE----- 18626 MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG 18627 ... 18628 nC0egv51YPDWxEHom4QA 18629 -----END CERTIFICATE----- 18630 -----BEGIN PRIVATE KEY----- 18631 MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe 18632 LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== 18633 -----END PRIVATE KEY----- 18634 -----BEGIN CERTIFICATE----- 18635 MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG 18636 ... 18637 pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA 18638 -----END CERTIFICATE----- 18639 -----BEGIN PRIVATE KEY----- 18640 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL 18641 ... 18642 ahQkZ3+krcaJvDSMgvu0tDc= 18643 -----END PRIVATE KEY----- 18644 -----BEGIN CERTIFICATE----- 18645 MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL 18646 ... 18647 Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= 18648 -----END CERTIFICATE----- 18649</pre> 18650</blockquote> 18651 18652<p> This feature is available in Postfix 3.4 and later. </p> 18653 18654 18655</DD> 18656 18657<DT><b><a name="smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> 18658(default: empty)</b></DT><DD> 18659 18660<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS 18661cipher list. It is easy to create interoperability problems by choosing 18662a non-default cipher list. Do not use a non-default TLS cipherlist for 18663MX hosts on the public Internet. Clients that begin the TLS handshake, 18664but are unable to agree on a common cipher, may not be able to send any 18665email to the SMTP server. Using a restricted cipher list may be more 18666appropriate for a dedicated MSA or an internal mailhub, where one can 18667exert some control over the TLS software and settings of the connecting 18668clients. </p> 18669 18670<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 18671 18672<p>This feature is available with Postfix version 2.2. It is not used with 18673Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p> 18674 18675 18676</DD> 18677 18678<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a> 18679(default: medium)</b></DT><DD> 18680 18681<p> The minimum TLS cipher grade that the Postfix SMTP server 18682will use with opportunistic TLS encryption. Cipher types listed in 18683<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition of 18684the selected cipher grade. The default value is "medium" for Postfix 18685releases after the middle of 2015, "export" for older releases. 18686</p> 18687 18688<p> When TLS is mandatory the cipher grade is chosen via the 18689<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 18690details. </p> 18691 18692<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 18693releases only the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> parameter is implemented, 18694and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 18695 18696 18697</DD> 18698 18699<DT><b><a name="smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> 18700(default: empty)</b></DT><DD> 18701 18702<p> File with the Postfix SMTP server DSA certificate in PEM format. 18703This file may also contain the Postfix SMTP server private DSA key. 18704The DSA algorithm is obsolete and should not be used. </p> 18705 18706<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. 18707</p> 18708 18709<p> Example: </p> 18710 18711<pre> 18712<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem 18713</pre> 18714 18715<p> This feature is available in Postfix 2.2 and later. </p> 18716 18717 18718</DD> 18719 18720<DT><b><a name="smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 18721(default: empty)</b></DT><DD> 18722 18723<p> File with DH parameters that the Postfix SMTP server should 18724use with non-export EDH ciphers. </p> 18725 18726<p> With Postfix ≥ 3.7, built with OpenSSL version is 3.0.0 or later, if the 18727parameter value is either empty or "<b>auto</b>", then the DH parameter 18728selection is delegated to the OpenSSL library, which selects appropriate 18729parameters based on the TLS handshake. This choice is likely to be the most 18730interoperable with SMTP clients using various TLS libraries, and custom local 18731parameters are no longer recommended when using Postfix ≥ 3.7 built against 18732OpenSSL 3.0.0. </p> 18733 18734<p> The best-practice choice of parameters uses a 2048-bit prime. This is fine, 18735despite the historical "1024" in the parameter name. Do not be tempted to use 18736much larger values, performance degrades quickly, and you may also cease to 18737interoperate with some mainstream SMTP clients. As of Postfix 3.1, the 18738compiled-in default prime is 2048-bits, and it is not strictly necessary, 18739though perhaps somewhat beneficial to generate custom DH parameters. </p> 18740 18741<p> Instead of using the exact same parameter sets as distributed 18742with other TLS packages, it is more secure to generate your own 18743set of parameters with something like the following commands: </p> 18744 18745<blockquote> 18746<pre> 18747openssl dhparam -out /etc/postfix/dh2048.pem 2048 18748openssl dhparam -out /etc/postfix/dh1024.pem 1024 18749# As of Postfix 3.6, export-grade 512-bit DH parameters are no longer 18750# supported or needed. 18751openssl dhparam -out /etc/postfix/dh512.pem 512 18752</pre> 18753</blockquote> 18754 18755<p> It is safe to share the same DH parameters between multiple 18756Postfix instances. If you prefer, you can generate separate 18757parameters for each instance. </p> 18758 18759<p> If you want to take maximal advantage of ciphers that offer <a 18760href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 18761the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 18762started</a> section of <a 18763href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 18764full document conveniently presents all information about Postfix 18765"perfect" forward secrecy support in one place: what forward secrecy 18766is, how to tweak settings, and what you can expect to see when 18767Postfix uses ciphers with forward secrecy. </p> 18768 18769<p> Example: </p> 18770 18771<pre> 18772<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh2048.pem 18773</pre> 18774 18775<p>This feature is available in Postfix 2.2 and later.</p> 18776 18777 18778</DD> 18779 18780<DT><b><a name="smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> 18781(default: empty)</b></DT><DD> 18782 18783<p> File with DH parameters that the Postfix SMTP server should 18784use with export-grade EDH ciphers. The default SMTP server cipher 18785grade is "medium" with Postfix releases after the middle of 2015, 18786and as a result export-grade cipher suites are by default not used. 18787</p> 18788 18789<p> With Postfix ≥ 3.6 export-grade Diffie-Hellman key exchange 18790is no longer supported, and this parameter is silently ignored. </p> 18791 18792<p> See also the discussion under the <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 18793configuration parameter. </p> 18794 18795<p> Example: </p> 18796 18797<pre> 18798<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem 18799</pre> 18800 18801<p>This feature is available in Postfix 2.2 and later, 18802but is ignored in Postfix 3.6 and later.</p> 18803 18804 18805</DD> 18806 18807<DT><b><a name="smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> 18808(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 18809 18810<p> File with the Postfix SMTP server DSA private key in PEM format. 18811This file may be combined with the Postfix SMTP server DSA certificate 18812file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. The DSA algorithm is obsolete 18813and should not be used. </p> 18814 18815<p> The private key must be accessible without a pass-phrase, i.e. it 18816must not be encrypted. File permissions should grant read-only 18817access to the system superuser account ("root"), and no access 18818to anyone else. </p> 18819 18820<p> This feature is available in Postfix 2.2 and later. </p> 18821 18822 18823</DD> 18824 18825<DT><b><a name="smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> 18826(default: empty)</b></DT><DD> 18827 18828<p> File with the Postfix SMTP server ECDSA certificate in PEM format. 18829This file may also contain the Postfix SMTP server private ECDSA key. 18830With Postfix ≥ 3.4 the preferred way to configure server keys and 18831certificates is via the "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p> 18832 18833<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. </p> 18834 18835<p> Example: </p> 18836 18837<pre> 18838<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/ecdsa-scert.pem 18839</pre> 18840 18841<p> This feature is available in Postfix 2.6 and later, when Postfix is 18842compiled and linked with OpenSSL 1.0.0 or later. </p> 18843 18844 18845</DD> 18846 18847<DT><b><a name="smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> 18848(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 18849 18850<p> File with the Postfix SMTP server ECDSA private key in PEM format. 18851This file may be combined with the Postfix SMTP server ECDSA certificate 18852file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. With Postfix ≥ 3.4 the 18853preferred way to configure server keys and certificates is via the 18854"<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p> 18855 18856<p> The private key must be accessible without a pass-phrase, i.e. it 18857must not be encrypted. File permissions should grant read-only 18858access to the system superuser account ("root"), and no access 18859to anyone else. </p> 18860 18861<p> This feature is available in Postfix 2.6 and later, when Postfix is 18862compiled and linked with OpenSSL 1.0.0 or later. </p> 18863 18864 18865</DD> 18866 18867<DT><b><a name="smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> 18868(default: see "postconf -d" output)</b></DT><DD> 18869 18870<p> The Postfix SMTP server security grade for ephemeral elliptic-curve 18871Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of 18872this parameter is always ignored, and Postfix behaves as though the 18873<b>auto</b> value (described below) was chosen. 18874</p> 18875 18876<p> This feature is not used as of Postfix 3.6. Do not specify. </p> 18877 18878<p> The available choices are: </p> 18879 18880<dl> 18881 18882<dt><b>auto</b></dt> <dd> Use the most preferred curve that is 18883supported by both the client and the server. This setting requires 18884Postfix ≥ 3.2 compiled and linked with OpenSSL ≥ 1.0.2. This 18885is the default setting under the above conditions (and the only 18886setting used with Postfix ≥ 3.6). </dd> 18887 18888<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key 18889exchange will be disabled. This is the default in Postfix versions 188902.6 and 2.7. </dd> 18891 18892<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128 bits of 18893security at a reasonable computational cost. This is the default in 18894Postfix versions 2.8–3.5. </dd> 18895 18896<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of 18897security at computational cost that is approximately twice as high 18898as 128 bit strength ECC. </dd> 18899 18900</dl> 18901 18902<p> If you want to take maximal advantage of ciphers that offer <a 18903href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 18904the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 18905started</a> section of <a 18906href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 18907full document conveniently presents all information about Postfix 18908"perfect" forward secrecy support in one place: what forward secrecy 18909is, how to tweak settings, and what you can expect to see when 18910Postfix uses ciphers with forward secrecy. </p> 18911 18912<p> This feature is available in Postfix 2.6 and later, when it is 18913compiled and linked with OpenSSL 1.0.0 or later on platforms 18914where EC algorithms have not been disabled by the vendor. </p> 18915 18916 18917</DD> 18918 18919<DT><b><a name="smtpd_tls_enable_rpk">smtpd_tls_enable_rpk</a> 18920(default: no)</b></DT><DD> 18921 18922<p> Request that remote SMTP clients send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key 18923instead of an X.509 certificate, when asking for or requiring client 18924authentication. This feature is ignored when there is no raw public 18925key support in the local TLS implementation. </p> 18926 18927<p> The Postfix SMTP server will log a warning when "<a href="postconf.5.html#smtpd_tls_enable_rpk">smtpd_tls_enable_rpk</a> 18928= yes", but the remote SMTP client sends a certificate, the 18929certificate's public key fingerprint does not match a <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> 18930table, while the certificate fingerprint does match a <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> 18931table. The remote SMTP client would lose access when it starts 18932sending a raw public key instead of a certificate, after its TLS 18933implementation is updated with raw public key support. </p> 18934 18935<p> The Postfix SMTP server always sends a raw public key instead 18936of a certificate, if solicited by the remote SMTP client and the 18937local TLS implementation supports raw public keys. If the client 18938sends a server name indication with an SNI TLS extension, and 18939<a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> is configured, the server will extract a raw 18940public key from the indicated certificate. </p> 18941 18942<p> Sample commands to compute certificate and public key SHA256 digests: </p> 18943 18944<pre> 18945# SHA256 digest of the first certificate in "cert.pem" 18946$ openssl x509 -in cert.pem -outform DER | openssl dgst -sha256 -c 18947</pre> 18948 18949<pre> 18950# SHA256 digest of the SPKI of the first certificate in "cert.pem" 18951$ openssl x509 -in cert.pem -pubkey -noout | 18952 openssl pkey -pubin -outform DER | openssl dgst -sha256 -c 18953</pre> 18954 18955<pre> 18956# SHA256 digest of the SPKI of the first private key in "pkey.pem" 18957$ openssl pkey -in pkey.pem -pubout -outform DER | 18958 openssl dgst -sha256 -c 18959</pre> 18960 18961<p> This feature is available in Postfix 3.9 and later. </p> 18962 18963 18964</DD> 18965 18966<DT><b><a name="smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 18967(default: empty)</b></DT><DD> 18968 18969<p> List of ciphers or cipher types to exclude from the SMTP server 18970cipher list at all TLS security levels. Excluding valid ciphers 18971can create interoperability problems. DO NOT exclude ciphers unless it 18972is essential to do so. This is not an OpenSSL cipherlist; it is a simple 18973list separated by whitespace and/or commas. The elements are a single 18974cipher, or one or more "+" separated cipher properties, in which case 18975only ciphers matching <b>all</b> the properties are excluded. </p> 18976 18977<p> Examples (some of these will cause problems): </p> 18978 18979<blockquote> 18980<pre> 18981<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL 18982<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = MD5, DES 18983<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = DES+MD5 18984<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 18985<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = kEDH+aRSA 18986</pre> 18987</blockquote> 18988 18989<p> The first setting disables anonymous ciphers. The next setting 18990disables ciphers that use the MD5 digest algorithm or the (single) DES 18991encryption algorithm. The next setting disables ciphers that use MD5 and 18992DES together. The next setting disables the two ciphers "AES256-SHA" 18993and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 18994key exchange with RSA authentication. </p> 18995 18996<p> This feature is available in Postfix 2.3 and later. </p> 18997 18998 18999</DD> 19000 19001<DT><b><a name="smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> 19002(default: see "postconf -d" output)</b></DT><DD> 19003 19004<p> The message digest algorithm to construct remote SMTP client-certificate 19005fingerprints or public key fingerprints (Postfix 2.9 and later) for 19006<b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>. </p> 19007 19008<p> The default algorithm is <b>sha256</b> with Postfix ≥ 3.6 19009and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix 19010≤ 3.5, the default algorithm is <b>md5</b>. </p> 19011 19012<p> The best-practice algorithm is now <b>sha256</b>. Recent advances in hash 19013function cryptanalysis have led to md5 and sha1 being deprecated in favor of 19014sha256. However, as long as there are no known "second pre-image" attacks 19015against the older algorithms, their use in this context, though not 19016recommended, is still likely safe. </p> 19017 19018<p> While additional digest algorithms are often available with OpenSSL's 19019libcrypto, only those used by libssl in SSL cipher suites are available to 19020Postfix. You'll likely find support for md5, sha1, sha256 and sha512. </p> 19021 19022<p> To find the fingerprint of a specific certificate file, with a 19023specific digest algorithm, run: </p> 19024 19025<blockquote> 19026<pre> 19027$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 19028</pre> 19029</blockquote> 19030 19031<p> The text to the right of "=" sign is the desired fingerprint. 19032For example: </p> 19033 19034<blockquote> 19035<pre> 19036$ openssl x509 -noout -fingerprint -sha256 -in cert.pem 19037SHA256 Fingerprint=D4:6A:AB:19:24:...:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 19038</pre> 19039</blockquote> 19040 19041<p> To extract the public key fingerprint from an X.509 certificate, 19042you need to extract the public key from the certificate and compute 19043the appropriate digest of its DER (ASN.1) encoding. With OpenSSL 19044the "-pubkey" option of the "x509" command extracts the public 19045key always in "PEM" format. We pipe the result to another OpenSSL 19046command that converts the key to DER and then to the "dgst" command 19047to compute the fingerprint. </p> 19048 19049<p> Example: </p> 19050<blockquote> 19051<pre> 19052$ openssl x509 -in cert.pem -noout -pubkey | 19053 openssl pkey -pubin -outform DER | 19054 openssl dgst -sha256 -c 19055(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 19056</pre> 19057</blockquote> 19058 19059<p> The Postfix SMTP server and client log the peer (leaf) certificate 19060fingerprint and public key fingerprint when the TLS loglevel is 2 or 19061higher. </p> 19062 19063<p> Example: client-certificate access table, with sha256 fingerprints: </p> 19064 19065<blockquote> 19066<pre> 19067/etc/postfix/<a href="postconf.5.html">main.cf</a>: 19068 <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> = sha256 19069 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 19070 <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access, 19071 reject 19072</pre> 19073<pre> 19074/etc/postfix/access: 19075 # Action folded to next line... 19076 AF:88:7C:AD:51:95:6F:36:96:...:01:FB:2E:48:CD:AB:49:25:A2:3B 19077 OK 19078 85:16:78:FD:73:6E:CE:70:E0:...:5F:0D:3C:C8:6D:C4:2C:24:59:E1 19079 <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 19080</pre> 19081</blockquote> 19082 19083<p> This feature is available in Postfix 2.5 and later. </p> 19084 19085 19086</DD> 19087 19088<DT><b><a name="smtpd_tls_key_file">smtpd_tls_key_file</a> 19089(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 19090 19091<p> File with the Postfix SMTP server RSA private key in PEM format. 19092This file may be combined with the Postfix SMTP server RSA certificate 19093file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. With Postfix ≥ 3.4 the 19094preferred way to configure server keys and certificates is via the 19095"<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p> 19096 19097<p> The private key must be accessible without a pass-phrase, i.e. it 19098must not be encrypted. File permissions should grant read-only 19099access to the system superuser account ("root"), and no access 19100to anyone else. </p> 19101 19102 19103</DD> 19104 19105<DT><b><a name="smtpd_tls_loglevel">smtpd_tls_loglevel</a> 19106(default: 0)</b></DT><DD> 19107 19108<p> Enable additional Postfix SMTP server logging of TLS activity. 