1SMTP(8)                     System Manager's Manual                    SMTP(8)
2
3
4

NAME

6       smtp - Postfix SMTP+LMTP client
7

SYNOPSIS

9       smtp [generic Postfix daemon options]
10

DESCRIPTION

12       The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
13       protocols. It processes message delivery requests from the  queue  man‐
14       ager.  Each  request specifies a queue file, a sender address, a domain
15       or host to deliver to, and recipient information.  This program expects
16       to be run from the master(8) process manager.
17
18       The  SMTP+LMTP  client  updates  the queue file and marks recipients as
19       finished, or it informs the queue manager that delivery should be tried
20       again  at  a  later  time.  Delivery  status  reports  are  sent to the
21       bounce(8), defer(8) or trace(8) daemon as appropriate.
22
23       The SMTP+LMTP client looks up a list of mail  exchanger  addresses  for
24       the  destination  host,  sorts  the list by preference, and connects to
25       each listed address until it finds a server that responds.
26
27       When a server is not reachable, or when mail delivery fails  due  to  a
28       recoverable  error  condition, the SMTP+LMTP client will try to deliver
29       the mail to an alternate host.
30
31       After a successful mail transaction, a connection may be saved  to  the
32       scache(8)  connection  cache  server,  so  that  it  may be used by any
33       SMTP+LMTP client for a subsequent transaction.
34
35       By default, connection caching is enabled temporarily for  destinations
36       that have a high volume of mail in the active queue. Connection caching
37       can be enabled permanently for specific destinations.
38

SMTP DESTINATION SYNTAX

40       SMTP destinations have the following form:
41
42       domainname
43
44       domainname:port
45              Look up the mail exchangers for the specified domain,  and  con‐
46              nect to the specified port (default: smtp).
47
48       [hostname]
49
50       [hostname]:port
51              Look  up  the  address(es) of the specified host, and connect to
52              the specified port (default: smtp).
53
54       [address]
55
56       [address]:port
57              Connect to the host at the specified address, and connect to the
58              specified  port (default: smtp). An IPv6 address must be format‐
59              ted as [ipv6:address].
60

LMTP DESTINATION SYNTAX

62       LMTP destinations have the following form:
63
64       unix:pathname
65              Connect to the local UNIX-domain server that  is  bound  to  the
66              specified  pathname.  If  the process runs chrooted, an absolute
67              pathname is interpreted relative to the Postfix queue directory.
68
69       inet:hostname
70
71       inet:hostname:port
72
73       inet:[address]
74
75       inet:[address]:port
76              Connect to the specified TCP port  on  the  specified  local  or
77              remote  host.  If  no  port  is  specified,  connect to the port
78              defined as lmtp in services(4).  If no such  service  is  found,
79              the  lmtp_tcp_port configuration parameter (default value of 24)
80              will  be  used.   An  IPv6  address   must   be   formatted   as
81              [ipv6:address].
82

SECURITY

84       The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP
85       or LMTP servers and to DNS servers on the network. The SMTP+LMTP client
86       can be run chrooted at fixed low privilege.
87

STANDARDS

89       RFC 821 (SMTP protocol)
90       RFC 822 (ARPA Internet Text Messages)
91       RFC 1651 (SMTP service extensions)
92       RFC 1652 (8bit-MIME transport)
93       RFC 1870 (Message Size Declaration)
94       RFC 2033 (LMTP protocol)
95       RFC 2034 (SMTP Enhanced Error Codes)
96       RFC 2045 (MIME: Format of Internet Message Bodies)
97       RFC 2046 (MIME: Media Types)
98       RFC 2554 (AUTH command)
99       RFC 2821 (SMTP protocol)
100       RFC 2920 (SMTP Pipelining)
101       RFC 3207 (STARTTLS command)
102       RFC 3461 (SMTP DSN Extension)
103       RFC 3463 (Enhanced Status Codes)
104       RFC 4954 (AUTH command)
105       RFC 5321 (SMTP protocol)
106       RFC 6531 (Internationalized SMTP)
107       RFC 6533 (Internationalized Delivery Status Notifications)
108       RFC 7672 (SMTP security via opportunistic DANE TLS)
109

DIAGNOSTICS

111       Problems  and  transactions  are  logged  to syslogd(8) or postlogd(8).
112       Corrupted message files are marked so that the queue manager  can  move
113       them to the corrupt queue for further inspection.
114
115       Depending  on the setting of the notify_classes parameter, the postmas‐
116       ter is notified of bounces, protocol problems, and of other trouble.
117

BUGS

119       SMTP and LMTP connection reuse for TLS (without  closing  the  SMTP  or
120       LMTP connection) is not supported before Postfix 3.4.
121
122       SMTP  and  LMTP  connection  caching  assumes that SASL credentials are
123       valid for all destinations that map onto the same IP  address  and  TCP
124       port.
125

CONFIGURATION PARAMETERS

127       Before  Postfix version 2.3, the LMTP client is a separate program that
128       implements only a subset of  the  functionality  available  with  SMTP:
129       there  is  no  support  for TLS, and connections are cached in-process,
130       making it ineffective when the client is used for multiple domains.
131
132       Most smtp_xxx configuration parameters have an lmtp_xxx "mirror" param‐
133       eter  for  the  equivalent  LMTP  feature. This document describes only
134       those LMTP-related parameters that aren't simply "mirror" parameters.
135
136       Changes to main.cf are picked up automatically,  as  smtp(8)  processes
137       run for only a limited amount of time. Use the command "postfix reload"
138       to speed up a change.
139
140       The text below provides only a parameter summary. See  postconf(5)  for
141       more details including examples.
142

