1CLEANUP(8)                  System Manager's Manual                 CLEANUP(8)
2
3
4

NAME

6       cleanup - canonicalize and enqueue Postfix message
7

SYNOPSIS

9       cleanup [generic Postfix daemon options]
10

DESCRIPTION

12       The  cleanup(8)  daemon  processes  inbound  mail,  inserts it into the
13       incoming mail queue, and informs the queue manager of its arrival.
14
15       The cleanup(8) daemon always performs the following transformations:
16
17       ·      Insert missing  message  headers:  (Resent-)  From:,  To:,  Mes‐
18              sage-Id:, and Date:.
19
20       ·      Transform   envelope   and  header  addresses  to  the  standard
21              user@fully-qualified-domain form that is expected by other Post‐
22              fix  programs.  This task is delegated to the trivial-rewrite(8)
23              daemon.
24
25       ·      Eliminate duplicate envelope recipient addresses.
26
27       ·      Remove  message  headers:   Bcc,   Content-Length,   Resent-Bcc,
28              Return-Path.
29
30       The following address transformations are optional:
31
32       ·      Optionally,  rewrite all envelope and header addresses according
33              to the mappings specified in the canonical(5) lookup tables.
34
35       ·      Optionally, masquerade envelope  sender  addresses  and  message
36              header  addresses  (i.e.  strip host or domain information below
37              all domains listed in the masquerade_domains  parameter,  except
38              for  user  names  listed in masquerade_exceptions).  By default,
39              address masquerading does not affect envelope recipients.
40
41       ·      Optionally, expand envelope recipients according to  information
42              found in the virtual(5) lookup tables.
43
44       The  cleanup(8)  daemon  performs  sanity checks on the content of each
45       message. When it finds a problem, by default it  returns  a  diagnostic
46       status  to  the client, and leaves it up to the client to deal with the
47       problem. Alternatively, the client can request the cleanup(8) daemon to
48       bounce the message back to the sender in case of trouble.
49

STANDARDS

51       RFC 822 (ARPA Internet Text Messages)
52       RFC 2045 (MIME: Format of Internet Message Bodies)
53       RFC 2046 (MIME: Media Types)
54       RFC 2822 (Internet Message Format)
55       RFC 3463 (Enhanced Status Codes)
56       RFC 3464 (Delivery status notifications)
57       RFC 5322 (Internet Message Format)
58

DIAGNOSTICS

60       Problems and transactions are logged to syslogd(8) or postlogd(8).
61

BUGS

63       Table-driven  rewriting  rules make it hard to express if then else and
64       other logical relationships.
65

CONFIGURATION PARAMETERS

67       Changes to main.cf are picked up automatically, as cleanup(8) processes
68       run for only a limited amount of time. Use the command "postfix reload"
69       to speed up a change.
70
71       The text below provides only a parameter summary. See  postconf(5)  for
72       more details including examples.
73

COMPATIBILITY CONTROLS

75       undisclosed_recipients_header (see 'postconf -d' output)
76              Message header that the Postfix cleanup(8) server inserts when a
77              message contains no To: or Cc: message header.
78
79       Available in Postfix version 2.1 only:
80
81       enable_errors_to (no)
82              Report mail delivery errors to the address  specified  with  the
83              non-standard  Errors-To: message header, instead of the envelope
84              sender address (this feature is  removed  with  Postfix  version
85              2.2,  is  turned off by default with Postfix version 2.1, and is
86              always turned on with older Postfix versions).
87
88       Available in Postfix version 2.6 and later:
89
90       always_add_missing_headers (no)
91              Always add (Resent-) From:, To:, Date:  or  Message-ID:  headers
92              when not present.
93
94       Available in Postfix version 2.9 and later:
95
96       enable_long_queue_ids (no)
97              Enable long, non-repeating, queue IDs (queue file names).
98
99       Available in Postfix version 3.0 and later:
100
101       message_drop_headers (bcc, content-length, resent-bcc, return-path)
102              Names  of message headers that the cleanup(8) daemon will remove
103              after  applying  header_checks(5)  and  before  invoking  Milter
104              applications.
105