19109Each logging level also includes the information that is logged at 19110a lower logging level. </p> 19111 19112<dl compact> 19113 19114<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 19115 19116<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion 19117— no logging of client certificate trust-chain verification errors 19118if client certificate verification is not required. With Postfix 2.8 and 19119earlier, log the summary message, peer certificate summary information 19120and unconditionally log trust-chain verification errors. </dd> 19121 19122<dt> </dt> <dd> 2 Also enable verbose logging in the Postfix TLS 19123library, log session cache operations, and enable OpenSSL logging 19124of the progress of the SSL handshake. </dd> 19125 19126<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation 19127process. </dd> 19128 19129<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 19130transmission after STARTTLS. </dd> 19131 19132</dl> 19133 19134<p> Do not use "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 2" or higher except in case 19135of problems. Use of loglevel 4 is strongly discouraged. </p> 19136 19137<p> This feature is available in Postfix 2.2 and later. </p> 19138 19139 19140</DD> 19141 19142<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 19143(default: medium)</b></DT><DD> 19144 19145<p> The minimum TLS cipher grade that the Postfix SMTP server will 19146use with mandatory TLS encryption. The default grade ("medium") is 19147sufficiently strong that any benefit from globally restricting TLS 19148sessions to a more stringent grade is likely negligible, especially 19149given the fact that many implementations still do not offer any stronger 19150("high" grade) ciphers, while those that do, will always use "high" 19151grade ciphers. So insisting on "high" grade ciphers is generally 19152counter-productive. Allowing "export" or "low" ciphers is typically 19153not a good idea, as systems limited to just these are limited to 19154obsolete browsers. No known SMTP clients fail to support at least 19155one "medium" or "high" grade cipher. </p> 19156 19157<p> The following cipher grades are supported: </p> 19158 19159<dl> 19160<dt><b>high</b></dt> 19161<dd> Enable only "HIGH" grade OpenSSL ciphers. The 19162underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> 19163configuration parameter, which you are strongly encouraged to 19164not change. </dd> 19165 19166<dt><b>medium</b></dt> 19167<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit 19168or longer symmetric bulk-encryption keys. This is the default minimum 19169strength for mandatory TLS encryption. The underlying cipherlist is 19170specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which 19171you are strongly encouraged not to change. </dd> 19172 19173<dt><b>null</b></dt> 19174<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 19175without encryption. This setting is only appropriate in the rare 19176case that all clients are prepared to use NULL ciphers (not normally 19177enabled in TLS clients). The underlying cipherlist is specified via the 19178<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly 19179encouraged not to change. </dd> 19180 19181<dt><b>low</b></dt> 19182<dd> Enable "LOW" grade or stronger OpenSSL ciphers. In Postfix 19183≥ 3.8 this cipher grade is always identical to "medium". Recent 19184versions of OpenSSL do not support any "LOW" grade ciphers. In 19185earlier Postfix releases the underlying cipherlist was specified 19186via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration parameter, which you are 19187strongly encouraged not to change. This obsolete cipher grade 19188SHOULD NOT be used. </dd> 19189 19190<dt><b>export</b></dt> 19191<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. In Postfix 19192≥ 3.8 this cipher grade is always identical to "medium". Recent 19193versions of OpenSSL do not support any "EXPORT" grade ciphers. In 19194earlier Postfix releases the underlying cipherlist was specified 19195via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, which you are 19196strongly encouraged not to change. This obsolete cipher grade 19197SHOULD NOT be used. </dd> 19198 19199</dl> 19200 19201<p> Cipher types listed in 19202<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are 19203excluded from the base definition of the selected cipher grade. See 19204<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> for cipher controls that apply to opportunistic 19205TLS. </p> 19206 19207<p> The underlying cipherlists for grades other than "null" include 19208anonymous ciphers, but these are automatically filtered out if the 19209server is configured to ask for remote SMTP client certificates. You are very 19210unlikely to need to take any steps to exclude anonymous ciphers, they 19211are excluded automatically as required. If you must exclude anonymous 19212ciphers even when Postfix does not need or use peer certificates, set 19213"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only 19214when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 19215 19216<p> This feature is available in Postfix 2.3 and later. </p> 19217 19218 19219</DD> 19220 19221<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> 19222(default: empty)</b></DT><DD> 19223 19224<p> Additional list of ciphers or cipher types to exclude from the 19225Postfix SMTP server cipher list at mandatory TLS security levels. 19226This list 19227works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 19228(see there for syntax details). </p> 19229 19230<p> This feature is available in Postfix 2.3 and later. </p> 19231 19232 19233</DD> 19234 19235<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> 19236(default: see "postconf -d" output)</b></DT><DD> 19237 19238<p> TLS protocols accepted by the Postfix SMTP server with mandatory TLS 19239encryption. If the list is empty, the server supports all available TLS 19240protocol versions. A non-empty value is a list of protocol names to 19241include or exclude, separated by whitespace, commas or colons. </p> 19242 19243<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2", 19244"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with 19245Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as 19246the lowest supported TLS protocol version (see below). Older releases 19247use the "!" exclusion syntax, also described below. </p> 19248 19249<p> As of Postfix 3.6, the preferred way to limit the range of 19250acceptable protocols is to set the lowest acceptable TLS protocol 19251version and/or the highest acceptable TLS protocol version. To set the 19252lower bound include an element of the form: ">=<i>version</i>" where 19253<i>version</i> is a either one of the TLS protocol names listed above, 19254or a hexadecimal number corresponding to the desired TLS protocol 19255version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper 19256bound, use "<=<i>version</i>". There must be no whitespace between 19257the ">=" or "<=" symbols and the protocol name or number. </p> 19258 19259<p> Hexadecimal protocol numbers make it possible to specify protocol 19260bounds for TLS versions that are known to OpenSSL, but might not be 19261known to Postfix. They cannot be used with the legacy exclusion syntax. 19262Leading "0" or "0x" prefixes are supported, but not required. 19263Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to 19264"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the 19265upper or lower bound, and a warning will be logged. Hexadecimal 19266versions should only be used when Postfix is linked with some future 19267version of OpenSSL that supports TLS 1.4 or later, but Postfix does not 19268yet support a symbolic name for that protocol version. </p> 19269 19270<p>Hexadecimal example (Postfix ≥ 3.6):</p> 19271<blockquote> 19272<pre> 19273# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported 19274# in some future version of OpenSSL (presently a warning is logged). 19275<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = >=TLSv1.2, <=0305 19276# Allow only TLS 1.2 and up: 19277<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = >=0x0303 19278</pre> 19279</blockquote> 19280 19281<p> With Postfix < 3.6 there is no support for a minimum or maximum 19282version, and the protocol range is configured via protocol exclusions. 19283To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = 19284!SSLv2, !SSLv3". Listing the protocols to include, rather than 19285protocols to exclude, is supported, but not recommended. The exclusion 19286form more accurately matches the underlying OpenSSL interface. </p> 19287 19288<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling 19289this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch 19290releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p> 19291 19292<p> Example: </p> 19293 19294<pre> 19295# Preferred syntax with Postfix ≥ 3.6: 19296<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = >=TLSv1.2, <=TLSv1.3 19297# Legacy syntax: 19298<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 19299</pre> 19300 19301<p> This feature is available in Postfix 2.3 and later. </p> 19302 19303 19304</DD> 19305 19306<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a> 19307(default: see 'postconf -d' output)</b></DT><DD> 19308 19309<p> TLS protocols accepted by the Postfix SMTP server with opportunistic 19310TLS encryption. If the list is empty, the server supports all available 19311TLS protocol versions. A non-empty value is a list of protocol names to 19312include or exclude, separated by whitespace, commas or colons. </p> 19313 19314<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2", 19315"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with 19316Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as 19317the lowest supported TLS protocol version (see below). Older releases 19318use the "!" exclusion syntax, also described below. </p> 19319 19320<p> As of Postfix 3.6, the preferred way to limit the range of 19321acceptable protocols is to set the lowest acceptable TLS protocol 19322version and/or the highest acceptable TLS protocol version. To set the 19323lower bound include an element of the form: ">=<i>version</i>" where 19324<i>version</i> is a either one of the TLS protocol names listed above, 19325or a hexadecimal number corresponding to the desired TLS protocol 19326version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper 19327bound, use "<=<i>version</i>". There must be no whitespace between 19328the ">=" or "<=" symbols and the protocol name or number. </p> 19329 19330<p> Hexadecimal protocol numbers make it possible to specify protocol 19331bounds for TLS versions that are known to OpenSSL, but might not be 19332known to Postfix. They cannot be used with the legacy exclusion syntax. 19333Leading "0" or "0x" prefixes are supported, but not required. 19334Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to 19335"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the 19336upper or lower bound, and a warning will be logged. Hexadecimal 19337versions should only be used when Postfix is linked with some future 19338version of OpenSSL that supports TLS 1.4 or later, but Postfix does not 19339yet support a symbolic name for that protocol version. </p> 19340 19341<p>Hexadecimal example (Postfix ≥ 3.6):</p> 19342<blockquote> 19343<pre> 19344# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported 19345# in some future version of OpenSSL (presently a warning is logged). 19346<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = >=TLSv1, <=0305 19347# Allow only TLS 1.0 and up: 19348<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = >=0x0301 19349</pre> 19350</blockquote> 19351 19352<p> With Postfix < 3.6 there is no support for a minimum or maximum 19353version, and the protocol range is configured via protocol exclusions. 19354To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". 19355Listing the protocols to include, rather than protocols to exclude, is 19356supported, but not recommended. The exclusion form more accurately 19357matches the underlying OpenSSL interface. </p> 19358 19359<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling 19360this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch 19361releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p> 19362 19363<p> Example: </p> 19364<pre> 19365# Preferred syntax with Postfix ≥ 3.6: 19366<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = >=TLSv1, <=TLSv1.3 19367# Legacy syntax: 19368<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3 19369</pre> 19370 19371<p> This feature is available in Postfix 2.6 and later. </p> 19372 19373 19374</DD> 19375 19376<DT><b><a name="smtpd_tls_received_header">smtpd_tls_received_header</a> 19377(default: no)</b></DT><DD> 19378 19379<p> Request that the Postfix SMTP server produces Received: message 19380headers that include information about the protocol and cipher used, 19381as well as the remote SMTP client CommonName and client certificate issuer 19382CommonName. This is disabled by default, as the information may 19383be modified in transit through other mail servers. Only information 19384that was recorded by the final destination can be trusted. </p> 19385 19386<p> This feature is available in Postfix 2.2 and later. </p> 19387 19388 19389</DD> 19390 19391<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> 19392(default: no)</b></DT><DD> 19393 19394<p> With mandatory TLS encryption, require a trusted remote SMTP client 19395certificate in order to allow TLS connections to proceed. This 19396option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p> 19397 19398<p> When TLS encryption is optional, this setting is ignored with 19399a warning written to the mail log. </p> 19400 19401<p> This feature is available in Postfix 2.2 and later. </p> 19402 19403 19404</DD> 19405 19406<DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a> 19407(default: empty)</b></DT><DD> 19408 19409<p> The SMTP TLS security level for the Postfix SMTP server; when 19410a non-empty value is specified, this overrides the obsolete parameters 19411<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with 19412"<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes". </p> 19413 19414<p> Specify one of the following security levels: </p> 19415 19416<dl> 19417 19418<dt><b>none</b></dt> <dd> TLS will not be used. </dd> 19419 19420<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support 19421to remote SMTP clients, but do not require that clients use TLS encryption. 19422</dd> 19423 19424<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce 19425STARTTLS support to remote SMTP clients, and reject all plaintext 19426commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and (Postfix 19427≥ 3.9) HELP. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case 19428of a publicly-referenced SMTP server. Instead, this should be used 19429on dedicated servers, for example submission (port 587). </dd> 19430 19431</dl> 19432 19433<p> Note 1: the "fingerprint", "verify" and "secure" levels are not 19434supported here. 19435The Postfix SMTP server logs a warning and uses "encrypt" instead. 19436To verify remote SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion 19437of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 19438features. </p> 19439 19440<p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = 19441encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p> 19442 19443<p> Note 3: when invoked via "sendmail -bs", Postfix will never 19444offer STARTTLS due to insufficient privileges to access the server 19445private key. This is intended behavior.</p> 19446 19447<p> This feature is available in Postfix 2.3 and later. </p> 19448 19449 19450</DD> 19451 19452<DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 19453(default: empty)</b></DT><DD> 19454 19455<p> Name of the file containing the optional Postfix SMTP server 19456TLS session cache. Specify a database type that supports enumeration, 19457such as <b>btree</b> or <b>sdbm</b>; there is no need to support 19458concurrent access. The file is created if it does not exist. The <a href="smtpd.8.html">smtpd(8)</a> 19459daemon does not use this parameter directly, rather the cache is 19460implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 19461per-smtpd-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not 19462effective. Note that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> 19463daemon: $<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 19464(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to be 19465stored separately. It is not at this time possible to store multiple 19466caches in a single database. </p> 19467 19468<p> Note: <b>dbm</b> databases are not suitable. TLS 19469session objects are too large. </p> 19470 19471<p> As of version 2.5, Postfix no longer uses root privileges when 19472opening this file. The file should now be stored under the Postfix-owned 19473<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 19474under a non-Postfix directory is redirected to the Postfix-owned 19475<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 19476 19477<p> As of Postfix 2.11 the preferred mechanism for session resumption 19478is <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side 19479storage. Consequently, for Postfix ≥ 2.11 this parameter should 19480generally be left empty. TLS session tickets require an OpenSSL 19481library (at least version 0.9.8h) that provides full support for 19482this TLS extension. See also <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p> 19483 19484<p> Example: </p> 19485 19486<pre> 19487<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/smtpd_scache 19488</pre> 19489 19490<p> This feature is available in Postfix 2.2 and later. </p> 19491 19492 19493</DD> 19494 19495<DT><b><a name="smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> 19496(default: 3600s)</b></DT><DD> 19497 19498<p> The expiration time of Postfix SMTP server TLS session cache 19499information. A cache cleanup is performed periodically 19500every $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> seconds. As with 19501$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, this parameter is implemented in the 19502<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtpd-instance <a href="master.5.html">master.cf</a> overrides 19503are not possible. </p> 19504 19505<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set 19506≤ 0, session caching is disabled, not just via the database, but 19507also via <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side 19508storage. If set to a positive value less than 2 minutes, the minimum 19509value of 2 minutes is used instead. TLS session tickets require 19510an OpenSSL library (at least version 0.9.8h) that provides full 19511support for this TLS extension. </p> 19512 19513<p> Specify a non-negative time value (an integral value plus an optional 19514one-letter suffix that specifies the time unit). Time units: s 19515(seconds), m (minutes), h (hours), d (days), w (weeks). 19516The default time unit is s (seconds). </p> 19517 19518<p> This feature is available in Postfix 2.2 and later, and updated 19519for TLS session ticket support in Postfix 2.11. </p> 19520 19521 19522</DD> 19523 19524<DT><b><a name="smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> 19525(default: no)</b></DT><DD> 19526 19527<p> Run the Postfix SMTP server in TLS "wrapper" mode, 19528instead of using the STARTTLS command. </p> 19529 19530<p> If you want to support this service, enable a special port in 19531<a href="master.5.html">master.cf</a>, and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes" on the SMTP 19532server's command line. Port 465 (submissions, formerly called smtps) 19533is reserved for this purpose. </p> 19534 19535<p> This feature is available in Postfix 2.2 and later. </p> 19536 19537 19538</DD> 19539 19540<DT><b><a name="smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> 19541(default: empty)</b></DT><DD> 19542 19543<p> The name of the proxy protocol used by an optional before-smtpd 19544proxy agent. When a proxy agent is used, this protocol conveys local 19545and remote address and port information. Specify 19546"<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> = haproxy" to enable the haproxy 19547protocol; version 2 is supported with Postfix 3.5 and later. </p> 19548 19549<p> NOTE: To use the nginx proxy with <a href="smtpd.8.html">smtpd(8)</a>, enable the XCLIENT 19550protocol with <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a>. This supports SASL 19551authentication in the proxy agent (Postfix 2.9 and later). <p> 19552 19553<p> This feature is available in Postfix 2.10 and later. </p> 19554 19555 19556</DD> 19557 19558<DT><b><a name="smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> 19559(default: 5s)</b></DT><DD> 19560 19561<p> The time limit for the proxy protocol specified with the 19562<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter. </p> 19563 19564<p> Specify a non-zero time value (an integral value plus an optional 19565one-letter suffix that specifies the time unit). Time units: s 19566(seconds), m (minutes), h (hours), d (days), w (weeks). 19567The default time unit is s (seconds). </p> 19568 19569<p> This feature is available in Postfix 2.10 and later. </p> 19570 19571 19572</DD> 19573 19574<DT><b><a name="smtpd_use_tls">smtpd_use_tls</a> 19575(default: no)</b></DT><DD> 19576 19577<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 19578but do not require that clients use TLS encryption. </p> 19579 19580<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 19581STARTTLS due to insufficient privileges to access the server private 19582key. This is intended behavior. </p> 19583 19584<p> This feature is deprecated as of Postfix 3.9. Specify 19585<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 19586 19587<p> This feature is available in Postfix 2.2 and later. With 19588Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 19589 19590 19591</DD> 19592 19593<DT><b><a name="smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> 19594(default: sendmail, verify)</b></DT><DD> 19595 19596<p> Detect that a message requires SMTPUTF8 support for the specified 19597mail origin classes. This is a workaround to avoid chicken-and-egg 19598problems during the initial SMTPUTF8 roll-out in environments with 19599pre-existing mail flows that contain UTF8. Those mail flows should 19600not break because Postfix suddenly refuses to deliver such mail 19601to down-stream MTAs that don't announce SMTPUTF8 support. </p> 19602 19603<p> The problem is that Postfix cannot rely solely on the sender's 19604declaration that a message requires SMTPUTF8 support, because UTF8 19605may be introduced during local processing (for example, the client 19606hostname in Postfix's Received: header, adding @$<a href="postconf.5.html#myorigin">myorigin</a> or 19607.$<a href="postconf.5.html#mydomain">mydomain</a> to an incomplete address, address rewriting, alias 19608expansion, automatic BCC recipients, local forwarding, and changes 19609made by header checks or Milter applications). </p> 19610 19611<p> For now, the default is to enable "SMTPUTF8 required" autodetection 19612only for Postfix sendmail command-line submissions and address 19613verification probes. This may change once SMTPUTF8 support achieves 19614world domination. However, sites that add UTF8 content via local 19615processing (see above) should autodetect the need for SMTPUTF8 19616support for all email.</p> 19617 19618<p> Specify one or more of the following: </p> 19619 19620<dl compact> 19621 19622<dt> <b> sendmail </b> </dt> <dd> Submission with the Postfix 19623<a href="sendmail.1.html">sendmail(1)</a> command. </dd> 19624 19625<dt> <b> smtpd </b> </dt> <dd> Mail received with the <a href="smtpd.8.html">smtpd(8)</a> 19626daemon. </dd> 19627 19628<dt> <b> qmqpd </b> </dt> <dd> Mail received with the <a href="qmqpd.8.html">qmqpd(8)</a> 19629daemon. </dd> 19630 19631<dt> <b> forward </b> </dt> <dd> Local forwarding or aliasing. When 19632a message is received with "SMTPUTF8 required", then the forwarded 19633(aliased) message always has "SMTPUTF8 required". </dd> 19634 19635<dt> <b> bounce </b> </dt> <dd> Submission by the <a href="bounce.8.html">bounce(8)</a> daemon. 