1CLEANUP(8) System Manager's Manual CLEANUP(8)
2
6 cleanup - canonicalize and enqueue Postfix message
7
9 cleanup [generic Postfix daemon options]
10
12 The cleanup(8) daemon processes inbound mail, inserts it into the in‐
13 coming mail queue, and informs the queue manager of its arrival.
14 The cleanup(8) daemon performs the following transformations:
16 • Insert missing message headers: (Resent-) From:, To:, Mes‐
18 sage-Id:, and Date:.
19 This is enabled with the local_header_rewrite_clients and al‐
20 ways_add_missing_headers parameter settings.
21 • Transform envelope and header addresses to the standard
23 user@fully-qualified-domain form that is expected by other Post‐
24 fix programs. This task depends on the trivial-rewrite(8) dae‐
25 mon.
26 The header transformation is enabled with the local_header_re‐
27 write_clients parameter setting.
28 • Eliminate duplicate envelope recipient addresses.
30 This is enabled with the duplicate_filter_limit parameter set‐
31 ting.
32 • Remove message headers: Bcc, Content-Length, Resent-Bcc, Re‐
34 turn-Path.
35 This is enabled with the message_drop_headers parameter setting.
36 • Optionally, rewrite all envelope and header addresses according
38 to the mappings specified in the canonical(5) lookup tables.
39 The header transformation is enabled with the local_header_re‐
40 write_clients parameter setting.
41 • Optionally, masquerade envelope sender addresses and message
43 header addresses (i.e. strip host or domain information below
44 all domains listed in the masquerade_domains parameter, except
45 for user names listed in masquerade_exceptions). By default,
46 address masquerading does not affect envelope recipients.
47 The header transformation is enabled with the local_header_re‐
48 write_clients parameter setting.
49 • Optionally, expand envelope recipients according to information
51 found in the virtual_alias_maps lookup tables.
52 The cleanup(8) daemon performs sanity checks on the content of each
54 message. When it finds a problem, by default it returns a diagnostic
55 status to the cleanup service client, and leaves it up to the client to
56 deal with the problem. Alternatively, the client can request the
57 cleanup(8) daemon to bounce the message back to the sender in case of
58 trouble.
59
61 RFC 822 (ARPA Internet Text Messages)
62 RFC 2045 (MIME: Format of Internet Message Bodies)
63 RFC 2046 (MIME: Media Types)
64 RFC 2822 (Internet Message Format)
65 RFC 3463 (Enhanced Status Codes)
66 RFC 3464 (Delivery status notifications)
67 RFC 5322 (Internet Message Format)
68
70 Problems and transactions are logged to syslogd(8) or postlogd(8).
71
73 Table-driven rewriting rules make it hard to express if then else and
74 other logical relationships.
75
77 Changes to main.cf are picked up automatically, as cleanup(8) processes
78 run for only a limited amount of time. Use the command "postfix reload"
79 to speed up a change.
80 The text below provides only a parameter summary. See postconf(5) for
82 more details including examples.
83
85 undisclosed_recipients_header (see 'postconf -d' output)
86 Message header that the Postfix cleanup(8) server inserts when a
87 message contains no To: or Cc: message header.
88 Available in Postfix version 2.1 only:
90 enable_errors_to (no)
92 Report mail delivery errors to the address specified with the
93 non-standard Errors-To: message header, instead of the envelope
94 sender address (this feature is removed with Postfix version
95 2.2, is turned off by default with Postfix version 2.1, and is
96 always turned on with older Postfix versions).
97 Available in Postfix version 2.6 and later:
99 always_add_missing_headers (no)
101 Always add (Resent-) From:, To:, Date: or Message-ID: headers
102 when not present.
103 Available in Postfix version 2.9 and later:
105 enable_long_queue_ids (no)
107 Enable long, non-repeating, queue IDs (queue file names).
108 Available in Postfix version 3.0 and later:
110 message_drop_headers (bcc, content-length, resent-bcc, return-path)
112 Names of message headers that the cleanup(8) daemon will remove
113 after applying header_checks(5) and before invoking Milter ap‐
114 plications.
115
117 Postfix built-in content filtering is meant to stop a flood of worms or
118 viruses. It is not a general content filter.
119 body_checks (empty)
121 Optional lookup tables for content inspection as specified in
122 the body_checks(5) manual page.
123 header_checks (empty)
125 Optional lookup tables for content inspection of primary
126 non-MIME message headers, as specified in the header_checks(5)
127 manual page.
