1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2        "https://www.w3.org/TR/html4/loose.dtd">
3
4<html>
5
6<head>
7
8<title>Postfix Architecture Overview </title>
9
10<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
11<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
12
13</head>
14
15<body>
16
17<h1> <img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
18Architecture Overview </h1>
19
20<hr>
21
22<h2> Introduction </h2>
23
24<p> This document presents an overview of the Postfix architecture,
25and provides pointers to descriptions of every Postfix command
26or server program.  The text gives the general context in which
27each command or server program is used, and provides pointers to
28documents with specific usage examples and background information.
29</p>
30
31<p> Topics covered by this document: </p>
32
33<ul>
34
35<li> <a href="#receiving"> How Postfix receives mail </a>
36
37<li> <a href="#delivering"> How Postfix delivers mail </a>
38
39<li> <a href="#behind"> Postfix behind the scenes </a>
40
41<li> <a href="#commands"> Postfix support commands </a>
42
43</ul>
44
45<h2><a name="receiving"> How Postfix receives mail </a> </h2>
46
47<p> When a message enters the Postfix mail system, the first stop
48on the inside is the incoming queue. The figure below shows the
49main processes that are involved with new mail.  Names followed by
50a number are Postfix commands or server programs, while unnumbered
51names inside shaded areas represent Postfix queues. </p>
52
53<blockquote>
54
55<table>
56
57<tr>
58
59<td colspan="4"> </td>
60
61<td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8) </td>
62
63</tr>
64
65<tr>
66
67<td> Network </td> <td> <tt> -&gt; </tt> </td>
68
69<td bgcolor="#f0f0ff" align="center" valign="middle"> smtpd(8)
70</td>
71
72<td> </td>
73
74<td rowspan="2" align="center"> <table> <tr> <td align="center">
75^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt>
76</td> </tr> </table> </td>
77
78</tr>
79
80<tr>
81
82<td colspan="3"> </td> <td> <tt> \ </tt> </td>
83
84</tr>
85
86<tr>
87
88<td> Network </td> <td> <tt> -&gt; </tt> </td>
89
90<td bgcolor="#f0f0ff" align="center" valign="middle"> qmqpd(8)
91</td>
92
93<td> <tt> -&gt; </tt> </td>
94
95<td bgcolor="#f0f0ff" align="center" valign="middle"> cleanup(8)
96</td>
97
98<td> <tt> -&gt; </tt> </td>
99
100<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
101href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
102
103</tr>
104
105<tr>
106
107<td colspan="3"> </td> <td> <tt> / </tt> </td>
108
109</tr>
110
111<tr>
112
113<td colspan="2"> </td>
114
115<td bgcolor="#f0f0ff" align="center" valign="middle"> pickup(8)
116</td>
117
118<td> <tt> &lt;- </tt> </td>
119
120<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
121href="QSHAPE_README.html#maildrop_queue"> maildrop </a> </td>
122
123</tr>
124
125<tr>
126
127<td colspan="4" align="center"> </td>
128
129<td align="center"> ^<br> <tt> | </tt> </td>
130
131</tr>
132
133<tr>
134
135<td> Local </td> <td> <tt> -&gt; </tt> </td>
136
137<td bgcolor="#f0f0ff" align="center" valign="middle"> sendmail(1)
138</td>
139
140<td> <tt> -&gt; </tt> </td>
141
142<td bgcolor="#f0f0ff" align="center" valign="middle"> postdrop(1)
143</td>
144
145</tr>
146
147</table>
148
149</blockquote>
150
151<ul>
152
153<li> <p> Network mail enters Postfix via the smtpd(8) or qmqpd(8)
154servers.  These servers remove the SMTP or QMQP protocol encapsulation,
155enforce some sanity checks to protect Postfix, and give the sender,
156recipients and message content to the cleanup(8) server.  The
157smtpd(8) server can be configured to block unwanted mail, as
158described in the SMTPD_ACCESS_README document.  </p>
159
160<li> <p> Local submissions are received with the Postfix sendmail(1)
161compatibility command, and are queued in the maildrop queue by
162the privileged postdrop(1) command. This arrangement even works
163while the Postfix mail system is not running.  The local pickup(8)
164server picks up local submissions, enforces some sanity checks to
165protect Postfix, and gives the sender, recipients and message
166content to the cleanup(8) server.  </p>
167
168<li> <p> Mail from internal sources is given directly to the
169cleanup(8) server. These sources are not shown in the figure, and
170include: mail that is forwarded by the local(8) delivery agent (see
171next section), messages that are returned to the sender by the