19636When a message is received with "SMTPUTF8 required", then the 19637delivery status notification always has "SMTPUTF8 required". </dd> 19638 19639<dt> <b> notify </b> </dt> <dd> Postmaster notification from the 19640<a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a> daemon. </dd> 19641 19642<dt> <b> verify </b> </dt> <dd> Address verification probe from the 19643<a href="verify.8.html">verify(8)</a> daemon. </dd> 19644 19645<dt> <b> all </b> </dt> <dd> Enable SMTPUTF8 autodetection for all 19646mail. </dd> 19647 19648</dl> 19649 19650<p> This feature is available in Postfix 3.0 and later. </p> 19651 19652 19653</DD> 19654 19655<DT><b><a name="smtputf8_enable">smtputf8_enable</a> 19656(default: yes)</b></DT><DD> 19657 19658<p> Enable preliminary SMTPUTF8 support for the protocols described 19659in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>. This requires that Postfix is 19660built to support these protocols. </p> 19661 19662<p> This feature is available in Postfix 3.0 and later. </p> 19663 19664 19665</DD> 19666 19667<DT><b><a name="socketmap_max_reply_size">socketmap_max_reply_size</a> 19668(default: 100000)</b></DT><DD> 19669 19670<p> The maximum allowed reply size from a socketmap server, not 19671including the netstring encapsulation. </p> 19672 19673<p> This feature is available in Postfix ≥ 3.10. </p> 19674 19675 19676</DD> 19677 19678<DT><b><a name="soft_bounce">soft_bounce</a> 19679(default: no)</b></DT><DD> 19680 19681<p> 19682Safety net to keep mail queued that would otherwise be returned to 19683the sender. This parameter disables locally-generated bounces, 19684changes the handling of negative responses from remote servers, 19685content filters or plugins, 19686and prevents the Postfix SMTP server from rejecting mail permanently 19687by changing 5xx reply codes into 4xx. However, <a href="postconf.5.html#soft_bounce">soft_bounce</a> is no 19688cure for address rewriting mistakes or mail routing mistakes. 19689</p> 19690 19691<p> 19692Note: "<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes" is in some cases implemented by modifying 19693server responses. Therefore, the response that Postfix logs may 19694differ from the response that Postfix actually sends or receives. 19695</p> 19696 19697<p> 19698Example: 19699</p> 19700 19701<pre> 19702<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes 19703</pre> 19704 19705 19706</DD> 19707 19708<DT><b><a name="stale_lock_time">stale_lock_time</a> 19709(default: 500s)</b></DT><DD> 19710 19711<p> 19712The time after which a stale exclusive mailbox lockfile is removed. 19713This is used for delivery to file or mailbox. 19714</p> 19715 19716<p> Specify a non-zero time value (an integral value plus an optional 19717one-letter suffix that specifies the time unit). Time units: s 19718(seconds), m (minutes), h (hours), d (days), w (weeks). 19719The default time unit is s (seconds). </p> 19720 19721 19722</DD> 19723 19724<DT><b><a name="stress">stress</a> 19725(default: empty)</b></DT><DD> 19726 19727<p> This feature is documented in the <a href="STRESS_README.html">STRESS_README</a> document. </p> 19728 19729<p> This feature is available in Postfix 2.5 and later. </p> 19730 19731 19732</DD> 19733 19734<DT><b><a name="strict_7bit_headers">strict_7bit_headers</a> 19735(default: no)</b></DT><DD> 19736 19737<p> 19738Reject mail with 8-bit text in message headers. This blocks mail 19739from poorly written applications. 19740</p> 19741 19742<p> 19743This feature should not be enabled on a general purpose mail server, 19744because it is likely to reject legitimate email. 19745</p> 19746 19747<p> 19748This feature is available in Postfix 2.0 and later. 19749</p> 19750 19751 19752</DD> 19753 19754<DT><b><a name="strict_8bitmime">strict_8bitmime</a> 19755(default: no)</b></DT><DD> 19756 19757<p> 19758Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>. 19759</p> 19760 19761<p> 19762This feature should not be enabled on a general purpose mail server, 19763because it is likely to reject legitimate email. 19764</p> 19765 19766<p> 19767This feature is available in Postfix 2.0 and later. 19768</p> 19769 19770 19771</DD> 19772 19773<DT><b><a name="strict_8bitmime_body">strict_8bitmime_body</a> 19774(default: no)</b></DT><DD> 19775 19776<p> 19777Reject 8-bit message body text without 8-bit MIME content encoding 19778information. This blocks mail from poorly written applications. 19779</p> 19780 19781<p> 19782Unfortunately, this also rejects majordomo approval requests when 19783the included request contains valid 8-bit MIME mail, and it rejects 19784bounces from mailers that do not MIME encapsulate 8-bit content 19785(for example, bounces from qmail or from old versions of Postfix). 19786</p> 19787 19788<p> 19789This feature should not be enabled on a general purpose mail server, 19790because it is likely to reject legitimate email. 19791</p> 19792 19793<p> 19794This feature is available in Postfix 2.0 and later. 19795</p> 19796 19797 19798</DD> 19799 19800<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a> 19801(default: yes)</b></DT><DD> 19802 19803<p> Defer delivery when a mailbox file is not owned by its recipient. 19804The default setting is not backwards compatible. </p> 19805 19806<p> This feature is available in Postfix 2.5.3 and later. </p> 19807 19808 19809</DD> 19810 19811<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a> 19812(default: no)</b></DT><DD> 19813 19814<p> 19815Reject mail with invalid Content-Transfer-Encoding: information 19816for the message/* or multipart/* MIME content types. This blocks 19817mail from poorly written software. 19818</p> 19819 19820<p> 19821This feature should not be enabled on a general purpose mail server, 19822because it will reject mail after a single violation. 19823</p> 19824 19825<p> 19826This feature is available in Postfix 2.0 and later. 19827</p> 19828 19829 19830</DD> 19831 19832<DT><b><a name="strict_rfc821_envelopes">strict_rfc821_envelopes</a> 19833(default: no)</b></DT><DD> 19834 19835<p> 19836Require that addresses received in SMTP MAIL FROM and RCPT TO 19837commands are enclosed with <>, and that those addresses do 19838not contain <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail 19839from poorly written software. 19840</p> 19841 19842<p> 19843By default, the Postfix SMTP server accepts <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL 19844FROM and RCPT TO addresses. 19845</p> 19846 19847 19848</DD> 19849 19850<DT><b><a name="strict_smtputf8">strict_smtputf8</a> 19851(default: no)</b></DT><DD> 19852 19853<p> Enable stricter enforcement of the SMTPUTF8 protocol. The Postfix 19854SMTP server accepts UTF8 sender or recipient addresses only when 19855the client requests an SMTPUTF8 mail transaction. </p> 19856 19857<p> This feature is available in Postfix 3.0 and later. </p> 19858 19859 19860</DD> 19861 19862<DT><b><a name="sun_mailtool_compatibility">sun_mailtool_compatibility</a> 19863(default: no)</b></DT><DD> 19864 19865<p> 19866Obsolete SUN mailtool compatibility feature. Instead, use 19867"<a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = dotlock". 19868</p> 19869 19870 19871</DD> 19872 19873<DT><b><a name="swap_bangpath">swap_bangpath</a> 19874(default: yes)</b></DT><DD> 19875 19876<p> 19877Enable the rewriting of "site!user" into "user@site". This is 19878necessary if your machine is connected to UUCP networks. It is 19879enabled by default. 19880</p> 19881 19882<p> Note: with Postfix version 2.2, message header address rewriting 19883happens only when one of the following conditions is true: </p> 19884 19885<ul> 19886 19887<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 19888 19889<li> The message is received from a network client that matches 19890$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 19891 19892<li> The message is received from the network, and the 19893<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 19894 19895</ul> 19896 19897<p> To get the behavior before Postfix version 2.2, specify 19898"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 19899 19900<p> 19901Example: 19902</p> 19903 19904<pre> 19905<a href="postconf.5.html#swap_bangpath">swap_bangpath</a> = no 19906</pre> 19907 19908 19909</DD> 19910 19911<DT><b><a name="syslog_facility">syslog_facility</a> 19912(default: mail)</b></DT><DD> 19913 19914<p> 19915The syslog facility of Postfix logging. Specify a facility as 19916defined in syslog.conf(5). The default facility is "mail". 19917</p> 19918 19919<p> 19920Warning: a non-default <a href="postconf.5.html#syslog_facility">syslog_facility</a> setting takes effect only 19921after a Postfix process has completed initialization. Errors during 19922process initialization will be logged with the default facility. 19923Examples are errors while parsing the command line arguments, and 19924errors while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 19925</p> 19926 19927 19928</DD> 19929 19930<DT><b><a name="syslog_name">syslog_name</a> 19931(default: see "postconf -d" output)</b></DT><DD> 19932 19933<p> 19934A prefix that is prepended to the process name in syslog 19935records, so that, for example, "smtpd" becomes "prefix/smtpd". 19936</p> 19937 19938<p> 19939Warning: a non-default <a href="postconf.5.html#syslog_name">syslog_name</a> setting takes effect only after 19940a Postfix process has completed initialization. Errors during 19941process initialization will be logged with the default name. Examples 19942are errors while parsing the command line arguments, and errors 19943while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 19944</p> 19945 19946 19947</DD> 19948 19949<DT><b><a name="tcp_windowsize">tcp_windowsize</a> 19950(default: 0)</b></DT><DD> 19951 19952<p> An optional workaround for routers that break TCP window scaling. 19953Specify a value > 0 and < 65536 to enable this feature. With 19954Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented 19955by the Postfix <a href="master.8.html">master(8)</a> daemon. </p> 19956 19957<p> To change this parameter without stopping Postfix, you need to 19958first terminate all Postfix TCP servers: </p> 19959 19960<blockquote> 19961<pre> 19962# postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet 19963# postfix reload 19964</pre> 19965</blockquote> 19966 19967<p> This immediately terminates all processes that accept network 19968connections. Next, you enable Postfix TCP servers with the updated 19969<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p> 19970 19971<blockquote> 19972<pre> 19973# postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>= 19974# postfix reload 19975</pre> 19976</blockquote> 19977 19978<p> If you skip these steps with a running Postfix system, then the 19979<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>, 19980<a href="lmtp.8.html">lmtp(8)</a>). </p> 19981 19982<p> This feature is available in Postfix 2.6 and later. </p> 19983 19984 19985</DD> 19986 19987<DT><b><a name="tls_append_default_CA">tls_append_default_CA</a> 19988(default: no)</b></DT><DD> 19989 19990<p> Append the system-supplied default Certification Authority 19991certificates to the ones specified with *_tls_CApath or *_tls_CAfile. 19992The default is "no"; this prevents Postfix from trusting third-party 19993certificates and giving them relay permission with 19994<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 19995 19996<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, 199972.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for 19998backwards compatibility, to avoid breaking certificate verification 19999with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 20000 20001 20002</DD> 20003 20004<DT><b><a name="tls_config_file">tls_config_file</a> 20005(default: default)</b></DT><DD> 20006 20007<p> Optional configuration file with baseline OpenSSL settings. 20008OpenSSL loads any SSL settings found in the configuration file for 20009the selected application name (see <a href="postconf.5.html#tls_config_name">tls_config_name</a>) or else the 20010built-in application name "openssl_conf" when no application name is 20011specified, or no corresponding configuration section is present. 20012</p> 20013 20014<p> With OpenSSL releases 1.1.1 and 1.1.1a, applications (including 20015Postfix) can neither specify an alternative configuration file, nor 20016avoid loading the default configuration file. </p> 20017 20018<p> With OpenSSL 1.1.1b or later, this parameter may be set to one of: 20019</p> 20020 20021<dl> 20022 20023<dt> <b>default</b> (default) </dt> <dd> Load the system-wide 20024"openssl.cnf" configuration file. </dd> 20025 20026<dt> <b>none</b> (recommended, OpenSSL 1.1.1b or later only) </dt> 20027<dd> This setting disables loading of the system-wide "openssl.cnf" 20028file. </dd> 20029 20030<dt> <b><i>/absolute-path</i></b> (OpenSSL 1.1.1b or later only) </dt> 20031<dd> Load the configuration file specified by <i>/absolute-path</i>. 20032With this setting it is an error for the file to not contain any 20033settings for the selected <a href="postconf.5.html#tls_config_name">tls_config_name</a>. There is no fallback to 20034the default "openssl_conf" name. </dd> 20035 20036</dl> 20037 20038<p> Failures in processing of the built-in default configuration file, 20039are silently ignored. Any errors in loading a non-default configuration 20040file are detected by Postfix, and cause TLS support to be disabled. 20041</p> 20042 20043<p> The OpenSSL configuration file format is not documented here, 20044beyond giving two examples. <p> 20045 20046<p> Example: Default settings for all applications. </p> 20047 20048<blockquote> 20049<pre> 20050# The name 'openssl_conf' is the default application name 20051# The section name to the right of the '=' sign is arbitrary, 20052# any name will do, so long as it refers to the desired section. 20053# 20054# The name 'system_default' selects the settings applied internally 20055# by the SSL library as part of SSL object creation. Applications 20056# can then apply any additional settings of their choice. 20057# 20058# In this example, TLS versions prior to 1.2 are disabled by default. 20059# 20060openssl_conf = system_wide_settings 20061[system_wide_settings] 20062ssl_conf = ssl_library_settings 20063[ssl_library_settings] 20064system_default = initial_ssl_settings 20065[initial_ssl_settings] 20066MinProtocol = TLSv1.2 20067</pre> 20068</blockquote> 20069 20070<p> Example: Custom settings for an application named "postfix". </p> 20071 20072<blockquote> 20073<pre> 20074# The mapping from an application name to the corresponding configuration 20075# section must appear near the top of the file, (in what is sometimes called 20076# the "default section") prior to the start of any explicitly named 20077# "[sections]". The named sections can appear in any order and don't nest. 20078# 20079postfix = postfix_settings 20080[postfix_settings] 20081ssl_conf = postfix_ssl_settings 20082[postfix_ssl_settings] 20083system_default = baseline_postfix_settings 20084[baseline_postfix_settings] 20085MinProtocol = TLSv1 20086</pre> 20087</blockquote> 20088 20089<p> Example: Custom OpenSSL group settings. </p> 20090 20091<pre> 20092<a href="postconf.5.html">main.cf</a>: 20093 <a href="postconf.5.html#tls_config_file">tls_config_file</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/openssl.cnf 20094 <a href="postconf.5.html#tls_config_name">tls_config_name</a> = postfix 20095</pre> 20096 20097<pre> 20098openssl.cnf: 20099 postfix = postfix_settings 20100</pre> 20101 20102<pre> 20103 [postfix_settings] 20104 ssl_conf = postfix_ssl_settings 20105</pre> 20106 20107<pre> 20108 [postfix_ssl_settings] 20109 system_default = baseline_postfix_settings 20110</pre> 20111 20112<pre> 20113 [baseline_postfix_settings] 20114 # New OpenSSL 3.5 syntax, for older releases consider 20115 # the Postfix default: 20116 # 20117 # Groups = X25519:X448:prime256v1:secp384r1:secp521r1:ffdhe2048:ffdhe3072 20118 # 20119 Groups = *X25519MLKEM768 / *X25519:X448 / P-256:P-384 20120</pre> 20121 20122<p> Caution: It is typically best to just use the default OpenSSL 20123group settings, by setting "<a href="postconf.5.html#tls_config_file">tls_config_file</a> = none". Overly strict 20124system-wide TLS settings will conflict with Postfix's opportunistic 20125TLS, where being less restrictive is better than downgrading to 20126cleartext SMTP. </p> 20127 20128<p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, 201293.6.10, and 3.5.20. </p> 20130 20131 20132</DD> 20133 20134<DT><b><a name="tls_config_name">tls_config_name</a> 20135(default: empty)</b></DT><DD> 20136 20137<p> The application name passed by Postfix to OpenSSL library 20138initialization functions. This name is used to select the desired 20139configuration "section" in the OpenSSL configuration file specified 20140via the <a href="postconf.5.html#tls_config_file">tls_config_file</a> parameter. When empty, or when the 20141selected name is not present in the configuration file, the default 20142application name ("openssl_conf") is used as a fallback. </p> 20143 20144<p> This feature is available in Postfix ≥ 3.9. </p> 20145 20146 20147</DD> 20148 20149<DT><b><a name="tls_daemon_random_bytes">tls_daemon_random_bytes</a> 20150(default: 32)</b></DT><DD> 20151 20152<p> The number of pseudo-random bytes that an <a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a> 20153process requests from the <a href="tlsmgr.8.html">tlsmgr(8)</a> server in order to seed its 20154internal pseudo random number generator (PRNG). The default of 32 20155bytes (equivalent to 256 bits) is sufficient to generate a 128bit 20156(or 168bit) session key. </p> 20157 20158<p> This feature is available in Postfix 2.2 and later. </p> 20159 20160 20161</DD> 20162 20163<DT><b><a name="tls_dane_digest_agility">tls_dane_digest_agility</a> 20164(default: on)</b></DT><DD> 20165 20166<p> Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility. 20167Do not change this setting from its default value. </p> 20168 20169<p> See Section 8 of <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> for correct key rotation procedures. </p> 20170 20171<p> This feature is available in Postfix 2.11 through 3.1. Postfix 201723.2 and later ignore this configuration parameter and behave as 20173though it were set to "on". </p> 20174 20175 20176</DD> 20177 20178<DT><b><a name="tls_dane_digests">tls_dane_digests</a> 20179(default: sha512 sha256)</b></DT><DD> 20180 20181<p> DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) resource-record "matching 20182type" digest algorithms in descending preference order. All the 20183specified algorithms must be supported by the underlying OpenSSL 20184library, otherwise the Postfix SMTP client will not support DANE 20185TLSA security. </p> 20186 20187<p> Specify a list of digest names separated by commas and/or 20188whitespace. Each digest name may be followed by an optional 20189"=<number>" suffix. For example, "sha512" may instead be specified 20190as "sha512=2" and "sha256" may instead be specified as "sha256=1". 20191The optional number must match the <a 20192href="https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types" 20193>IANA</a> assigned TLSA matching type number the algorithm in question. 20194Postfix will check this constraint for the algorithms it knows about. 20195Additional matching type algorithms registered with IANA can be added 20196with explicit numbers provided they are supported by OpenSSL. </p> 20197 20198<p> Invalid list elements are logged with a warning and disable DANE 20199support. TLSA RRs that specify digests not included in the list are 20200ignored with a warning. </p> 20201 20202<p> Note: It is unwise to omit sha256 from the digest list. This 20203digest algorithm is the only mandatory to implement digest algorithm 20204in <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, and many servers are expected to publish TLSA records 20205with just sha256 digests. Unless one of the standard digests is 20206seriously compromised and servers have had ample time to update their 20207TLSA records you should not omit any standard digests, just arrange 20208them in order from strongest to weakest. </p> 20209 20210<p> This feature is available in Postfix 2.11 and later. </p> 20211 20212 20213</DD> 20214 20215<DT><b><a name="tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> 20216(default: yes)</b></DT><DD> 20217 20218<p> Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain 20219digests of trust-anchors with certificate usage "2". Do not change 20220this setting from its default value. </p> 20221 20222<p> This feature is available in Postfix 2.11 through 3.1. It has 20223been withdrawn in Postfix 3.2, as trust-anchor TLSA records are now 20224widely used and have proved sufficiently reliable. Postfix 3.2 and 20225later ignore this configuration parameter and behaves as though it 20226were set to "yes". </p> 20227 20228 20229</DD> 20230 20231<DT><b><a name="tls_disable_workarounds">tls_disable_workarounds</a> 20232(default: see "postconf -d" output)</b></DT><DD> 20233 20234<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p> 20235 20236<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS 20237implementations. Applications, such as Postfix, that want to maximize 20238interoperability ask the OpenSSL library to enable the full set of 20239recommended work-arounds. </p> 20240 20241<p> From time to time, it is discovered that a work-around creates a 20242security issue, and should no longer be used. If upgrading OpenSSL 20243to a fixed version is not an option or an upgrade is not available 20244in a timely manner, or in closed environments where no buggy clients 20245or servers exist, it may be appropriate to disable some or all of the 20246OpenSSL interoperability work-arounds. This parameter specifies which 20247bug work-arounds to disable. </p> 20248 20249<p> If the value of the parameter is a hexadecimal long integer starting 20250with "0x", the bug work-arounds corresponding to the bits specified in 20251its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask 20252(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more 20253bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying 202540xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should 20255also be sufficient on 64-bit systems, until OpenSSL abandons support 20256for 32-bit systems and starts using the high 32 bits of a 64-bit 20257bug-workaround mask. </p> 20258 20259<p> Otherwise, the parameter is a white-space or comma separated list 20260of specific named bug work-arounds chosen from the list below. It 20261is possible that your OpenSSL version includes new bug work-arounds 20262added after your Postfix source code was last updated, in that case 20263you can only disable one of these via the hexadecimal syntax above. </p> 20264 20265<dl> 20266 20267<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in 20268OpenSSL 1.0.0.