1SMTPD(8)                    System Manager's Manual                   SMTPD(8)
2
3
4

NAME

6       smtpd - Postfix SMTP server
7

SYNOPSIS

9       smtpd [generic Postfix daemon options]
10
11       sendmail -bs
12

DESCRIPTION

14       The  SMTP  server accepts network connection requests and performs zero
15       or more SMTP transactions per connection.   Each  received  message  is
16       piped  through  the  cleanup(8) daemon, and is placed into the incoming
17       queue as one single queue file.  For this mode of operation,  the  pro‐
18       gram expects to be run from the master(8) process manager.
19
20       Alternatively,  the SMTP server be can run in stand-alone mode; this is
21       traditionally obtained with "sendmail -bs".  When the SMTP server  runs
22       stand-alone  with  non  $mail_owner  privileges,  it receives mail even
23       while the mail system is not running, deposits messages  directly  into
24       the  maildrop queue, and disables the SMTP server's access policies. As
25       of Postfix version 2.3, the SMTP server refuses to  receive  mail  from
26       the network when it runs with non $mail_owner privileges.
27
28       The  SMTP  server  implements  a  variety  of  policies  for connection
29       requests, and for parameters given to HELO, ETRN, MAIL FROM,  VRFY  and
30       RCPT TO commands. They are detailed below and in the main.cf configura‐
31       tion file.
32

SECURITY

34       The SMTP server is moderately  security-sensitive.  It  talks  to  SMTP
35       clients  and  to DNS servers on the network. The SMTP server can be run
36       chrooted at fixed low privilege.
37

STANDARDS

39       RFC 821 (SMTP protocol)
40       RFC 1123 (Host requirements)
41       RFC 1652 (8bit-MIME transport)
42       RFC 1869 (SMTP service extensions)
43       RFC 1870 (Message size declaration)
44       RFC 1985 (ETRN command)
45       RFC 2034 (SMTP enhanced status codes)
46       RFC 2554 (AUTH command)
47       RFC 2821 (SMTP protocol)
48       RFC 2920 (SMTP pipelining)
49       RFC 3030 (CHUNKING without BINARYMIME)
50       RFC 3207 (STARTTLS command)
51       RFC 3461 (SMTP DSN extension)
52       RFC 3463 (Enhanced status codes)
53       RFC 3848 (ESMTP transmission types)
54       RFC 4409 (Message submission)
55       RFC 4954 (AUTH command)
56       RFC 5321 (SMTP protocol)
57       RFC 6531 (Internationalized SMTP)
58       RFC 6533 (Internationalized Delivery Status Notifications)
59       RFC 7505 ("Null MX" No Service Resource Record)
60

DIAGNOSTICS

62       Problems and transactions are logged to syslogd(8) or postlogd(8).
63
64       Depending on the setting of the notify_classes parameter, the  postmas‐
65       ter  is  notified of bounces, protocol problems, policy violations, and
66       of other trouble.
67

CONFIGURATION PARAMETERS

69       Changes to main.cf are picked up automatically, as  smtpd(8)  processes
70       run for only a limited amount of time. Use the command "postfix reload"
71       to speed up a change.
72
73       The text below provides only a parameter summary. See  postconf(5)  for
74       more details including examples.
75

COMPATIBILITY CONTROLS

77       The  following  parameters  work  around implementation errors in other
78       software, and/or allow you to override standards in  order  to  prevent
79       undesirable use.
80
81       broken_sasl_auth_clients (no)
82              Enable  interoperability with remote SMTP clients that implement
83              an obsolete version of the AUTH command (RFC 4954).
84
85       disable_vrfy_command (no)
86              Disable the SMTP VRFY command.
87
88       smtpd_noop_commands (empty)
89              List of commands that the Postfix SMTP server  replies  to  with
90              "250  Ok",  without doing any syntax checks and without changing
91              state.
92
93       strict_rfc821_envelopes (no)
94              Require that addresses received in SMTP MAIL FROM  and  RCPT  TO
95              commands  are  enclosed with <>, and that those addresses do not
96              contain RFC 822 style comments or phrases.
97
98       Available in Postfix version 2.1 and later:
99
100       smtpd_reject_unlisted_sender (no)
101              Request that the Postfix SMTP server rejects mail  from  unknown
102              sender  addresses,  even when no explicit reject_unlisted_sender
103              access restriction is specified.
104
105       smtpd_sasl_exceptions_networks (empty)
106              What remote SMTP clients the Postfix SMTP server will not  offer
107              AUTH support to.
108
109       Available in Postfix version 2.2 and later:
110
111       smtpd_discard_ehlo_keyword_address_maps (empty)
112              Lookup  tables,  indexed by the remote SMTP client address, with
113              case insensitive lists of EHLO keywords  (pipelining,  starttls,
114              auth,  etc.)  that  the Postfix SMTP server will not send in the
115              EHLO response to a remote SMTP client.
116
117       smtpd_discard_ehlo_keywords (empty)
118              A case insensitive list of EHLO keywords (pipelining,  starttls,
119              auth,  etc.)  that  the Postfix SMTP server will not send in the
120              EHLO response to a remote SMTP client.
121
122       smtpd_delay_open_until_valid_rcpt (yes)
123              Postpone the start of an SMTP mail  transaction  until  a  valid
124              RCPT TO command is received.
125
126       Available in Postfix version 2.3 and later:
127
128       smtpd_tls_always_issue_session_ids (yes)
129              Force  the  Postfix  SMTP server to issue a TLS session id, even
130              when  TLS  session  caching  is   turned   off   (smtpd_tls_ses‐
131              sion_cache_database is empty).
132
133       Available in Postfix version 2.6 and later:
134
135       tcp_windowsize (0)
136              An  optional  workaround for routers that break TCP window scal‐
137              ing.
138
139       Available in Postfix version 2.7 and later:
140
141       smtpd_command_filter (empty)
142              A mechanism to transform commands from remote SMTP clients.
143
144       Available in Postfix version 2.9 and later:
145
146       smtpd_per_record_deadline (normal: no, overload: yes)
147              Change  the  behavior  of  the  smtpd_timeout  and  smtpd_start‐
148              tls_timeout  time  limits,  from  a time limit per read or write
149              system call, to a time limit  to  send  or  receive  a  complete
150              record  (an  SMTP command line, SMTP response line, SMTP message
151              content line, or TLS protocol message).
152
153       Available in Postfix version 3.0 and later:
154
155       smtpd_dns_reply_filter (empty)
156              Optional filter for Postfix SMTP server DNS lookup results.
157

ADDRESS REWRITING CONTROLS

159       See the ADDRESS_REWRITING_README document for a detailed discussion  of
160       Postfix address rewriting.
161
162       receive_override_options (empty)
163              Enable or disable recipient validation, built-in content filter‐
164              ing, or address mapping.
165
166       Available in Postfix version 2.2 and later:
167
168       local_header_rewrite_clients (permit_inet_interfaces)
169              Rewrite message header addresses in mail from these clients  and
170              update incomplete addresses with the domain name in $myorigin or
171              $mydomain; either  don't  rewrite  message  headers  from  other
172              clients at all, or rewrite message headers and update incomplete
173              addresses with the domain  specified  in  the  remote_header_re‐
174              write_domain parameter.
175

