1SMTP(8) System Manager's Manual SMTP(8)
2
6 smtp - Postfix SMTP+LMTP client
7
9 smtp [generic Postfix daemon options] [flags=DORX]
10
12 The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
13 protocols. It processes message delivery requests from the queue man‐
14 ager. Each request specifies a queue file, a sender address, a domain
15 or host to deliver to, and recipient information. This program expects
16 to be run from the master(8) process manager.
17 The SMTP+LMTP client updates the queue file and marks recipients as
19 finished, or it informs the queue manager that delivery should be tried
20 again at a later time. Delivery status reports are sent to the
21 bounce(8), defer(8) or trace(8) daemon as appropriate.
22 The SMTP+LMTP client looks up a list of mail exchanger addresses for
24 the destination host, sorts the list by preference, and connects to
25 each listed address until it finds a server that responds.
26 When a server is not reachable, or when mail delivery fails due to a
28 recoverable error condition, the SMTP+LMTP client will try to deliver
29 the mail to an alternate host.
30 After a successful mail transaction, a connection may be saved to the
32 scache(8) connection cache server, so that it may be used by any
33 SMTP+LMTP client for a subsequent transaction.
34 By default, connection caching is enabled temporarily for destinations
36 that have a high volume of mail in the active queue. Connection caching
37 can be enabled permanently for specific destinations.
38
40 The Postfix SMTP+LMTP client supports multiple destinations separated
41 by comma or whitespace (Postfix 3.5 and later). SMTP destinations have
42 the following form:
43 domainname
45 domainname:port
47 Look up the mail exchangers for the specified domain, and con‐
48 nect to the specified port (default: smtp).
49 [hostname]
51 [hostname]:port
53 Look up the address(es) of the specified host, and connect to
54 the specified port (default: smtp).
55 [address]
57 [address]:port
59 Connect to the host at the specified address, and connect to the
60 specified port (default: smtp). An IPv6 address must be format‐
61 ted as [ipv6:address].
62
64 The Postfix SMTP+LMTP client supports multiple destinations separated
65 by comma or whitespace (Postfix 3.5 and later). LMTP destinations have
66 the following form:
67 unix:pathname
69 Connect to the local UNIX-domain server that is bound to the
70 specified pathname. If the process runs chrooted, an absolute
71 pathname is interpreted relative to the Postfix queue directory.
72 inet:hostname
74 inet:hostname:port
76 inet:[address]
78 inet:[address]:port
80 Connect to the specified TCP port on the specified local or
81 remote host. If no port is specified, connect to the port
82 defined as lmtp in services(4). If no such service is found,
83 the lmtp_tcp_port configuration parameter (default value of 24)
84 will be used. An IPv6 address must be formatted as
85 [ipv6:address].
86
88 By default, the Postfix SMTP+LMTP client delivers mail to multiple
89 recipients per delivery request. This is undesirable when prepending a
90 Delivered-to: or X-Original-To: message header. To prevent Postfix from
91 sending multiple recipients per delivery request, specify
92 transport_destination_recipient_limit = 1
94 in the Postfix main.cf file, where transport is the name in the first
96 column of the Postfix master.cf entry for this mail delivery service.
97
99 flags=DORX (optional)
100 Optional message processing flags.
101 D Prepend a "Delivered-To: recipient" message header with
103 the envelope recipient address. Note: for this to work,
104 the transport_destination_recipient_limit must be 1 (see
105 SINGLE-RECIPIENT DELIVERY above for details).
106 The D flag also enforces loop detection: if a message
108 already contains a Delivered-To: header with the same
109 recipient address, then the message is returned as unde‐
110 liverable. The address comparison is case insensitive.
111 This feature is available as of Postfix 3.5.
113 O Prepend an "X-Original-To: recipient" message header with
115 the recipient address as given to Postfix. Note: for this
116 to work, the transport_destination_recipient_limit must
117 be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
118 This feature is available as of Postfix 3.5.
120 R Prepend a "Return-Path: <sender>" message header with the
122 envelope sender address.
123 This feature is available as of Postfix 3.5.
125 X Indicates that the delivery is final. This flag affects
127 the status reported in "success" DSN (delivery status
128 notification) messages, and changes it from "relayed"
129 into "delivered".
130 This feature is available as of Postfix 3.5.
132
134 The SMTP+LMTP client is moderately security-sensitive. It
135 talks to SMTP or LMTP servers and to DNS servers on the
136 network. The SMTP+LMTP client can be run chrooted at fixed
137 low privilege.