172bounce(8) server (see second-next section), and postmaster
173notifications about problems with Postfix.  </p>
174
175<li> <p> The cleanup(8) server implements the final processing
176stage before mail is queued. It adds missing From: and other message
177headers, and transforms addresses as described in the
178ADDRESS_REWRITING_README
179document. Optionally, the cleanup(8) server can be configured to
180do light-weight content inspection with regular expressions as
181described in the BUILTIN_FILTER_README document.  The  cleanup(8)
182server places the result as a single file into the incoming queue,
183and notifies the queue manager (see next section) of the arrival
184of new mail.  </p>
185
186<li> <p> The trivial-rewrite(8) server rewrites addresses to the
187standard "user@fully.qualified.domain" form, as described in the
188ADDRESS_REWRITING_README document. Postfix currently does not
189implement a rewriting language, but a lot can be done via table
190lookups and, if need be, regular expressions. </p>
191
192</ul>
193
194<h2> <a name="delivering"> How Postfix delivers mail </a> </h2>
195
196<p> Once a message has reached the incoming queue the next step is
197to deliver it. The figure shows the main components of the Postfix
198mail delivery apparatus. Names followed by a number are Postfix
199commands or server programs, while unnumbered names inside shaded
200areas represent Postfix queues. </p>
201
202<blockquote>
203
204<table>
205
206<tr>
207
208<td rowspan="2" colspan="4"> </td>
209
210<td rowspan="2" bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8)
211</td>
212
213<td> </td>
214
215<td bgcolor="#f0f0ff" align="center"> smtp(8) </td>
216
217<td> <tt> -&gt; </tt> </td> <td> Network </td>
218
219</tr>
220
221<tr>
222
223<td align="right"> <tt> / </tt> </td>
224
225</tr>
226
227<tr>
228
229<td rowspan="2" colspan="4"> </td>
230
231<td rowspan="2" align="center"> <table> <tr> <td align="center">
232^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt>
233</td> </tr> </table> </td>
234
235<td align="right"> <tt> - </tt> </td>
236
237<td bgcolor="#f0f0ff" align="center"> lmtp(8) </td>
238
239<td> <tt> -&gt; </tt> </td> <td> Network </td>
240
241</tr>
242
243<tr>
244
245<td align="left"> <tt> / </tt> </td>
246
247</tr>
248
249<tr>
250
251<td bgcolor="#f0f0ff" align="center"> <a
252href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
253
254<td> <tt> -&gt; </tt> </td>
255
256<td bgcolor="#f0f0ff" align="center"> <a
257href="QSHAPE_README.html#active_queue"> active </a> </td>
258
259<td> <tt> -&gt; </tt> </td>
260
261<td bgcolor="#f0f0ff" align="center"> qmgr(8) </td>
262
263<td align="right"> <tt> --- </tt> </td>
264
265<td bgcolor="#f0f0ff" align="center"> local(8) </td>
266
267<td> <tt> -&gt; </tt> </td> <td> File, command </td>
268
269</tr>
270
271<tr>
272
273<td rowspan="2" colspan="2"> </td>
274
275<td rowspan="2" align="center"> <table> <tr> <td align="center">
276^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt>
277</td> </tr> </table> </td>
278
279<td rowspan="2" colspan="2"> </td>
280
281<td align="left"> <tt> \ </tt> </td>
282
283</tr>
284
285<tr>
286
287<td align="right"> <tt> - </tt> </td>
288
289<td bgcolor="#f0f0ff" align="center"> virtual(8) </td>
290
291<td> <tt> -&gt; </tt> </td> <td> File </td>
292
293</tr>
294
295<tr>
296
297<td colspan="2"> </td>
298
299<td bgcolor="#f0f0ff" align="center"> <a
300href="QSHAPE_README.html#deferred_queue"> deferred </a> </td>
301
302<td colspan="2"> </td>
303
304<td align="right"> <tt> \ </tt> </td>
305
306</tr>
307
308<tr>
309
310<td colspan="6">
311
312<td bgcolor="#f0f0ff" align="center"> pipe(8) </td>
313
314<td> <tt> -&gt; </tt> </td> <td> Command </td>
315
316</tr>
317
318</table>
319
320</blockquote>
321
322<ul>
323
324<li> <p> The queue manager (the qmgr(8) server process in the
325figure) is the heart of Postfix mail delivery.  It contacts the
326smtp(8), lmtp(8), local(8), virtual(8), pipe(8), discard(8) or
327error(8) delivery agents, and sends a delivery request for one
328or more recipient addresses. The discard(8) and error(8) delivery
329agents are special: they discard or bounce all mail, and are not
330shown in the figure above.  </p>
331
332<p> The queue manager maintains a limited active queue with the
333messages that it has opened for delivery. The active queue acts as
334a limited window on potentially large incoming or deferred queues.