</dd> 20269 20270<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See 20271SSL_CTX_set_options(3)</dd> 20272 20273<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 20274 20275<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See 20276SSL_CTX_set_options(3)</dd> 20277 20278<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 20279 20280<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as 20281<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by 20282default with OpenSSL versions that may predate the fix. Fixed in 20283OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd> 20284 20285<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 20286 20287<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased 20288as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by 20289default with OpenSSL versions that may predate the fix. Fixed in 20290OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd> 20291 20292<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See 20293SSL_CTX_set_options(3)</dd> 20294 20295<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See 20296SSL_CTX_set_options(3)</dd> 20297 20298<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 20299 20300<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 20301 20302<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3). 20303This is disabled in OpenSSL 0.9.7 and later. Nobody should still 20304be using 0.9.6! </dd> 20305 20306<dt><b>TLSEXT_PADDING</b></dt><dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd> 20307 20308</dl> 20309 20310<p> This feature is available in Postfix 2.8 and later. </p> 20311 20312 20313</DD> 20314 20315<DT><b><a name="tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> 20316(default: see "postconf -d" output)</b></DT><DD> 20317 20318<p> The prioritized list of elliptic curves, that should be enabled in the 20319Postfix SMTP client and server. The selected curves should be implemented 20320by OpenSSL and be standardized for use in the TLS "supported groups" extension 20321(<a href="https://tools.ietf.org/html/rfc8422">RFC8422</a>, <a href="https://tools.ietf.org/html/rfc8446">RFC8446</a> and <a href="https://tools.ietf.org/html/rfc8447">RFC8447</a>). Be sure to include at least "x25519" and 20322"prime256v1" (the OpenSSL name for "secp256r1", a.k.a. "P-256"). The default 20323list is suitable for most users. </p> 20324 20325<p> On the client side, the first curve listed will be used to construct the 20326client's initial TLS 1.3 "keyshare". If this is not supported by the server, 20327the TLS handshake may require an additional round-trip after the server issues 20328a HelloRetryRequest (HRR) indicating a suitable mutually supported curve. </p> 20329 20330<p> Postfix skips curve names that are unknown to OpenSSL, or that are known 20331but not yet implemented. This makes it possible to "anticipate" support for 20332curves that should be used once they become available, or to deploy the same 20333setting on a server "farm" where not all servers support the same curves. </p> 20334 20335<p> As of Postfix 3.10, when compiled with OpenSSL 3.0 or later, the "curve" 20336names can be more general key encapsulation mechanisms (KEMs), and/or may be 20337loaded from an external "provider" (via a suitable <a href="postconf.5.html#tls_config_file">tls_config_file</a>). </p> 20338 20339<p> See also the "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>" parameter, which supports 20340customizing the list of FFDHE groups enabled with TLS 1.3. That setting 20341is introduced with Postfix 3.8, when built against OpenSSL 3.0 or later. 20342</p> 20343 20344<p> Post-quantum cryptography support: OpenSSL 3.5 introduces new 20345configuration syntax that Postfix will not attempt to imitate. 20346Instead, with Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and later, set 20347both <a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> and if available <a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> 20348to the empty value, to enable algorithm selection through OpenSSL 20349configuration. See <a href="postconf.5.html#tls_config_file">tls_config_file</a> for a configuration example. 20350</p> 20351 20352<p> This feature is available in Postfix 3.2 and later, when it is 20353compiled and linked with OpenSSL 1.0.2 or later on platforms where 20354EC algorithms have not been disabled by the vendor. </p> 20355 20356 20357</DD> 20358 20359<DT><b><a name="tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> 20360(default: prime256v1)</b></DT><DD> 20361 20362<p> The elliptic curve used by the Postfix SMTP server for sensibly 20363strong 20364ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 20365server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The phrase "sensibly 20366strong" means approximately 128-bit security based on best known 20367attacks. The selected curve must be implemented by OpenSSL (as 20368reported by ecparam(1) with the "-list_curves" option) and be one 20369of the curves listed in Section 5.1.1 of <a href="https://tools.ietf.org/html/rfc8422">RFC 8422</a>. You should not 20370generally change this setting. Remote SMTP client implementations 20371must support this curve for EECDH key exchange to take place. It 20372is unwise to choose only "bleeding-edge" curves supported by only a 20373small subset of clients. </p> 20374 20375<p> This feature is not used as of Postfix 3.6. Do not specify. </p> 20376 20377<p> The default "strong" curve is rated in NSA <a 20378href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite 20379B</a> for information classified up to SECRET. </p> 20380 20381<p> Note: elliptic curve names are poorly standardized; different 20382standards groups are assigning different names to the same underlying 20383curves. The curve with the X9.62 name "prime256v1" is also known 20384under the SECG name "secp256r1", but OpenSSL does not recognize the 20385latter name. </p> 20386 20387<p> If you want to take maximal advantage of ciphers that offer <a 20388href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 20389the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 20390started</a> section of <a 20391href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 20392full document conveniently presents all information about Postfix 20393"perfect" forward secrecy support in one place: what forward secrecy 20394is, how to tweak settings, and what you can expect to see when 20395Postfix uses ciphers with forward secrecy. </p> 20396 20397<p> This feature is available in Postfix 2.6 and later, when it is 20398compiled and linked with OpenSSL 1.0.0 or later on platforms where 20399EC algorithms have not been disabled by the vendor. </p> 20400 20401 20402</DD> 20403 20404<DT><b><a name="tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> 20405(default: secp384r1)</b></DT><DD> 20406 20407<p> The elliptic curve used by the Postfix SMTP server for maximally 20408strong 20409ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 20410server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = ultra". The phrase "maximally 20411strong" means approximately 192-bit security based on best known attacks. 20412This additional strength comes at a significant computational cost, most 20413users should instead set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The selected 20414curve must be implemented by OpenSSL (as reported by ecparam(1) with the 20415"-list_curves" option) and be one of the curves listed in Section 5.1.1 20416of <a href="https://tools.ietf.org/html/rfc8422">RFC 8422</a>. You should not generally change this setting. Remote SMTP 20417client implementations must support this curve for EECDH key exchange 20418to take place. It is unwise to choose only "bleeding-edge" curves 20419supported by only a small subset of clients. </p> 20420 20421<p> This feature is not used as of Postfix 3.6. Do not specify. </p> 20422 20423<p> This default "ultra" curve is rated in NSA <a 20424href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite 20425B</a> for information classified up to TOP SECRET. </p> 20426 20427<p> If you want to take maximal advantage of ciphers that offer <a 20428href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 20429the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 20430started</a> section of <a 20431href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 20432full document conveniently presents all information about Postfix 20433"perfect" forward secrecy support in one place: what forward secrecy 20434is, how to tweak settings, and what you can expect to see when 20435Postfix uses ciphers with forward secrecy. </p> 20436 20437<p> This feature is available in Postfix 2.6 and later, when it is 20438compiled and linked with OpenSSL 1.0.0 or later on platforms where 20439EC algorithms have not been disabled by the vendor. </p> 20440 20441 20442</DD> 20443 20444<DT><b><a name="tls_export_cipherlist">tls_export_cipherlist</a> 20445(default: see "postconf -d" output)</b></DT><DD> 20446 20447<p> The OpenSSL cipherlist for "export" or higher grade ciphers. 20448Ignored as of Postfix 3.8. In earlier Postfix releases this 20449defined the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 20450<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, 20451<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, <a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and 20452<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged not to 20453change this setting. </p> 20454 20455<p> This feature is available in Postfix 2.3 and later. </p> 20456 20457 20458</DD> 20459 20460<DT><b><a name="tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> 20461(default: yes)</b></DT><DD> 20462 20463<p> A workaround for implementations that hang Postfix while shutting 20464down a TLS session, until Postfix times out. With this enabled, 20465Postfix will not wait for the remote TLS peer to respond to a TLS 20466'close' notification. This behavior is recommended for TLSv1.0 and 20467later. </p> 20468 20469 20470</DD> 20471 20472<DT><b><a name="tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> 20473(default: see "postconf -d" output)</b></DT><DD> 20474 20475<p> The prioritized list of finite-field Diffie-Hellman ephemeral 20476(FFDHE) key exchange groups supported by the Postfix SMTP client and 20477server. OpenSSL 3.0 adds support for FFDHE key agreement in TLS 1.3. 20478In OpenSSL 1.1.1, TLS 1.3 was only supported with elliptic-curve based 20479key agreement. The "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>" parameter makes it possible 20480to configure the list of FFDHE groups that the Postfix client or server 20481will enable in OpenSSL 3.0 and up. This parameter has no effect when 20482Postfix is built against earlier OpenSSL versions. </p> 20483 20484<p> The default list of FFDHE groups that Postfix enables in OpenSSL 3.0 20485and up includes just the 2048 and 3072-bit groups. Stronger FFDHE 20486groups perform poorly and EC groups are a much better choice for the 20487same security level. Postfix ignores group names that are unknown to 20488OpenSSL, or that are known but not yet implemented. The FFDHE groups 20489are largely a backup, in case some peer does not support EC key 20490exchange, or EC key exchange needs to be disabled for some pressing 20491reason. </p> 20492 20493<p> Setting this parameter empty disables FFDHE support in TLS 1.3. 20494Whether FFDHE key agreement is enabled in TLS 1.2 and earlier depends 20495on whether any of the "kDHE" ciphers are included in the cipherlist. 20496</p> 20497 20498<p> Conversely, setting "<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" empty disables TLS 1.3 20499EC key agreement in OpenSSL 3.0 and later. If both are set empty, 20500Postfix will fall back to OpenSSL preferences as described next. </p> 20501 20502<p> Post-quantum cryptography support: OpenSSL 3.5 introduces new 20503configuration syntax that Postfix will not attempt to imitate. 20504Instead, with Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and later, set 20505both <a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> and <a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> to the empty 20506value, to enable algorithm selection through OpenSSL configuration. 20507See <a href="postconf.5.html#tls_config_file">tls_config_file</a> for a configuration example. </p> 20508 20509<p> All the default groups and EC curves should be sufficiently strong to make 20510"pruning" the defaults unwise. At a minimum, "x25519" and "prime256v1" (the 20511OpenSSL name for "secp256r1", a.k.a. "P-256") should be among the enabled EC 20512curves, while "dhe2048" and "dhe3072" should be among the FFDHE groups. </p> 20513 20514<p> This feature is available in Postfix 3.8 and later, when it is 20515compiled and linked with OpenSSL 3.0 or later. </p> 20516 20517 20518</DD> 20519 20520<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a> 20521(default: see "postconf -d" output)</b></DT><DD> 20522 20523<p> The OpenSSL cipherlist for "high" grade ciphers. This defines 20524the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 20525<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, 20526<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly 20527encouraged not to change this setting. </p> 20528 20529<p> This feature is available in Postfix 2.3 and later. </p> 20530 20531 20532</DD> 20533 20534<DT><b><a name="tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a> 20535(default: no)</b></DT><DD> 20536 20537<p> A temporary migration aid for sites that use certificate 20538<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use 20539an incorrect algorithm. This parameter has no effect on the certificate 20540fingerprint support that is available since Postfix 2.2. </p> 20541 20542<p> Specify "<a href="postconf.5.html#tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a> = yes" temporarily, 20543pending a migration from configuration files with incorrect Postfix 205442.9.0..2.9.5 certificate public-key finger prints, to the correct 20545fingerprints used by Postfix 2.9.6 and later. To compute the correct 20546certificate public-key fingerprints, see <a href="TLS_README.html">TLS_README</a>. </p> 20547 20548<p> This feature is available in Postfix 2.9.6 and later. </p> 20549 20550 20551</DD> 20552 20553<DT><b><a name="tls_low_cipherlist">tls_low_cipherlist</a> 20554(default: see "postconf -d" output)</b></DT><DD> 20555 20556<p> The OpenSSL cipherlist for "low" or higher grade ciphers. 20557Ignored as of Postfix 3.8. In earlier Postfix releases this 20558defined the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 20559<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, 20560<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, <a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and 20561<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged not to 20562change this setting. </p> 20563 20564<p> This feature is available in Postfix 2.3 and later. </p> 20565 20566 20567</DD> 20568 20569<DT><b><a name="tls_medium_cipherlist">tls_medium_cipherlist</a> 20570(default: see "postconf -d" output)</b></DT><DD> 20571 20572<p> The OpenSSL cipherlist for "medium" or higher grade ciphers. This 20573defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 20574<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, 20575<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is the 20576default cipherlist for mandatory TLS encryption in the TLS client 20577(with anonymous ciphers disabled when verifying server certificates). 20578This is the default cipherlist for opportunistic TLS with Postfix 20579releases after the middle of 2015. You are strongly encouraged not 20580to change this setting. </p> 20581 20582<p> This feature is available in Postfix 2.3 and later. </p> 20583 20584 20585</DD> 20586 20587<DT><b><a name="tls_null_cipherlist">tls_null_cipherlist</a> 20588(default: eNULL:!aNULL)</b></DT><DD> 20589 20590<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide 20591authentication without encryption. This defines the meaning of the "null" 20592setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 20593<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged not to 20594change this setting. </p> 20595 20596<p> This feature is available in Postfix 2.3 and later. </p> 20597 20598 20599</DD> 20600 20601<DT><b><a name="tls_preempt_cipherlist">tls_preempt_cipherlist</a> 20602(default: no)</b></DT><DD> 20603 20604<p> With SSLv3 and later, use the Postfix SMTP server's cipher 20605preference order instead of the remote client's cipher preference 20606order. </p> 20607 20608<p> By default, the OpenSSL server selects the client's most preferred 20609cipher that the server supports. With SSLv3 and later, the server may 20610choose its own most preferred cipher that is supported (offered) by 20611the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher 20612preferences. </p> 20613 20614<p> While server cipher selection may in some cases lead to a more secure 20615or performant cipher choice, there is some risk of interoperability 20616issues. In the past, some SSL clients have listed lower priority ciphers 20617that they did not implement correctly. If the server chooses a cipher 20618that the client prefers less, it may select a cipher whose client 20619implementation is flawed. Most notably Windows 2003 Microsoft 20620Exchange servers have flawed implementations of DES-CBC3-SHA, which 20621OpenSSL considers stronger than RC4-SHA. Enabling server cipher-suite 20622selection may create interoperability issues with Windows 2003 20623Microsoft Exchange clients. </p> 20624 20625<p> This feature is available in Postfix 2.8 and later, in combination 20626with OpenSSL 0.9.7 and later. </p> 20627 20628 20629</DD> 20630 20631<DT><b><a name="tls_random_bytes">tls_random_bytes</a> 20632(default: 32)</b></DT><DD> 20633 20634<p> The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a> 20635when (re)seeding the in-memory pseudo random number generator (PRNG) 20636pool. The default of 32 bytes (256 bits) is good enough for 128bit 20637symmetric keys. If using EGD or a device file, a maximum of 255 20638bytes is read. </p> 20639 20640<p> This feature is available in Postfix 2.2 and later. </p> 20641 20642 20643</DD> 20644 20645<DT><b><a name="tls_random_exchange_name">tls_random_exchange_name</a> 20646(default: see "postconf -d" output)</b></DT><DD> 20647 20648<p> Name of the pseudo random number generator (PRNG) state file 20649that is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>. The file is created when it does 20650not exist, and its length is fixed at 1024 bytes. </p> 20651 20652<p> As of version 2.5, Postfix no longer uses root privileges when 20653opening this file, and the default file location was changed from 20654${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch to ${<a href="postconf.5.html#data_directory">data_directory</a>}/prng_exch. As 20655a migration aid, an attempt to open the file under a non-Postfix 20656directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 20657warning is logged. </p> 20658 20659<p> This feature is available in Postfix 2.2 and later. </p> 20660 20661 20662</DD> 20663 20664<DT><b><a name="tls_random_prng_update_period">tls_random_prng_update_period</a> 20665(default: 3600s)</b></DT><DD> 20666 20667<p> The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the state of 20668the pseudo random number generator (PRNG) to the file specified 20669with $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>. </p> 20670 20671<p> Specify a non-zero time value (an integral value plus an optional 20672one-letter suffix that specifies the time unit). Time units: s 20673(seconds), m (minutes), h (hours), d (days), w (weeks). 20674The default time unit is s (seconds). </p> 20675 20676<p> This feature is available in Postfix 2.2 and later. </p> 20677 20678 20679</DD> 20680 20681<DT><b><a name="tls_random_reseed_period">tls_random_reseed_period</a> 20682(default: 3600s)</b></DT><DD> 20683 20684<p> The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to re-seed the 20685in-memory pseudo random number generator (PRNG) pool from external 20686sources. The actual time between re-seeding attempts is calculated 20687using the PRNG, and is between 0 and the time specified. </p> 20688 20689<p> Specify a non-zero time value (an integral value plus an optional 20690one-letter suffix that specifies the time unit). Time units: s 20691(seconds), m (minutes), h (hours), d (days), w (weeks). 20692The default time unit is s (seconds). </p> 20693 20694<p> This feature is available in Postfix 2.2 and later. </p> 20695 20696 20697</DD> 20698 20699<DT><b><a name="tls_random_source">tls_random_source</a> 20700(default: see "postconf -d" output)</b></DT><DD> 20701 20702<p> The external entropy source for the in-memory <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo 20703random number generator (PRNG) pool. Be sure to specify a non-blocking 20704source. If this source is not a regular file, the entropy source 20705type must be prepended: egd:/path/to/egd_socket for a source with 20706EGD compatible socket interface, or dev:/path/to/device for a 20707device file. </p> 20708 20709<p> Note: on OpenBSD systems specify dev:/dev/arandom when dev:/dev/urandom 20710gives timeout errors. </p> 20711 20712<p> This feature is available in Postfix 2.2 and later. </p> 20713 20714 20715</DD> 20716 20717<DT><b><a name="tls_required_enable">tls_required_enable</a> 20718(default: yes)</b></DT><DD> 20719 20720<p> Enable support for the "TLS-Required: no" message header, defined 20721in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>. By adding this header to a message, a sender requests 20722no enforcement of TLS policy. This limits the Postfix SMTP client 20723TLS security level to "may", that is, do not verify remote SMTP 20724server certificates, and fall back to plaintext if TLS is unavailable. 