1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "https://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Architecture Overview </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 13</head> 14 15<body> 16 17<h1> <img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18Architecture Overview </h1> 19 20<hr> 21 22<h2> Introduction </h2> 23 24<p> This document presents an overview of the Postfix architecture, 25and provides pointers to descriptions of every Postfix command 26or server program. The text gives the general context in which 27each command or server program is used, and provides pointers to 28documents with specific usage examples and background information. 29</p> 30 31<p> Topics covered by this document: </p> 32 33<ul> 34 35<li> <a href="#receiving"> How Postfix receives mail </a> 36 37<li> <a href="#delivering"> How Postfix delivers mail </a> 38 39<li> <a href="#behind"> Postfix behind the scenes </a> 40 41<li> <a href="#commands"> Postfix support commands </a> 42 43</ul> 44 45<h2><a name="receiving"> How Postfix receives mail </a> </h2> 46 47<p> When a message enters the Postfix mail system, the first stop 48on the inside is the incoming queue. The figure below shows the 49main processes that are involved with new mail. Names followed by 50a number are Postfix commands or server programs, while unnumbered 51names inside shaded areas represent Postfix queues. </p> 52 53<blockquote> 54 55<table> 56 57<tr> 58 59<td colspan="4"> </td> 60 61<td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8) </td> 62 63</tr> 64 65<tr> 66 67<td> Network </td> <td> <tt> -> </tt> </td> 68 69<td bgcolor="#f0f0ff" align="center" valign="middle"> smtpd(8) 70</td> 71 72<td> </td> 73 74<td rowspan="2" align="center"> <table> <tr> <td align="center"> 75^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 76</td> </tr> </table> </td> 77 78</tr> 79 80<tr> 81 82<td colspan="3"> </td> <td> <tt> \ </tt> </td> 83 84</tr> 85 86<tr> 87 88<td> Network </td> <td> <tt> -> </tt> </td> 89 90<td bgcolor="#f0f0ff" align="center" valign="middle"> qmqpd(8) 91</td> 92 93<td> <tt> -> </tt> </td> 94 95<td bgcolor="#f0f0ff" align="center" valign="middle"> cleanup(8) 96</td> 97 98<td> <tt> -> </tt> </td> 99 100<td bgcolor="#f0f0ff" align="center" valign="middle"> <a 101href="QSHAPE_README.html#incoming_queue"> incoming </a> </td> 102 103</tr> 104 105<tr> 106 107<td colspan="3"> </td> <td> <tt> / </tt> </td> 108 109</tr> 110 111<tr> 112 113<td colspan="2"> </td> 114 115<td bgcolor="#f0f0ff" align="center" valign="middle"> pickup(8) 116</td> 117 118<td> <tt> <- </tt> </td> 119 120<td bgcolor="#f0f0ff" align="center" valign="middle"> <a 121href="QSHAPE_README.html#maildrop_queue"> maildrop </a> </td> 122 123</tr> 124 125<tr> 126 127<td colspan="4" align="center"> </td> 128 129<td align="center"> ^<br> <tt> | </tt> </td> 130 131</tr> 132 133<tr> 134 135<td> Local </td> <td> <tt> -> </tt> </td> 136 137<td bgcolor="#f0f0ff" align="center" valign="middle"> sendmail(1) 138</td> 139 140<td> <tt> -> </tt> </td> 141 142<td bgcolor="#f0f0ff" align="center" valign="middle"> postdrop(1) 143</td> 144 145</tr> 146 147</table> 148 149</blockquote> 150 151<ul> 152 153<li> <p> Network mail enters Postfix via the smtpd(8) or qmqpd(8) 154servers. These servers remove the SMTP or QMQP protocol encapsulation, 155enforce some sanity checks to protect Postfix, and give the sender, 156recipients and message content to the cleanup(8) server. The 157smtpd(8) server can be configured to block unwanted mail, as 158described in the SMTPD_ACCESS_README document. </p> 159 160<li> <p> Local submissions are received with the Postfix sendmail(1) 161compatibility command, and are queued in the maildrop queue by 162the privileged postdrop(1) command. This arrangement even works 163while the Postfix mail system is not running. The local pickup(8) 164server picks up local submissions, enforces some sanity checks to 165protect Postfix, and gives the sender, recipients and message 166content to the cleanup(8) server. </p> 167 168<li> <p> Mail from internal sources is given directly to the 169cleanup(8) server. These sources are not shown in the figure, and 170include: mail that is forwarded by the