128 Available in Postfix version 2.0 and later:
130 body_checks_size_limit (51200)
132 How much text in a message body segment (or attachment, if you
133 prefer to use that term) is subjected to body_checks inspection.
134 mime_header_checks ($header_checks)
136 Optional lookup tables for content inspection of MIME related
137 message headers, as described in the header_checks(5) manual
138 page.
139 nested_header_checks ($header_checks)
141 Optional lookup tables for content inspection of non-MIME mes‐
142 sage headers in attached messages, as described in the
143 header_checks(5) manual page.
144 Available in Postfix version 2.3 and later:
146 message_reject_characters (empty)
148 The set of characters that Postfix will reject in message con‐
149 tent.
150 message_strip_characters (empty)
152 The set of characters that Postfix will remove from message con‐
153 tent.
154
156 As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
157 filter) protocol. When mail is not received via the smtpd(8) server,
158 the cleanup(8) server will simulate SMTP events to the extent that this
159 is possible. For details see the MILTER_README document.
160 non_smtpd_milters (empty)
162 A list of Milter (mail filter) applications for new mail that
163 does not arrive via the Postfix smtpd(8) server.
164 milter_protocol (6)
166 The mail filter protocol version and optional protocol exten‐
167 sions for communication with a Milter application; prior to
168 Postfix 2.6 the default protocol is 2.
169 milter_default_action (tempfail)
171 The default action when a Milter (mail filter) response is un‐
172 available (for example, bad Postfix configuration or Milter
173 failure).
174 milter_macro_daemon_name ($myhostname)
176 The {daemon_name} macro value for Milter (mail filter) applica‐
177 tions.
178 milter_macro_v ($mail_name $mail_version)
180 The {v} macro value for Milter (mail filter) applications.
181 milter_connect_timeout (30s)
183 The time limit for connecting to a Milter (mail filter) applica‐
184 tion, and for negotiating protocol options.
185 milter_command_timeout (30s)
187 The time limit for sending an SMTP command to a Milter (mail
188 filter) application, and for receiving the response.
189 milter_content_timeout (300s)
191 The time limit for sending message content to a Milter (mail
192 filter) application, and for receiving the response.
193 milter_connect_macros (see 'postconf -d' output)
195 The macros that are sent to Milter (mail filter) applications
196 after completion of an SMTP connection.
197 milter_helo_macros (see 'postconf -d' output)
199 The macros that are sent to Milter (mail filter) applications
200 after the SMTP HELO or EHLO command.
201 milter_mail_macros (see 'postconf -d' output)
203 The macros that are sent to Milter (mail filter) applications
204 after the SMTP MAIL FROM command.
205 milter_rcpt_macros (see 'postconf -d' output)
207 The macros that are sent to Milter (mail filter) applications
208 after the SMTP RCPT TO command.
209 milter_data_macros (see 'postconf -d' output)
211 The macros that are sent to version 4 or higher Milter (mail
212 filter) applications after the SMTP DATA command.
213 milter_unknown_command_macros (see 'postconf -d' output)
215 The macros that are sent to version 3 or higher Milter (mail
216 filter) applications after an unknown SMTP command.
217 milter_end_of_data_macros (see 'postconf -d' output)
219 The macros that are sent to Milter (mail filter) applications
220 after the message end-of-data.
221 Available in Postfix version 2.5 and later:
223 milter_end_of_header_macros (see 'postconf -d' output)
225 The macros that are sent to Milter (mail filter) applications
226 after the end of the message header.
227 Available in Postfix version 2.7 and later:
229 milter_header_checks (empty)
231 Optional lookup tables for content inspection of message headers
232 that are produced by Milter applications.
233 Available in Postfix version 3.1 and later:
235 milter_macro_defaults (empty)
237 Optional list of name=value pairs that specify default values
238 for arbitrary macros that Postfix may send to Milter applica‐
239 tions.
240
242 Available in Postfix version 2.0 and later:
243 disable_mime_input_processing (no)
245 Turn off MIME processing while receiving mail.
246 mime_boundary_length_limit (2048)
248 The maximal length of MIME multipart boundary strings.
249 mime_nesting_limit (100)
251 The maximal recursion level that the MIME processor will handle.
252 strict_8bitmime (no)
254 Enable both strict_7bit_headers and strict_8bitmime_body.
255 strict_7bit_headers (no)
257 Reject mail with 8-bit text in message headers.
258 strict_8bitmime_body (no)
260 Reject 8-bit message body text without 8-bit MIME content encod‐
261 ing information.
