1VERIFY(8) System Manager's Manual VERIFY(8)
2
6 verify - Postfix address verification server
7
9 verify [generic Postfix daemon options]
10
12 The verify(8) address verification server maintains a record of what
13 recipient addresses are known to be deliverable or undeliverable.
14 Addresses are verified by injecting probe messages into the Postfix
16 queue. Probe messages are run through all the routing and rewriting
17 machinery except for final delivery, and are discarded rather than
18 being deferred or bounced.
19 Address verification relies on the answer from the nearest MTA for the
21 specified address, and will therefore not detect all undeliverable
22 addresses.
23 The verify(8) server is designed to run under control by the Postfix
25 master server. It maintains an optional persistent database. To avoid
26 being interrupted by "postfix stop" in the middle of a database update,
27 the process runs in a separate process group.
28 The verify(8) server implements the following requests:
30 update address status text
32 Update the status and text of the specified address.
33 query address
35 Look up the status and text for the specified address. If the
36 status is unknown, a probe is sent and an "in progress" status
37 is returned.
38
40 The address verification server is not security-sensitive. It does not
41 talk to the network, and it does not talk to local users. The verify
42 server can run chrooted at fixed low privilege.
43 The address verification server can be coerced to store unlimited
45 amounts of garbage. Limiting the cache expiry time trades one problem
46 (disk space exhaustion) for another one (poor response time to client
47 requests).
48 With Postfix version 2.5 and later, the verify(8) server no longer uses
50 root privileges when opening the address_verify_map cache file. The
51 file should now be stored under the Postfix-owned data_directory. As a
52 migration aid, an attempt to open a cache file under a non-Postfix
53 directory is redirected to the Postfix-owned data_directory, and a
54 warning is logged.
55
57 Problems and transactions are logged to syslogd(8).
58
60 Address verification probe messages add additional traffic to the mail
61 queue. Recipient verification may cause an increased load on
62 down-stream servers in the case of a dictionary attack or a flood of
63 backscatter bounces. Sender address verification may cause your site
64 to be blacklisted by some providers.
65 If the persistent database ever gets corrupted then the world comes to
67 an end and human intervention is needed. This violates a basic Postfix
68 principle.
69
71 Changes to main.cf are not picked up automatically, as verify(8) pro‐
72 cesses are long-lived. Use the command "postfix reload" after a config‐
73 uration change.
74 The text below provides only a parameter summary. See postconf(5) for
76 more details including examples.
77
79 address_verify_sender ($double_bounce_sender)
80 The sender address to use in address verification probes; prior
81 to Postfix 2.5 the default was "postmaster".
82 Available with Postfix 2.9 and later:
84 address_verify_sender_ttl (0s)
86 The time between changes in the time-dependent portion of
87 address verification probe sender addresses.
88
90 address_verify_map (see 'postconf -d' output)
91 Lookup table for persistent address verification status storage.
92 address_verify_positive_expire_time (31d)
94 The time after which a successful probe expires from the address
95 verification cache.
96 address_verify_positive_refresh_time (7d)
98 The time after which a successful address verification probe
99 needs to be refreshed.
100 address_verify_negative_cache (yes)
102 Enable caching of failed address verification probe results.
103 address_verify_negative_expire_time (3d)
105 The time after which a failed probe expires from the address
106 verification cache.
107 address_verify_negative_refresh_time (3h)
109 The time after which a failed address verification probe needs
110 to be refreshed.
111 Available with Postfix 2.7 and later:
113 address_verify_cache_cleanup_interval (12h)
115 The amount of time between verify(8) address verification data‐
116 base cleanup runs.
117
119 By default, probe messages are delivered via the same route as regular
120 messages. The following parameters can be used to override specific
121 message routing mechanisms.
122 address_verify_relayhost ($relayhost)
124 Overrides the relayhost parameter setting for address verifica‐
125 tion probes.
126 address_verify_transport_maps ($transport_maps)
128 Overrides the transport_maps parameter setting for address veri‐
129 fication probes.
130 address_verify_local_transport ($local_transport)
132 Overrides the local_transport parameter setting for address ver‐
133 ification probes.
134 address_verify_virtual_transport ($virtual_transport)
136 Overrides the virtual_transport parameter setting for address
137 verification probes.
138 address_verify_relay_transport ($relay_transport)
140 Overrides the relay_transport parameter setting for address ver‐
141 ification probes.
142 address_verify_default_transport ($default_transport)
144 Overrides the default_transport parameter setting for address
145 verification probes.
146 Available in Postfix 2.3 and later:
148 address_verify_sender_dependent_relayhost_maps ($sender_depen‐
150 dent_relayhost_maps)
151 Overrides the sender_dependent_relayhost_maps parameter setting
152 for address verification probes.
153 Available in Postfix 2.7 and later:
155 address_verify_sender_dependent_default_transport_maps ($sender_depen‐
157 dent_default_transport_maps)
158 Overrides the sender_dependent_default_transport_maps parameter
159 setting for address verification probes.
160
162 Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
163 smtputf8_autodetect_classes (sendmail, verify)
165 Detect that a message requires SMTPUTF8 support for the speci‐
166 fied mail origin classes.
167 Available in Postfix version 3.2 and later:
169 enable_idna2003_compatibility (no)
171 Enable 'transitional' compatibility between IDNA2003 and
172 IDNA2008, when converting UTF-8 domain names to/from the ASCII
173 form that is used for DNS lookups.
174
176 config_directory (see 'postconf -d' output)
177 The default location of the Postfix main.cf and master.cf con‐
178 figuration files.
179 daemon_timeout (18000s)
181 How much time a Postfix daemon process may take to handle a
182 request before it is terminated by a built-in watchdog timer.
183 ipc_timeout (3600s)
185 The time limit for sending or receiving information over an
186 internal communication channel.
187 process_id (read-only)
189 The process ID of a Postfix command or daemon process.
190 process_name (read-only)
192 The process name of a Postfix command or daemon process.
193 queue_directory (see 'postconf -d' output)
195 The location of the Postfix top-level queue directory.
196 syslog_facility (mail)
198 The syslog facility of Postfix logging.
199 syslog_name (see 'postconf -d' output)
201 A prefix that is prepended to the process name in syslog
202 records, so that, for example, "smtpd" becomes "prefix/smtpd".
203 Available in Postfix 3.3 and later:
205 service_name (read-only)
207 The master.cf service name of a Postfix daemon process.
208
210 smtpd(8), Postfix SMTP server
211 cleanup(8), enqueue Postfix message
212 postconf(5), configuration parameters
213 syslogd(5), system logging
214
216 Use "postconf readme_directory" or "postconf html_directory" to locate
217 this information.
218 ADDRESS_VERIFICATION_README, address verification howto
219
221 The Secure Mailer license must be distributed with this software.
222
224 This service was introduced with Postfix version 2.1.
225
227 Wietse Venema
228 IBM T.J. Watson Research
229 P.O. Box 704
230 Yorktown Heights, NY 10598, USA
231 Wietse Venema
233 Google, Inc.
234 111 8th Avenue
235 New York, NY 10011, USA
236 VERIFY(8)