local(8) delivery agent (see 171next section), messages that are returned to the sender by the 172bounce(8) server (see second-next section), and postmaster 173notifications about problems with Postfix. </p> 174 175<li> <p> The cleanup(8) server implements the final processing 176stage before mail is queued. It adds missing From: and other message 177headers, and transforms addresses as described in the 178ADDRESS_REWRITING_README 179document. Optionally, the cleanup(8) server can be configured to 180do light-weight content inspection with regular expressions as 181described in the BUILTIN_FILTER_README document. The cleanup(8) 182server places the result as a single file into the incoming queue, 183and notifies the queue manager (see next section) of the arrival 184of new mail. </p> 185 186<li> <p> The trivial-rewrite(8) server rewrites addresses to the 187standard "user@fully.qualified.domain" form, as described in the 188ADDRESS_REWRITING_README document. Postfix currently does not 189implement a rewriting language, but a lot can be done via table 190lookups and, if need be, regular expressions. </p> 191 192</ul> 193 194<h2> <a name="delivering"> How Postfix delivers mail </a> </h2> 195 196<p> Once a message has reached the incoming queue the next step is 197to deliver it. The figure shows the main components of the Postfix 198mail delivery apparatus. Names followed by a number are Postfix 199commands or server programs, while unnumbered names inside shaded 200areas represent Postfix queues. </p> 201 202<blockquote> 203 204<table> 205 206<tr> 207 208<td rowspan="2" colspan="4"> </td> 209 210<td rowspan="2" bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8) 211</td> 212 213<td> </td> 214 215<td bgcolor="#f0f0ff" align="center"> smtp(8) </td> 216 217<td> <tt> -> </tt> </td> <td> Network </td> 218 219</tr> 220 221<tr> 222 223<td align="right"> <tt> / </tt> </td> 224 225</tr> 226 227<tr> 228 229<td rowspan="2" colspan="4"> </td> 230 231<td rowspan="2" align="center"> <table> <tr> <td align="center"> 232^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 233</td> </tr> </table> </td> 234 235<td align="right"> <tt> - </tt> </td> 236 237<td bgcolor="#f0f0ff" align="center"> lmtp(8) </td> 238 239<td> <tt> -> </tt> </td> <td> Network </td> 240 241</tr> 242 243<tr> 244 245<td align="left"> <tt> / </tt> </td> 246 247</tr> 248 249<tr> 250 251<td bgcolor="#f0f0ff" align="center"> <a 252href="QSHAPE_README.html#incoming_queue"> incoming </a> </td> 253 254<td> <tt> -> </tt> </td> 255 256<td bgcolor="#f0f0ff" align="center"> <a 257href="QSHAPE_README.html#active_queue"> active </a> </td> 258 259<td> <tt> -> </tt> </td> 260 261<td bgcolor="#f0f0ff" align="center"> qmgr(8) </td> 262 263<td align="right"> <tt> --- </tt> </td> 264 265<td bgcolor="#f0f0ff" align="center"> local(8) </td> 266 267<td> <tt> -> </tt> </td> <td> File, command </td> 268 269</tr> 270 271<tr> 272 273<td rowspan="2" colspan="2"> </td> 274 275<td rowspan="2" align="center"> <table> <tr> <td align="center"> 276^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 277</td> </tr> </table> </td> 278 279<td rowspan="2" colspan="2"> </td> 280 281<td align="left"> <tt> \ </tt> </td> 282 283</tr> 284 285<tr> 286 287<td align="right"> <tt> - </tt> </td> 288 289<td bgcolor="#f0f0ff" align="center"> virtual(8) </td> 290 291<td> <tt> -> </tt> </td> <td> File </td> 292 293</tr> 294 295<tr> 296 297<td colspan="2"> </td> 298 299<td bgcolor="#f0f0ff" align="center"> <a 300href="QSHAPE_README.html#deferred_queue"> deferred </a> </td> 301 302<td colspan="2"> </td> 303 304<td align="right"> <tt> \ </tt> </td> 305 306</tr> 307 308<tr> 309 310<td colspan="6"> 311 312<td bgcolor="#f0f0ff" align="center"> pipe(8) </td> 313 314<td> <tt> -> </tt> </td> <td> Command </td> 315 316</tr> 317 318</table> 319 320</blockquote> 321 322<ul> 323 324<li> <p> The queue manager (the qmgr(8) server process in the 325figure) is the heart of Postfix mail delivery. It contacts the 326smtp(8), lmtp(8), local(8), virtual(8), pipe(8), discard(8) or 327error(8) delivery agents, and sends a delivery request for one 328or more recipient addresses. The discard(8) and error(8) delivery 329agents are special: they discard or bounce all mail, and are not 330shown in the figure above. </p> 331 332<p> The queue manager maintains a limited active queue with the 333messages that it has opened for delivery. The active queue acts as 334a limited window on potentially large incoming or deferred queues. 