262 strict_mime_encoding_domain (no)
264 Reject mail with invalid Content-Transfer-Encoding: information
265 for the message/* or multipart/* MIME content types.
266 Available in Postfix version 2.5 and later:
268 detect_8bit_encoding_header (yes)
270 Automatically detect 8BITMIME body content by looking at Con‐
271 tent-Transfer-Encoding: message headers; historically, this be‐
272 havior was hard-coded to be "always on".
273
275 Postfix can automatically add BCC (blind carbon copy) when mail enters
276 the mail system:
277 always_bcc (empty)
279 Optional address that receives a "blind carbon copy" of each
280 message that is received by the Postfix mail system.
281 Available in Postfix version 2.1 and later:
283 sender_bcc_maps (empty)
285 Optional BCC (blind carbon-copy) address lookup tables, indexed
286 by sender address.
287 recipient_bcc_maps (empty)
289 Optional BCC (blind carbon-copy) address lookup tables, indexed
290 by recipient address.
291
293 Address rewriting is delegated to the trivial-rewrite(8) daemon. The
294 cleanup(8) server implements table driven address mapping.
295 empty_address_recipient (MAILER-DAEMON)
297 The recipient of mail addressed to the null address.
298 canonical_maps (empty)
300 Optional address mapping lookup tables for message headers and
301 envelopes.
302 recipient_canonical_maps (empty)
304 Optional address mapping lookup tables for envelope and header
305 recipient addresses.
306 sender_canonical_maps (empty)
308 Optional address mapping lookup tables for envelope and header
309 sender addresses.
310 masquerade_classes (envelope_sender, header_sender, header_recipient)
312 What addresses are subject to address masquerading.
313 masquerade_domains (empty)
315 Optional list of domains whose subdomain structure will be
316 stripped off in email addresses.
317 masquerade_exceptions (empty)
319 Optional list of user names that are not subjected to address
320 masquerading, even when their addresses match $masquerade_do‐
321 mains.
322 propagate_unmatched_extensions (canonical, virtual)
324 What address lookup tables copy an address extension from the
325 lookup key to the lookup result.
326 Available before Postfix version 2.0:
328 virtual_maps (empty)
330 Optional lookup tables with a) names of domains for which all
331 addresses are aliased to addresses in other local or remote do‐
332 mains, and b) addresses that are aliased to addresses in other
333 local or remote domains.
334 Available in Postfix version 2.0 and later:
336 virtual_alias_maps ($virtual_maps)
338 Optional lookup tables that alias specific mail addresses or do‐
339 mains to other local or remote address.
340 Available in Postfix version 2.2 and later:
342 canonical_classes (envelope_sender, envelope_recipient, header_sender,
344 header_recipient)
345 What addresses are subject to canonical_maps address mapping.
346 recipient_canonical_classes (envelope_recipient, header_recipient)
348 What addresses are subject to recipient_canonical_maps address
349 mapping.
350 sender_canonical_classes (envelope_sender, header_sender)
352 What addresses are subject to sender_canonical_maps address map‐
353 ping.
354 remote_header_rewrite_domain (empty)
356 Don't rewrite message headers from remote clients at all when
357 this parameter is empty; otherwise, rewrite message headers and
358 append the specified domain name to incomplete addresses.
359
361 duplicate_filter_limit (1000)
362 The maximal number of addresses remembered by the address dupli‐
363 cate filter for aliases(5) or virtual(5) alias expansion, or for
364 showq(8) queue displays.
365 header_size_limit (102400)
367 The maximal amount of memory in bytes for storing a message
368 header.
369 hopcount_limit (50)
371 The maximal number of Received: message headers that is allowed
372 in the primary message headers.
373 in_flow_delay (1s)
375 Time to pause before accepting a new message, when the message
376 arrival rate exceeds the message delivery rate.
377 message_size_limit (10240000)
379 The maximal size in bytes of a message, including envelope in‐
380 formation.
381 Available in Postfix version 2.0 and later:
383 header_address_token_limit (10240)
385 The maximal number of address tokens are allowed in an address
386 message header.
387 mime_boundary_length_limit (2048)
389 The maximal length of MIME multipart boundary strings.
390 mime_nesting_limit (100)
392 The maximal recursion level that the MIME processor will handle.
393 queue_file_attribute_count_limit (100)
395 The maximal number of (name=value) attributes that may be stored
396 in a Postfix queue file.