335The limited active queue prevents the queue manager from running
336out of memory under heavy load. </p>
337
338<p> The queue manager maintains a separate deferred queue for mail
339that cannot be delivered, so that a large mail backlog will not
340slow down normal queue accesses. The queue manager's strategy for
341delayed mail delivery attempts is described in the QSHAPE_README
342and TUNING_README documents. </p>
343
344<li> <p> The trivial-rewrite(8) server resolves each recipient
345address according to its local or remote address class, as defined
346in the ADDRESS_CLASS_README document.  Additional routing information
347can be specified with the optional transport(5) table.  The
348trivial-rewrite(8) server optionally queries the relocated(5) table
349for recipients whose address has changed; mail for such recipients is
350returned to the sender with an explanation. </p>
351
352<li> <p> The smtp(8) client looks up a list of SMTP servers for
353the destination(s) in a delivery request, sorts the list by preference,
354and tries each server in turn until it has delivered or bounced all
355recipients in the delivery request. It encapsulates the sender,
356recipients and message content as required by the SMTP protocol;
357this includes message body conversion from 8-bit MIME to 7-bit
358encoding, but does not include RFC 2047 header encoding. </p>
359
360<li> <p> The lmtp(8) client speaks a protocol similar to SMTP that
361is optimized for delivery to mailbox servers such as Cyrus.  The
362advantage of this setup is that one Postfix machine can feed multiple
363mailbox servers over LMTP. The opposite is true as well:  one
364mailbox server can be fed over LMTP by multiple Postfix machines.
365</p>
366
367<li> <p> The local(8) delivery agent understands UNIX-style mailboxes,
368qmail-compatible maildir files, Sendmail-style system-wide aliases(5)
369databases, and Sendmail-style per-user .forward files. Multiple
370local delivery agents can be run in parallel, but parallel delivery
371to the same user is usually limited. </p>
372
373<p> The local(8) delivery agent has hooks for alternative forms of
374local delivery: you can configure it to deliver to mailbox files
375in user home directories, you can configure it to delegate mailbox
376delivery to an external command such as procmail, or you can delegate
377delivery to a different Postfix delivery agent.  </p>
378
379<li> <p> The virtual(8) delivery agent is a bare-bones delivery
380agent that delivers to UNIX-style mailbox or qmail-style maildir
381files only.  This delivery agent can deliver mail for multiple
382domains, which makes it especially suitable for hosting lots of
383small domains on a single machine.  This is described in the
384VIRTUAL_README document. </p>
385
386<li> <p> The pipe(8) mailer is the outbound interface to other mail
387processing systems (the Postfix sendmail(1) command being the
388inbound interface). The interface is UNIX compatible: the pipe(8)
389mailer provides information to a child process command line,
390environment variables, and standard input stream, and expects a
391child process exit status code as defined in &lt;sysexits.h&gt;.
392Examples of delivery via the pipe(8) mailer are in the FILTER_README,
393MAILDROP_README,
394and UUCP_README documents.