335The limited active queue prevents the queue manager from running 336out of memory under heavy load. </p> 337 338<p> The queue manager maintains a separate deferred queue for mail 339that cannot be delivered, so that a large mail backlog will not 340slow down normal queue accesses. The queue manager's strategy for 341delayed mail delivery attempts is described in the QSHAPE_README 342and TUNING_README documents. </p> 343 344<li> <p> The trivial-rewrite(8) server resolves each recipient 345address according to its local or remote address class, as defined 346in the ADDRESS_CLASS_README document. Additional routing information 347can be specified with the optional transport(5) table. The 348trivial-rewrite(8) server optionally queries the relocated(5) table 349for recipients whose address has changed; mail for such recipients is 350returned to the sender with an explanation. </p> 351 352<li> <p> The smtp(8) client looks up a list of SMTP servers for 353the destination(s) in a delivery request, sorts the list by preference, 354and tries each server in turn until it has delivered or bounced all 355recipients in the delivery request. It encapsulates the sender, 356recipients and message content as required by the SMTP protocol; 357this includes message body conversion from 8-bit MIME to 7-bit 358encoding, but does not include RFC 2047 header encoding. </p> 359 360<li> <p> The lmtp(8) client speaks a protocol similar to SMTP that 361is optimized for delivery to mailbox servers such as Cyrus. The 362advantage of this setup is that one Postfix machine can feed multiple 363mailbox servers over LMTP. The opposite is true as well: one 364mailbox server can be fed over LMTP by multiple Postfix machines. 365</p> 366 367<li> <p> The local(8) delivery agent understands UNIX-style mailboxes, 368qmail-compatible maildir files, Sendmail-style system-wide aliases(5) 369databases, and Sendmail-style per-user .forward files. Multiple 370local delivery agents can be run in parallel, but parallel delivery 371to the same user is usually limited. </p> 372 373<p> The local(8) delivery agent has hooks for alternative forms of 374local delivery: you can configure it to deliver to mailbox files 375in user home directories, you can configure it to delegate mailbox 376delivery to an external command such as procmail, or you can delegate 377delivery to a different Postfix delivery agent. </p> 378 379<li> <p> The virtual(8) delivery agent is a bare-bones delivery 380agent that delivers to UNIX-style mailbox or qmail-style maildir 381files only. This delivery agent can deliver mail for multiple 382domains, which makes it especially suitable for hosting lots of 383small domains on a single machine. This is described in the 384VIRTUAL_README document. </p> 385 386<li> <p> The pipe(8) mailer is the outbound interface to other mail 387processing systems (the Postfix sendmail(1) command being the 388inbound interface). The interface is UNIX compatible: the pipe(8) 389mailer provides information to a child process command line, 390environment variables, and standard input stream, and expects a 391child process exit status code as defined in <sysexits.h>. 392Examples of delivery via the pipe(8) mailer are in the FILTER_README, 393MAILDROP_README, 394and UUCP_README documents. 395 396</ul> 397 398<h2> <a name="behind"> Postfix behind the scenes </a> </h2> 399 400<p> The previous sections gave an overview of how Postfix server 401processes send and receive mail. These server processes rely on 402other server processes that do things behind the scenes. The text 403below attempts to visualize each service in its own context. As 404before, names followed by a number are Postfix commands or server 405programs, while unnumbered names inside shaded areas represent 406Postfix queues. </p> 407 408<ul> 409 410<li> <p> The resident master(8) server is the supervisor that keeps 411an eye on the well-being of the Postfix mail system. It