138
140 RFC 821 (SMTP protocol)
141 RFC 822 (ARPA Internet Text Messages)
142 RFC 1651 (SMTP service extensions)
143 RFC 1652 (8bit-MIME transport)
144 RFC 1870 (Message Size Declaration)
145 RFC 2033 (LMTP protocol)
146 RFC 2034 (SMTP Enhanced Error Codes)
147 RFC 2045 (MIME: Format of Internet Message Bodies)
148 RFC 2046 (MIME: Media Types)
149 RFC 2554 (AUTH command)
150 RFC 2821 (SMTP protocol)
151 RFC 2920 (SMTP Pipelining)
152 RFC 3207 (STARTTLS command)
153 RFC 3461 (SMTP DSN Extension)
154 RFC 3463 (Enhanced Status Codes)
155 RFC 4954 (AUTH command)
156 RFC 5321 (SMTP protocol)
157 RFC 6531 (Internationalized SMTP)
158 RFC 6533 (Internationalized Delivery Status Notifications)
159 RFC 7672 (SMTP security via opportunistic DANE TLS)
160
162 Problems and transactions are logged to syslogd(8) or postlogd(8).
163 Corrupted message files are marked so that the queue manager can move
164 them to the corrupt queue for further inspection.
165 Depending on the setting of the notify_classes parameter, the postmas‐
167 ter is notified of bounces, protocol problems, and of other trouble.
168
170 SMTP and LMTP connection reuse for TLS (without closing the SMTP or
171 LMTP connection) is not supported before Postfix 3.4.
172 SMTP and LMTP connection reuse assumes that SASL credentials are valid
174 for all destinations that map onto the same IP address and TCP port.
175
177 Before Postfix version 2.3, the LMTP client is a separate program that
178 implements only a subset of the functionality available with SMTP:
179 there is no support for TLS, and connections are cached in-process,
180 making it ineffective when the client is used for multiple domains.
181 Most smtp_xxx configuration parameters have an lmtp_xxx "mirror" param‐
183 eter for the equivalent LMTP feature. This document describes only
184 those LMTP-related parameters that aren't simply "mirror" parameters.
185 Changes to main.cf are picked up automatically, as smtp(8) processes
187 run for only a limited amount of time. Use the command "postfix reload"
188 to speed up a change.
189 The text below provides only a parameter summary. See postconf(5) for
191 more details including examples.
192
194 ignore_mx_lookup_error (no)
195 Ignore DNS MX lookups that produce no response.
196 smtp_always_send_ehlo (yes)
198 Always send EHLO at the start of an SMTP session.
199 smtp_never_send_ehlo (no)
201 Never send EHLO at the start of an SMTP session.
202 smtp_defer_if_no_mx_address_found (no)
204 Defer mail delivery when no MX record resolves to an IP address.
205 smtp_line_length_limit (998)
207 The maximal length of message header and body lines that Postfix
208 will send via SMTP.
209 smtp_pix_workaround_delay_time (10s)
211 How long the Postfix SMTP client pauses before sending
212 ".<CR><LF>" in order to work around the PIX firewall
213 "<CR><LF>.<CR><LF>" bug.
214 smtp_pix_workaround_threshold_time (500s)
216 How long a message must be queued before the Postfix SMTP client
217 turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for
218 delivery through firewalls with "smtp fixup" mode turned on.
219 smtp_pix_workarounds (disable_esmtp, delay_dotcrlf)
221 A list that specifies zero or more workarounds for CISCO PIX
222 firewall bugs.
223 smtp_pix_workaround_maps (empty)
225 Lookup tables, indexed by the remote SMTP server address, with
226 per-destination workarounds for CISCO PIX firewall bugs.
227 smtp_quote_rfc821_envelope (yes)
229 Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
230 commands as required by RFC 5321.
231 smtp_reply_filter (empty)
233 A mechanism to transform replies from remote SMTP servers one
234 line at a time.
235 smtp_skip_5xx_greeting (yes)
237 Skip remote SMTP servers that greet with a 5XX status code.
238 smtp_skip_quit_response (yes)
240 Do not wait for the response to the SMTP QUIT command.
241 Available in Postfix version 2.0 and earlier:
243 smtp_skip_4xx_greeting (yes)
245 Skip SMTP servers that greet with a 4XX status code (go away,
246 try again later).
247 Available in Postfix version 2.2 and later:
249 smtp_discard_ehlo_keyword_address_maps (empty)
251 Lookup tables, indexed by the remote SMTP server address, with
252 case insensitive lists of EHLO keywords (pipelining, starttls,
253 auth, etc.) that the Postfix SMTP client will ignore in the EHLO
254 response from a remote SMTP server.