BEFORE-SMTPD PROXY AGENT

177       Available in Postfix version 2.10 and later:
178
179       smtpd_upstream_proxy_protocol (empty)
180              The  name of the proxy protocol used by an optional before-smtpd
181              proxy agent.
182
183       smtpd_upstream_proxy_timeout (5s)
184              The time  limit  for  the  proxy  protocol  specified  with  the
185              smtpd_upstream_proxy_protocol parameter.
186

AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS

188       As  of  version  1.0,  Postfix can be configured to send new mail to an
189       external content filter AFTER the mail is queued. This  content  filter
190       is  expected to inject mail back into a (Postfix or other) MTA for fur‐
191       ther delivery. See the FILTER_README document for details.
192
193       content_filter (empty)
194              After the message is queued, send  the  entire  message  to  the
195              specified transport:destination.
196

BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS

198       As  of  version  2.1, the Postfix SMTP server can be configured to send
199       incoming mail to a real-time SMTP-based content filter BEFORE  mail  is
200       queued.  This content filter is expected to inject mail back into Post‐
201       fix.  See the SMTPD_PROXY_README document for details on how to config‐
202       ure and operate this feature.
203
204       smtpd_proxy_filter (empty)
205              The hostname and TCP port of the mail filtering proxy server.
206
207       smtpd_proxy_ehlo ($myhostname)
208              How  the  Postfix SMTP server announces itself to the proxy fil‐
209              ter.
210
211       smtpd_proxy_options (empty)
212              List of options that control how the Postfix SMTP server  commu‐
213              nicates with a before-queue content filter.
214
215       smtpd_proxy_timeout (100s)
216              The  time limit for connecting to a proxy filter and for sending
217              or receiving information.
218

BEFORE QUEUE MILTER CONTROLS

220       As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
221       filter)  protocol.  These content filters run outside Postfix. They can
222       inspect the SMTP command  stream  and  the  message  content,  and  can
223       request  modifications  before mail is queued. For details see the MIL‐
224       TER_README document.
225
226       smtpd_milters (empty)
227              A list of Milter (mail filter) applications for  new  mail  that
228              arrives via the Postfix smtpd(8) server.
229
230       milter_protocol (6)
231              The  mail  filter  protocol version and optional protocol exten‐
232              sions for communication with  a  Milter  application;  prior  to
233              Postfix 2.6 the default protocol is 2.
234
235       milter_default_action (tempfail)
236              The  default  action  when  a  Milter  (mail filter) response is
237              unavailable (for example, bad Postfix  configuration  or  Milter
238              failure).
239
240       milter_macro_daemon_name ($myhostname)
241              The  {daemon_name} macro value for Milter (mail filter) applica‐
242              tions.
243
244       milter_macro_v ($mail_name $mail_version)
245              The {v} macro value for Milter (mail filter) applications.
246
247       milter_connect_timeout (30s)
248              The time limit for connecting to a Milter (mail filter) applica‐
249              tion, and for negotiating protocol options.
250
251       milter_command_timeout (30s)
252              The  time  limit  for  sending an SMTP command to a Milter (mail
253              filter) application, and for receiving the response.
254
255       milter_content_timeout (300s)
256              The time limit for sending message content  to  a  Milter  (mail
257              filter) application, and for receiving the response.
258
259       milter_connect_macros (see 'postconf -d' output)
260              The  macros  that  are sent to Milter (mail filter) applications
261              after completion of an SMTP connection.
262
263       milter_helo_macros (see 'postconf -d' output)
264              The macros that are sent to Milter  (mail  filter)  applications
265              after the SMTP HELO or EHLO command.
266
267       milter_mail_macros (see 'postconf -d' output)
268              The  macros  that  are sent to Milter (mail filter) applications
269              after the SMTP MAIL FROM command.
270
271       milter_rcpt_macros (see 'postconf -d' output)
272              The macros that are sent to Milter  (mail  filter)  applications
273              after the SMTP RCPT TO command.
274
275       milter_data_macros (see 'postconf -d' output)
276              The  macros  that  are  sent to version 4 or higher Milter (mail
277              filter) applications after the SMTP DATA command.
278
279       milter_unknown_command_macros (see 'postconf -d' output)
280              The macros that are sent to version 3  or  higher  Milter  (mail
281              filter) applications after an unknown SMTP command.
282
283       milter_end_of_header_macros (see 'postconf -d' output)
284              The  macros  that  are sent to Milter (mail filter) applications
285              after the end of the message header.
286
287       milter_end_of_data_macros (see 'postconf -d' output)
288              The macros that are sent to Milter  (mail  filter)  applications
289              after the message end-of-data.
290
291       Available in Postfix version 3.1 and later:
292
293       milter_macro_defaults (empty)
294              Optional  list  of  name=value pairs that specify default values
295              for arbitrary macros that Postfix may send  to  Milter  applica‐
296              tions.
297
298       Available in Postfix version 3.2 and later:
299
300       smtpd_milter_maps (empty)
301              Lookup  tables  with  Milter  settings per remote SMTP client IP
302              address.
303

GENERAL CONTENT INSPECTION CONTROLS

305       The following parameters are applicable for both built-in and  external
306       content filters.
307
308       Available in Postfix version 2.1 and later:
309
310       receive_override_options (empty)
311              Enable or disable recipient validation, built-in content filter‐
312              ing, or address mapping.
313

EXTERNAL CONTENT INSPECTION CONTROLS

315       The following parameters  are  applicable  for  both  before-queue  and
316       after-queue content filtering.
317
318       Available in Postfix version 2.1 and later:
319
320       smtpd_authorized_xforward_hosts (empty)
321              What  remote  SMTP  clients are allowed to use the XFORWARD fea‐
322              ture.
323