397 Available in Postfix version 2.1 and later:
399 virtual_alias_expansion_limit (1000)
401 The maximal number of addresses that virtual alias expansion
402 produces from each original recipient.
403 virtual_alias_recursion_limit (1000)
405 The maximal nesting depth of virtual alias expansion.
406 Available in Postfix version 3.0 and later:
408 virtual_alias_address_length_limit (1000)
410 The maximal length of an email address after virtual alias ex‐
411 pansion.
412
414 Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
415 smtputf8_enable (yes)
417 Enable preliminary SMTPUTF8 support for the protocols described
418 in RFC 6531..6533.
419 smtputf8_autodetect_classes (sendmail, verify)
421 Detect that a message requires SMTPUTF8 support for the speci‐
422 fied mail origin classes.
423 Available in Postfix version 3.2 and later:
425 enable_idna2003_compatibility (no)
427 Enable 'transitional' compatibility between IDNA2003 and
428 IDNA2008, when converting UTF-8 domain names to/from the ASCII
429 form that is used for DNS lookups.
430
432 config_directory (see 'postconf -d' output)
433 The default location of the Postfix main.cf and master.cf con‐
434 figuration files.
435 daemon_timeout (18000s)
437 How much time a Postfix daemon process may take to handle a re‐
438 quest before it is terminated by a built-in watchdog timer.
439 delay_logging_resolution_limit (2)
441 The maximal number of digits after the decimal point when log‐
442 ging sub-second delay values.
443 delay_warning_time (0h)
445 The time after which the sender receives a copy of the message
446 headers of mail that is still queued.
447 ipc_timeout (3600s)
449 The time limit for sending or receiving information over an in‐
450 ternal communication channel.
451 max_idle (100s)
453 The maximum amount of time that an idle Postfix daemon process
454 waits for an incoming connection before terminating voluntarily.
455 max_use (100)
457 The maximal number of incoming connections that a Postfix daemon
458 process will service before terminating voluntarily.
459 myhostname (see 'postconf -d' output)
461 The internet hostname of this mail system.
462 myorigin ($myhostname)
464 The domain name that locally-posted mail appears to come from,
465 and that locally posted mail is delivered to.
466 process_id (read-only)
468 The process ID of a Postfix command or daemon process.
469 process_name (read-only)
471 The process name of a Postfix command or daemon process.
472 queue_directory (see 'postconf -d' output)
474 The location of the Postfix top-level queue directory.
475 soft_bounce (no)
477 Safety net to keep mail queued that would otherwise be returned
478 to the sender.
479 syslog_facility (mail)
481 The syslog facility of Postfix logging.
482 syslog_name (see 'postconf -d' output)
484 A prefix that is prepended to the process name in syslog
485 records, so that, for example, "smtpd" becomes "prefix/smtpd".
486 Available in Postfix version 2.1 and later:
488 enable_original_recipient (yes)
490 Enable support for the original recipient address after an ad‐
491 dress is rewritten to a different address (for example with
492 aliasing or with canonical mapping).
493 Available in Postfix 3.3 and later:
495 service_name (read-only)
497 The master.cf service name of a Postfix daemon process.
498 Available in Postfix 3.5 and later:
500 info_log_address_format (external)
502 The email address form that will be used in non-debug logging
503 (info, warning, etc.).
504
506 /etc/postfix/canonical*, canonical mapping table
507 /etc/postfix/virtual*, virtual mapping table
508
510 trivial-rewrite(8), address rewriting
511 qmgr(8), queue manager
512 header_checks(5), message header content inspection
513 body_checks(5), body parts content inspection
514 canonical(5), canonical address lookup table format
515 virtual(5), virtual alias lookup table format
516 postconf(5), configuration parameters
517 master(5), generic daemon options
518 master(8), process manager
519 postlogd(8), Postfix logging
520 syslogd(8), system logging
521
523 Use "postconf readme_directory" or "postconf html_directory" to locate
524 this information.
525 ADDRESS_REWRITING_README Postfix address manipulation
526 CONTENT_INSPECTION_README content inspection
527
529 The Secure Mailer license must be distributed with this software.
530
532 Wietse Venema
533 IBM T.J. Watson Research
534 P.O. Box 704
535 Yorktown Heights, NY 10598, USA
536 Wietse Venema
538 Google, Inc.
539 111 8th Avenue
540 New York, NY 10011, USA
541 CLEANUP(8)