255 smtp_discard_ehlo_keywords (empty)
257 A case insensitive list of EHLO keywords (pipelining, starttls,
258 auth, etc.) that the Postfix SMTP client will ignore in the EHLO
259 response from a remote SMTP server.
260 smtp_generic_maps (empty)
262 Optional lookup tables that perform address rewriting in the
263 Postfix SMTP client, typically to transform a locally valid
264 address into a globally valid address when sending mail across
265 the Internet.
266 Available in Postfix version 2.2.9 and later:
268 smtp_cname_overrides_servername (version dependent)
270 When the remote SMTP servername is a DNS CNAME, replace the
271 servername with the result from CNAME expansion for the purpose
272 of logging, SASL password lookup, TLS policy decisions, or TLS
273 certificate verification.
274 Available in Postfix version 2.3 and later:
276 lmtp_discard_lhlo_keyword_address_maps (empty)
278 Lookup tables, indexed by the remote LMTP server address, with
279 case insensitive lists of LHLO keywords (pipelining, starttls,
280 auth, etc.) that the Postfix LMTP client will ignore in the LHLO
281 response from a remote LMTP server.
282 lmtp_discard_lhlo_keywords (empty)
284 A case insensitive list of LHLO keywords (pipelining, starttls,
285 auth, etc.) that the Postfix LMTP client will ignore in the LHLO
286 response from a remote LMTP server.
287 Available in Postfix version 2.4.4 and later:
289 send_cyrus_sasl_authzid (no)
291 When authenticating to a remote SMTP or LMTP server with the
292 default setting "no", send no SASL authoriZation ID (authzid);
293 send only the SASL authentiCation ID (authcid) plus the auth‐
294 cid's password.
295 Available in Postfix version 2.5 and later:
297 smtp_header_checks (empty)
299 Restricted header_checks(5) tables for the Postfix SMTP client.
300 smtp_mime_header_checks (empty)
302 Restricted mime_header_checks(5) tables for the Postfix SMTP
303 client.
304 smtp_nested_header_checks (empty)
306 Restricted nested_header_checks(5) tables for the Postfix SMTP
307 client.
308 smtp_body_checks (empty)
310 Restricted body_checks(5) tables for the Postfix SMTP client.
311 Available in Postfix version 2.6 and later:
313 tcp_windowsize (0)
315 An optional workaround for routers that break TCP window scal‐
316 ing.
317 Available in Postfix version 2.8 and later:
319 smtp_dns_resolver_options (empty)
321 DNS Resolver options for the Postfix SMTP client.
322 Available in Postfix version 2.9 and later:
324 smtp_per_record_deadline (no)
326 Change the behavior of the smtp_*_timeout time limits, from a
327 time limit per read or write system call, to a time limit to
328 send or receive a complete record (an SMTP command line, SMTP
329 response line, SMTP message content line, or TLS protocol mes‐
330 sage).
331 smtp_send_dummy_mail_auth (no)
333 Whether or not to append the "AUTH=<>" option to the MAIL FROM
334 command in SASL-authenticated SMTP sessions.
335 Available in Postfix version 2.11 and later:
337 smtp_dns_support_level (empty)
339 Level of DNS support in the Postfix SMTP client.
340 Available in Postfix version 3.0 and later:
342 smtp_delivery_status_filter ($default_delivery_status_filter)
344 Optional filter for the smtp(8) delivery agent to change the
345 delivery status code or explanatory text of successful or unsuc‐
346 cessful deliveries.
347 smtp_dns_reply_filter (empty)
349 Optional filter for Postfix SMTP client DNS lookup results.
350 Available in Postfix version 3.3 and later:
352 smtp_balance_inet_protocols (yes)
354 When a remote destination resolves to a combination of IPv4 and
355 IPv6 addresses, ensure that the Postfix SMTP client can try both
356 address types before it runs into the smtp_mx_address_limit.
357 Available in Postfix 3.5 and later:
359 info_log_address_format (external)
361 The email address form that will be used in non-debug logging
362 (info, warning, etc.).
363 Available in Postfix 3.5.9 and later:
365 dnssec_probe (ns:.)
367 The DNS query type (default: "ns") and DNS query name (default:
368 ".") that Postfix may use to determine whether DNSSEC validation
369 is available.
370
372 Available in Postfix version 2.0 and later:
373 disable_mime_output_conversion (no)
375 Disable the conversion of 8BITMIME format to 7BIT format.
376 mime_boundary_length_limit (2048)
378 The maximal length of MIME multipart boundary strings.
379 mime_nesting_limit (100)
381 The maximal recursion level that the MIME processor will handle.
382
384 Available in Postfix version 2.1 and later:
385 smtp_send_xforward_command (no)
387 Send the non-standard XFORWARD command when the Postfix SMTP
388 server EHLO response announces XFORWARD support.