SASL AUTHENTICATION CONTROLS

325       Postfix SASL support (RFC 4954) can be used to authenticate remote SMTP
326       clients  to  the  Postfix  SMTP server, and to authenticate the Postfix
327       SMTP client to a remote SMTP server.  See the SASL_README document  for
328       details.
329
330       broken_sasl_auth_clients (no)
331              Enable  interoperability with remote SMTP clients that implement
332              an obsolete version of the AUTH command (RFC 4954).
333
334       smtpd_sasl_auth_enable (no)
335              Enable SASL authentication in the Postfix SMTP server.
336
337       smtpd_sasl_local_domain (empty)
338              The name of the Postfix SMTP server's local SASL  authentication
339              realm.
340
341       smtpd_sasl_security_options (noanonymous)
342              Postfix SMTP server SASL security options; as of Postfix 2.3 the
343              list of available features depends on the SASL server  implemen‐
344              tation that is selected with smtpd_sasl_type.
345
346       smtpd_sender_login_maps (empty)
347              Optional  lookup  table  with  the SASL login names that own the
348              sender (MAIL FROM) addresses.
349
350       Available in Postfix version 2.1 and later:
351
352       smtpd_sasl_exceptions_networks (empty)
353              What remote SMTP clients the Postfix SMTP server will not  offer
354              AUTH support to.
355
356       Available in Postfix version 2.1 and 2.2:
357
358       smtpd_sasl_application_name (smtpd)
359              The  application name that the Postfix SMTP server uses for SASL
360              server initialization.
361
362       Available in Postfix version 2.3 and later:
363
364       smtpd_sasl_authenticated_header (no)
365              Report the SASL authenticated user name in the smtpd(8) Received
366              message header.
367
368       smtpd_sasl_path (smtpd)
369              Implementation-specific information that the Postfix SMTP server
370              passes through  to  the  SASL  plug-in  implementation  that  is
371              selected with smtpd_sasl_type.
372
373       smtpd_sasl_type (cyrus)
374              The  SASL  plug-in  type that the Postfix SMTP server should use
375              for authentication.
376
377       Available in Postfix version 2.5 and later:
378
379       cyrus_sasl_config_path (empty)
380              Search path for Cyrus SASL application configuration files, cur‐
381              rently used only to locate the $smtpd_sasl_path.conf file.
382
383       Available in Postfix version 2.11 and later:
384
385       smtpd_sasl_service (smtp)
386              The  service  name  that  is  passed to the SASL plug-in that is
387              selected with smtpd_sasl_type and smtpd_sasl_path.
388
389       Available in Postfix version 3.4 and later:
390
391       smtpd_sasl_response_limit (12288)
392              The maximum length of a SASL client's response to a server chal‐
393              lenge.
394

STARTTLS SUPPORT CONTROLS

396       Detailed  information  about STARTTLS configuration may be found in the
397       TLS_README document.
398
399       smtpd_tls_security_level (empty)
400              The SMTP TLS security level for the Postfix SMTP server; when  a
401              non-empty value is specified, this overrides the obsolete param‐
402              eters smtpd_use_tls and smtpd_enforce_tls.
403
404       smtpd_sasl_tls_security_options ($smtpd_sasl_security_options)
405              The SASL authentication security options that the  Postfix  SMTP
406              server uses for TLS encrypted SMTP sessions.
407
408       smtpd_starttls_timeout (see 'postconf -d' output)
409              The time limit for Postfix SMTP server write and read operations
410              during TLS startup and shutdown handshake procedures.
411
412       smtpd_tls_CAfile (empty)
413              A file containing (PEM  format)  CA  certificates  of  root  CAs
414              trusted to sign either remote SMTP client certificates or inter‐
415              mediate CA certificates.
416
417       smtpd_tls_CApath (empty)
418              A directory containing (PEM format) CA certificates of root  CAs
419              trusted to sign either remote SMTP client certificates or inter‐
420              mediate CA certificates.
421
422       smtpd_tls_always_issue_session_ids (yes)
423              Force the Postfix SMTP server to issue a TLS  session  id,  even
424              when   TLS   session   caching  is  turned  off  (smtpd_tls_ses‐
425              sion_cache_database is empty).
426
427       smtpd_tls_ask_ccert (no)
428              Ask a remote SMTP client for a client certificate.
429
430       smtpd_tls_auth_only (no)
431              When TLS encryption is optional in the Postfix SMTP  server,  do
432              not announce or accept SASL authentication over unencrypted con‐
433              nections.
434
435       smtpd_tls_ccert_verifydepth (9)
436              The verification depth for remote SMTP client certificates.
437
438       smtpd_tls_cert_file (empty)
439              File with the Postfix SMTP server RSA certificate in PEM format.
440
441       smtpd_tls_exclude_ciphers (empty)
442              List of ciphers or cipher types to exclude from the SMTP  server
443              cipher list at all TLS security levels.
444
445       smtpd_tls_dcert_file (empty)
446              File with the Postfix SMTP server DSA certificate in PEM format.
447
448       smtpd_tls_dh1024_param_file (empty)
449              File  with DH parameters that the Postfix SMTP server should use
450              with non-export EDH ciphers.
451
452       smtpd_tls_dh512_param_file (empty)
453              File with DH parameters that the Postfix SMTP server should  use
454              with export-grade EDH ciphers.
455
456       smtpd_tls_dkey_file ($smtpd_tls_dcert_file)
457              File with the Postfix SMTP server DSA private key in PEM format.
458
459       smtpd_tls_key_file ($smtpd_tls_cert_file)
460              File with the Postfix SMTP server RSA private key in PEM format.
461
462       smtpd_tls_loglevel (0)
463              Enable additional Postfix SMTP server logging of TLS activity.
464
465       smtpd_tls_mandatory_ciphers (medium)
466              The  minimum  TLS cipher grade that the Postfix SMTP server will
467              use with mandatory TLS encryption.
468
469       smtpd_tls_mandatory_exclude_ciphers (empty)
470              Additional list of ciphers or cipher types to exclude  from  the
471              Postfix  SMTP  server cipher list at mandatory TLS security lev‐
472              els.
473
474       smtpd_tls_mandatory_protocols (!SSLv2, !SSLv3)
475              The SSL/TLS protocols accepted by the Postfix SMTP  server  with
476              mandatory TLS encryption.
477
478       smtpd_tls_received_header (no)
479              Request that the Postfix SMTP server produces Received:  message
480              headers that include information about the protocol  and  cipher
481              used,  as  well  as the remote SMTP client CommonName and client
482              certificate issuer CommonName.
483
484       smtpd_tls_req_ccert (no)
485              With mandatory TLS encryption, require  a  trusted  remote  SMTP
486              client certificate in order to allow TLS connections to proceed.
487
488       smtpd_tls_wrappermode (no)
489              Run  the Postfix SMTP server in the non-standard "wrapper" mode,
490              instead of using the STARTTLS command.
491
492       tls_daemon_random_bytes (32)
493              The number of pseudo-random bytes that an  smtp(8)  or  smtpd(8)
494              process  requests from the tlsmgr(8) server in order to seed its
495              internal pseudo random number generator (PRNG).
496
497       tls_high_cipherlist (see 'postconf -d' output)
498              The OpenSSL cipherlist for "high" grade ciphers.
499
500       tls_medium_cipherlist (see 'postconf -d' output)
501              The OpenSSL cipherlist for "medium" or higher grade ciphers.
502
503       tls_low_cipherlist (see 'postconf -d' output)
504              The OpenSSL cipherlist for "low" or higher grade ciphers.
505
506       tls_export_cipherlist (see 'postconf -d' output)
507              The OpenSSL cipherlist for "export" or higher grade ciphers.
508
509       tls_null_cipherlist (eNULL:!aNULL)
510              The OpenSSL cipherlist for "NULL"  grade  ciphers  that  provide
511              authentication without encryption.
512
513       Available in Postfix version 2.5 and later:
514
515       smtpd_tls_fingerprint_digest (md5)
516              The   message   digest   algorithm   to  construct  remote  SMTP
517              client-certificate  fingerprints  or  public  key   fingerprints
518              (Postfix   2.9   and  later)  for  check_ccert_access  and  per‐
519              mit_tls_clientcerts.
520
521       Available in Postfix version 2.6 and later:
522
523       smtpd_tls_protocols (!SSLv2, !SSLv3)
524              List of TLS protocols that the Postfix SMTP server will  exclude
525              or include with opportunistic TLS encryption.
526
527       smtpd_tls_ciphers (medium)
528              The  minimum  TLS cipher grade that the Postfix SMTP server will
529              use with opportunistic TLS encryption.
530
531       smtpd_tls_eccert_file (empty)
532              File with the Postfix SMTP server ECDSA certificate in PEM  for‐
533              mat.
534
535       smtpd_tls_eckey_file ($smtpd_tls_eccert_file)
536              File  with the Postfix SMTP server ECDSA private key in PEM for‐
537              mat.
538
539       smtpd_tls_eecdh_grade (see 'postconf -d' output)
540              The Postfix SMTP server  security  grade  for  ephemeral  ellip‐
541              tic-curve Diffie-Hellman (EECDH) key exchange.
542
543       tls_eecdh_strong_curve (prime256v1)
544              The  elliptic curve used by the Postfix SMTP server for sensibly
545              strong ephemeral ECDH key exchange.
546
547       tls_eecdh_ultra_curve (secp384r1)
548              The elliptic curve used by the Postfix SMTP server for maximally
549              strong ephemeral ECDH key exchange.
550
551       Available in Postfix version 2.8 and later:
552
553       tls_preempt_cipherlist (no)
554              With SSLv3 and later, use the Postfix SMTP server's cipher pref‐
555              erence order instead of the remote  client's  cipher  preference
556              order.
557
558       tls_disable_workarounds (see 'postconf -d' output)
559              List or bit-mask of OpenSSL bug work-arounds to disable.
560
561       Available in Postfix version 2.11 and later:
562
563       tlsmgr_service_name (tlsmgr)
564              The name of the tlsmgr(8) service entry in master.cf.
565
566       Available in Postfix version 3.0 and later:
567
568       tls_session_ticket_cipher  (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0:
569       aes-128-cbc)
570              Algorithm used to encrypt RFC5077 TLS session tickets.
571
572       Available in Postfix version 3.2 and later:
573
574       tls_eecdh_auto_curves (see 'postconf -d' output)
575              The prioritized list of elliptic curves supported by the Postfix
576              SMTP client and server.
577
578       Available in Postfix version 3.4 and later:
579
580       smtpd_tls_chain_files (empty)
581              List  of one or more PEM files, each holding one or more private
582              keys directly followed by a corresponding certificate chain.
583
584       tls_server_sni_maps (empty)
585              Optional lookup tables that map names received from remote  SMTP
586              clients  via  the  TLS Server Name Indication (SNI) extension to
587              the appropriate keys and certificate chains.
588
589       Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
590
591       tls_fast_shutdown_enable (yes)
592              A workaround for implementations that hang Postfix  while  shut‐
593              ting down a TLS session, until Postfix times out.
594
595       Available in Postfix 3.5 and later:
596
597       info_log_address_format (external)
598              The  email  address  form that will be used in non-debug logging
599              (info, warning, etc.).
600