is typically 412started at system boot time with the "postfix start" command, and 413keeps running until the system goes down. The master(8) server is 414responsible for starting Postfix server processes to receive and 415deliver mail, and for restarting servers that terminate prematurely 416because of some problem. The master(8) server is also responsible 417for enforcing the server process count limits as specified in the 418<b>master.cf</b> configuration file. The picture below gives the 419program hierarchy when Postfix is started up. Only some of the mail 420handling daemon processes are shown. </p> 421 422<table> 423 424<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 425postfix(1) </td> </tr> 426 427<tr> <td colspan="2"> </td> <td align="center"> |<br> |</td> </tr> 428 429<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 430postfix-script(1) </td> </tr> 431 432<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr> 433<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center"> 434|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr> 435<td> </td> <td> \ </td> </tr> </table> </td> </tr> 436 437<tr> <td align="center" bgcolor="#f0f0ff"> postsuper(1) </td> <td> 438</td> <td align="center" bgcolor="#f0f0ff"> master(8) </td> <td> 439</td> <td align="center" bgcolor="#f0f0ff"> postlog(1) </td> </tr> 440 441<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr> 442<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center"> 443|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr> 444<td> </td> <td> \ </td> </tr> </table> </td> </tr> 445 446<tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8) </td> <td> 447</td> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> 448</td> <td align="center" bgcolor="#f0f0ff"> local(8) </td> </tr> 449 450</table> 451 452<li> <p> The anvil(8) server implements client connection and 453request rate 454limiting for all smtpd(8) servers. The TUNING_README document 455provides guidance for dealing with mis-behaving SMTP clients. The 456anvil(8) service is available in Postfix version 2.2 and later. 457</p> 458 459<table> 460 461<tr> <td> Network </td> <td> <tt> -> </tt> </td> <td align="center" 462bgcolor="#f0f0ff"> <br> smtpd(8)<br><br> </td> <td> <tt> <-> 463</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> anvil(8)<br><br> 464</td> </tr> 465 466</table> 467 468<li> <p> The bounce(8), defer(8) and trace(8) services each maintain 469their own queue directory trees with per-message logfiles. Postfix 470uses this information when sending "failed", "delayed" or "success" 471delivery status notifications to the sender. </p> 472 473<p> The trace(8) service also implements support for the Postfix 474"sendmail 475-bv" and "sendmail -v" commands which produce reports about how 476Postfix delivers mail, and is available with Postfix version 2.1 477and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README 478</a> for examples. </p> 479 480<table> 481 482<tr> <td align="center" bgcolor="#f0f0ff"> cleanup(8) </td> <td 483valign="middle"> <tt> -> </tt> </td> <td align="center" 484bgcolor="#f0f0ff"> qmgr(8)<br> Postfix<br> queue </td> <td 485valign="middle"> <tt> -> </tt> </td> <td align="center" 486bgcolor="#f0f0ff"> Delivery<br> agents</td> </tr> 487 488<tr> <td align="center"> ^<br> <tt> | </tt> </td> <td> </td> <td 489align="center"> <tt> |<br> v </tt> </td> <td> </td> <td align="center"> 490<tt> |<br> v </tt> </td> </tr> 491 492<tr> <td align="center"> (Non-)<br> delivery<br> notice </td> <td 493valign="middle"> <tt> <- </tt> </td> <td align="center" 494bgcolor="#f0f0ff"> bounce(8)<br> defer(8)<br> trace(8) </td> <td 495valign="middle"> <tt> <- </tt> </td> <td align="center"> Queue 496id,<br> recipient,<br> status</td> </tr> 497 498<tr> <td colspan="2"> </td> <td align="center"> <table> <tr> <td 499align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt> 500|<br> v </tt> </td> </tr> </table> </td> </tr> 501 502<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 503Per- <br> message<br> logfiles </td> </tr> 504 505</table> 506 507<li> <p> The flush(8) servers maintain per-destination logs and 508implement "sendmail -qR<i>site</i>", "sendmail -qI<i>queueid</i>" 509"postqueue -s <i>site</i>", "postqueue -i <i>queueid</i>", and ETRN 510as described 511in the ETRN_README document. This moves selected queue files from 512the deferred queue back to the incoming queue and requests their 513delivery. The flush(8) service is available with Postfix version 5141.0 and later. </p> 515 516<table> 517 518<tr> <td colspan="4"> </td> <td align="center" bgcolor="#f0f0ff"> 519<a href="QSHAPE_README.html#incoming_queue"> incoming </a><br>^ 520<br><a href="QSHAPE_README.html#deferred_queue"> deferred </a> 521</td> </tr> 522 523<tr> <td colspan="4"> </td> <td align="center"> ^<br> |</td> </tr> 524 525<tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8)<br> sendmail(1)<br> 526postqueue(1) </td> <td> <tt> - </tt> </td> <td align="center"> 527Destination<br> to flush</td> <td> <tt> -> </tt> </td> <td 528align="center" bgcolor="#f0f0ff"> flush(8) </td> <td> <tt> <- 529</tt> </td> <td align="center"> Deferred<br> destination,<br> queue 530id </td> <td> <tt> - </tt> </td> <td align="center" bgcolor="#f0f0ff"> 531Delivery<br> agents,<br> qmgr(8) </td> </tr> 532 533<tr> <td colspan="4"> </td> <td align="center"> <table> <tr> <td 534align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt> 535|<br> v </tt> </td> </tr> </table> </td> </tr> 536 537<tr> <td colspan="4"> </td> <td align="center"> Per-dest-<br> 538ination<br> logs </td> </tr> 539 540</table> 541 542<li> <p> The proxymap(8) servers provide read-only and read-write 543table lookup 544service to Postfix processes. This overcomes chroot restrictions, 545reduces the number of open lookup tables by sharing one open 546table among multiple processes, and implements single-updater 547tables. </p> 548 549<li> <p> The scache(8) server maintains the connection cache for 550the Postfix smtp(8) client. When connection caching is enabled for 551selected destinations, the smtp(8) client does not disconnect 552immediately after a mail transaction, but gives the connection to 553the connection cache server which keeps the connection open for a 554limited amount of time. The smtp(8) client continues with some 555other mail delivery request. Meanwhile, any smtp(8) process can 556ask the scache(8) server for that cached connection and reuse it 557for mail delivery. As a safety measure, Postfix limits the number 558of times that a connection may be reused. </p> 559 560<p> When delivering mail to a destination with multiple mail servers, 561connection caching can help to skip over a non-responding server, 562and thus dramatically speed up delivery. SMTP connection caching 563is available in Postfix version 2.2 and later. More information 564about this feature is in the CONNECTION_CACHE_README document. </p> 565 566<table> 567 568<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center" 569colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt> 570--> </tt> </td> <td> Internet </td> </tr> 571 572<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td> 573<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> 574</tr> 575 576<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center" 577colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> 578 </td> </tr> 579 580<tr> <td colspan="2"> </td> <td> </td> <td 581align="center"><tt>^<br>|</tt></td> </tr> 582 583<tr> <td colspan="2"> </td> <td align="center" colspan="3" 584bgcolor="#f0f0ff"> scache(8) </td> </tr> 585 586</table> 587 588<p> A Postfix smtp(8) client can reuse a TLS-encrypted connection 589(with "smtp_tls_connection_reuse = yes"). This can greatly reduce 590the overhead of connection setup and improves message delivery 591rates. After a Postfix smtp(8) client connects to a remote SMTP 592server and sends plaintext EHLO and STARTTLS commands, the smtp(8) 593client inserts a tlsproxy(8) process into the connection as shown 594in the top of the figure below. </p> 595 596<table> 597 598<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center" 599colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt> 600--> </tt> </td> <td align="center"bgcolor="#f0f0ff"> tlsproxy(8) 601</td> <td> <tt> --> </tt> </td> <td> Internet </td> </tr> 602 603<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td> 604<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> 