BUILT-IN CONTENT FILTERING CONTROLS

107       Postfix built-in content filtering is meant to stop a flood of worms or
108       viruses. It is not a general content filter.
109
110       body_checks (empty)
111              Optional lookup tables for content inspection  as  specified  in
112              the body_checks(5) manual page.
113
114       header_checks (empty)
115              Optional   lookup  tables  for  content  inspection  of  primary
116              non-MIME message headers, as specified in  the  header_checks(5)
117              manual page.
118
119       Available in Postfix version 2.0 and later:
120
121       body_checks_size_limit (51200)
122              How  much  text in a message body segment (or attachment, if you
123              prefer to use that term) is subjected to body_checks inspection.
124
125       mime_header_checks ($header_checks)
126              Optional lookup tables for content inspection  of  MIME  related
127              message  headers,  as  described  in the header_checks(5) manual
128              page.
129
130       nested_header_checks ($header_checks)
131              Optional lookup tables for content inspection of  non-MIME  mes‐
132              sage   headers   in  attached  messages,  as  described  in  the
133              header_checks(5) manual page.
134
135       Available in Postfix version 2.3 and later:
136
137       message_reject_characters (empty)
138              The set of characters that Postfix will reject in  message  con‐
139              tent.
140
141       message_strip_characters (empty)
142              The set of characters that Postfix will remove from message con‐
143              tent.
144

BEFORE QUEUE MILTER CONTROLS

146       As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
147       filter)  protocol.  When  mail is not received via the smtpd(8) server,
148       the cleanup(8) server will simulate SMTP events to the extent that this
149       is possible. For details see the MILTER_README document.
150
151       non_smtpd_milters (empty)
152              A  list  of  Milter (mail filter) applications for new mail that
153              does not arrive via the Postfix smtpd(8) server.
154
155       milter_protocol (6)
156              The mail filter protocol version and  optional  protocol  exten‐
157              sions  for  communication  with  a  Milter application; prior to
158              Postfix 2.6 the default protocol is 2.
159
160       milter_default_action (tempfail)
161              The default action when a Milter (mail  filter)  application  is
162              unavailable or mis-configured.
163
164       milter_macro_daemon_name ($myhostname)
165              The  {daemon_name} macro value for Milter (mail filter) applica‐
166              tions.
167
168       milter_macro_v ($mail_name $mail_version)
169              The {v} macro value for Milter (mail filter) applications.
170
171       milter_connect_timeout (30s)
172              The time limit for connecting to a Milter (mail filter) applica‐
173              tion, and for negotiating protocol options.
174
175       milter_command_timeout (30s)
176              The  time  limit  for  sending an SMTP command to a Milter (mail
177              filter) application, and for receiving the response.
178
179       milter_content_timeout (300s)
180              The time limit for sending message content  to  a  Milter  (mail
181              filter) application, and for receiving the response.
182
183       milter_connect_macros (see 'postconf -d' output)
184              The  macros  that  are sent to Milter (mail filter) applications
185              after completion of an SMTP connection.
186
187       milter_helo_macros (see 'postconf -d' output)
188              The macros that are sent to Milter  (mail  filter)  applications
189              after the SMTP HELO or EHLO command.
190
191       milter_mail_macros (see 'postconf -d' output)
192              The  macros  that  are sent to Milter (mail filter) applications
193              after the SMTP MAIL FROM command.
194
195       milter_rcpt_macros (see 'postconf -d' output)
196              The macros that are sent to Milter  (mail  filter)  applications
197              after the SMTP RCPT TO command.
198
199       milter_data_macros (see 'postconf -d' output)
200              The  macros  that  are  sent to version 4 or higher Milter (mail
201              filter) applications after the SMTP DATA command.
202
203       milter_unknown_command_macros (see 'postconf -d' output)
204              The macros that are sent to version 3  or  higher  Milter  (mail
205              filter) applications after an unknown SMTP command.
206
207       milter_end_of_data_macros (see 'postconf -d' output)
208              The  macros  that  are sent to Milter (mail filter) applications
209              after the message end-of-data.
210
211       Available in Postfix version 2.5 and later:
212
213       milter_end_of_header_macros (see 'postconf -d' output)
214              The macros that are sent to Milter  (mail  filter)  applications
215              after the end of the message header.
216
217       Available in Postfix version 2.7 and later:
218
219       milter_header_checks (empty)
220              Optional lookup tables for content inspection of message headers
221              that are produced by Milter applications.
222
223       Available in Postfix version 3.1 and later:
224
225       milter_macro_defaults (empty)
226              Optional list of name=value pairs that  specify  default  values
227              for  arbitrary  macros  that Postfix may send to Milter applica‐
228              tions.
229

MIME PROCESSING CONTROLS

231       Available in Postfix version 2.0 and later:
232
233       disable_mime_input_processing (no)
234              Turn off MIME processing while receiving mail.
235
236       mime_boundary_length_limit (2048)
237              The maximal length of MIME multipart boundary strings.
238
239       mime_nesting_limit (100)
240              The maximal recursion level that the MIME processor will handle.
241
242       strict_8bitmime (no)
243              Enable both strict_7bit_headers and strict_8bitmime_body.
244
245       strict_7bit_headers (no)
246              Reject mail with 8-bit text in message headers.
247
248       strict_8bitmime_body (no)
249              Reject 8-bit message body text without 8-bit MIME content encod‐
250              ing information.
251
252       strict_mime_encoding_domain (no)
253              Reject  mail with invalid Content-Transfer-Encoding: information
254              for the message/* or multipart/* MIME content types.
255
256       Available in Postfix version 2.5 and later:
257
258       detect_8bit_encoding_header (yes)
259              Automatically detect 8BITMIME body content by  looking  at  Con‐
260              tent-Transfer-Encoding:   message  headers;  historically,  this
261              behavior was hard-coded to be "always on".
262