OBSOLETE STARTTLS CONTROLS

602       The following configuration parameters  exist  for  compatibility  with
603       Postfix  versions  before  2.3.  Support for these will be removed in a
604       future release.
605
606       smtpd_use_tls (no)
607              Opportunistic TLS: announce  STARTTLS  support  to  remote  SMTP
608              clients, but do not require that clients use TLS encryption.
609
610       smtpd_enforce_tls (no)
611              Mandatory TLS: announce STARTTLS support to remote SMTP clients,
612              and require that clients use TLS encryption.
613
614       smtpd_tls_cipherlist (empty)
615              Obsolete Postfix < 2.3 control for the Postfix SMTP  server  TLS
616              cipher list.
617

SMTPUTF8 CONTROLS

619       Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
620
621       smtputf8_enable (yes)
622              Enable  preliminary SMTPUTF8 support for the protocols described
623              in RFC 6531..6533.
624
625       strict_smtputf8 (no)
626              Enable stricter enforcement of the SMTPUTF8 protocol.
627
628       smtputf8_autodetect_classes (sendmail, verify)
629              Detect that a message requires SMTPUTF8 support for  the  speci‐
630              fied mail origin classes.
631
632       Available in Postfix version 3.2 and later:
633
634       enable_idna2003_compatibility (no)
635              Enable   'transitional'   compatibility   between  IDNA2003  and
636              IDNA2008, when converting UTF-8 domain names to/from  the  ASCII
637              form that is used for DNS lookups.
638

VERP SUPPORT CONTROLS

640       With  VERP  style delivery, each recipient of a message receives a cus‐
641       tomized copy of the message with his/her own recipient address  encoded
642       in the envelope sender address.  The VERP_README file describes config‐
643       uration and operation details of Postfix support for variable  envelope
644       return  path addresses.  VERP style delivery is requested with the SMTP
645       XVERP command or with the "sendmail  -V"  command-line  option  and  is
646       available in Postfix version 1.1 and later.
647
648       default_verp_delimiters (+=)
649              The two default VERP delimiter characters.
650
651       verp_delimiter_filter (-=+)
652              The  characters  Postfix accepts as VERP delimiter characters on
653              the Postfix sendmail(1) command line and in SMTP commands.
654
655       Available in Postfix version 1.1 and 2.0:
656
657       authorized_verp_clients ($mynetworks)
658              What remote SMTP clients are allowed to specify the  XVERP  com‐
659              mand.
660
661       Available in Postfix version 2.1 and later:
662
663       smtpd_authorized_verp_clients ($authorized_verp_clients)
664              What  remote  SMTP clients are allowed to specify the XVERP com‐
665              mand.
666