389
391 smtp_sasl_auth_enable (no)
392 Enable SASL authentication in the Postfix SMTP client.
393 smtp_sasl_password_maps (empty)
395 Optional Postfix SMTP client lookup tables with one user‐
396 name:password entry per sender, remote hostname or next-hop
397 domain.
398 smtp_sasl_security_options (noplaintext, noanonymous)
400 Postfix SMTP client SASL security options; as of Postfix 2.3 the
401 list of available features depends on the SASL client implemen‐
402 tation that is selected with smtp_sasl_type.
403 Available in Postfix version 2.2 and later:
405 smtp_sasl_mechanism_filter (empty)
407 If non-empty, a Postfix SMTP client filter for the remote SMTP
408 server's list of offered SASL mechanisms.
409 Available in Postfix version 2.3 and later:
411 smtp_sender_dependent_authentication (no)
413 Enable sender-dependent authentication in the Postfix SMTP
414 client; this is available only with SASL authentication, and
415 disables SMTP connection caching to ensure that mail from dif‐
416 ferent senders will use the appropriate credentials.
417 smtp_sasl_path (empty)
419 Implementation-specific information that the Postfix SMTP client
420 passes through to the SASL plug-in implementation that is
421 selected with smtp_sasl_type.
422 smtp_sasl_type (cyrus)
424 The SASL plug-in type that the Postfix SMTP client should use
425 for authentication.
426 Available in Postfix version 2.5 and later:
428 smtp_sasl_auth_cache_name (empty)
430 An optional table to prevent repeated SASL authentication fail‐
431 ures with the same remote SMTP server hostname, username and
432 password.
433 smtp_sasl_auth_cache_time (90d)
435 The maximal age of an smtp_sasl_auth_cache_name entry before it
436 is removed.
437 smtp_sasl_auth_soft_bounce (yes)
439 When a remote SMTP server rejects a SASL authentication request
440 with a 535 reply code, defer mail delivery instead of returning
441 mail as undeliverable.
442 Available in Postfix version 2.9 and later:
444 smtp_send_dummy_mail_auth (no)
446 Whether or not to append the "AUTH=<>" option to the MAIL FROM
447 command in SASL-authenticated SMTP sessions.
448
450 Detailed information about STARTTLS configuration may be found in the
451 TLS_README document.
452 smtp_tls_security_level (empty)
454 The default SMTP TLS security level for the Postfix SMTP client;
455 when a non-empty value is specified, this overrides the obsolete
456 parameters smtp_use_tls, smtp_enforce_tls, and
457 smtp_tls_enforce_peername.
458 smtp_sasl_tls_security_options ($smtp_sasl_security_options)
460 The SASL authentication security options that the Postfix SMTP
461 client uses for TLS encrypted SMTP sessions.
462 smtp_starttls_timeout (300s)
464 Time limit for Postfix SMTP client write and read operations
465 during TLS startup and shutdown handshake procedures.
466 smtp_tls_CAfile (empty)
468 A file containing CA certificates of root CAs trusted to sign
469 either remote SMTP server certificates or intermediate CA cer‐
470 tificates.
471 smtp_tls_CApath (empty)
473 Directory with PEM format Certification Authority certificates
474 that the Postfix SMTP client uses to verify a remote SMTP server
475 certificate.
476 smtp_tls_cert_file (empty)
478 File with the Postfix SMTP client RSA certificate in PEM format.
479 smtp_tls_mandatory_ciphers (medium)
481 The minimum TLS cipher grade that the Postfix SMTP client will
482 use with mandatory TLS encryption.
483 smtp_tls_exclude_ciphers (empty)
485 List of ciphers or cipher types to exclude from the Postfix SMTP
486 client cipher list at all TLS security levels.
487 smtp_tls_mandatory_exclude_ciphers (empty)
489 Additional list of ciphers or cipher types to exclude from the
490 Postfix SMTP client cipher list at mandatory TLS security lev‐
491 els.
492 smtp_tls_dcert_file (empty)
494 File with the Postfix SMTP client DSA certificate in PEM format.
495 smtp_tls_dkey_file ($smtp_tls_dcert_file)
497 File with the Postfix SMTP client DSA private key in PEM format.
498 smtp_tls_key_file ($smtp_tls_cert_file)
500 File with the Postfix SMTP client RSA private key in PEM format.
501 smtp_tls_loglevel (0)
503 Enable additional Postfix SMTP client logging of TLS activity.
504 smtp_tls_note_starttls_offer (no)
506 Log the hostname of a remote SMTP server that offers STARTTLS,
507 when TLS is not already enabled for that server.