395
396</ul>
397
398<h2> <a name="behind"> Postfix behind the scenes </a> </h2>
399
400<p> The previous sections gave an overview of how Postfix server
401processes send and receive mail. These server processes rely on
402other server processes that do things behind the scenes.  The text
403below attempts to visualize each service in its own context.  As
404before, names followed by a number are Postfix commands or server
405programs, while unnumbered names inside shaded areas represent
406Postfix queues. </p>
407
408<ul>
409
410<li> <p> The resident master(8) server is the supervisor that keeps
411an eye on the well-being of the Postfix mail system. It is typically
412started at system boot time with the "postfix start" command, and
413keeps running until the system goes down.  The master(8) server is
414responsible for starting Postfix server processes to receive and
415deliver mail, and for restarting servers that terminate prematurely
416because of some problem. The master(8) server is also responsible
417for enforcing the server process count limits as specified in the
418<b>master.cf</b> configuration file. The picture below gives the
419program hierarchy when Postfix is started up. Only some of the mail
420handling daemon processes are shown. </p>
421
422<table>
423
424<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
425postfix(1) </td> </tr>
426
427<tr> <td colspan="2"> </td> <td align="center"> |<br> |</td> </tr>
428
429<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
430postfix-script(1) </td> </tr>
431
432<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr>
433<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center">
434|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr>
435<td> </td> <td> \ </td> </tr> </table> </td> </tr>
436
437<tr> <td align="center" bgcolor="#f0f0ff"> postsuper(1) </td> <td>
438</td> <td align="center" bgcolor="#f0f0ff"> master(8) </td> <td>
439</td> <td align="center" bgcolor="#f0f0ff"> postlog(1) </td> </tr>
440
441<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr>
442<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center">
443|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr>
444<td> </td> <td> \ </td> </tr> </table> </td> </tr>
445
446<tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8) </td> <td>
447</td> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td>
448</td> <td align="center" bgcolor="#f0f0ff"> local(8) </td> </tr>
449
450</table>
451
452<li> <p> The anvil(8) server implements client connection and
453request rate
454limiting for all smtpd(8) servers.  The TUNING_README document
455provides guidance for dealing with mis-behaving SMTP clients. The
456anvil(8) service is available in Postfix version 2.2 and later.
457</p>
458
459<table>
460
461<tr> <td> Network </td> <td> <tt> -&gt; </tt> </td> <td align="center"
462bgcolor="#f0f0ff"> <br> smtpd(8)<br><br> </td> <td> <tt> &lt;-&gt;
463</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> anvil(8)<br><br>
464</td> </tr>
465
466</table>
467
468<li> <p> The bounce(8), defer(8) and trace(8) services each maintain
469their own queue directory trees with per-message logfiles. Postfix
470uses this information when sending "failed", "delayed" or "success"
471delivery status notifications to the sender. </p>
472
473<p> The trace(8) service also implements support for the Postfix
474"sendmail
475-bv" and "sendmail -v" commands which produce reports about how
476Postfix delivers mail, and is available with Postfix version 2.1
477and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README
478</a> for examples.  </p>
479
480<table>
481
482<tr> <td align="center" bgcolor="#f0f0ff"> cleanup(8) </td> <td
483valign="middle"> <tt> -&gt; </tt> </td> <td align="center"
484bgcolor="#f0f0ff"> qmgr(8)<br> Postfix<br> queue </td> <td
485valign="middle"> <tt> -&gt; </tt> </td> <td align="center"
486bgcolor="#f0f0ff"> Delivery<br> agents</td> </tr>
487
488<tr> <td align="center"> ^<br> <tt> | </tt> </td> <td> </td> <td
489align="center"> <tt> |<br> v </tt> </td> <td> </td> <td align="center">
490<tt> |<br> v </tt> </td> </tr>
491
492<tr> <td align="center"> (Non-)<br> delivery<br> notice </td> <td
493valign="middle"> <tt> &lt;- </tt> </td> <td align="center"
494bgcolor="#f0f0ff"> bounce(8)<br> defer(8)<br> trace(8) </td> <td
495valign="middle"> <tt> &lt;- </tt> </td> <td align="center"> Queue
496id,<br> recipient,<br> status</td> </tr>
497
498<tr> <td colspan="2"> </td> <td align="center"> <table> <tr> <td
499align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt>
500|<br> v </tt> </td> </tr> </table> </td> </tr>
501
502<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
503Per- <br> message<br> logfiles </td> </tr>
504
505</table>
506
507<li> <p> The flush(8) servers maintain per-destination logs and
508implement "sendmail -qR<i>site</i>", "sendmail -qI<i>queueid</i>"
509"postqueue -s <i>site</i>", "postqueue -i <i>queueid</i>", and ETRN
510as described