TROUBLE SHOOTING CONTROLS

668       The DEBUG_README document describes how to debug parts of  the  Postfix
669       mail  system.  The  methods  vary from making the software log a lot of
670       detail, to running some daemon processes under control of a call tracer
671       or debugger.
672
673       debug_peer_level (2)
674              The  increment  in verbose logging level when a remote client or
675              server matches a pattern in the debug_peer_list parameter.
676
677       debug_peer_list (empty)
678              Optional list of remote client or  server  hostname  or  network
679              address  patterns  that  cause  the  verbose  logging  level  to
680              increase by the amount specified in $debug_peer_level.
681
682       error_notice_recipient (postmaster)
683              The recipient of postmaster notifications  about  mail  delivery
684              problems that are caused by policy, resource, software or proto‐
685              col errors.
686
687       internal_mail_filter_classes (empty)
688              What  categories  of  Postfix-generated  mail  are  subject   to
689              before-queue    content    inspection    by   non_smtpd_milters,
690              header_checks and body_checks.
691
692       notify_classes (resource, software)
693              The list of error classes that are reported to the postmaster.
694
695       smtpd_reject_footer (empty)
696              Optional information that is appended after  each  Postfix  SMTP
697              server 4XX or 5XX response.
698
699       soft_bounce (no)
700              Safety  net to keep mail queued that would otherwise be returned
701              to the sender.
702
703       Available in Postfix version 2.1 and later:
704
705       smtpd_authorized_xclient_hosts (empty)
706              What remote SMTP clients are allowed to use the XCLIENT feature.
707
708       Available in Postfix version 2.10 and later:
709
710       smtpd_log_access_permit_actions (empty)
711              Enable logging of the named  "permit"  actions  in  SMTP  server
712              access  lists (by default, the SMTP server logs "reject" actions
713              but not "permit" actions).
714

KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS

716       As of Postfix version 2.0, the SMTP server  rejects  mail  for  unknown
717       recipients. This prevents the mail queue from clogging up with undeliv‐
718       erable MAILER-DAEMON messages. Additional information on this topic  is
719       in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents.
720
721       show_user_unknown_table_name (yes)
722              Display  the  name  of the recipient table in the "User unknown"
723              responses.
724
725       canonical_maps (empty)
726              Optional address mapping lookup tables for message  headers  and
727              envelopes.
728
729       recipient_canonical_maps (empty)
730              Optional  address  mapping lookup tables for envelope and header
731              recipient addresses.
732
733       sender_canonical_maps (empty)
734              Optional address mapping lookup tables for envelope  and  header
735              sender addresses.
736
737       Parameters concerning known/unknown local recipients:
738
739       mydestination ($myhostname, localhost.$mydomain, localhost)
740              The  list of domains that are delivered via the $local_transport
741              mail delivery transport.
742
743       inet_interfaces (all)
744              The network interface addresses that this mail  system  receives
745              mail on.
746
747       proxy_interfaces (empty)
748              The  network  interface addresses that this mail system receives
749              mail on by way of a proxy or network address translation unit.
750
751       inet_protocols (all)
752              The Internet protocols Postfix will attempt to use  when  making
753              or accepting connections.
754
755       local_recipient_maps (proxy:unix:passwd.byname $alias_maps)
756              Lookup tables with all names or addresses of local recipients: a
757              recipient address is local when its domain  matches  $mydestina‐
758              tion, $inet_interfaces or $proxy_interfaces.
759
760       unknown_local_recipient_reject_code (550)
761              The numerical Postfix SMTP server response code when a recipient
762              address is local, and $local_recipient_maps specifies a list  of
763              lookup tables that does not match the recipient.
764
765       Parameters concerning known/unknown recipients of relay destinations:
766
767       relay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)
768              What  destination  domains  (and subdomains thereof) this system
769              will relay mail to.
770
771       relay_recipient_maps (empty)
772              Optional lookup tables with all valid addresses in  the  domains
773              that match $relay_domains.
774
775       unknown_relay_recipient_reject_code (550)
776              The  numerical  Postfix  SMTP server reply code when a recipient
777              address matches $relay_domains, and relay_recipient_maps  speci‐
778              fies  a  list of lookup tables that does not match the recipient
779              address.
780
781       Parameters  concerning  known/unknown  recipients  in   virtual   alias
782       domains:
783
784       virtual_alias_domains ($virtual_alias_maps)
785              Postfix  is  final destination for the specified list of virtual
786              alias domains, that is, domains  for  which  all  addresses  are
787              aliased to addresses in other local or remote domains.
788
789       virtual_alias_maps ($virtual_maps)
790              Optional  lookup  tables  that  alias specific mail addresses or
791              domains to other local or remote address.
792
793       unknown_virtual_alias_reject_code (550)
794              The Postfix SMTP server reply  code  when  a  recipient  address
795              matches  $virtual_alias_domains,  and $virtual_alias_maps speci‐
796              fies a list of lookup tables that does not match  the  recipient
797              address.
798
799       Parameters  concerning  known/unknown  recipients  in  virtual  mailbox
800       domains:
801
802       virtual_mailbox_domains ($virtual_mailbox_maps)
803              Postfix is final destination for the specified list of  domains;
804              mail  is  delivered  via  the  $virtual_transport  mail delivery
805              transport.
806
807       virtual_mailbox_maps (empty)
808              Optional lookup tables with all valid addresses in  the  domains
809              that match $virtual_mailbox_domains.
810
811       unknown_virtual_mailbox_reject_code (550)
812              The  Postfix  SMTP  server  reply  code when a recipient address
813              matches  $virtual_mailbox_domains,   and   $virtual_mailbox_maps
814              specifies a list of lookup tables that does not match the recip‐
815              ient address.
816

RESOURCE AND RATE CONTROLS

818       The following parameters limit resource usage by the SMTP server and/or
819       control client request rates.
820
821       line_length_limit (2048)
822              Upon  input,  long  lines  are chopped up into pieces of at most
823              this length; upon delivery, long lines are reconstructed.
824
825       queue_minfree (0)
826              The minimal amount of free space in bytes in the queue file sys‐
827              tem that is needed to receive mail.
828
829       message_size_limit (10240000)
830              The  maximal  size  in  bytes  of  a message, including envelope
831              information.
832
833       smtpd_recipient_limit (1000)
834              The maximal number of recipients that the  Postfix  SMTP  server
835              accepts per message delivery request.
836
837       smtpd_timeout (normal: 300s, overload: 10s)
838              The  time  limit  for sending a Postfix SMTP server response and
839              for receiving a remote SMTP client request.
840
841       smtpd_history_flush_threshold (100)
842              The maximal number of lines in the Postfix SMTP  server  command
843              history  before it is flushed upon receipt of EHLO, RSET, or end
844              of DATA.
845
846       Available in Postfix version 2.3 and later:
847
848       smtpd_peername_lookup (yes)
849              Attempt to look up the remote SMTP client hostname,  and  verify
850              that the name matches the client IP address.
851
852       The per SMTP client connection count and request rate limits are imple‐
853       mented in co-operation with the anvil(8) service, and are available  in
854       Postfix version 2.2 and later.
855
856       smtpd_client_connection_count_limit (50)
857              How  many simultaneous connections any client is allowed to make
858              to this service.
859
860       smtpd_client_connection_rate_limit (0)
861              The maximal number of connection attempts any client is  allowed
862              to make to this service per time unit.
863
864       smtpd_client_message_rate_limit (0)
865              The  maximal number of message delivery requests that any client
866              is allowed to make to this service per time unit, regardless  of
867              whether or not Postfix actually accepts those messages.
868
869       smtpd_client_recipient_rate_limit (0)
870              The  maximal  number  of  recipient addresses that any client is
871              allowed to send to this service per  time  unit,  regardless  of
872              whether or not Postfix actually accepts those recipients.
873
874       smtpd_client_event_limit_exceptions ($mynetworks)
875              Clients  that  are excluded from smtpd_client_*_count/rate_limit
876              restrictions.
877
878       Available in Postfix version 2.3 and later:
879
880       smtpd_client_new_tls_session_rate_limit (0)
881              The maximal number of new (i.e., uncached) TLS sessions  that  a
882              remote SMTP client is allowed to negotiate with this service per
883              time unit.
884
885       Available in Postfix version 2.9 and later:
886
887       smtpd_per_record_deadline (normal: no, overload: yes)
888              Change  the  behavior  of  the  smtpd_timeout  and  smtpd_start‐
889              tls_timeout  time  limits,  from  a time limit per read or write
890              system call, to a time limit  to  send  or  receive  a  complete
891              record  (an  SMTP command line, SMTP response line, SMTP message
892              content line, or TLS protocol message).
893
894       Available in Postfix version 3.1 and later:
895
896       smtpd_client_auth_rate_limit (0)
897              The maximal number of AUTH commands that any client  is  allowed
898              to  send to this service per time unit, regardless of whether or
899              not Postfix actually accepts those commands.
900