AUTOMATIC BCC RECIPIENT CONTROLS

264       Postfix can automatically add BCC (blind carbon copy) when mail  enters
265       the mail system:
266
267       always_bcc (empty)
268              Optional  address  that  receives  a "blind carbon copy" of each
269              message that is received by the Postfix mail system.
270
271       Available in Postfix version 2.1 and later:
272
273       sender_bcc_maps (empty)
274              Optional BCC (blind carbon-copy) address lookup tables,  indexed
275              by sender address.
276
277       recipient_bcc_maps (empty)
278              Optional  BCC (blind carbon-copy) address lookup tables, indexed
279              by recipient address.
280

ADDRESS TRANSFORMATION CONTROLS

282       Address rewriting is delegated to the trivial-rewrite(8)  daemon.   The
283       cleanup(8) server implements table driven address mapping.
284
285       empty_address_recipient (MAILER-DAEMON)
286              The recipient of mail addressed to the null address.
287
288       canonical_maps (empty)
289              Optional  address  mapping lookup tables for message headers and
290              envelopes.
291
292       recipient_canonical_maps (empty)
293              Optional address mapping lookup tables for envelope  and  header
294              recipient addresses.
295
296       sender_canonical_maps (empty)
297              Optional  address  mapping lookup tables for envelope and header
298              sender addresses.
299
300       masquerade_classes (envelope_sender, header_sender, header_recipient)
301              What addresses are subject to address masquerading.
302
303       masquerade_domains (empty)
304              Optional list of  domains  whose  subdomain  structure  will  be
305              stripped off in email addresses.
306
307       masquerade_exceptions (empty)
308              Optional  list  of  user names that are not subjected to address
309              masquerading,  even  when  their   addresses   match   $masquer‐
310              ade_domains.
311
312       propagate_unmatched_extensions (canonical, virtual)
313              What  address  lookup  tables copy an address extension from the
314              lookup key to the lookup result.
315
316       Available before Postfix version 2.0:
317
318       virtual_maps (empty)
319              Optional lookup tables with a) names of domains  for  which  all
320              addresses  are  aliased  to  addresses  in other local or remote
321              domains, and b) addresses that are aliased to addresses in other
322              local or remote domains.
323
324       Available in Postfix version 2.0 and later:
325
326       virtual_alias_maps ($virtual_maps)
327              Optional  lookup  tables  that  alias specific mail addresses or
328              domains to other local or remote address.
329
330       Available in Postfix version 2.2 and later:
331
332       canonical_classes (envelope_sender, envelope_recipient,  header_sender,
333       header_recipient)
334              What addresses are subject to canonical_maps address mapping.
335
336       recipient_canonical_classes (envelope_recipient, header_recipient)
337              What  addresses  are subject to recipient_canonical_maps address
338              mapping.
339
340       sender_canonical_classes (envelope_sender, header_sender)
341              What addresses are subject to sender_canonical_maps address map‐
342              ping.
343
344       remote_header_rewrite_domain (empty)
345              Don't  rewrite  message  headers from remote clients at all when
346              this parameter is empty; otherwise, rewrite message headers  and
347              append the specified domain name to incomplete addresses.
348

RESOURCE AND RATE CONTROLS

350       duplicate_filter_limit (1000)
351              The maximal number of addresses remembered by the address dupli‐
352              cate filter for aliases(5) or virtual(5) alias expansion, or for
353              showq(8) queue displays.
354
355       header_size_limit (102400)
356              The  maximal  amount  of  memory  in bytes for storing a message
357              header.
358
359       hopcount_limit (50)
360              The maximal number of Received:  message headers that is allowed
361              in the primary message headers.
362
363       in_flow_delay (1s)
364              Time  to  pause before accepting a new message, when the message
365              arrival rate exceeds the message delivery rate.
366
367       message_size_limit (10240000)
368              The maximal size in  bytes  of  a  message,  including  envelope
369              information.
370
371       Available in Postfix version 2.0 and later:
372
373       header_address_token_limit (10240)
374              The  maximal  number of address tokens are allowed in an address
375              message header.
376
377       mime_boundary_length_limit (2048)
378              The maximal length of MIME multipart boundary strings.
379
380       mime_nesting_limit (100)
381              The maximal recursion level that the MIME processor will handle.
382
383       queue_file_attribute_count_limit (100)
384              The maximal number of (name=value) attributes that may be stored
385              in a Postfix queue file.
386
387       Available in Postfix version 2.1 and later:
388
389       virtual_alias_expansion_limit (1000)
390              The  maximal  number  of  addresses that virtual alias expansion
391              produces from each original recipient.
392
393       virtual_alias_recursion_limit (1000)
394              The maximal nesting depth of virtual alias expansion.
395
396       Available in Postfix version 3.0 and later:
397
398       virtual_alias_address_length_limit (1000)
399              The maximal length of  an  email  address  after  virtual  alias
400              expansion.
401