508 smtp_tls_policy_maps (empty)
510 Optional lookup tables with the Postfix SMTP client TLS security
511 policy by next-hop destination; when a non-empty value is speci‐
512 fied, this overrides the obsolete smtp_tls_per_site parameter.
513 smtp_tls_mandatory_protocols (!SSLv2, !SSLv3)
515 List of SSL/TLS protocols that the Postfix SMTP client will use
516 with mandatory TLS encryption.
517 smtp_tls_scert_verifydepth (9)
519 The verification depth for remote SMTP server certificates.
520 smtp_tls_secure_cert_match (nexthop, dot-nexthop)
522 How the Postfix SMTP client verifies the server certificate
523 peername for the "secure" TLS security level.
524 smtp_tls_session_cache_database (empty)
526 Name of the file containing the optional Postfix SMTP client TLS
527 session cache.
528 smtp_tls_session_cache_timeout (3600s)
530 The expiration time of Postfix SMTP client TLS session cache
531 information.
532 smtp_tls_verify_cert_match (hostname)
534 How the Postfix SMTP client verifies the server certificate
535 peername for the "verify" TLS security level.
536 tls_daemon_random_bytes (32)
538 The number of pseudo-random bytes that an smtp(8) or smtpd(8)
539 process requests from the tlsmgr(8) server in order to seed its
540 internal pseudo random number generator (PRNG).
541 tls_high_cipherlist (see 'postconf -d' output)
543 The OpenSSL cipherlist for "high" grade ciphers.
544 tls_medium_cipherlist (see 'postconf -d' output)
546 The OpenSSL cipherlist for "medium" or higher grade ciphers.
547 tls_low_cipherlist (see 'postconf -d' output)
549 The OpenSSL cipherlist for "low" or higher grade ciphers.
550 tls_export_cipherlist (see 'postconf -d' output)
552 The OpenSSL cipherlist for "export" or higher grade ciphers.
553 tls_null_cipherlist (eNULL:!aNULL)
555 The OpenSSL cipherlist for "NULL" grade ciphers that provide
556 authentication without encryption.
557 Available in Postfix version 2.4 and later:
559 smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_secu‐
561 rity_options)
562 The SASL authentication security options that the Postfix SMTP
563 client uses for TLS encrypted SMTP sessions with a verified
564 server certificate.
565 Available in Postfix version 2.5 and later:
567 smtp_tls_fingerprint_cert_match (empty)
569 List of acceptable remote SMTP server certificate fingerprints
570 for the "fingerprint" TLS security level (smtp_tls_secu‐
571 rity_level = fingerprint).
572 smtp_tls_fingerprint_digest (md5)
574 The message digest algorithm used to construct remote SMTP
575 server certificate fingerprints.
576 Available in Postfix version 2.6 and later:
578 smtp_tls_protocols (!SSLv2, !SSLv3)
580 List of TLS protocols that the Postfix SMTP client will exclude
581 or include with opportunistic TLS encryption.
582 smtp_tls_ciphers (medium)
584 The minimum TLS cipher grade that the Postfix SMTP client will
585 use with opportunistic TLS encryption.
586 smtp_tls_eccert_file (empty)
588 File with the Postfix SMTP client ECDSA certificate in PEM for‐
589 mat.
590 smtp_tls_eckey_file ($smtp_tls_eccert_file)
592 File with the Postfix SMTP client ECDSA private key in PEM for‐
593 mat.
594 Available in Postfix version 2.7 and later:
596 smtp_tls_block_early_mail_reply (no)
598 Try to detect a mail hijacking attack based on a TLS protocol
599 vulnerability (CVE-2009-3555), where an attacker prepends mali‐
600 cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
601 TLS session.
602 Available in Postfix version 2.8 and later:
604 tls_disable_workarounds (see 'postconf -d' output)
606 List or bit-mask of OpenSSL bug work-arounds to disable.
607 Available in Postfix version 2.11-3.1:
609 tls_dane_digest_agility (on)
611 Configure RFC7671 DANE TLSA digest algorithm agility.
612 tls_dane_trust_anchor_digest_enable (yes)
614 Enable support for RFC 6698 (DANE TLSA) DNS records that contain
615 digests of trust-anchors with certificate usage "2".
616 Available in Postfix version 2.11 and later:
618 smtp_tls_trust_anchor_file (empty)
620 Zero or more PEM-format files with trust-anchor certificates
621 and/or public keys.