TARPIT CONTROLS

902       When a remote SMTP client makes errors, the  Postfix  SMTP  server  can
903       insert  delays  before  responding. This can help to slow down run-away
904       software.  The behavior is controlled by an error counter  that  counts
905       the number of errors within an SMTP session that a client makes without
906       delivering mail.
907
908       smtpd_error_sleep_time (1s)
909              With Postfix version 2.1 and later:  the  SMTP  server  response
910              delay  after a client has made more than $smtpd_soft_error_limit
911              errors, and fewer than $smtpd_hard_error_limit  errors,  without
912              delivering mail.
913
914       smtpd_soft_error_limit (10)
915              The  number  of  errors  a remote SMTP client is allowed to make
916              without delivering mail before the  Postfix  SMTP  server  slows
917              down all its responses.
918
919       smtpd_hard_error_limit (normal: 20, overload: 1)
920              The  maximal number of errors a remote SMTP client is allowed to
921              make without delivering mail.
922
923       smtpd_junk_command_limit (normal: 100, overload: 1)
924              The number of junk commands (NOOP, VRFY, ETRN or  RSET)  that  a
925              remote  SMTP  client  can  send  before  the Postfix SMTP server
926              starts to increment the error counter with each junk command.
927
928       Available in Postfix version 2.1 and later:
929
930       smtpd_recipient_overshoot_limit (1000)
931              The number of recipients that a remote SMTP client can  send  in
932              excess  of  the  limit  specified  with  $smtpd_recipient_limit,
933              before the Postfix SMTP server increments the per-session  error
934              count for each excess recipient.
935

ACCESS POLICY DELEGATION CONTROLS

937       As  of version 2.1, Postfix can be configured to delegate access policy
938       decisions to an external server that runs  outside  Postfix.   See  the
939       file SMTPD_POLICY_README for more information.
940
941       smtpd_policy_service_max_idle (300s)
942              The  time after which an idle SMTPD policy service connection is
943              closed.
944
945       smtpd_policy_service_max_ttl (1000s)
946              The time after which an active SMTPD policy  service  connection
947              is closed.
948
949       smtpd_policy_service_timeout (100s)
950              The  time limit for connecting to, writing to, or receiving from
951              a delegated SMTPD policy server.
952
953       Available in Postfix version 3.0 and later:
954
955       smtpd_policy_service_default_action  (451  4.3.5  Server  configuration
956       problem)
957              The default action when an SMTPD policy service request fails.
958
959       smtpd_policy_service_request_limit (0)
960              The  maximal number of requests per SMTPD policy service connec‐
961              tion, or zero (no limit).
962
963       smtpd_policy_service_try_limit (2)
964              The maximal number of attempts to send an SMTPD  policy  service
965              request before giving up.
966
967       smtpd_policy_service_retry_delay (1s)
968              The  delay between attempts to resend a failed SMTPD policy ser‐
969              vice request.
970
971       Available in Postfix version 3.1 and later:
972
973       smtpd_policy_service_policy_context (empty)
974              Optional information that the Postfix SMTP server  specifies  in
975              the  "policy_context"  attribute  of  a  policy  service request
976              (originally, to share the same service endpoint  among  multiple
977              check_policy_service clients).
978

ACCESS CONTROLS

980       The  SMTPD_ACCESS_README document gives an introduction to all the SMTP
981       server access control features.
982
983       smtpd_delay_reject (yes)
984              Wait   until   the   RCPT   TO   command    before    evaluating
985              $smtpd_client_restrictions,     $smtpd_helo_restrictions     and
986              $smtpd_sender_restrictions,  or  wait  until  the  ETRN  command
987              before       evaluating      $smtpd_client_restrictions      and
988              $smtpd_helo_restrictions.
989
990       parent_domain_matches_subdomains (see 'postconf -d' output)
991              A list of Postfix features where the pattern "example.com"  also
992              matches  subdomains  of  example.com,  instead  of  requiring an
993              explicit ".example.com" pattern.
994
995       smtpd_client_restrictions (empty)
996              Optional restrictions that the Postfix SMTP  server  applies  in
997              the context of a client connection request.
998
999       smtpd_helo_required (no)
1000              Require  that  a  remote  SMTP client introduces itself with the
1001              HELO or EHLO command before sending the MAIL  command  or  other
1002              commands that require EHLO negotiation.
1003
1004       smtpd_helo_restrictions (empty)
1005              Optional  restrictions  that  the Postfix SMTP server applies in
1006              the context of a client HELO command.
1007
1008       smtpd_sender_restrictions (empty)
1009              Optional restrictions that the Postfix SMTP  server  applies  in
1010              the context of a client MAIL FROM command.
1011
1012       smtpd_recipient_restrictions (see 'postconf -d' output)
1013              Optional  restrictions  that  the Postfix SMTP server applies in
1014              the   context   of   a   client   RCPT   TO    command,    after
1015              smtpd_relay_restrictions.
1016
1017       smtpd_etrn_restrictions (empty)
1018              Optional  restrictions  that  the Postfix SMTP server applies in
1019              the context of a client ETRN command.
1020
1021       allow_untrusted_routing (no)
1022              Forward      mail      with       sender-specified       routing
1023              (user[@%!]remote[@%!]site)  from  untrusted  clients to destina‐
1024              tions matching $relay_domains.
1025
1026       smtpd_restriction_classes (empty)
1027              User-defined aliases for groups of access restrictions.
1028
1029       smtpd_null_access_lookup_key (<>)
1030              The lookup key to be used in SMTP access(5)  tables  instead  of
1031              the null sender address.
1032
1033       permit_mx_backup_networks (empty)
1034              Restrict  the use of the permit_mx_backup SMTP access feature to
1035              only domains whose primary MX hosts match the listed networks.
1036
1037       Available in Postfix version 2.0 and later:
1038
1039       smtpd_data_restrictions (empty)
1040              Optional  access  restrictions  that  the  Postfix  SMTP  server
1041              applies in the context of the SMTP DATA command.
1042
1043       smtpd_expansion_filter (see 'postconf -d' output)
1044              What  characters  are  allowed  in $name expansions of RBL reply
1045              templates.
1046
1047       Available in Postfix version 2.1 and later:
1048
1049       smtpd_reject_unlisted_sender (no)
1050              Request that the Postfix SMTP server rejects mail  from  unknown
1051              sender  addresses,  even when no explicit reject_unlisted_sender
1052              access restriction is specified.
1053
1054       smtpd_reject_unlisted_recipient (yes)
1055              Request that the Postfix SMTP server rejects  mail  for  unknown
1056              recipient      addresses,      even     when     no     explicit
1057              reject_unlisted_recipient access restriction is specified.
1058
1059       Available in Postfix version 2.2 and later:
1060
1061       smtpd_end_of_data_restrictions (empty)
1062              Optional  access  restrictions  that  the  Postfix  SMTP  server
1063              applies in the context of the SMTP END-OF-DATA command.
1064
1065       Available in Postfix version 2.10 and later:
1066
1067       smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated,
1068       defer_unauth_destination)
1069              Access restrictions for mail relay control that the Postfix SMTP
1070              server  applies  in  the  context of the RCPT TO command, before
1071              smtpd_recipient_restrictions.
1072

SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS

1074       Postfix version 2.1 introduces sender and recipient  address  verifica‐
1075       tion.  This feature is implemented by sending probe email messages that
1076       are  not  actually  delivered.   This  feature  is  requested  via  the
1077       reject_unverified_sender    and    reject_unverified_recipient   access
1078       restrictions.  The status of verification probes is maintained  by  the
1079       verify(8)  server.  See the file ADDRESS_VERIFICATION_README for infor‐
1080       mation about how to configure and operate the Postfix  sender/recipient
1081       address verification service.
1082
1083       address_verify_poll_count (normal: 3, overload: 1)
1084              How many times to query the verify(8) service for the completion
1085              of an address verification request in progress.
1086
1087       address_verify_poll_delay (3s)
1088              The delay between queries for the completion of an address veri‐
1089              fication request in progress.
1090
1091       address_verify_sender ($double_bounce_sender)
1092              The  sender address to use in address verification probes; prior
1093              to Postfix 2.5 the default was "postmaster".
1094
1095       unverified_sender_reject_code (450)
1096              The numerical Postfix SMTP server response code when a recipient
1097              address is rejected by the reject_unverified_sender restriction.
1098
1099       unverified_recipient_reject_code (450)
1100              The  numerical  Postfix  SMTP  server  response when a recipient
1101              address is rejected by the reject_unverified_recipient  restric‐
1102              tion.
1103
1104       Available in Postfix version 2.6 and later:
1105
1106       unverified_sender_defer_code (450)
1107              The  numerical  Postfix  SMTP server response code when a sender
1108              address probe fails due to a temporary error condition.
1109
1110       unverified_recipient_defer_code (450)
1111              The numerical Postfix SMTP  server  response  when  a  recipient
1112              address probe fails due to a temporary error condition.
1113
1114       unverified_sender_reject_reason (empty)
1115              The  Postfix  SMTP  server's  reply  when  rejecting  mail  with
1116              reject_unverified_sender.
1117
1118       unverified_recipient_reject_reason (empty)
1119              The  Postfix  SMTP  server's  reply  when  rejecting  mail  with
1120              reject_unverified_recipient.
1121
1122       unverified_sender_tempfail_action ($reject_tempfail_action)
1123              The  Postfix  SMTP server's action when reject_unverified_sender
1124              fails due to a temporary error condition.
1125
1126       unverified_recipient_tempfail_action ($reject_tempfail_action)
1127              The Postfix SMTP server's action when  reject_unverified_recipi‐
1128              ent fails due to a temporary error condition.
1129
1130       Available with Postfix 2.9 and later:
1131
1132       address_verify_sender_ttl (0s)
1133              The  time  between  changes  in  the  time-dependent  portion of
1134              address verification probe sender addresses.
1135

ACCESS CONTROL RESPONSES

1137       The following parameters control numerical SMTP reply codes and/or text
1138       responses.
1139
1140       access_map_reject_code (554)
1141              The numerical Postfix SMTP server response code for an access(5)
1142              map "reject" action.
1143
1144       defer_code (450)
1145              The numerical Postfix SMTP server response code  when  a  remote
1146              SMTP client request is rejected by the "defer" restriction.
1147
1148       invalid_hostname_reject_code (501)
1149              The  numerical Postfix SMTP server response code when the client
1150              HELO  or   EHLO   command   parameter   is   rejected   by   the
1151              reject_invalid_helo_hostname restriction.
1152
1153       maps_rbl_reject_code (554)
1154              The  numerical  Postfix  SMTP server response code when a remote
1155              SMTP  client  request  is  blocked  by  the   reject_rbl_client,
1156              reject_rhsbl_client,                reject_rhsbl_reverse_client,
1157              reject_rhsbl_sender or reject_rhsbl_recipient restriction.
1158
1159       non_fqdn_reject_code (504)
1160              The numerical Postfix SMTP  server  reply  code  when  a  client
1161              request   is   rejected  by  the  reject_non_fqdn_helo_hostname,
1162              reject_non_fqdn_sender or reject_non_fqdn_recipient restriction.
1163
1164       plaintext_reject_code (450)
1165              The numerical Postfix SMTP server response code when  a  request
1166              is rejected by the reject_plaintext_session restriction.
1167
1168       reject_code (554)
1169              The  numerical  Postfix  SMTP server response code when a remote
1170              SMTP client request is rejected by the "reject" restriction.
1171
1172       relay_domains_reject_code (554)
1173              The numerical Postfix SMTP server response code  when  a  client
1174              request  is  rejected by the reject_unauth_destination recipient
1175              restriction.
1176
1177       unknown_address_reject_code (450)
1178              The numerical response code when the Postfix SMTP server rejects
1179              a sender or recipient address because its domain is unknown.
1180
1181       unknown_client_reject_code (450)
1182              The  numerical  Postfix  SMTP server response code when a client
1183              without valid address  <=>  name  mapping  is  rejected  by  the
1184              reject_unknown_client_hostname restriction.
1185
1186       unknown_hostname_reject_code (450)
1187              The  numerical  Postfix SMTP server response code when the host‐
1188              name specified with the HELO or EHLO command is rejected by  the
1189              reject_unknown_helo_hostname restriction.
1190
1191       Available in Postfix version 2.0 and later:
1192
1193       default_rbl_reply (see 'postconf -d' output)
1194              The  default Postfix SMTP server response template for a request
1195              that is rejected by an RBL-based restriction.
1196
1197       multi_recipient_bounce_reject_code (550)
1198              The numerical Postfix SMTP server response code  when  a  remote
1199              SMTP  client  request  is  blocked  by  the reject_multi_recipi‐
1200              ent_bounce restriction.
1201
1202       rbl_reply_maps (empty)
1203              Optional lookup tables with RBL response templates.
1204
1205       Available in Postfix version 2.6 and later:
1206
1207       access_map_defer_code (450)
1208              The numerical Postfix SMTP server response code for an access(5)
1209              map    "defer"    action,    including    "defer_if_permit"   or
1210              "defer_if_reject".
1211
1212       reject_tempfail_action (defer_if_permit)
1213              The Postfix SMTP server's action when a reject-type  restriction
1214              fails due to a temporary error condition.
1215
1216       unknown_helo_hostname_tempfail_action ($reject_tempfail_action)
1217              The  Postfix SMTP server's action when reject_unknown_helo_host‐
1218              name fails due to a temporary error condition.
1219
1220       unknown_address_tempfail_action ($reject_tempfail_action)
1221              The      Postfix      SMTP      server's       action       when
1222              reject_unknown_sender_domain  or reject_unknown_recipient_domain
1223              fail due to a temporary error condition.
1224