605</tr> 606 607<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center" 608colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> 609 </td> </tr> 610 611<tr> <td colspan="2"> </td> <td> </td> <td 612align="center"><tt>^<br>|</tt></td> </tr> 613 614<tr> <td colspan="2"> </td> <td align="center" colspan="3" 615bgcolor="#f0f0ff"> scache(8) </td> </tr> 616 617</table> 618 619<p> After the mail transaction completes, the Postfix smtp(8) client 620gives the smtp(8)-to-tlsproxy(8) connection to the scache(8) 621server, which keeps the connection open for a limited amount of 622time. The smtp(8) client continues with some other mail delivery 623request. Meanwhile, any Postfix smtp(8) client can ask the scache(8) 624server for that cached connection and reuse it for mail delivery. 625</p> 626 627<li> <p> The showq(8) servers list the Postfix queue status. This 628is the queue listing service that does the work for the mailq(1) 629and postqueue(1) commands. </p> 630 631<table> 632 633<tr> <td> Output </td> <td> <tt> <- </tt> </td> <td align="center" 634bgcolor="#f0f0ff"> mailq(1)<br> 635 636<a href="postqueue.1.html"> post-<br>queue(1) </a> <br> </td> <td> 637<tt> <- </tt> </td> <td align="center" valign="middle" 638bgcolor="#f0f0ff"> showq(8) </td> <td> <tt> <- </tt></td> <td 639align="center" valign="middle" bgcolor="#f0f0ff"> Postfix<br> queue 640</td> </tr> 641 642</table> 643 644<li> <p> The spawn(8) servers run non-Postfix commands on request, 645with the client connected via socket or FIFO to the command's 646standard input, output and error streams. You can find examples of 647its use in the SMTPD_POLICY_README document. </p> 648 649<li> <p> The tlsmgr(8) server runs when TLS (Transport Layer 650Security, formerly known as SSL) is turned on in the Postfix smtp(8) 651client or smtpd(8) server. This process has two duties: </p> 652 653<ul> 654 655<li> <p> Maintain the pseudo-random number generator (PRNG) that 656is used to seed the TLS engines in Postfix smtp(8) client or smtpd(8) 657server processes. The state of this PRNG is periodically saved to 658a file, and is read when tlsmgr(8) starts up. </p> 659 660<li> <p> Maintain the optional Postfix smtp(8) client or smtpd(8) 661server caches with TLS session keys. Saved keys can improve 662performance by reducing the amount of computation at the start of 663a TLS session. </p> 664 665</ul> 666 667<p> TLS support is available in Postfix version 2.2 and later. 668Information about the Postfix TLS implementation is in the TLS_README 669document. </p> 670 671<table> 672 673<tr> <td>Network<tt>-> </tt> </td> <td align="center" 674bgcolor="#f0f0ff"> <br> smtpd(8) <br> </td> <td colspan="2"> 675<tt> <---seed---<br><br><-session-> </tt> </td> <td 676align="center" bgcolor="#f0f0ff"> <br> tlsmgr(8) <br> </td> 677<td colspan="3"> <tt> ---seed---><br> <br><-session-> 678</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br> 679 </td> <td> <tt> -></tt>Network </td> </tr> 680 681<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td> 682</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table> 683</td> <td align="center"> |<br> |</td> <td align="left"> <table> 684<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td> 685</tr> </table> </td> <td colspan="3"> </td> </tr> 686 687<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 688smtpd<br> session<br> cache </td> <td> </td> <td align="center" 689bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td 690align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td> 691<td colspan="2"> </td> </tr> 692 693</table> 694 695 696<li> <p> The verify(8) server verifies that a sender or recipient 697address is deliverable before the smtpd(8) server accepts it. The 698verify(8) server queries a cache with address verification results. 699If a result is not found, the verify(8) server injects a probe 700message into the Postfix queue and processes the status update from 701a delivery agent or queue manager. 