511in the ETRN_README document. This moves selected queue files from
512the deferred queue back to the incoming queue and requests their
513delivery.  The flush(8) service is available with Postfix version
5141.0 and later.  </p>
515
516<table>
517
518<tr> <td colspan="4"> </td> <td align="center" bgcolor="#f0f0ff">
519<a href="QSHAPE_README.html#incoming_queue"> incoming </a><br>^
520<br><a href="QSHAPE_README.html#deferred_queue"> deferred </a>
521</td> </tr>
522
523<tr> <td colspan="4"> </td> <td align="center"> ^<br> |</td> </tr>
524
525<tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8)<br> sendmail(1)<br>
526postqueue(1) </td> <td> <tt> - </tt> </td> <td align="center">
527Destination<br> to flush</td> <td> <tt> -&gt; </tt> </td> <td
528align="center" bgcolor="#f0f0ff"> flush(8) </td> <td> <tt> &lt;-
529</tt> </td> <td align="center"> Deferred<br> destination,<br> queue
530id </td> <td> <tt> - </tt> </td> <td align="center" bgcolor="#f0f0ff">
531Delivery<br> agents,<br> qmgr(8) </td> </tr>
532
533<tr> <td colspan="4"> </td> <td align="center"> <table> <tr> <td
534align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt>
535|<br> v </tt>  </td> </tr> </table> </td> </tr>
536
537<tr> <td colspan="4"> </td> <td align="center"> Per-dest-<br>
538ination<br> logs </td> </tr>
539
540</table>
541
542<li> <p> The proxymap(8) servers provide read-only and read-write
543table lookup
544service to Postfix processes. This overcomes chroot restrictions,
545reduces the number of open lookup tables by sharing one open
546table among multiple processes, and implements single-updater
547tables. </p>
548
549<li> <p> The scache(8) server maintains the connection cache for
550the Postfix smtp(8) client. When connection caching is enabled for
551selected destinations, the smtp(8) client does not disconnect
552immediately after a mail transaction, but gives the connection to
553the connection cache server which keeps the connection open for a
554limited amount of time.  The smtp(8) client continues with some
555other mail delivery request. Meanwhile, any smtp(8) process can
556ask the scache(8) server for that cached connection and reuse it
557for mail delivery. As a safety measure, Postfix limits the number
558of times that a connection may be reused.  </p>
559
560<p> When delivering mail to a destination with multiple mail servers,
561connection caching can help to skip over a non-responding server,
562and thus dramatically speed up delivery. SMTP connection caching
563is available in Postfix version 2.2 and later.  More information
564about this feature is in the CONNECTION_CACHE_README document. </p>
565
566<table>
567
568<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
569colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
570--&gt; </tt> </td> <td> Internet </td> </tr>
571
572<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
573<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
574</tr>
575
576<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
577colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left">
578&nbsp; </td> </tr>
579
580<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
581align="center"><tt>^<br>|</tt></td> </tr>
582
583<tr> <td colspan="2"> </td> <td align="center" colspan="3"
584bgcolor="#f0f0ff"> scache(8) </td> </tr>
585
586</table>
587
588<p> A Postfix smtp(8) client can reuse a TLS-encrypted connection
589(with "smtp_tls_connection_reuse = yes"). This can greatly reduce
590the overhead of connection setup and improves message delivery
591rates. After a Postfix smtp(8) client connects to a remote SMTP
592server and sends plaintext EHLO and STARTTLS commands, the smtp(8)
593client inserts a tlsproxy(8) process into the connection as shown
594in the top of the figure below. </p>
595
596<table>
597
598<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
599colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
600--&gt; </tt> </td> <td align="center"bgcolor="#f0f0ff"> tlsproxy(8)
601</td> <td> <tt> --&gt; </tt> </td> <td> Internet </td> </tr>
602
603<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
604<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
605</tr>
606
607<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
608colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left">
609&nbsp; </td> </tr>
610
611<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
612align="center"><tt>^<br>|</tt></td> </tr>
613
614<tr> <td colspan="2"> </td> <td align="center" colspan="3"
615bgcolor="#f0f0ff"> scache(8) </td> </tr>
616
617</table>
618
619<p> After the mail transaction completes, the Postfix smtp(8) client
620gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
621server, which keeps the connection open for a limited amount of
622time. The smtp(8) client continues with some other mail delivery
623request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
624server for that cached connection and reuse it for mail delivery.