622 smtp_tls_force_insecure_host_tlsa_lookup (no)
624 Lookup the associated DANE TLSA RRset even when a hostname is
625 not an alias and its address records lie in an unsigned zone.
626 tlsmgr_service_name (tlsmgr)
628 The name of the tlsmgr(8) service entry in master.cf.
629 Available in Postfix version 3.0 and later:
631 smtp_tls_wrappermode (no)
633 Request that the Postfix SMTP client connects using the legacy
634 SMTPS protocol instead of using the STARTTLS command.
635 Available in Postfix version 3.1 and later:
637 smtp_tls_dane_insecure_mx_policy (dane)
639 The TLS policy for MX hosts with "secure" TLSA records when the
640 nexthop destination security level is dane, but the MX record
641 was found via an "insecure" MX lookup.
642 Available in Postfix version 3.4 and later:
644 smtp_tls_connection_reuse (no)
646 Try to make multiple deliveries per TLS-encrypted connection.
647 smtp_tls_chain_files (empty)
649 List of one or more PEM files, each holding one or more private
650 keys directly followed by a corresponding certificate chain.
651 smtp_tls_servername (empty)
653 Optional name to send to the remote SMTP server in the TLS
654 Server Name Indication (SNI) extension.
655 Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
657 tls_fast_shutdown_enable (yes)
659 A workaround for implementations that hang Postfix while shut‐
660 ting down a TLS session, until Postfix times out.
661
663 The following configuration parameters exist for compatibility with
664 Postfix versions before 2.3. Support for these will be removed in a
665 future release.
666 smtp_use_tls (no)
668 Opportunistic mode: use TLS when a remote SMTP server announces
669 STARTTLS support, otherwise send the mail in the clear.
670 smtp_enforce_tls (no)
672 Enforcement mode: require that remote SMTP servers use TLS
673 encryption, and never send mail in the clear.
674 smtp_tls_enforce_peername (yes)
676 With mandatory TLS encryption, require that the remote SMTP
677 server hostname matches the information in the remote SMTP
678 server certificate.
679 smtp_tls_per_site (empty)
681 Optional lookup tables with the Postfix SMTP client TLS usage
682 policy by next-hop destination and by remote SMTP server host‐
683 name.
684 smtp_tls_cipherlist (empty)
686 Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
687 cipher list.
688
690 smtp_connect_timeout (30s)
691 The Postfix SMTP client time limit for completing a TCP connec‐
692 tion, or zero (use the operating system built-in time limit).
693 smtp_helo_timeout (300s)
695 The Postfix SMTP client time limit for sending the HELO or EHLO
696 command, and for receiving the initial remote SMTP server
697 response.
698 lmtp_lhlo_timeout (300s)
700 The Postfix LMTP client time limit for sending the LHLO command,
701 and for receiving the initial remote LMTP server response.
702 smtp_xforward_timeout (300s)
704 The Postfix SMTP client time limit for sending the XFORWARD com‐
705 mand, and for receiving the remote SMTP server response.
706 smtp_mail_timeout (300s)
708 The Postfix SMTP client time limit for sending the MAIL FROM
709 command, and for receiving the remote SMTP server response.
710 smtp_rcpt_timeout (300s)
712 The Postfix SMTP client time limit for sending the SMTP RCPT TO
713 command, and for receiving the remote SMTP server response.
714 smtp_data_init_timeout (120s)
716 The Postfix SMTP client time limit for sending the SMTP DATA
717 command, and for receiving the remote SMTP server response.
718 smtp_data_xfer_timeout (180s)
720 The Postfix SMTP client time limit for sending the SMTP message
721 content.
722 smtp_data_done_timeout (600s)
724 The Postfix SMTP client time limit for sending the SMTP ".", and
725 for receiving the remote SMTP server response.
726 smtp_quit_timeout (300s)
728 The Postfix SMTP client time limit for sending the QUIT command,
729 and for receiving the remote SMTP server response.
730 Available in Postfix version 2.1 and later:
732 smtp_mx_address_limit (5)
734 The maximal number of MX (mail exchanger) IP addresses that can
735 result from Postfix SMTP client mail exchanger lookups, or zero
736 (no limit).
737 smtp_mx_session_limit (2)
739 The maximal number of SMTP sessions per delivery request before
740 the Postfix SMTP client gives up or delivers to a fall-back
741 relay host, or zero (no limit).
742 smtp_rset_timeout (20s)
744 The Postfix SMTP client time limit for sending the RSET command,
745 and for receiving the remote SMTP server response.