20725If a message contains a "TLS-Required: no" header, then Postfix 20726will add that header to a delivery status notification for that 20727message. </p> 20728 20729<p> This feature is available in Postfix ≥ 3.10. </p> 20730 20731 20732</DD> 20733 20734<DT><b><a name="tls_server_sni_maps">tls_server_sni_maps</a> 20735(default: empty)</b></DT><DD> 20736 20737<p> Optional lookup tables that map names received from remote SMTP 20738clients via the TLS Server Name Indication (SNI) extension to the 20739appropriate keys and certificate chains. This parameter is implemented 20740in the Postfix TLS library, and applies to both <a href="smtpd.8.html">smtpd(8)</a> and the SMTP 20741server mode of <a href="tlsproxy.8.html">tlsproxy(8)</a>. </p> 20742 20743<p> When this parameter is non-empty, the Postfix SMTP server enables 20744SNI extension processing, and logs SNI values that are invalid or 20745don't match an entry in the specified tables. When an entry 20746does match, the SNI name is logged as part of the connection summary 20747at log levels 1 and higher. </p> 20748 20749<p> The lookup key is either the verbatim SNI domain name or an 20750ancestor domain prefixed with a leading dot. For internationalized 20751domains, the lookup key must be in IDNA 2008 A-label form (as 20752required in the TLS SNI extension). </p> 20753 20754<p> The syntax of the lookup value is the same as with the 20755<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> parameter (see there for additional details), 20756but here scoped to just TLS connections in which the client sends 20757a matching SNI domain name. </p> 20758 20759<p> Example: </p> 20760<blockquote> 20761<pre> 20762/etc/postfix/<a href="postconf.5.html">main.cf</a>: 20763 # 20764 # The indexed SNI table must be created with "postmap -F" 20765 # 20766 indexed = ${<a href="postconf.5.html#default_database_type">default_database_type</a>}:${<a href="postconf.5.html#config_directory">config_directory</a>}/ 20767 <a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> = ${indexed}sni 20768</pre> 20769</blockquote> 20770 20771<blockquote> 20772<pre> 20773/etc/postfix/sni: 20774 # 20775 # The example.com domain has both an RSA and ECDSA certificate 20776 # chain. The chain files MUST start with the private key, 20777 # with the certificate chain next, starting with the leaf 20778 # (server) certificate, and then the issuer certificates. 20779 # 20780 example.com /etc/postfix/sni-chains/rsa2048.example.com.pem, 20781 /etc/postfix/sni-chains/ecdsa-p256.example.com.pem 20782 # 20783 # The example.net domain has a wildcard certificate, and two 20784 # additional DNS names. So its certificate chain is also used 20785 # with any subdomain, plus the additional names. 20786 # 20787 example.net /etc/postfix/sni-chains/example.net.pem 20788 .example.net /etc/postfix/sni-chains/example.net.pem 20789 example.info /etc/postfix/sni-chains/example.net.pem 20790 example.org /etc/postfix/sni-chains/example.net.pem 20791</pre> 20792</blockquote> 20793 20794<p> Note that the SNI lookup tables should also have entries for 20795the domains that correspond to the Postfix SMTP server's default 20796certificate(s). This ensures that the remote SMTP client's TLS SNI 20797extension gets a positive response when it specifies one of the 20798Postfix SMTP server's <a href="ADDRESS_CLASS_README.html#default_domain_class">default domains</a>, and ensures that the Postfix 20799SMTP server will not log an SNI name mismatch for such a domain. 20800The Postfix SMTP server's default certificates are then only used 20801when the client sends no SNI or when it sends SNI with a domain 20802that the server knows no certificate(s) for. </p> 20803 20804<p> The mapping from an SNI domain name to a certificate chain is indirect. In 20805the input source files for "cdb", "hash", "btree" or other tables that are 20806converted to on-disk indexed files via <a href="postmap.1.html">postmap(1)</a>, the value specified for each 20807key is a list of filenames. When <a href="postmap.1.html">postmap(1)</a> is used with the <b>-F</b> option, 20808the generated table stores for each lookup key the base64-encoded contents of 20809the associated files. When querying tables via <b>postmap -Fq</b>, the table 20810value is decoded from base64, yielding the original file content, plus a new 20811line. </p> 20812 20813<p> With "regexp", "pcre", "inline", "texthash", "static" and similar 20814tables that are interpreted at run-time, and don't have a separate 20815source format, the table value is again a list files, that are loaded 20816into memory when the table is opened. </p> 20817 20818<p> With tables whose content is managed outside of Postfix, such 20819as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a 20820concatenation of the desired PEM keys and certificate chains, that 20821is then further encoded to yield a single-line base64 string. 20822Creation of such tables and secure storage (the value includes 20823private key material) are outside the responsibility of Postfix. </p> 20824 20825<p> With "socketmap" and "tcp" the data will be transmitted in the clear, and 20826there is no query access control, so these are generally unsuitable for storing 20827SNI chains. With LDAP and SQL, you should restrict read access and use TLS to 20828protect the sensitive data in transit. </p> 20829 20830<p> Typically there is only one private key and its chain of certificates 20831starting with the "leaf" certificate corresponding to that key, and 20832continuing with the appropriate intermediate issuer CA certificates, 20833with each certificate ideally followed by its issuer. Servers 20834that have keys and certificates for more than one algorithm (e.g. 20835both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519) 20836can use multiple chains concatenated together, with the key always 20837listed before the corresponding certificates. </p> 20838 20839<p> This feature is available in Postfix 3.4 and later. </p> 20840 20841 20842</DD> 20843 20844<DT><b><a name="tls_session_ticket_cipher">tls_session_ticket_cipher</a> 20845(default: Postfix ≥ 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)</b></DT><DD> 20846 20847<p> Algorithm used to encrypt <a href="https://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets. This 20848algorithm must use CBC mode, have a 128-bit block size, and must 20849have a key length between 128 and 256 bits. The default is 20850aes-256-cbc. Overriding the default to choose a different algorithm 20851is discouraged. </p> 20852 20853<p> Setting this parameter empty disables session ticket support 20854in the Postfix SMTP server. Another way to disable session ticket 20855support is via the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter. </p> 20856 20857<p> This feature is available in Postfix 3.0 and later. </p> 20858 20859 20860</DD> 20861 20862<DT><b><a name="tls_ssl_options">tls_ssl_options</a> 20863(default: empty)</b></DT><DD> 20864 20865<p> List or bit-mask of OpenSSL options to enable. </p> 20866 20867<p> The OpenSSL toolkit provides a set of options that applications 20868can enable to tune the OpenSSL behavior. Some of these work around 20869bugs in other implementations and are on by default. You can use 20870the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter to selectively disable some 20871or all of the bug work-arounds, making OpenSSL more strict at the 20872cost of non-interoperability with SSL clients or servers that exhibit 20873the bugs. </p> 20874 20875<p> Other options are off by default, and typically enable or disable 20876features rather than bug work-arounds. These may be turned on (with 20877care) via the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter. The value is a white-space 20878or comma separated list of named options chosen from the list below. 20879The names are not case-sensitive, you can use lower-case if you 20880prefer. The upper case values below match the corresponding macro 20881name in the ssl.h header file with the SSL_OP_ prefix removed. It 20882is possible that your OpenSSL version includes new options added 20883after your Postfix source code was last updated, in that case you 20884can only enable one of these via the hexadecimal syntax below. </p> 20885 20886<p> You should only enable features via the hexadecimal mask when 20887the need to control the feature is critical (to deal with a new 20888vulnerability or a serious interoperability problem). Postfix DOES 20889NOT promise backwards compatible behavior with respect to the mask 20890bits. A feature enabled via the mask in one release may be enabled 20891by other means in a later release, and the mask bit will then be 20892ignored. Therefore, use of the hexadecimal mask is only a temporary 20893measure until a new Postfix or OpenSSL release provides a better 20894solution. </p> 20895 20896<p> If the value of the parameter is a hexadecimal long integer 20897starting with "0x", the options corresponding to the bits specified 20898in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)). 20899You can only enable options not already controlled by other Postfix 20900settings. For example, you cannot disable protocols or enable 20901server cipher preference. Do not attempt to enable all features by 20902specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some 20903bug work-arounds are also valid here, allowing them to be re-enabled 20904if/when they're no longer enabled by default. The supported values 20905include: </p> 20906 20907<dl> 20908 20909<dt><b>ENABLE_MIDDLEBOX_COMPAT</b></dt> <dd>Postfix ≥ 3.4. See 20910SSL_CTX_set_options(3).</dd> 20911 20912<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd> 20913 20914<dt><b>NO_TICKET</b></dt> <dd>Enabled by default when needed in 20915fully-patched Postfix ≥ 2.7. Not needed at all for Postfix ≥ 209162.11, unless for some reason you do not want to support TLS session 20917resumption. Best not set explicitly. See SSL_CTX_set_options(3).</dd> 20918 20919<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if 20920supported by the OpenSSL library. Compression is CPU-intensive, 20921and compression before encryption does not always improve security. </dd> 20922 20923<dt><b>NO_RENEGOTIATION</b></dt> <dd>Postfix ≥ 3.4. This can 20924reduce opportunities for a potential CPU exhaustion attack. See 20925SSL_CTX_set_options(3).</dd> 20926 20927<dt><b>NO_SESSION_RESUMPTION_ON_RENEGOTIATION</b></dt> <dd>Postfix 20928≥ 3.4. See SSL_CTX_set_options(3).</dd> 20929 20930<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd> 20931 20932</dl> 20933 20934<p> This feature is available in Postfix 2.11 and later. </p> 20935 20936 20937</DD> 20938 20939<DT><b><a name="tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> 20940(default: yes)</b></DT><DD> 20941 20942<p> Match multiple DNS labels with "*" in wildcard certificates. 20943</p> 20944 20945<p> Some mail service providers prepend the customer domain name 20946to a base domain for which they have a wildcard TLS certificate. 20947For example, the MX records for example.com hosted by example.net 20948may be: </p> 20949 20950<blockquote> 20951<pre> 20952example.com. IN MX 0 example.com.mx1.example.net. 20953example.com. IN MX 0 example.com.mx2.example.net. 20954</pre> 20955</blockquote> 20956 20957<p> and the TLS certificate may be for "*.example.net". The "*" 20958then corresponds with multiple labels in the mail server domain 20959name. While multi-label wildcards are not widely supported, and 20960are not blessed by any standard, there is little to be gained by 20961disallowing their use in this context. </p> 20962 20963<p> Notes: <p> 20964 20965<ul> 20966 20967<li> <p> In a certificate name, the "*" is special only when it is 20968used as the first label. </p> 20969 20970<li> <p> While Postfix (2.11 or later) can match "*" with multiple 20971domain name labels, other implementations likely will not. </p> 20972 20973<li> <p> Earlier Postfix implementations behave as if 20974"<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> = no". </p> 20975 20976</ul> 20977 20978<p> This feature is available in Postfix 2.11 and later. </p> 20979 20980 20981</DD> 20982 20983<DT><b><a name="tlsmgr_service_name">tlsmgr_service_name</a> 20984(default: tlsmgr)</b></DT><DD> 20985 20986<p> The name of the <a href="tlsmgr.8.html">tlsmgr(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 20987service maintains TLS session caches and other information in support 20988of TLS. </p> 20989 20990<p> This feature is available in Postfix 2.11 and later. </p> 20991 20992 20993</DD> 20994 20995<DT><b><a name="tlsproxy_client_CAfile">tlsproxy_client_CAfile</a> 20996(default: $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>)</b></DT><DD> 20997 20998<p> A file containing CA certificates of root CAs trusted to sign 20999either remote TLS server certificates or intermediate CA certificates. 21000See <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> for further details. </p> 21001 21002<p> This feature is available in Postfix 3.4 and later. </p> 21003 21004 21005</DD> 21006 21007<DT><b><a name="tlsproxy_client_CApath">tlsproxy_client_CApath</a> 21008(default: $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>)</b></DT><DD> 21009 21010<p> Directory with PEM format Certification Authority certificates 21011that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client uses to verify a remote TLS 21012server certificate. See <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> for further details. </p> 21013 21014<p> This feature is available in Postfix 3.4 and later. </p> 21015 21016 21017</DD> 21018 21019<DT><b><a name="tlsproxy_client_cert_file">tlsproxy_client_cert_file</a> 21020(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD> 21021 21022<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client RSA certificate in PEM 21023format. See <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for further details. The preferred way 21024to configure tlsproxy client keys and certificates is via the 21025"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p> 21026 21027<p> This feature is available in Postfix 3.4 and later. </p> 21028 21029 21030</DD> 21031 21032<DT><b><a name="tlsproxy_client_chain_files">tlsproxy_client_chain_files</a> 21033(default: $<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>)</b></DT><DD> 21034 21035<p> Files with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client keys and certificate 21036chains in PEM format. See <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> for further details. </p> 21037 21038<p> This feature is available in Postfix 3.4 and later. </p> 21039 21040 21041</DD> 21042 21043<DT><b><a name="tlsproxy_client_dcert_file">tlsproxy_client_dcert_file</a> 21044(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD> 21045 21046<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client DSA certificate in PEM 21047format. See <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> for further details. DSA is obsolete and 21048should not be used. </p> 21049 21050<p> This feature is available in Postfix 3.4 and later. </p> 21051 21052 21053</DD> 21054 21055<DT><b><a name="tlsproxy_client_dkey_file">tlsproxy_client_dkey_file</a> 21056(default: $<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a>)</b></DT><DD> 21057 21058<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client DSA private key in PEM 21059format. See <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> for further details. DSA is obsolete and 21060should not be used. </p> 21061 21062<p> This feature is available in Postfix 3.4 and later. </p> 21063 21064 21065</DD> 21066 21067<DT><b><a name="tlsproxy_client_eccert_file">tlsproxy_client_eccert_file</a> 21068(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD> 21069 21070<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA certificate in PEM 21071format. See <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> for further details. The preferred way 21072to configure tlsproxy client keys and certificates is via the 21073"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p> 21074 21075<p> This feature is available in Postfix 3.4 and later. </p> 21076 21077 21078</DD> 21079 21080<DT><b><a name="tlsproxy_client_eckey_file">tlsproxy_client_eckey_file</a> 21081(default: $<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a>)</b></DT><DD> 21082 21083<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA private key in PEM 21084format. See <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> for further details. The preferred way 21085to configure tlsproxy client keys and certificates is via the 21086"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p> 21087 21088<p> This feature is available in Postfix 3.4 and later. </p> 21089 21090 21091</DD> 21092 21093<DT><b><a name="tlsproxy_client_enforce_tls">tlsproxy_client_enforce_tls</a> 21094(default: $<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>)</b></DT><DD> 21095 21096<p> Enforcement mode: require that SMTP servers use TLS encryption. 21097See <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> for further details. Use 21098<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p> 21099 21100<p> This feature is deprecated as of Postfix 3.9. Specify 21101<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p> 21102 21103<p> This feature is available in Postfix 3.4 and later. </p> 21104 21105 21106</DD> 21107 21108<DT><b><a name="tlsproxy_client_fingerprint_digest">tlsproxy_client_fingerprint_digest</a> 21109(default: $<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>)</b></DT><DD> 21110 21111<p> The message digest algorithm used to construct remote TLS server 21112certificate fingerprints. See <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> for 21113further details. </p> 21114 21115<p> This feature is available in Postfix 3.4 and later. </p> 21116 21117 21118</DD> 21119 21120<DT><b><a name="tlsproxy_client_key_file">tlsproxy_client_key_file</a> 21121(default: $<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a>)</b></DT><DD> 21122 21123<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client RSA private key in PEM 21124format. See <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> for further details. The preferred way to 21125configure tlsproxy client keys and certificates is via the 21126"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p> 21127 21128<p> This feature is available in Postfix 3.4 and later. </p> 21129 21130 21131</DD> 21132 21133<DT><b><a name="tlsproxy_client_level">tlsproxy_client_level</a> 21134(default: $<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b></DT><DD> 21135 21136<p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 21137client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p> 21138 21139<p> This feature is available in Postfix 3.4 - 3.6. It was 21140renamed to <a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> in Postfix 3.7. </p> 21141 21142 21143</DD> 21144 21145<DT><b><a name="tlsproxy_client_loglevel">tlsproxy_client_loglevel</a> 21146(default: $<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>)</b></DT><DD> 21147 21148<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client logging of TLS 21149activity. See <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> for further details. </p> 21150 21151<p> This feature is available in Postfix 3.4 and later. </p> 21152 21153 21154</DD> 21155 21156<DT><b><a name="tlsproxy_client_loglevel_parameter">tlsproxy_client_loglevel_parameter</a> 21157(default: <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>)</b></DT><DD> 21158 21159<p> The name of the parameter that provides the <a href="postconf.5.html#tlsproxy_client_loglevel">tlsproxy_client_loglevel</a> 21160value. </p> 21161 21162<p> This feature is available in Postfix 3.4 and later. </p> 21163 21164 21165</DD> 21166 21167<DT><b><a name="tlsproxy_client_per_site">tlsproxy_client_per_site</a> 21168(default: $<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>)</b></DT><DD> 21169 21170<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS 21171usage policy by next-hop destination and by remote TLS server 21172hostname. See <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> for further details. </p> 21173 21174<p> This feature is deprecated as of Postfix 3.9. Specify 21175<a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> instead. </p> 21176 21177<p> This feature is available in Postfix 3.4 and later. </p> 21178 21179 21180</DD> 21181 21182<DT><b><a name="tlsproxy_client_policy">tlsproxy_client_policy</a> 21183(default: $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b></DT><DD> 21184 21185<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS 21186security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> 21187for further details. </p> 21188 21189<p> This feature is available in Postfix 3.4 - 3.6. It was 21190renamed to <a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> in Postfix 3.7. </p> 21191 21192 21193</DD> 21194 21195<DT><b><a name="tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> 21196(default: $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b></DT><DD> 21197 21198<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS 21199security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> 21200for further details. </p> 21201 21202<p> This feature is available in Postfix 3.7 and later. It 21203was previously called <a href="postconf.5.html#tlsproxy_client_policy">tlsproxy_client_policy</a>. </p> 21204 21205 21206</DD> 21207 21208<DT><b><a name="tlsproxy_client_scert_verifydepth">tlsproxy_client_scert_verifydepth</a> 21209(default: $<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>)</b></DT><DD> 21210 21211<p> The verification depth for remote TLS server certificates. 