MISCELLANEOUS CONTROLS

1226       config_directory (see 'postconf -d' output)
1227              The default location of the Postfix main.cf and  master.cf  con‐
1228              figuration files.
1229
1230       daemon_timeout (18000s)
1231              How  much  time  a  Postfix  daemon process may take to handle a
1232              request before it is terminated by a built-in watchdog timer.
1233
1234       command_directory (see 'postconf -d' output)
1235              The location of all postfix administrative commands.
1236
1237       double_bounce_sender (double-bounce)
1238              The sender address of postmaster notifications that  are  gener‐
1239              ated by the mail system.
1240
1241       ipc_timeout (3600s)
1242              The  time  limit  for  sending  or receiving information over an
1243              internal communication channel.
1244
1245       mail_name (Postfix)
1246              The mail system name that is displayed in Received: headers,  in
1247              the SMTP greeting banner, and in bounced mail.
1248
1249       mail_owner (postfix)
1250              The  UNIX  system  account  that owns the Postfix queue and most
1251              Postfix daemon processes.
1252
1253       max_idle (100s)
1254              The maximum amount of time that an idle Postfix  daemon  process
1255              waits for an incoming connection before terminating voluntarily.
1256
1257       max_use (100)
1258              The maximal number of incoming connections that a Postfix daemon
1259              process will service before terminating voluntarily.
1260
1261       myhostname (see 'postconf -d' output)
1262              The internet hostname of this mail system.
1263
1264       mynetworks (see 'postconf -d' output)
1265              The list of "trusted" remote SMTP clients that have more  privi‐
1266              leges than "strangers".
1267
1268       myorigin ($myhostname)
1269              The  domain  name that locally-posted mail appears to come from,
1270              and that locally posted mail is delivered to.
1271
1272       process_id (read-only)
1273              The process ID of a Postfix command or daemon process.
1274
1275       process_name (read-only)
1276              The process name of a Postfix command or daemon process.
1277
1278       queue_directory (see 'postconf -d' output)
1279              The location of the Postfix top-level queue directory.
1280
1281       recipient_delimiter (empty)
1282              The set of characters that can separate a  user  name  from  its
1283              extension  (example: user+foo), or a .forward file name from its
1284              extension (example: .forward+foo).
1285
1286       smtpd_banner ($myhostname ESMTP $mail_name)
1287              The text that follows the 220 status code in the  SMTP  greeting
1288              banner.
1289
1290       syslog_facility (mail)
1291              The syslog facility of Postfix logging.
1292
1293       syslog_name (see 'postconf -d' output)
1294              A  prefix  that  is  prepended  to  the  process  name in syslog
1295              records, so that, for example, "smtpd" becomes "prefix/smtpd".
1296
1297       Available in Postfix version 2.2 and later:
1298
1299       smtpd_forbidden_commands (CONNECT, GET, POST)
1300              List of commands that cause the Postfix SMTP server  to  immedi‐
1301              ately terminate the session with a 221 code.
1302
1303       Available in Postfix version 2.5 and later:
1304
1305       smtpd_client_port_logging (no)
1306              Enable logging of the remote SMTP client port in addition to the
1307              hostname and IP address.
1308
1309       Available in Postfix 3.3 and later:
1310
1311       service_name (read-only)
1312              The master.cf service name of a Postfix daemon process.
1313
1314       Available in Postfix 3.4 and later:
1315
1316       smtpd_reject_footer_maps (empty)
1317              Lookup tables, indexed by the complete Postfix SMTP  server  4xx
1318              or 5xx response, with reject footer templates.
1319

SEE ALSO

1321       anvil(8), connection/rate limiting
1322       cleanup(8), message canonicalization
1323       tlsmgr(8), TLS session and PRNG management
1324       trivial-rewrite(8), address resolver
1325       verify(8), address verification service
1326       postconf(5), configuration parameters
1327       master(5), generic daemon options
1328       master(8), process manager
1329       postlogd(8), Postfix logging
1330       syslogd(8), system logging
1331

README FILES

1333       Use  "postconf readme_directory" or "postconf html_directory" to locate
1334       this information.
1335       ADDRESS_CLASS_README, blocking unknown hosted or relay recipients
1336       ADDRESS_REWRITING_README, Postfix address manipulation
1337       BDAT_README, Postfix CHUNKING support
1338       FILTER_README, external after-queue content filter
1339       LOCAL_RECIPIENT_README, blocking unknown local recipients
1340       MILTER_README, before-queue mail filter applications
1341       SMTPD_ACCESS_README, built-in access policies
1342       SMTPD_POLICY_README, external policy server
1343       SMTPD_PROXY_README, external before-queue content filter
1344       SASL_README, Postfix SASL howto
1345       TLS_README, Postfix STARTTLS howto
1346       VERP_README, Postfix XVERP extension
1347       XCLIENT_README, Postfix XCLIENT extension
1348       XFORWARD_README, Postfix XFORWARD extension
1349

LICENSE

1351       The Secure Mailer license must be distributed with this software.
1352

AUTHOR(S)

1354       Wietse Venema
1355       IBM T.J. Watson Research
1356       P.O. Box 704
1357       Yorktown Heights, NY 10598, USA
1358
1359       Wietse Venema
1360       Google, Inc.
1361       111 8th Avenue
1362       New York, NY 10011, USA
1363
1364       SASL support originally by:
1365       Till Franke
1366       SuSE Rhein/Main AG
1367       65760 Eschborn, Germany
1368
1369       TLS support originally by:
1370       Lutz Jaenicke
1371       BTU Cottbus
1372       Allgemeine Elektrotechnik
1373       Universitaetsplatz 3-4
1374       D-03044 Cottbus, Germany
1375
1376       Revised TLS support by:
1377       Victor Duchovni
1378       Morgan Stanley
1379
1380
1381
1382                                                                      SMTPD(8)
Impressum