746 Available in Postfix version 2.2 and earlier:
748 lmtp_cache_connection (yes)
750 Keep Postfix LMTP client connections open for up to $max_idle
751 seconds.
752 Available in Postfix version 2.2 and later:
754 smtp_connection_cache_destinations (empty)
756 Permanently enable SMTP connection caching for the specified
757 destinations.
758 smtp_connection_cache_on_demand (yes)
760 Temporarily enable SMTP connection caching while a destination
761 has a high volume of mail in the active queue.
762 smtp_connection_reuse_time_limit (300s)
764 The amount of time during which Postfix will use an SMTP connec‐
765 tion repeatedly.
766 smtp_connection_cache_time_limit (2s)
768 When SMTP connection caching is enabled, the amount of time that
769 an unused SMTP client socket is kept open before it is closed.
770 Available in Postfix version 2.3 and later:
772 connection_cache_protocol_timeout (5s)
774 Time limit for connection cache connect, send or receive opera‐
775 tions.
776 Available in Postfix version 2.9 and later:
778 smtp_per_record_deadline (no)
780 Change the behavior of the smtp_*_timeout time limits, from a
781 time limit per read or write system call, to a time limit to
782 send or receive a complete record (an SMTP command line, SMTP
783 response line, SMTP message content line, or TLS protocol mes‐
784 sage).
785 Available in Postfix version 2.11 and later:
787 smtp_connection_reuse_count_limit (0)
789 When SMTP connection caching is enabled, the number of times
790 that an SMTP session may be reused before it is closed, or zero
791 (no limit).
792 Available in Postfix version 3.4 and later:
794 smtp_tls_connection_reuse (no)
796 Try to make multiple deliveries per TLS-encrypted connection.
797 Implemented in the qmgr(8) daemon:
799 transport_destination_concurrency_limit ($default_destination_concur‐
801 rency_limit)
802 A transport-specific override for the default_destination_con‐
803 currency_limit parameter value, where transport is the master.cf
804 name of the message delivery transport.
805 transport_destination_recipient_limit ($default_destination_recipi‐
807 ent_limit)
808 A transport-specific override for the default_destination_recip‐
809 ient_limit parameter value, where transport is the master.cf
810 name of the message delivery transport.
811
813 Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
814 smtputf8_enable (yes)
816 Enable preliminary SMTPUTF8 support for the protocols described
817 in RFC 6531..6533.
818 smtputf8_autodetect_classes (sendmail, verify)
820 Detect that a message requires SMTPUTF8 support for the speci‐
821 fied mail origin classes.
822 Available in Postfix version 3.2 and later:
824 enable_idna2003_compatibility (no)
826 Enable 'transitional' compatibility between IDNA2003 and
827 IDNA2008, when converting UTF-8 domain names to/from the ASCII
828 form that is used for DNS lookups.
829
831 debug_peer_level (2)
832 The increment in verbose logging level when a remote client or
833 server matches a pattern in the debug_peer_list parameter.
834 debug_peer_list (empty)
836 Optional list of remote client or server hostname or network
837 address patterns that cause the verbose logging level to
838 increase by the amount specified in $debug_peer_level.
839 error_notice_recipient (postmaster)
841 The recipient of postmaster notifications about mail delivery
842 problems that are caused by policy, resource, software or proto‐
843 col errors.
844 internal_mail_filter_classes (empty)
846 What categories of Postfix-generated mail are subject to
847 before-queue content inspection by non_smtpd_milters,
848 header_checks and body_checks.
849 notify_classes (resource, software)
851 The list of error classes that are reported to the postmaster.
852
854 best_mx_transport (empty)
855 Where the Postfix SMTP client should deliver mail when it
856 detects a "mail loops back to myself" error condition.
857 config_directory (see 'postconf -d' output)
859 The default location of the Postfix main.cf and master.cf con‐
860 figuration files.
861 daemon_timeout (18000s)
863 How much time a Postfix daemon process may take to handle a
864 request before it is terminated by a built-in watchdog timer.
865 delay_logging_resolution_limit (2)
867 The maximal number of digits after the decimal point when log‐
868 ging sub-second delay values.
869 disable_dns_lookups (no)
871 Disable DNS lookups in the Postfix SMTP and LMTP clients.
872 inet_interfaces (all)
874 The network interface addresses that this mail system receives
875 mail on.
876 inet_protocols (all)
878 The Internet protocols Postfix will attempt to use when making
879 or accepting connections.
880 ipc_timeout (3600s)
882 The time limit for sending or receiving information over an
883 internal communication channel.
884 lmtp_assume_final (no)
886 When a remote LMTP server announces no DSN support, assume that
887 the server performs final delivery, and send "delivered" deliv‐
888 ery status notifications instead of "relayed".