21212See <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> for further details. </p> 21213 21214<p> This feature is available in Postfix 3.4 and later. </p> 21215 21216 21217</DD> 21218 21219<DT><b><a name="tlsproxy_client_security_level">tlsproxy_client_security_level</a> 21220(default: $<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b></DT><DD> 21221 21222<p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 21223client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p> 21224 21225<p> This feature is available in Postfix 3.7 and later. It 21226was previously called <a href="postconf.5.html#tlsproxy_client_level">tlsproxy_client_level</a>. </p> 21227 21228 21229</DD> 21230 21231<DT><b><a name="tlsproxy_client_use_tls">tlsproxy_client_use_tls</a> 21232(default: $<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>)</b></DT><DD> 21233 21234<p> Opportunistic mode: use TLS when a remote server announces TLS 21235support. See <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> for further details. Use 21236<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p> 21237 21238<p> This feature is deprecated as of Postfix 3.9. Specify 21239<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p> 21240 21241<p> This feature is available in Postfix 3.4 and later. </p> 21242 21243 21244</DD> 21245 21246<DT><b><a name="tlsproxy_enforce_tls">tlsproxy_enforce_tls</a> 21247(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 21248 21249<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 21250require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> for 21251further details. Use <a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p> 21252 21253<p> This feature is deprecated as of Postfix 3.9. Specify 21254<a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p> 21255 21256<p> This feature is available in Postfix 2.8 and later. </p> 21257 21258 21259</DD> 21260 21261<DT><b><a name="tlsproxy_service_name">tlsproxy_service_name</a> 21262(default: tlsproxy)</b></DT><DD> 21263 21264<p> The name of the <a href="tlsproxy.8.html">tlsproxy(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 21265service performs plaintext <=> TLS ciphertext conversion. <p> 21266 21267<p> This feature is available in Postfix 2.8 and later. </p> 21268 21269 21270</DD> 21271 21272<DT><b><a name="tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a> 21273(default: $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b></DT><DD> 21274 21275<p> A file containing (PEM format) CA certificates of root CAs 21276trusted to sign either remote SMTP client certificates or intermediate 21277CA certificates. See <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> for further details. </p> 21278 21279<p> This feature is available in Postfix 2.8 and later. </p> 21280 21281 21282</DD> 21283 21284<DT><b><a name="tlsproxy_tls_CApath">tlsproxy_tls_CApath</a> 21285(default: $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b></DT><DD> 21286 21287<p> A directory containing (PEM format) CA certificates of root CAs 21288trusted to sign either remote SMTP client certificates or intermediate 21289CA certificates. See <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> for further details. </p> 21290 21291<p> This feature is available in Postfix 2.8 and later. </p> 21292 21293 21294</DD> 21295 21296<DT><b><a name="tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a> 21297(default: $<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>)</b></DT><DD> 21298 21299<p> Force the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server to issue a TLS session id, 21300even when TLS session caching is turned off. See 21301<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> for further details. </p> 21302 21303<p> This feature is available in Postfix 2.8 and later. </p> 21304 21305 21306</DD> 21307 21308<DT><b><a name="tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a> 21309(default: $<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b></DT><DD> 21310 21311<p> Ask a remote SMTP client for a client certificate. See 21312<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> for further details. </p> 21313 21314<p> This feature is available in Postfix 2.8 and later. </p> 21315 21316 21317</DD> 21318 21319<DT><b><a name="tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a> 21320(default: $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b></DT><DD> 21321 21322<p> The verification depth for remote SMTP client certificates. A 21323depth of 1 is sufficient if the issuing CA is listed in a local CA 21324file. See <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> for further details. </p> 21325 21326<p> This feature is available in Postfix 2.8 and later. </p> 21327 21328 21329</DD> 21330 21331<DT><b><a name="tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a> 21332(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 21333 21334<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA certificate in PEM 21335format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21336private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. With 21337Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and 21338certificates is via the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p> 21339 21340<p> This feature is available in Postfix 2.8 and later. </p> 21341 21342 21343</DD> 21344 21345<DT><b><a name="tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a> 21346(default: $<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>)</b></DT><DD> 21347 21348<p> Files with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server keys and certificate 21349chains in PEM format. See <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> for further details. </p> 21350 21351<p> This feature is available in Postfix 3.4 and later. </p> 21352 21353 21354</DD> 21355 21356<DT><b><a name="tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a> 21357(default: $<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b></DT><DD> 21358 21359<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21360will use with opportunistic TLS encryption. See <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> 21361for further details. </p> 21362 21363<p> This feature is available in Postfix 2.8 and later. </p> 21364 21365 21366</DD> 21367 21368<DT><b><a name="tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a> 21369(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 21370 21371<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA certificate in PEM 21372format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21373private DSA key. DSA is obsolete and should not be used. See 21374<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details. </p> 21375 21376<p> This feature is available in Postfix 2.8 and later. </p> 21377 21378 21379</DD> 21380 21381<DT><b><a name="tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> 21382(default: $<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b></DT><DD> 21383 21384<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21385should use with non-export EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 21386for further details. </p> 21387 21388<p> This feature is deprecated as of Postfix 3.9. Do not specify. </p> 21389 21390<p> This feature is available in Postfix 2.8 and later. </p> 21391 21392 21393</DD> 21394 21395<DT><b><a name="tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> 21396(default: $<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b></DT><DD> 21397 21398<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21399should use with export-grade EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> 21400for further details. The default SMTP server cipher grade is 21401"medium" with Postfix releases after the middle of 2015, and as a 21402result export-grade cipher suites are by default not used. </p> 21403 21404<p> With Postfix ≥ 3.6 export-grade Diffie-Hellman key exchange 21405is no longer supported, and this parameter is silently ignored. </p> 21406 21407<p> This feature is available in Postfix 2.8 and later. </p> 21408 21409 21410</DD> 21411 21412<DT><b><a name="tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> 21413(default: $<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b></DT><DD> 21414 21415<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA private key in PEM 21416format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21417DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. DSA is 21418obsolete and should not be used. See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further 21419details. </p> 21420 21421<p> This feature is available in Postfix 2.8 and later. </p> 21422 21423 21424</DD> 21425 21426<DT><b><a name="tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a> 21427(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 21428 21429<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in PEM 21430format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21431private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further details. With 21432Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and 21433certificates is via the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p> 21434 21435<p> This feature is available in Postfix 2.8 and later. </p> 21436 21437 21438</DD> 21439 21440<DT><b><a name="tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a> 21441(default: $<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b></DT><DD> 21442 21443<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in PEM 21444format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21445ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. See 21446<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. With Postfix ≥ 3.4 the 21447preferred way to configure tlsproxy server keys and certificates is via 21448the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p> 21449 21450<p> This feature is available in Postfix 2.8 and later. </p> 21451 21452 21453</DD> 21454 21455<DT><b><a name="tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a> 21456(default: $<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b></DT><DD> 21457 21458<p> The Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server security grade for ephemeral 21459elliptic-curve Diffie-Hellman (EECDH) key exchange. See 21460<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> for further details. </p> 21461 21462<p> This feature is not used as of Postfix 3.6. Do not specify. </p> 21463 21464<p> This feature is available in Postfix 2.8 and later. </p> 21465 21466 21467</DD> 21468 21469<DT><b><a name="tlsproxy_tls_enable_rpk">tlsproxy_tls_enable_rpk</a> 21470(default: $<a href="postconf.5.html#smtpd_tls_enable_rpk">smtpd_tls_enable_rpk</a>)</b></DT><DD> 21471 21472<p> Request that remote SMTP clients send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key 21473instead of an X.509 certificate, when asking or requiring client 21474authentication. See $<a href="postconf.5.html#smtpd_tls_enable_rpk">smtpd_tls_enable_rpk</a> for details. </p> 21475 21476<p> This feature is available in Postfix 3.9 and later. </p> 21477 21478 21479</DD> 21480 21481<DT><b><a name="tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a> 21482(default: $<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b></DT><DD> 21483 21484<p> List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html">tlsproxy(8)</a> 21485server cipher list at all TLS security levels. See 21486<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> for further details. </p> 21487 21488<p> This feature is available in Postfix 2.8 and later. </p> 21489 21490 21491</DD> 21492 21493<DT><b><a name="tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> 21494(default: $<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b></DT><DD> 21495 21496<p> The message digest algorithm to construct remote SMTP 21497client-certificate 21498fingerprints. See <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> for further details. 21499</p> 21500 21501<p> This feature is available in Postfix 2.8 and later. </p> 21502 21503 21504</DD> 21505 21506<DT><b><a name="tlsproxy_tls_key_file">tlsproxy_tls_key_file</a> 21507(default: $<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b></DT><DD> 21508 21509<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA private key in PEM 21510format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21511RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. See 21512<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. With Postfix ≥ 3.4 the 21513preferred way to configure tlsproxy server keys and certificates is via 21514the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p> 21515 21516<p> This feature is available in Postfix 2.8 and later. </p> 21517 21518 21519</DD> 21520 21521<DT><b><a name="tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a> 21522(default: $<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b></DT><DD> 21523 21524<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server logging of TLS 21525activity. Each logging level also includes the information that 21526is logged at a lower logging level. See <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> for 21527further details. </p> 21528 21529<p> This feature is available in Postfix 2.8 and later. </p> 21530 21531 21532</DD> 21533 21534<DT><b><a name="tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> 21535(default: $<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b></DT><DD> 21536 21537<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21538will use with mandatory TLS encryption. See <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 21539for further details. </p> 21540 21541<p> This feature is available in Postfix 2.8 and later. </p> 21542 21543 21544</DD> 21545 21546<DT><b><a name="tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a> 21547(default: $<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>)</b></DT><DD> 21548 21549<p> Additional list of ciphers or cipher types to exclude from the 21550<a href="tlsproxy.8.html">tlsproxy(8)</a> server cipher list at mandatory TLS security levels. 21551See <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> for further details. </p> 21552 21553<p> This feature is available in Postfix 2.8 and later. </p> 21554 21555 21556</DD> 21557 21558<DT><b><a name="tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> 21559(default: $<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b></DT><DD> 21560 21561<p> The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 21562with mandatory TLS encryption. If the list is empty, the server 21563supports all available SSL/TLS protocol versions. See 21564<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> for further details. </p> 21565 21566<p> This feature is available in Postfix 2.8 and later. </p> 21567 21568 21569</DD> 21570 21571<DT><b><a name="tlsproxy_tls_protocols">tlsproxy_tls_protocols</a> 21572(default: $<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b></DT><DD> 21573 21574<p> List of TLS protocols that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server will 21575exclude or include with opportunistic TLS encryption. See 21576<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> for further details. </p> 21577 21578<p> This feature is available in Postfix 2.8 and later. </p> 21579 21580 21581</DD> 21582 21583<DT><b><a name="tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a> 21584(default: $<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b></DT><DD> 21585 21586<p> With mandatory TLS encryption, require a trusted remote SMTP 21587client certificate in order to allow TLS connections to proceed. 21588See <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> for further details. </p> 21589 21590<p> This feature is available in Postfix 2.8 and later. </p> 21591 21592 21593</DD> 21594 21595<DT><b><a name="tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> 21596(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 21597 21598<p> The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server; 21599when a non-empty value is specified, this overrides the obsolete 21600parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. See 21601<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> for further details. </p> 21602 21603<p> This feature is available in Postfix 2.8 and later. </p> 21604 21605 21606</DD> 21607 21608<DT><b><a name="tlsproxy_tls_session_cache_timeout">tlsproxy_tls_session_cache_timeout</a> 21609(default: $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>)</b></DT><DD> 21610 21611<p> Obsolete expiration time of Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server TLS session 21612cache information. Since the cache is shared with <a href="smtpd.8.html">smtpd(8)</a> and managed 21613by <a href="tlsmgr.8.html">tlsmgr(8)</a>, there is only one expiration time for the SMTP server cache 21614shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p> 21615 21616<p> This feature is available in Postfix 2.8-2.10. </p> 21617 21618 21619</DD> 21620 21621<DT><b><a name="tlsproxy_use_tls">tlsproxy_use_tls</a> 21622(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 21623 21624<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 21625but do not require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> 21626for further details. Use <a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p> 21627 21628<p> This feature is deprecated as of Postfix 3.9. Specify 21629<a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p> 21630 21631<p> This feature is available in Postfix 2.8 and later. </p> 21632 21633 21634</DD> 21635 21636<DT><b><a name="tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> 21637(default: 10s)</b></DT><DD> 21638 21639<p> How much time a <a href="tlsproxy.8.html">tlsproxy(8)</a> process may take to process local 21640or remote I/O before it is terminated by a built-in watchdog timer. 21641This is a safety mechanism that prevents <a href="tlsproxy.8.html">tlsproxy(8)</a> from becoming 21642non-responsive due to a bug in Postfix itself or in system software. 21643To avoid false alarms and unnecessary cache corruption this limit 21644cannot be set under 10s. </p> 21645 21646<p> Specify a non-zero time value (an integral value plus an optional 21647one-letter suffix that specifies the time unit). Time units: s 21648(seconds), m (minutes), h (hours), d (days), w (weeks). 21649The default time unit is s (seconds). </p> 21650 21651<p> This feature is available in Postfix 2.8 and later </p> 21652 21653 21654</DD> 21655 21656<DT><b><a name="trace_service_name">trace_service_name</a> 21657(default: trace)</b></DT><DD> 21658 21659<p> 21660The name of the trace service. This service is implemented by the 21661<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 21662of mail deliveries and produces a mail delivery report when verbose 21663delivery is requested with "<b>sendmail -v</b>". 21664</p> 21665 21666<p> 21667This feature is available in Postfix 2.1 and later. 21668</p> 21669 21670 21671</DD> 21672 21673<DT><b><a name="transport_delivery_slot_cost">transport_delivery_slot_cost</a> 21674(default: $<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b></DT><DD> 21675 21676<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 21677parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21678the message delivery transport. </p> 21679 21680<p> Note: <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameters will not 21681show up in "postconf" command output before Postfix version 2.9. 21682This limitation applies to many parameters whose name is a combination 21683of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 21684"_delivery_slot_cost"). </p> 21685 21686 21687</DD> 21688 21689<DT><b><a name="transport_delivery_slot_discount">transport_delivery_slot_discount</a> 21690(default: $<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b></DT><DD> 21691 21692<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> 21693parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21694the message delivery transport. </p> 21695 21696<p> Note: <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> parameters will 21697not show up in "postconf" command output before Postfix version 216982.9. This limitation applies to many parameters whose name is a 21699combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 21700this case: "_delivery_slot_discount"). </p> 21701 21702 21703</DD> 21704 21705<DT><b><a name="transport_delivery_slot_loan">transport_delivery_slot_loan</a> 21706(default: $<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b></DT><DD> 21707 21708<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> 21709parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21710the message delivery transport. </p> 21711 21712<p> Note: <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> parameters will not 21713show up in "postconf" command output before Postfix version 2.9. 21714This limitation applies to many parameters whose name is a combination 21715of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 21716"_delivery_slot_loan"). </p> 21717 21718 21719</DD> 21720 21721<DT><b><a name="transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a> 21722(default: $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b></DT><DD> 21723 21724<p> A transport-specific override for the 21725<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> parameter value, 21726where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 21727transport. </p> 21728 21729<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> 21730parameters will not show up in "postconf" command output before 21731Postfix version 2.9. This limitation applies to many parameters 21732whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 21733built-in suffix (in this case: 21734"_destination_concurrency_failed_cohort_limit"). </p> 21735 21736<p> This feature is available in Postfix 2.5 and later. </p> 21737 21738 21739</DD> 21740 21741<DT><b><a name="transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> 21742(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 21743 21744<p> A transport-specific override for the 21745<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter value, where 21746<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 21747transport. </p> 21748 21749<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> 21750parameters will not show up in "postconf" command output before 21751Postfix version 2.9. This limitation applies to many parameters 21752whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 21753built-in suffix (in this case: "_destination_concurrency_limit"). 