625</p>
626
627<li> <p> The showq(8) servers list the Postfix queue status. This
628is the queue listing service that does the work for the mailq(1)
629and postqueue(1) commands.  </p>
630
631<table>
632
633<tr> <td> Output </td> <td> <tt> &lt;- </tt> </td> <td align="center"
634bgcolor="#f0f0ff"> mailq(1)<br>
635
636<a href="postqueue.1.html"> post-<br>queue(1) </a> <br> </td> <td>
637<tt> &lt;- </tt> </td> <td align="center" valign="middle"
638bgcolor="#f0f0ff"> showq(8) </td> <td> <tt> &lt;- </tt></td> <td
639align="center" valign="middle" bgcolor="#f0f0ff"> Postfix<br> queue
640</td> </tr>
641
642</table>
643
644<li> <p> The spawn(8) servers run non-Postfix commands on request,
645with the client connected via socket or FIFO to the command's
646standard input, output and error streams. You can find examples of
647its use in the SMTPD_POLICY_README document.  </p>
648
649<li> <p> The tlsmgr(8) server runs when TLS (Transport Layer
650Security, formerly known as SSL) is turned on in the Postfix smtp(8)
651client or smtpd(8) server. This process has two duties: </p>
652
653<ul>
654
655<li> <p> Maintain the pseudo-random number generator (PRNG) that
656is used to seed the TLS engines in Postfix smtp(8) client or smtpd(8)
657server processes.  The state of this PRNG is periodically saved to
658a file, and is read when tlsmgr(8) starts up. </p>
659
660<li> <p> Maintain the optional Postfix smtp(8) client or smtpd(8)
661server caches with TLS session keys. Saved keys can improve
662performance by reducing the amount of computation at the start of
663a TLS session. </p>
664
665</ul>
666
667<p> TLS support is available in Postfix version 2.2 and later.
668Information about the Postfix TLS implementation is in the TLS_README
669document. </p>
670
671<table>
672
673<tr> <td>Network<tt>-&gt; </tt> </td> <td align="center"
674bgcolor="#f0f0ff"> <br> smtpd(8) <br> &nbsp; </td> <td colspan="2">
675<tt> &lt;---seed---<br><br>&lt;-session-&gt; </tt> </td> <td
676align="center" bgcolor="#f0f0ff"> <br> tlsmgr(8) <br> &nbsp; </td>
677<td colspan="3"> <tt> ---seed---&gt;<br> <br>&lt;-session-&gt;
678</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br>
679&nbsp; </td> <td> <tt> -&gt;</tt>Network </td> </tr>
680
681<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
682</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
683</td> <td align="center"> |<br> |</td> <td align="left"> <table>
684<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
685</tr> </table> </td> <td colspan="3"> </td> </tr>
686
687<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
688smtpd<br> session<br> cache </td> <td> </td> <td align="center"
689bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
690align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td>
691<td colspan="2"> </td> </tr>
692
693</table>
694
695
696<li> <p> The verify(8) server verifies that a sender or recipient
697address is deliverable before the smtpd(8) server accepts it.  The
698verify(8) server queries a cache with address verification results.
699If a result is not found, the verify(8) server injects a probe
700message into the Postfix queue and processes the status update from
701a delivery agent or queue manager.