889 lmtp_tcp_port (24)
891 The default TCP port that the Postfix LMTP client connects to.
892 max_idle (100s)
894 The maximum amount of time that an idle Postfix daemon process
895 waits for an incoming connection before terminating voluntarily.
896 max_use (100)
898 The maximal number of incoming connections that a Postfix daemon
899 process will service before terminating voluntarily.
900 process_id (read-only)
902 The process ID of a Postfix command or daemon process.
903 process_name (read-only)
905 The process name of a Postfix command or daemon process.
906 proxy_interfaces (empty)
908 The network interface addresses that this mail system receives
909 mail on by way of a proxy or network address translation unit.
910 smtp_address_preference (any)
912 The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
913 client will try first, when a destination has IPv6 and IPv4
914 addresses with equal MX preference.
915 smtp_bind_address (empty)
917 An optional numerical network address that the Postfix SMTP
918 client should bind to when making an IPv4 connection.
919 smtp_bind_address6 (empty)
921 An optional numerical network address that the Postfix SMTP
922 client should bind to when making an IPv6 connection.
923 smtp_helo_name ($myhostname)
925 The hostname to send in the SMTP HELO or EHLO command.
926 lmtp_lhlo_name ($myhostname)
928 The hostname to send in the LMTP LHLO command.
929 smtp_host_lookup (dns)
931 What mechanisms the Postfix SMTP client uses to look up a host's
932 IP address.
933 smtp_randomize_addresses (yes)
935 Randomize the order of equal-preference MX host addresses.
936 syslog_facility (mail)
938 The syslog facility of Postfix logging.
939 syslog_name (see 'postconf -d' output)
941 A prefix that is prepended to the process name in syslog
942 records, so that, for example, "smtpd" becomes "prefix/smtpd".
943 Available with Postfix 2.2 and earlier:
945 fallback_relay (empty)
947 Optional list of relay hosts for SMTP destinations that can't be
948 found or that are unreachable.
949 Available with Postfix 2.3 and later:
951 smtp_fallback_relay ($fallback_relay)
953 Optional list of relay hosts for SMTP destinations that can't be
954 found or that are unreachable.
955 Available with Postfix 3.0 and later:
957 smtp_address_verify_target (rcpt)
959 In the context of email address verification, the SMTP protocol
960 stage that determines whether an email address is deliverable.
961 Available with Postfix 3.1 and later:
963 lmtp_fallback_relay (empty)
965 Optional list of relay hosts for LMTP destinations that can't be
966 found or that are unreachable.
967 Available with Postfix 3.2 and later:
969 smtp_tcp_port (smtp)
971 The default TCP port that the Postfix SMTP client connects to.
972 Available in Postfix 3.3 and later:
974 service_name (read-only)
976 The master.cf service name of a Postfix daemon process.
977
979 generic(5), output address rewriting
980 header_checks(5), message header content inspection
981 body_checks(5), body parts content inspection
982 qmgr(8), queue manager
983 bounce(8), delivery status reports
984 scache(8), connection cache server
985 postconf(5), configuration parameters
986 master(5), generic daemon options
987 master(8), process manager
988 tlsmgr(8), TLS session and PRNG management
989 postlogd(8), Postfix logging
990 syslogd(8), system logging
991
993 Use "postconf readme_directory" or "postconf html_directory" to locate
994 this information.
995 SASL_README, Postfix SASL howto
996 TLS_README, Postfix STARTTLS howto
997
999 The Secure Mailer license must be distributed with this software.
1000
1002 Wietse Venema
1003 IBM T.J. Watson Research
1004 P.O. Box 704
1005 Yorktown Heights, NY 10598, USA
1006 Wietse Venema
1008 Google, Inc.
1009 111 8th Avenue
1010 New York, NY 10011, USA
1011 Command pipelining in cooperation with:
1013 Jon Ribbens
1014 Oaktree Internet Solutions Ltd.,
1015 Internet House,
1016 Canal Basin,
1017 Coventry,
1018 CV1 4LY, United Kingdom.
1019 SASL support originally by:
1021 Till Franke
1022 SuSE Rhein/Main AG
1023 65760 Eschborn, Germany
1024 TLS support originally by:
1026 Lutz Jaenicke
1027 BTU Cottbus
1028 Allgemeine Elektrotechnik
1029 Universitaetsplatz 3-4
1030 D-03044 Cottbus, Germany
1031 Revised TLS and SMTP connection cache support by:
1033 Victor Duchovni
1034 Morgan Stanley
1035 SMTP(8)