21754</p> 21755 21756 21757</DD> 21758 21759<DT><b><a name="transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a> 21760(default: $<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b></DT><DD> 21761 21762<p> A transport-specific override for the 21763<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> parameter value, 21764where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 21765transport. </p> 21766 21767<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 21768parameters will not show up in "postconf" command output before 21769Postfix version 2.9. This limitation applies to many parameters 21770whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 21771built-in suffix (in this case: 21772"_destination_concurrency_negative_feedback"). </p> 21773 21774<p> This feature is available in Postfix 2.5 and later. </p> 21775 21776 21777</DD> 21778 21779<DT><b><a name="transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a> 21780(default: $<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b></DT><DD> 21781 21782<p> A transport-specific override for the 21783<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> parameter value, 21784where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 21785transport. </p> 21786 21787<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 21788parameters will not show up in "postconf" command output before 21789Postfix version 2.9. This limitation applies to many parameters 21790whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 21791built-in suffix (in this case: 21792"_destination_concurrency_positive_feedback"). </p> 21793 21794<p> This feature is available in Postfix 2.5 and later. </p> 21795 21796 21797</DD> 21798 21799<DT><b><a name="transport_destination_rate_delay">transport_destination_rate_delay</a> 21800(default: $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b></DT><DD> 21801 21802<p> A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> 21803parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21804the message delivery transport. </p> 21805 21806<p> Note: some <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> parameters 21807will not show up in "postconf" command output before Postfix version 218082.9. This limitation applies to many parameters whose name is a 21809combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 21810this case: "_destination_rate_delay"). </p> 21811 21812<p> This feature is available in Postfix 2.5 and later. </p> 21813 21814 21815</DD> 21816 21817<DT><b><a name="transport_destination_recipient_limit">transport_destination_recipient_limit</a> 21818(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 21819 21820<p> A transport-specific override for the 21821<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> parameter value, where 21822<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 21823transport. </p> 21824 21825<p> Note: some <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> parameters 21826will not show up in "postconf" command output before Postfix version 218272.9. This limitation applies to many parameters whose name is a 21828combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 21829this case: "_destination_recipient_limit"). </p> 21830 21831 21832</DD> 21833 21834<DT><b><a name="transport_extra_recipient_limit">transport_extra_recipient_limit</a> 21835(default: $<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b></DT><DD> 21836 21837<p> A transport-specific override for the <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 21838parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21839the message delivery transport. </p> 21840 21841<p> Note: <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> parameters will 21842not show up in "postconf" command output before Postfix version 218432.9. This limitation applies to many parameters whose name is a 21844combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 21845this case: "_extra_recipient_limit"). </p> 21846 21847 21848</DD> 21849 21850<DT><b><a name="transport_initial_destination_concurrency">transport_initial_destination_concurrency</a> 21851(default: $<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>)</b></DT><DD> 21852 21853<p> A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> 21854parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21855the message delivery transport. </p> 21856 21857<p> Note: some <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> 21858parameters will not show up in "postconf" command output before 21859Postfix version 2.9. This limitation applies to many parameters 21860whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 21861built-in suffix (in this case: "_initial_destination_concurrency"). 21862</p> 21863 21864<p> This feature is available in Postfix 2.5 and later. </p> 21865 21866 21867</DD> 21868 21869<DT><b><a name="transport_maps">transport_maps</a> 21870(default: empty)</b></DT><DD> 21871 21872<p> 21873Optional lookup tables with mappings from recipient address to 21874(message delivery transport, next-hop destination). See <a href="transport.5.html">transport(5)</a> 21875for syntax details. 21876</p> 21877 21878<p> This information may override the message delivery transport 21879and/or next-hop destination that are specified with $<a href="postconf.5.html#local_transport">local_transport</a>, 21880$<a href="postconf.5.html#virtual_transport">virtual_transport</a>, $<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#default_transport">default_transport</a>, 21881$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, 21882$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, or the recipient domain. 21883</p> 21884 21885<p> 21886Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by 21887whitespace or comma. Tables will be searched in the specified order 21888until a match is found. If you use this 21889feature with local files, run "<b>postmap /etc/postfix/transport</b>" 21890after making a change. </p> 21891 21892<p> Pattern matching of domain names is controlled by the presence 21893or absence of "<a href="postconf.5.html#transport_maps">transport_maps</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 21894parameter value. </p> 21895 21896<p> For safety reasons, as of Postfix 2.3 this feature does not 21897allow $number substitutions in regular expression maps. </p> 21898 21899<p> 21900Examples: 21901</p> 21902 21903<pre> 21904<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/transport 21905<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport 21906</pre> 21907 21908 21909</DD> 21910 21911<DT><b><a name="transport_minimum_delivery_slots">transport_minimum_delivery_slots</a> 21912(default: $<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b></DT><DD> 21913 21914<p> A transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> 21915parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21916the message delivery transport. </p> 21917 21918<p> Note: <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> parameters will 21919not show up in "postconf" command output before Postfix version 219202.9. This limitation applies to many parameters whose name is a 21921combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 21922this case: "_minimum_delivery_slots"). </p> 21923 21924 21925</DD> 21926 21927<DT><b><a name="transport_recipient_limit">transport_recipient_limit</a> 21928(default: $<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b></DT><DD> 21929 21930<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a> 21931parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21932the message delivery transport. </p> 21933 21934<p> Note: some <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> parameters will not 21935show up in "postconf" command output before Postfix version 2.9. 21936This limitation applies to many parameters whose name is a combination 21937of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 21938"_recipient_limit"). </p> 21939 21940 21941</DD> 21942 21943<DT><b><a name="transport_recipient_refill_delay">transport_recipient_refill_delay</a> 21944(default: $<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b></DT><DD> 21945 21946<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> 21947parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21948the message delivery transport. </p> 21949 21950<p> Note: <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> parameters will 21951not show up in "postconf" command output before Postfix version 219522.9. This limitation applies to many parameters whose name is a 21953combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 21954this case: "_recipient_refill_delay"). </p> 21955 21956<p> This feature is available in Postfix 2.4 and later. </p> 21957 21958 21959</DD> 21960 21961<DT><b><a name="transport_recipient_refill_limit">transport_recipient_refill_limit</a> 21962(default: $<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b></DT><DD> 21963 21964<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> 21965parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 21966the message delivery transport. </p> 21967 21968<p> Note: <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> parameters will 21969not show up in "postconf" command output before Postfix version 219702.9. This limitation applies to many parameters whose name is a 21971combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 21972this case: "_recipient_refill_limit"). </p> 21973 21974<p> This feature is available in Postfix 2.4 and later. </p> 21975 21976 21977</DD> 21978 21979<DT><b><a name="transport_retry_time">transport_retry_time</a> 21980(default: 60s)</b></DT><DD> 21981 21982<p> 21983The time between attempts by the Postfix queue manager to contact 21984a malfunctioning message delivery transport. 21985</p> 21986 21987<p> Specify a non-zero time value (an integral value plus an optional 21988one-letter suffix that specifies the time unit). Time units: s 21989(seconds), m (minutes), h (hours), d (days), w (weeks). 21990The default time unit is s (seconds). </p> 21991 21992 21993</DD> 21994 21995<DT><b><a name="transport_time_limit">transport_time_limit</a> 21996(default: $<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b></DT><DD> 21997 21998<p> A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parameter 21999value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message 22000delivery transport. </p> 22001 22002<p> Specify a non-zero time value (an integral value plus an optional 22003one-letter suffix that specifies the time unit). Time units: s 22004(seconds), m (minutes), h (hours), d (days), w (weeks). 22005The default time unit is s (seconds). </p> 22006 22007<p> Note: <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameters will not show up 22008in "postconf" command output before Postfix version 2.9. This 22009limitation applies to many parameters whose name is a combination 22010of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 22011"_time_limit"). </p> 22012 22013 22014</DD> 22015 22016<DT><b><a name="transport_transport_rate_delay">transport_transport_rate_delay</a> 22017(default: $<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>)</b></DT><DD> 22018 22019<p> A transport-specific override for the <a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a> 22020parameter value, where the initial <i>transport</i> in the parameter 22021name is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p> 22022 22023<p> Specify a non-negative time value (an integral value plus an optional 22024one-letter suffix that specifies the time unit). Time units: s 22025(seconds), m (minutes), h (hours), d (days), w (weeks). 22026The default time unit is s (seconds). </p> 22027 22028<p> Note: <a href="postconf.5.html#transport_transport_rate_delay"><i>transport</i>_transport_rate_delay</a> parameters will 22029not show up in "postconf" command output before Postfix version 220302.9. This limitation applies to many parameters whose name is a 22031combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 22032this case: "_transport_rate_delay"). </p> 22033 22034 22035</DD> 22036 22037<DT><b><a name="trigger_timeout">trigger_timeout</a> 22038(default: 10s)</b></DT><DD> 22039 22040<p> 22041The time limit for sending a trigger to a Postfix daemon (for 22042example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> daemon). This time limit prevents 22043programs from getting stuck when the mail system is under heavy 22044load. 22045</p> 22046 22047<p> Specify a non-zero time value (an integral value plus an optional 22048one-letter suffix that specifies the time unit). Time units: s 22049(seconds), m (minutes), h (hours), d (days), w (weeks). 22050The default time unit is s (seconds). </p> 22051 22052 22053</DD> 22054 22055<DT><b><a name="undisclosed_recipients_header">undisclosed_recipients_header</a> 22056(default: see "postconf -d" output)</b></DT><DD> 22057 22058<p> 22059Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a 22060message contains no To: or Cc: message header. With Postfix 2.8 22061and later, the default value is empty. With Postfix 2.4-2.7, 22062specify an empty value to disable this feature. </p> 22063 22064<p> Example: </p> 22065 22066<pre> 22067# Default value before Postfix 2.8. 22068# Note: the ":" and ";" are both required. 22069<a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> = To: undisclosed-recipients:; 22070</pre> 22071 22072 22073</DD> 22074 22075<DT><b><a name="unknown_address_reject_code">unknown_address_reject_code</a> 22076(default: 450)</b></DT><DD> 22077 22078<p> 22079The numerical response code when the Postfix SMTP server rejects a 22080sender or recipient address because its domain is unknown. This 22081is one of the possible replies from the restrictions 22082<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> and <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>. 22083</p> 22084 22085<p> 22086Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 22087</p> 22088 22089 22090</DD> 22091 22092<DT><b><a name="unknown_address_tempfail_action">unknown_address_tempfail_action</a> 22093(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 22094 22095<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 22096or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a temporary error 22097condition. Specify "defer" to defer the remote SMTP client request 22098immediately. With the default "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix 22099SMTP server continues to look for opportunities to reject mail, and 22100defers the client request only if it would otherwise be accepted. 22101</p> 22102 22103<p> This feature is available in Postfix 2.6 and later. </p> 22104 22105 22106</DD> 22107 22108<DT><b><a name="unknown_client_reject_code">unknown_client_reject_code</a> 22109(default: 450)</b></DT><DD> 22110 22111<p> 22112The numerical Postfix SMTP server response code when a client 22113without valid address <=> name mapping is rejected by the 22114<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction. The SMTP server always replies 22115with 450 when the mapping failed due to a temporary error condition. 22116</p> 22117 22118<p> 22119Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 22120</p> 22121 22122 22123</DD> 22124 22125<DT><b><a name="unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> 22126(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 22127 22128<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 22129fails due to a temporary error condition. Specify "defer" to defer 22130the remote SMTP client request immediately. With the default 22131"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 22132for opportunities to reject mail, and defers the client request 22133only if it would otherwise be accepted. </p> 22134 22135<p> This feature is available in Postfix 2.6 and later. </p> 22136 22137 22138</DD> 22139 22140<DT><b><a name="unknown_hostname_reject_code">unknown_hostname_reject_code</a> 22141(default: 450)</b></DT><DD> 22142 22143<p> 22144The numerical Postfix SMTP server response code when the hostname 22145specified with the HELO or EHLO command is rejected by the 22146<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction. 22147</p> 22148 22149<p> 22150Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 22151</p> 22152 22153 22154</DD> 22155 22156<DT><b><a name="unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> 22157(default: 550)</b></DT><DD> 22158 22159<p> 22160The numerical Postfix SMTP server response code when a recipient 22161address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of 22162lookup tables that does not match the recipient. A recipient 22163address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, 22164$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> or $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. 22165</p> 22166 22167<p> 22168The default setting is 550 (reject mail) but it is safer to initially 22169use 450 (try again later) so you have time to find out if your 22170<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> settings are OK. 22171</p> 22172 22173<p> 22174Example: 22175</p> 22176 22177<pre> 22178<a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> = 450 22179</pre> 22180 22181<p> 22182This feature is available in Postfix 2.0 and later. 22183</p> 22184 22185 22186</DD> 22187 22188<DT><b><a name="unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> 22189(default: 550)</b></DT><DD> 22190 22191<p> 22192The numerical Postfix SMTP server reply code when a recipient 22193address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies 22194a list of lookup tables that does not match the recipient address. 22195</p> 22196 22197<p> 22198This feature is available in Postfix 2.0 and later. 22199</p> 22200 22201 22202</DD> 22203 22204<DT><b><a name="unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> 22205(default: 550)</b></DT><DD> 22206 22207<p> 22208The Postfix SMTP server reply code when a recipient address matches 22209$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> specifies a list 22210of lookup tables that does not match the recipient address. 22211</p> 22212 22213<p> 22214This feature is available in Postfix 2.0 and later. 22215</p> 22216 22217 22218</DD> 22219 22220<DT><b><a name="unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> 22221(default: 550)</b></DT><DD> 22222 22223<p> 22224The Postfix SMTP server reply code when a recipient address matches 22225$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> specifies a list 22226of lookup tables that does not match the recipient address. 22227</p> 22228 22229<p> 22230This feature is available in Postfix 2.0 and later. 22231</p> 22232 22233 22234</DD> 22235 22236<DT><b><a name="unverified_recipient_defer_code">unverified_recipient_defer_code</a> 22237(default: 450)</b></DT><DD> 22238 22239<p> 22240The numerical Postfix SMTP server response when a recipient address 22241probe fails due to a temporary error condition. 22242</p> 22243 22244<p> 22245Unlike elsewhere in Postfix, you can specify 250 in order to 22246accept the address anyway. 22247</p> 22248 22249<p> 22250Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 22251</p> 22252 22253<p> 22254This feature is available in Postfix 2.6 and later. 22255</p> 22256 22257 22258</DD> 22259 22260<DT><b><a name="unverified_recipient_reject_code">unverified_recipient_reject_code</a> 22261(default: 450)</b></DT><DD> 22262 22263<p> 22264The numerical Postfix SMTP server response when a recipient address 22265is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction. 22266</p> 22267 22268<p> 22269Unlike elsewhere in Postfix, you can specify 250 in order to 22270accept the address anyway. 22271</p> 22272 22273<p> 22274Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 22275</p> 22276 22277<p> 22278This feature is available in Postfix 2.1 and later. 22279</p> 22280 22281 22282</DD> 22283 22284<DT><b><a name="unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> 22285(default: empty)</b></DT><DD> 22286 22287<p> The Postfix SMTP server's reply when rejecting mail with 22288<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. Do not include the numeric SMTP reply 22289code or the enhanced status code. By default, the response includes 22290actual address verification details. 22291 22292<p> Example: </p> 22293 22294<pre> 22295<a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Recipient address lookup failed 22296</pre> 22297 22298<p> This feature is available in Postfix 2.6 and later. </p> 22299 22300 22301</DD> 22302 22303<DT><b><a name="unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> 22304(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 22305 22306<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> 22307fails due to a temporary error condition. Specify "defer" to defer 22308the remote SMTP client request immediately. With the default 22309"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 22310for opportunities to reject mail, and defers the client request 22311only if it would otherwise be accepted. </p> 22312 22313<p> This feature is available in Postfix 2.6 and later. </p> 22314 22315 22316</DD> 22317 22318<DT><b><a name="unverified_sender_defer_code">unverified_sender_defer_code</a> 22319(default: 450)</b></DT><DD> 22320 22321<p> 22322The numerical Postfix SMTP server response code when a sender address 22323probe fails due to a temporary error condition. 22324</p> 22325 22326<p> 22327Unlike elsewhere in Postfix, you can specify 250 in order to 22328accept the address anyway. 22329</p> 22330 22331<p> 22332Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 22333</p> 22334 22335<p> 22336This feature is available in Postfix 2.6 and later. 22337</p> 22338 22339 22340</DD> 22341 22342<DT><b><a name="unverified_sender_reject_code">unverified_sender_reject_code</a> 22343(default: 450)</b></DT><DD> 22344 22345<p> 22346The numerical Postfix SMTP server response code when a recipient 22347address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction. 22348</p> 22349 22350<p> 22351Unlike elsewhere in Postfix, you can specify 250 in order to 22352accept the address anyway. 22353</p> 22354 22355<p> 22356Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 22357</p> 22358 22359<p> 22360This feature is available in Postfix 2.1 and later. 22361</p> 22362 22363 22364</DD> 22365 22366<DT><b><a name="unverified_sender_reject_reason">unverified_sender_reject_reason</a> 22367(default: empty)</b></DT><DD> 22368 22369<p> The Postfix SMTP server's reply when rejecting mail with 22370<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. Do not include the numeric SMTP reply 22371code or the enhanced status code. By default, the response includes 22372actual address verification details. 