702This process is described in the ADDRESS_VERIFICATION_README
703document.  The verify(8) service is available with Postfix version
7042.1 and later. </p>
705
706<table>
707
708<tr>
709
710    <td rowspan="2" colspan="5" align="center" valign="middle">
711    &nbsp; </td> <td rowspan="3" align="center" valign="bottom">
712    <tt> -&gt; </tt> </td> <td rowspan="3" align="center"
713    valign="middle"> probe<br> message </td> <td rowspan="3"
714    align="center" valign="middle"> <tt> -&gt; </tt> </td> <td
715    rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
716    Postfix<br> mail<br> queue </td>
717
718</tr>
719
720<tr> <td> </td> </tr>
721
722<tr>
723
724    <td rowspan="3" align="center" valign="middle"> Network </td>
725    <td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
726    </td> <td rowspan="3" bgcolor="#f0f0ff" align="center"
727    valign="middle"> smtpd(8) </td> <td rowspan="3" align="center"
728    valign="middle"> <tt> &lt;-&gt; </tt> </td> <td rowspan="3"
729    bgcolor="#f0f0ff" align="center" valign="middle"> verify(8)
730    </td>
731
732</tr>
733
734<tr>
735
736    <td rowspan="1" colspan="3"> </td> <td rowspan="1" align="center"
737    valign="middle"> <tt> |</tt><br> <tt> v</tt> </td>
738
739</tr>
740
741<tr>
742
743    <td rowspan="3" align="center" valign="top"> <tt> &lt;- </tt>
744    </td> <td rowspan="3" align="center" valign="middle"> probe<br>
745    status </td> <td rowspan="3" align="center" valign="middle">
746    <tt> &lt;- </tt> </td> <td rowspan="3" bgcolor="#f0f0ff"
747    align="center" valign="middle"> Postfix<br> delivery<br> agents
748    </td> <td rowspan="3" align="left" valign="middle"> <tt>-&gt;</tt>
749    Local<br> <tt>-&gt;</tt> Network</td>
750
751</tr>
752
753<tr>
754
755    <td rowspan="3" colspan="4" align="center" valign="middle">
756    &nbsp; </td> <td rowspan="3" align="center" valign="middle">
757    <tt> ^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
758
759</tr>
760
761<tr> <td> </td> </tr>
762
763<tr> <td colspan="4"> &nbsp; </td> </tr>
764
765<tr>
766
767    <td colspan="4" align="center" valign="middle"> &nbsp; </td>
768    <td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
769    verification<br> cache </td>
770
771</tr>
772
773</table>
774
775<li> <p> The postscreen(8) server can be put "in front" of Postfix
776smtpd(8) processes. Its purpose is to accept connections from the
777network and to decide what SMTP clients are allowed to talk to
778Postfix.  According to the 2008 MessageLabs annual report, 81% of
779all email was spam, and 90% of that was sent by botnets; by 2010,
780those numbers were 92% and 95%, respectively.  While postscreen(8)
781keeps the zombies away, more smtpd(8) processes remain available
782for legitimate clients.  </p>
783
784<p> postscreen(8) maintains a temporary allowlist for clients that
785pass its tests; by allowing allowlisted clients to skip tests,
786postscreen(8) minimizes its impact on legitimate email traffic.
787</p>
788
789<p> The postscreen(8) server is available with Postfix 2.8 and
790later. To keep the implementation simple, postscreen(8) delegates
791DNS allow/denylist lookups to dnsblog(8) server processes, and
792delegates TLS encryption/decryption to tlsproxy(8) server processes.
793This delegation is invisible to the remote SMTP client. </p>
794
795<table>
796
797<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
798
799<tr> <td colspan="3">  </td> <td align="left"> <tt> \ </tt> </td> </tr>
800
801<tr> <td> zombie </td> <td> <tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> tlsproxy(8) </td> <td align="left"> <tt> - </tt> </td> <td>
802</td> <td>  </td> <td>  </td> <td align="right"> <tt> - </tt> </td>
803<td bgcolor="#f0f0ff" align="center"> smtpd(8) </td> </tr>
804
805<tr> <td colspan="3">  </td> <td align="right"> <tt> \ </tt> </td> <td> </td>
806<td align="left"> <tt> / </tt> </td> </tr>
807
808<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt>
809--- </tt> </td> <td bgcolor="#f0f0ff" align="center" valign="middle">
810postscreen(8) </td> </tr>
811
812<tr> <td colspan="3">  </td> <td align="right"> <tt> / </tt> </td> <td> </td>
813<td align="right"> <tt> \ </tt> </td> </tr>
814
815<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left">
816<tt> - </tt> </td> <td> </td> <td>  </td> <td>  </td> <td align="right">
817<tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> smtpd(8)
818</td> </tr>
819
820<tr> <td colspan="3">  </td> <td align="left"> <tt> / </tt> </td> </tr>
821
822<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
823
824</table>
825
826<li> <p>The postlogd(8) server provides an alternative to syslog
827logging, which remains the default. This feature is available with
828Postfix version 3.4 or later, and supports the following modes:
829</p>
830
831
832<ul>
833
834<li> <p>Logging to file, which addresses a usability problem with
835MacOS, and eliminates information loss caused by systemd rate limits.