702This process is described in the ADDRESS_VERIFICATION_README 703document. The verify(8) service is available with Postfix version 7042.1 and later. </p> 705 706<table> 707 708<tr> 709 710 <td rowspan="2" colspan="5" align="center" valign="middle"> 711 </td> <td rowspan="3" align="center" valign="bottom"> 712 <tt> -> </tt> </td> <td rowspan="3" align="center" 713 valign="middle"> probe<br> message </td> <td rowspan="3" 714 align="center" valign="middle"> <tt> -> </tt> </td> <td 715 rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle"> 716 Postfix<br> mail<br> queue </td> 717 718</tr> 719 720<tr> <td> </td> </tr> 721 722<tr> 723 724 <td rowspan="3" align="center" valign="middle"> Network </td> 725 <td rowspan="3" align="center" valign="middle"> <tt> -> </tt> 726 </td> <td rowspan="3" bgcolor="#f0f0ff" align="center" 727 valign="middle"> smtpd(8) </td> <td rowspan="3" align="center" 728 valign="middle"> <tt> <-> </tt> </td> <td rowspan="3" 729 bgcolor="#f0f0ff" align="center" valign="middle"> verify(8) 730 </td> 731 732</tr> 733 734<tr> 735 736 <td rowspan="1" colspan="3"> </td> <td rowspan="1" align="center" 737 valign="middle"> <tt> |</tt><br> <tt> v</tt> </td> 738 739</tr> 740 741<tr> 742 743 <td rowspan="3" align="center" valign="top"> <tt> <- </tt> 744 </td> <td rowspan="3" align="center" valign="middle"> probe<br> 745 status </td> <td rowspan="3" align="center" valign="middle"> 746 <tt> <- </tt> </td> <td rowspan="3" bgcolor="#f0f0ff" 747 align="center" valign="middle"> Postfix<br> delivery<br> agents 748 </td> <td rowspan="3" align="left" valign="middle"> <tt>-></tt> 749 Local<br> <tt>-></tt> Network</td> 750 751</tr> 752 753<tr> 754 755 <td rowspan="3" colspan="4" align="center" valign="middle"> 756 </td> <td rowspan="3" align="center" valign="middle"> 757 <tt> ^</tt><br> <tt> |</tt><br> <tt> v</tt> </td> 758 759</tr> 760 761<tr> <td> </td> </tr> 762 763<tr> <td colspan="4"> </td> </tr> 764 765<tr> 766 767 <td colspan="4" align="center" valign="middle"> </td> 768 <td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br> 769 verification<br> cache </td> 770 771</tr> 772 773</table> 774 775<li> <p> The postscreen(8) server can be put "in front" of Postfix 776smtpd(8) processes. Its purpose is to accept connections from the 777network and to decide what SMTP clients are allowed to talk to 778Postfix. According to the 2008 MessageLabs annual report, 81% of 779all email was spam, and 90% of that was sent by botnets; by 2010, 780those numbers were 92% and 95%, respectively. While postscreen(8) 781keeps the zombies away, more smtpd(8) processes remain available 782for legitimate clients. </p> 783 784<p> postscreen(8) maintains a temporary allowlist for clients that 785pass its tests; by allowing allowlisted clients to skip tests, 786postscreen(8) minimizes its impact on legitimate email traffic. 787</p> 788 789<p> The postscreen(8) server is available with Postfix 2.8 and 790later. To keep the implementation simple, postscreen(8) delegates 791DNS allow/denylist lookups to dnsblog(8) server processes, and 792delegates TLS encryption/decryption to tlsproxy(8) server processes. 793This delegation is invisible to the remote SMTP client. </p> 794 795<table> 796 797<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr> 798 799<tr> <td colspan="3"> </td> <td align="left"> <tt> \ </tt> </td> </tr> 800 801<tr> <td> zombie </td> <td> <tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> tlsproxy(8) </td> <td align="left"> <tt> - </tt> </td> <td> 802</td> <td> </td> <td> </td> <td align="right"> <tt> - </tt> </td> 803<td bgcolor="#f0f0ff" align="center"> smtpd(8) </td> </tr> 804 805<tr> <td colspan="3"> </td> <td align="right"> <tt> \ </tt> </td> <td> </td> 806<td align="left"> <tt> / </tt> </td> </tr> 807 808<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt> 809--- </tt> </td> <td bgcolor="#f0f0ff" align="center" valign="middle"> 810postscreen(8) </td> </tr> 811 812<tr> <td colspan="3"> </td> <td align="right"> <tt> / </tt> </td> <td> </td> 813<td align="right"> <tt> \ </tt> </td> </tr> 814 815<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left"> 816<tt> - </tt> </td> <td> </td> <td> </td> <td> </td> <td align="right"> 817<tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> smtpd(8) 818</td> </tr> 819 820<tr> <td colspan="3"> </td> <td align="left"> <tt> / </tt> </td> </tr> 821 822<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr> 823 824</table> 825 826<li> <p>The postlogd(8) server provides an alternative to syslog 827logging, which remains the default. This feature is available with 828Postfix version 3.4 or later, and supports the following modes: 829</p> 830 831 832<ul> 833 834<li> <p>Logging to file, which addresses a usability problem with 835MacOS, and eliminates information loss caused by systemd rate limits. 