SMTPUTF8 CONTROLS

403       Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
404
405       smtputf8_enable (yes)
406              Enable  preliminary SMTPUTF8 support for the protocols described
407              in RFC 6531..6533.
408
409       smtputf8_autodetect_classes (sendmail, verify)
410              Detect that a message requires SMTPUTF8 support for  the  speci‐
411              fied mail origin classes.
412
413       Available in Postfix version 3.2 and later:
414
415       enable_idna2003_compatibility (no)
416              Enable   'transitional'   compatibility   between  IDNA2003  and
417              IDNA2008, when converting UTF-8 domain names to/from  the  ASCII
418              form that is used for DNS lookups.
419

MISCELLANEOUS CONTROLS

421       config_directory (see 'postconf -d' output)
422              The  default  location of the Postfix main.cf and master.cf con‐
423              figuration files.
424
425       daemon_timeout (18000s)
426              How much time a Postfix daemon process  may  take  to  handle  a
427              request before it is terminated by a built-in watchdog timer.
428
429       delay_logging_resolution_limit (2)
430              The  maximal  number of digits after the decimal point when log‐
431              ging sub-second delay values.
432
433       delay_warning_time (0h)
434              The time after which the sender receives a copy of  the  message
435              headers of mail that is still queued.
436
437       ipc_timeout (3600s)
438              The  time  limit  for  sending  or receiving information over an
439              internal communication channel.
440
441       max_idle (100s)
442              The maximum amount of time that an idle Postfix  daemon  process
443              waits for an incoming connection before terminating voluntarily.
444
445       max_use (100)
446              The maximal number of incoming connections that a Postfix daemon
447              process will service before terminating voluntarily.
448
449       myhostname (see 'postconf -d' output)
450              The internet hostname of this mail system.
451
452       myorigin ($myhostname)
453              The domain name that locally-posted mail appears to  come  from,
454              and that locally posted mail is delivered to.
455
456       process_id (read-only)
457              The process ID of a Postfix command or daemon process.
458
459       process_name (read-only)
460              The process name of a Postfix command or daemon process.
461
462       queue_directory (see 'postconf -d' output)
463              The location of the Postfix top-level queue directory.
464
465       soft_bounce (no)
466              Safety  net to keep mail queued that would otherwise be returned
467              to the sender.
468
469       syslog_facility (mail)
470              The syslog facility of Postfix logging.
471
472       syslog_name (see 'postconf -d' output)
473              A prefix that  is  prepended  to  the  process  name  in  syslog
474              records, so that, for example, "smtpd" becomes "prefix/smtpd".
475
476       Available in Postfix version 2.1 and later:
477
478       enable_original_recipient (yes)
479              Enable  support  for  the  original  recipient  address after an
480              address is rewritten to a different address  (for  example  with
481              aliasing or with canonical mapping).
482
483       Available in Postfix 3.3 and later:
484
485       service_name (read-only)
486              The master.cf service name of a Postfix daemon process.
487

FILES

489       /etc/postfix/canonical*, canonical mapping table
490       /etc/postfix/virtual*, virtual mapping table
491

SEE ALSO

493       trivial-rewrite(8), address rewriting
494       qmgr(8), queue manager
495       header_checks(5), message header content inspection
496       body_checks(5), body parts content inspection
497       canonical(5), canonical address lookup table format
498       virtual(5), virtual alias lookup table format
499       postconf(5), configuration parameters
500       master(5), generic daemon options
501       master(8), process manager
502       postlogd(8), Postfix logging
503       syslogd(8), system logging
504

README FILES

506       Use  "postconf readme_directory" or "postconf html_directory" to locate
507       this information.
508       ADDRESS_REWRITING_README Postfix address manipulation
509       CONTENT_INSPECTION_README content inspection
510

LICENSE

512       The Secure Mailer license must be distributed with this software.
513

AUTHOR(S)

515       Wietse Venema
516       IBM T.J. Watson Research
517       P.O. Box 704
518       Yorktown Heights, NY 10598, USA
519
520       Wietse Venema
521       Google, Inc.
522       111 8th Avenue
523       New York, NY 10011, USA
524
525
526
527                                                                    CLEANUP(8)
Impressum