836</p>
837
838<table>
839
840<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
841commands<br>or daemons</td> <td colspan="4"> &nbsp; </td> </tr>
842
843<tr> <td colspan="2"> <td> <tt> -&gt; </tt> </td> <td bgcolor="#f0f0ff">
844postlogd(8) </td> <td> <tt> -&gt; </tt> </td> <td> /path/to/file
845</td> </tr>
846
847<tr> <td colspan=6> &nbsp; </td> </tr>
848
849</table>
850
851<li> <p>Logging to stdout, which eliminates a syslog dependency
852when Postfix runs inside a container. </p>
853
854<table>
855
856<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
857commands<br>or daemons</td> <td colspan="4"> &nbsp; </td> <td
858rowspan="3" align="center"> stdout inherited<br>from "postfix
859start-fg" </td> </tr>
860
861<tr> <td colspan="2"> <tt> -&gt; </tt> </td> <td bgcolor="#f0f0ff">
862postlogd(8) </td> <td> <tt> -&gt; </tt> </td> </tr>
863
864<tr> <td colspan=5> &nbsp; </td> </tr>
865
866</table>
867
868</ul>
869
870<p> See MAILLOG_README for details and limitations. </p>
871
872</ul>
873
874<h2> <a name="commands"> Postfix support commands </a> </h2>
875
876<p> The Postfix architecture overview ends with a summary of
877command-line utilities for day-to-day use of the Postfix mail
878system. Besides the Sendmail-compatible sendmail(1), mailq(1), and
879newaliases(1) commands, the Postfix system comes with it own
880collection of command-line utilities.  For consistency, these are
881all named post<i>something</i>. </p>
882
883<ul>
884
885<li> <p> The postfix(1) command controls the operation of the mail
886system. It is the interface for starting, stopping, and restarting
887the mail system, as well as for some other administrative operations.
888This command is reserved to the super-user. </p>
889
890<li> <p> The postalias(1) command maintains Postfix aliases(5) type
891databases.  This is the program that does the work for the
892newaliases(1) command.  </p>
893
894<li> <p> The postcat(1) command displays the contents of Postfix
895queue files. This is a limited, preliminary utility. This program
896is likely to be superseded by something more powerful that can also
897edit Postfix queue files. </p>
898
899<li> <p> The postconf(1) command displays or updates Postfix main.cf
900parameters and displays system dependent information about the
901supported file locking methods, and the supported types of lookup
902tables.  </p>
903
904<li> <p> The postdrop(1) command is the mail posting utility that
905is run by the Postfix sendmail(1) command in order to deposit mail
906into the maildrop queue directory. </p>
907
908<li> <p> The postkick(1) command makes some Postfix internal
909communication channels available for use in, for example, shell
910scripts. </p>
911
912<li> <p> The postlock(1) command provides Postfix-compatible mailbox
913locking for use in, for example, shell scripts. </p>
914
915<li> <p> The postlog(1) command provides Postfix-compatible logging
916for shell scripts. </p>
917
918<li> <p> The postmap(1) command maintains Postfix lookup tables
919such as canonical(5), virtual(5) and others. It is a cousin of the
920UNIX makemap command. </p>
921
922<li> <p> The postmulti(1) command repeats the "postfix start" etc.
923command for each Postfix instance, and supports creation, deletion
924etc. of Postfix instances. For a tutorial, see MULTI_INSTANCE_README.
925</p>
926
927<li> <p> The postqueue(1) command is the privileged command that
928is run by Postfix sendmail(1) and mailq(1) in order to flush or
929list the
930mail queue. </p>
931
932<li> <p> The postsuper(1) command maintains the Postfix queue. It
933removes old temporary files, and moves queue files into the right
934directory after a change in the hashing depth of queue directories.
935This command is run at mail system startup time and when Postfix
936is restarted. </p>
937
938</ul>
939
940</body>
941
942</html>
943