836</p> 837 838<table> 839 840<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center"> 841commands<br>or daemons</td> <td colspan="4"> </td> </tr> 842 843<tr> <td colspan="2"> <td> <tt> -> </tt> </td> <td bgcolor="#f0f0ff"> 844postlogd(8) </td> <td> <tt> -> </tt> </td> <td> /path/to/file 845</td> </tr> 846 847<tr> <td colspan=6> </td> </tr> 848 849</table> 850 851<li> <p>Logging to stdout, which eliminates a syslog dependency 852when Postfix runs inside a container. </p> 853 854<table> 855 856<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center"> 857commands<br>or daemons</td> <td colspan="4"> </td> <td 858rowspan="3" align="center"> stdout inherited<br>from "postfix 859start-fg" </td> </tr> 860 861<tr> <td colspan="2"> <tt> -> </tt> </td> <td bgcolor="#f0f0ff"> 862postlogd(8) </td> <td> <tt> -> </tt> </td> </tr> 863 864<tr> <td colspan=5> </td> </tr> 865 866</table> 867 868</ul> 869 870<p> See MAILLOG_README for details and limitations. </p> 871 872</ul> 873 874<h2> <a name="commands"> Postfix support commands </a> </h2> 875 876<p> The Postfix architecture overview ends with a summary of 877command-line utilities for day-to-day use of the Postfix mail 878system. Besides the Sendmail-compatible sendmail(1), mailq(1), and 879newaliases(1) commands, the Postfix system comes with it own 880collection of command-line utilities. For consistency, these are 881all named post<i>something</i>. </p> 882 883<ul> 884 885<li> <p> The postfix(1) command controls the operation of the mail 886system. It is the interface for starting, stopping, and restarting 887the mail system, as well as for some other administrative operations. 888This command is reserved to the super-user. </p> 889 890<li> <p> The postalias(1) command maintains Postfix aliases(5) type 891databases. This is the program that does the work for the 892newaliases(1) command. </p> 893 894<li> <p> The postcat(1) command displays the contents of Postfix 895queue files. This is a limited, preliminary utility. This program 896is likely to be superseded by something more powerful that can also 897edit Postfix queue files. </p> 898 899<li> <p> The postconf(1) command displays or updates Postfix main.cf 900parameters and displays system dependent information about the 901supported file locking methods, and the supported types of lookup 902tables. </p> 903 904<li> <p> The postdrop(1) command is the mail posting utility that 905is run by the Postfix sendmail(1) command in order to deposit mail 906into the maildrop queue directory. </p> 907 908<li> <p> The postkick(1) command makes some Postfix internal 909communication channels available for use in, for example, shell 910scripts. </p> 911 912<li> <p> The postlock(1) command provides Postfix-compatible mailbox 913locking for use in, for example, shell scripts. </p> 914 915<li> <p> The postlog(1) command provides Postfix-compatible logging 916for shell scripts. </p> 917 918<li> <p> The postmap(1) command maintains Postfix lookup tables 919such as canonical(5), virtual(5) and others. It is a cousin of the 920UNIX makemap command. </p> 921 922<li> <p> The postmulti(1) command repeats the "postfix start" etc. 923command for each Postfix instance, and supports creation, deletion 924etc. of Postfix instances. For a tutorial, see MULTI_INSTANCE_README. 925</p> 926 927<li> <p> The postqueue(1) command is the privileged command that 928is run by Postfix sendmail(1) and mailq(1) in order to flush or 929list the 930mail queue. </p> 931 932<li> <p> The postsuper(1) command maintains the Postfix queue. It 933removes old temporary files, and moves queue files into the right 934directory after a change in the hashing depth of queue directories. 935This command is run at mail system startup time and when Postfix 936is restarted. </p> 937 938</ul> 939 940</body> 941 942</html> 943