22373 22374<p> Example: </p> 22375 22376<pre> 22377<a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Sender address lookup failed 22378</pre> 22379 22380<p> This feature is available in Postfix 2.6 and later. </p> 22381 22382 22383</DD> 22384 22385<DT><b><a name="unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> 22386(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 22387 22388<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> 22389fails due to a temporary error condition. Specify "defer" to defer 22390the remote SMTP client request immediately. With the default 22391"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 22392for opportunities to reject mail, and defers the client request 22393only if it would otherwise be accepted. </p> 22394 22395<p> This feature is available in Postfix 2.6 and later. </p> 22396 22397 22398</DD> 22399 22400<DT><b><a name="use_srv_lookup">use_srv_lookup</a> 22401(default: empty)</b></DT><DD> 22402 22403<p> Enables discovery for the specified service(s) using DNS SRV 22404records. For example, with "<a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submission" and 22405"<a href="postconf.5.html#relayhost">relayhost</a> = example.com:submission", the Postfix SMTP client will 22406look up DNS SRV records for _submission._tcp.example.com, and will 22407relay email through the hosts and ports that are specified with 22408those records. See <a href="https://tools.ietf.org/html/rfc2782">RFC 2782</a> for details of the host selection 22409process. </p> 22410 22411<p> Specify zero or more service names separated by comma and/or 22412whitespace. Any name in the services(5) database may be specified, 22413though in practice only submission or submissions (formerly called 22414smtp) make sense. </p> 22415 22416<p> When SRV record lookup is enabled with <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a>, you can 22417enclose a domain name in "[]" to force IP address lookup instead 22418of SRV record lookup. </p> 22419 22420<p> Example 1: MUA-to-MTA submission using SRV record lookup for 22421the "submission" service for domain "example.com". This uses the 22422default SMTP delivery agent with STARTTLS, and looks up SRV records 22423for "_submission._tcp.example.com". </p> 22424 22425<pre> 22426/etc/postfix/<a href="postconf.5.html">main.cf</a>: 22427 <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submission 22428 <a href="postconf.5.html#relayhost">relayhost</a> = example.com:submission 22429 <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may 22430 ...see <a href="SASL_README.html">SASL_README</a> for sasl configuration... 22431</pre> 22432 22433<p> Example 2: MUA-to-MTA submission using SRV record lookup for 22434the "submissions" service for domain "example.org". This uses a 22435dedicated SMTP delivery agent (smtp-wraptls) with tls_wrappermode 22436turned on, and looks up SRV records for "_submissions._tcp.example.org". 22437</p> 22438 22439<p> Note: specify the older name "smtps" instead of "submissions" 22440when a provider has DNS SRV records like "_smtps._tcp.example.org" 22441instead of "_submissions._tcp.example.org". </p> 22442 22443<pre> 22444/etc/postfix/<a href="postconf.5.html">main.cf</a>: 22445 <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submissions 22446 <a href="postconf.5.html#default_transport">default_transport</a> = smtp-wraptls:example.org:submissions 22447 ...see <a href="SASL_README.html">SASL_README</a> for sasl configuration... 22448</pre> 22449 22450<pre> 22451/etc/postfix/<a href="master.5.html">master.cf</a>: 22452 smtp-wraptls unix ... ... ... ... ... smtp 22453 -o { <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> = yes } 22454 -o { <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt } 22455</pre> 22456 22457<p> Example 3: Sender-dependent selection for a combination of 22458MUA-to-MTA submission services. This combines examples 1 and 2 with 22459examples of how to disable SRV and look up IP address records for 22460"smtp-relay.example.net" and "smtp-relay.other.example". Again, 22461specify the older name "smtps" instead of "submissions" when a 22462provider has DNS SRV records like "_smtps._tcp.example.org" instead 22463of "_submissions._tcp.example.org". </p> 22464 22465<pre> 22466/etc/postfix/<a href="postconf.5.html">main.cf</a>: 22467 <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submission, submissions 22468 <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> = <a href="DATABASE_README.html#types">inline</a>:{ 22469 # Destinations that support SRV record lookup. 22470 { user1@example.com = <a href="smtp.8.html">smtp</a>:example.com:submission } 22471 { user2@example.org = smtp-wraptls:example.org:submissions } 22472 # Use [destination] to force IP address lookups. 22473 { user3@example.net = <a href="smtp.8.html">smtp</a>:[smtp-relay.example.net]:submission } 22474 { user4@other.example = 22475 smtp-wraptls:[smtp-relay.other.example]:submissions } } 22476 ...see <a href="SASL_README.html">SASL_README</a> for sasl configuration... 22477</pre> 22478 22479<p> Example 4: MTA-to-MTA traffic, using SRV record lookup for the 22480SMTP service. This is useful for Postfix tests, and may be useful 22481in environments where ports are dynamically assigned to servers. 22482</p> 22483 22484<pre> 22485/etc/postfix/<a href="postconf.5.html">main.cf</a>: 22486 <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = smtp 22487 # Fall back to MX record lookup when SRV records are unavailable. 22488 #<a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> = yes 22489 #<a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> = yes 22490</pre> 22491 22492<p> This feature is available in Postfix 3.8 and later. </p> 22493 22494 22495</DD> 22496 22497<DT><b><a name="verp_delimiter_filter">verp_delimiter_filter</a> 22498(default: -=+)</b></DT><DD> 22499 22500<p> 22501The characters Postfix accepts as VERP delimiter characters on the 22502Postfix <a href="sendmail.1.html">sendmail(1)</a> command line and in SMTP commands. 22503</p> 22504 22505<p> 22506This feature is available in Postfix 1.1 and later. 22507</p> 22508 22509 22510</DD> 22511 22512<DT><b><a name="virtual_alias_address_length_limit">virtual_alias_address_length_limit</a> 22513(default: 1000)</b></DT><DD> 22514 22515<p> 22516The maximal length of an email address after virtual alias expansion. 22517This stops <a href="ADDRESS_REWRITING_README.html#virtual">virtual aliasing</a> loops that increase the address length 22518exponentially. 22519</p> 22520 22521<p> 22522This feature is available in Postfix 3.0 and later. 22523</p> 22524 22525 22526</DD> 22527 22528<DT><b><a name="virtual_alias_domains">virtual_alias_domains</a> 22529(default: $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b></DT><DD> 22530 22531<p> Postfix is the final destination for the specified list of virtual 22532alias domains, that is, domains for which all addresses are aliased 22533to addresses in other local or remote domains. The SMTP server 22534validates recipient addresses with $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> and rejects 22535non-existent recipients. See also the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> class 22536in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file </p> 22537 22538<p> 22539This feature is available in Postfix 2.0 and later. The default 22540value is backwards compatible with Postfix version 1.1. 22541</p> 22542 22543<p> 22544The default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> so that you can keep all 22545information about <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a> in one place. If you have 22546many users, it is better to separate information that changes more 22547frequently (virtual address -> local or remote address mapping) 22548from information that changes less frequently (the list of virtual 22549domain names). 22550</p> 22551 22552<p> Specify a list of host or domain names, "/file/name" or 22553"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. A 22554"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 22555lookup table is matched when a table entry matches a host or domain name 22556(the lookup result is ignored). Continue long lines by starting 22557the next line with whitespace. Specify "!pattern" to exclude a host 22558or domain name from the list. The form "!/file/name" is supported 22559only in Postfix version 2.4 and later. </p> 22560 22561<p> 22562See also the <a href="VIRTUAL_README.html">VIRTUAL_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents 22563for further information. 22564</p> 22565 22566<p> 22567Example: 22568</p> 22569 22570<pre> 22571<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = virtual1.tld virtual2.tld 22572</pre> 22573 22574 22575</DD> 22576 22577<DT><b><a name="virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> 22578(default: 1000)</b></DT><DD> 22579 22580<p> 22581The maximal number of addresses that virtual alias expansion produces 22582from each original recipient. 22583</p> 22584 22585<p> 22586This feature is available in Postfix 2.1 and later. 22587</p> 22588 22589 22590</DD> 22591 22592<DT><b><a name="virtual_alias_maps">virtual_alias_maps</a> 22593(default: $<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b></DT><DD> 22594 22595<p> 22596Optional lookup tables that are often searched with a full email 22597address (including domain) and that apply to all recipients: <a href="local.8.html">local(8)</a>, 22598virtual, and remote; this is unlike <a href="postconf.5.html#alias_maps">alias_maps</a> that are only searched 22599with an email address localpart (no domain) and that apply 22600only to <a href="local.8.html">local(8)</a> recipients. 22601The <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> table format and lookups 22602are documented in <a href="virtual.5.html">virtual(5)</a>. For an overview of Postfix address 22603manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 22604</p> 22605 22606<p> 22607This feature is available in Postfix 2.0 and later. The default 22608value is backwards compatible with Postfix version 1.1. 22609</p> 22610 22611<p> 22612Specify zero or more "type:name" lookup tables, separated by 22613whitespace or comma. Tables will be searched in the specified order 22614until a match is found. 22615Note: these lookups are recursive. 22616</p> 22617 22618<p> 22619If you use this feature with indexed files, run "<b>postmap 22620/etc/postfix/virtual</b>" after changing the file. 22621</p> 22622 22623<p> 22624Examples: 22625</p> 22626 22627<pre> 22628<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/virtual 22629<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual 22630</pre> 22631 22632 22633</DD> 22634 22635<DT><b><a name="virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> 22636(default: 1000)</b></DT><DD> 22637 22638<p> 22639The maximal nesting depth of virtual alias expansion. Currently 22640the recursion limit is applied only to the left branch of the 22641expansion graph, so the depth of the tree can in the worst case 22642reach the sum of the expansion and recursion limits. This may 22643change in the future. 22644</p> 22645 22646<p> 22647This feature is available in Postfix 2.1 and later. 22648</p> 22649 22650 22651</DD> 22652 22653<DT><b><a name="virtual_delivery_status_filter">virtual_delivery_status_filter</a> 22654(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD> 22655 22656<p> Optional filter for the <a href="virtual.8.html">virtual(8)</a> delivery agent to change the 22657delivery status code or explanatory text of successful or unsuccessful 22658deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p> 22659 22660<p> This feature is available in Postfix 3.0 and later. </p> 22661 22662 22663</DD> 22664 22665<DT><b><a name="virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> 22666(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 22667 22668<p> The maximal number of parallel deliveries to the same destination 22669via the virtual message delivery transport. This limit is enforced 22670by the queue manager. The message delivery transport name is the 22671first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 22672 22673 22674</DD> 22675 22676<DT><b><a name="virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> 22677(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 22678 22679<p> The maximal number of recipients per message for the virtual 22680message delivery transport. This limit is enforced by the queue 22681manager. The message delivery transport name is the first field in 22682the entry in the <a href="master.5.html">master.cf</a> file. </p> 22683 22684<p> Setting this parameter to a value of 1 changes the meaning of 22685<a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> from concurrency per domain 22686into concurrency per recipient. </p> 22687 22688 22689</DD> 22690 22691<DT><b><a name="virtual_gid_maps">virtual_gid_maps</a> 22692(default: empty)</b></DT><DD> 22693 22694<p> 22695Lookup tables with the per-recipient group ID for <a href="virtual.8.html">virtual(8)</a> mailbox 22696delivery. 22697</p> 22698 22699<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 22700It does not apply when mail is delivered with a different mail 22701delivery program. </p> 22702 22703<p> 22704Specify zero or more "type:name" lookup tables, separated by 22705whitespace or comma. Tables will be searched in the specified order 22706until a match is found. 22707</p> 22708 22709<p> 22710In a lookup table, specify a left-hand side of "@domain.tld" to 22711match any user in the specified domain that does not have a specific 22712"user@domain.tld" entry. 22713</p> 22714 22715<p> 22716When a recipient address has an optional address extension 22717(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 22718the full address first, and when the lookup fails, it looks up the 22719unextended address (user@domain.tld). 22720</p> 22721 22722<p> 22723Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 22724regular expression substitution of $1 etc. in regular expression 22725lookup tables, because that would open a security hole. 22726</p> 22727 22728<p> 22729Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 22730silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 22731it will open the table directly. Before Postfix version 2.2, the 22732<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 22733</p> 22734 22735 22736</DD> 22737 22738<DT><b><a name="virtual_mailbox_base">virtual_mailbox_base</a> 22739(default: empty)</b></DT><DD> 22740 22741<p> 22742A prefix that the <a href="virtual.8.html">virtual(8)</a> delivery agent prepends to all pathname 22743results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups. This is a safety 22744measure to ensure that an out of control map doesn't litter the 22745file system with mailboxes. While <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> could be 22746set to "/", this setting isn't recommended. 22747</p> 22748 22749<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 22750It does not apply when mail is delivered with a different mail 22751delivery program. </p> 22752 22753<p> 22754Example: 22755</p> 22756 22757<pre> 22758<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail 22759</pre> 22760 22761 22762</DD> 22763 22764<DT><b><a name="virtual_mailbox_domains">virtual_mailbox_domains</a> 22765(default: $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b></DT><DD> 22766 22767<p> Postfix is the final destination for the specified list of domains; 22768mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery transport. 22769By default this is the Postfix <a href="virtual.8.html">virtual(8)</a> delivery agent. The SMTP 22770server validates recipient addresses with $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 22771and rejects mail for non-existent recipients. See also the virtual 22772mailbox domain class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 22773 22774<p> This parameter expects the same syntax as the <a href="postconf.5.html#mydestination">mydestination</a> 22775configuration parameter. </p> 22776 22777<p> 22778This feature is available in Postfix 2.0 and later. The default 22779value is backwards compatible with Postfix version 1.1. 22780</p> 22781 22782 22783</DD> 22784 22785<DT><b><a name="virtual_mailbox_limit">virtual_mailbox_limit</a> 22786(default: 51200000)</b></DT><DD> 22787 22788<p> 22789The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or 22790maildir file, or zero (no limit). </p> 22791 22792<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 22793It does not apply when mail is delivered with a different mail 22794delivery program. </p> 22795 22796 22797</DD> 22798 22799<DT><b><a name="virtual_mailbox_lock">virtual_mailbox_lock</a> 22800(default: see "postconf -d" output)</b></DT><DD> 22801 22802<p> 22803How to lock a UNIX-style <a href="virtual.8.html">virtual(8)</a> mailbox before attempting 22804delivery. For a list of available file locking methods, use the 22805"<b>postconf -l</b>" command. 22806</p> 22807 22808<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 22809It does not apply when mail is delivered with a different mail 22810delivery program. </p> 22811 22812<p> 22813This setting is ignored with <b>maildir</b> style delivery, because 22814such deliveries are safe without application-level locks. 22815</p> 22816 22817<p> 22818Note 1: the <b>dotlock</b> method requires that the recipient UID 22819or GID has write access to the parent directory of the recipient's 22820mailbox file. 22821</p> 22822 22823<p> 22824Note 2: the default setting of this parameter is system dependent. 22825</p> 22826 22827 22828</DD> 22829 22830<DT><b><a name="virtual_mailbox_maps">virtual_mailbox_maps</a> 22831(default: empty)</b></DT><DD> 22832 22833<p> 22834Optional lookup tables with all valid addresses in the domains that 22835match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 22836</p> 22837 22838<p> 22839Specify zero or more "type:name" lookup tables, separated by 22840whitespace or comma. Tables will be searched in the specified order 22841until a match is found. 22842</p> 22843 22844<p> 22845In a lookup table, specify a left-hand side of "@domain.tld" to 22846match any user in the specified domain that does not have a specific 22847"user@domain.tld" entry. 22848</p> 22849 22850<p> 22851With the default "<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>", 22852lookup tables also need entries with a left-hand side of "domain.tld" 22853to satisfy virtual_mailbox_domain lookups (the right-hand side is 22854required but will not be used). 22855</p> 22856 22857<p> The remainder of this text is specific to the <a href="virtual.8.html">virtual(8)</a> delivery 22858agent. It does not apply when mail is delivered with a different 22859mail delivery program. </p> 22860 22861<p> 22862The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the 22863per-recipient mailbox or maildir pathname. If the lookup result 22864ends in a slash ("/"), maildir-style delivery is carried out, 22865otherwise the path is assumed to specify a UNIX-style mailbox file. 22866Note that $<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> is unconditionally prepended to 22867this path. 22868</p> 22869 22870<p> 22871When a recipient address has an optional address extension 22872(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 22873the full address first, and when the lookup fails, it looks up the 22874unextended address (user@domain.tld). 22875</p> 22876 22877<p> 22878Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 22879regular expression substitution of $1 etc. in regular expression 22880lookup tables, because that would open a security hole. 22881</p> 22882 22883<p> 22884Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 22885silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 22886it will open the table directly. Before Postfix version 2.2, the 22887<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 22888</p> 22889 22890 22891</DD> 22892 22893<DT><b><a name="virtual_maps">virtual_maps</a> 22894(default: empty)</b></DT><DD> 22895 22896<p> Optional lookup tables with a) names of domains for which all 22897addresses are aliased to addresses in other local or remote domains, 22898and b) addresses that are aliased to addresses in other local or 22899remote domains. Available before Postfix version 2.0. With Postfix 22900version 2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> 22901and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p> 22902 22903 22904</DD> 22905 22906<DT><b><a name="virtual_minimum_uid">virtual_minimum_uid</a> 22907(default: 100)</b></DT><DD> 22908 22909<p> 22910The minimum user ID value that the <a href="virtual.8.html">virtual(8)</a> delivery agent accepts 22911as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup. Returned 22912values less than this will be rejected, and the message will be 22913deferred. 22914</p> 22915 22916<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 22917It does not apply when mail is delivered with a different mail 22918delivery program. </p> 22919 22920 22921</DD> 22922 22923<DT><b><a name="virtual_transport">virtual_transport</a> 22924(default: virtual)</b></DT><DD> 22925 22926<p> 22927The default mail delivery transport and next-hop destination for 22928final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 22929This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 22930</p> 22931 22932<p> 22933Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 22934is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 22935The <i>:nexthop</i> destination is optional; its syntax is documented 22936in the manual page of the corresponding delivery agent. 22937</p> 22938 22939<p> 22940This feature is available in Postfix 2.0 and later. 22941</p> 22942 22943 22944</DD> 22945 22946<DT><b><a name="virtual_uid_maps">virtual_uid_maps</a> 22947(default: empty)</b></DT><DD> 22948 22949<p> 22950Lookup tables with the per-recipient user ID that the <a href="virtual.8.html">virtual(8)</a> 22951delivery agent uses while writing to the recipient's mailbox. 22952</p> 22953 22954<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 22955It does not apply when mail is delivered with a different mail 22956delivery program. </p> 22957 22958<p> 22959Specify zero or more "type:name" lookup tables, separated by 22960whitespace or comma. Tables will be searched in the specified order 22961until a match is found. 22962</p> 22963 22964<p> 22965In a lookup table, specify a left-hand side of "@domain.tld" 22966to match any user in the specified domain that does not have a 22967specific "user@domain.tld" entry. 22968</p> 22969 22970<p> 22971When a recipient address has an optional address extension 22972(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 22973the full address first, and when the lookup fails, it looks up the 22974unextended address (user@domain.tld). 22975</p> 22976 22977<p> 22978Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 22979regular expression substitution of $1 etc. in regular expression 22980lookup tables, because that would open a security hole. 22981</p> 22982 22983<p> 22984Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 22985silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 22986it will open the table directly. Before Postfix version 2.2, the 22987<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 22988</p> 22989 22990 22991</DD> 22992 22993</dl> 22994 22995</body> 22996 22997</html> 22998