COMPATIBILITY CONTROLS

144       ignore_mx_lookup_error (no)
145              Ignore DNS MX lookups that produce no response.
146
147       smtp_always_send_ehlo (yes)
148              Always send EHLO at the start of an SMTP session.
149
150       smtp_never_send_ehlo (no)
151              Never send EHLO at the start of an SMTP session.
152
153       smtp_defer_if_no_mx_address_found (no)
154              Defer mail delivery when no MX record resolves to an IP address.
155
156       smtp_line_length_limit (998)
157              The maximal length of message header and body lines that Postfix
158              will send via SMTP.
159
160       smtp_pix_workaround_delay_time (10s)
161              How  long  the  Postfix  SMTP  client  pauses   before   sending
162              ".<CR><LF>"   in   order   to   work  around  the  PIX  firewall
163              "<CR><LF>.<CR><LF>" bug.
164
165       smtp_pix_workaround_threshold_time (500s)
166              How long a message must be queued before the Postfix SMTP client
167              turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for
168              delivery through firewalls with "smtp fixup" mode turned on.
169
170       smtp_pix_workarounds (disable_esmtp, delay_dotcrlf)
171              A list that specifies zero or more  workarounds  for  CISCO  PIX
172              firewall bugs.
173
174       smtp_pix_workaround_maps (empty)
175              Lookup  tables,  indexed by the remote SMTP server address, with
176              per-destination workarounds for CISCO PIX firewall bugs.
177
178       smtp_quote_rfc821_envelope (yes)
179              Quote addresses in Postfix SMTP client MAIL  FROM  and  RCPT  TO
180              commands as required by RFC 5321.
181
182       smtp_reply_filter (empty)
183              A  mechanism  to  transform replies from remote SMTP servers one
184              line at a time.
185
186       smtp_skip_5xx_greeting (yes)
187              Skip remote SMTP servers that greet with a 5XX status code.
188
189       smtp_skip_quit_response (yes)
190              Do not wait for the response to the SMTP QUIT command.
191
192       Available in Postfix version 2.0 and earlier:
193
194       smtp_skip_4xx_greeting (yes)
195              Skip SMTP servers that greet with a 4XX status  code  (go  away,
196              try again later).
197
198       Available in Postfix version 2.2 and later:
199
200       smtp_discard_ehlo_keyword_address_maps (empty)
201              Lookup  tables,  indexed by the remote SMTP server address, with
202              case insensitive lists of EHLO keywords  (pipelining,  starttls,
203              auth, etc.) that the Postfix SMTP client will ignore in the EHLO
204              response from a remote SMTP server.
205
206       smtp_discard_ehlo_keywords (empty)
207              A case insensitive list of EHLO keywords (pipelining,  starttls,
208              auth, etc.) that the Postfix SMTP client will ignore in the EHLO
209              response from a remote SMTP server.
210
211       smtp_generic_maps (empty)
212              Optional lookup tables that perform  address  rewriting  in  the
213              Postfix  SMTP  client,  typically  to  transform a locally valid
214              address into a globally valid address when sending  mail  across
215              the Internet.
216
217       Available in Postfix version 2.2.9 and later:
218
219       smtp_cname_overrides_servername (version dependent)
220              When  the  remote  SMTP  servername  is a DNS CNAME, replace the
221              servername with the result from CNAME expansion for the  purpose
222              of  logging,  SASL password lookup, TLS policy decisions, or TLS
223              certificate verification.
224
225       Available in Postfix version 2.3 and later:
226
227       lmtp_discard_lhlo_keyword_address_maps (empty)
228              Lookup tables, indexed by the remote LMTP server  address,  with
229              case  insensitive  lists of LHLO keywords (pipelining, starttls,
230              auth, etc.) that the Postfix LMTP client will ignore in the LHLO
231              response from a remote LMTP server.
232
233       lmtp_discard_lhlo_keywords (empty)
234              A  case insensitive list of LHLO keywords (pipelining, starttls,
235              auth, etc.) that the Postfix LMTP client will ignore in the LHLO
236              response from a remote LMTP server.
237
238       Available in Postfix version 2.4.4 and later:
239
240       send_cyrus_sasl_authzid (no)
241              When  authenticating  to  a  remote SMTP or LMTP server with the
242              default setting "no", send no SASL authoriZation  ID  (authzid);
243              send  only  the  SASL authentiCation ID (authcid) plus the auth‐
244              cid's password.
245
246       Available in Postfix version 2.5 and later:
247
248       smtp_header_checks (empty)
249              Restricted header_checks(5) tables for the Postfix SMTP client.
250
251       smtp_mime_header_checks (empty)
252              Restricted mime_header_checks(5) tables  for  the  Postfix  SMTP
253              client.
254
255       smtp_nested_header_checks (empty)
256              Restricted  nested_header_checks(5)  tables for the Postfix SMTP
257              client.
258
259       smtp_body_checks (empty)
260              Restricted body_checks(5) tables for the Postfix SMTP client.
261
262       Available in Postfix version 2.6 and later:
263
264       tcp_windowsize (0)
265              An optional workaround for routers that break TCP  window  scal‐
266              ing.
267
268       Available in Postfix version 2.8 and later:
269
270       smtp_dns_resolver_options (empty)
271              DNS Resolver options for the Postfix SMTP client.
272
273       Available in Postfix version 2.9 and later:
274
275       smtp_per_record_deadline (no)
276              Change  the  behavior  of the smtp_*_timeout time limits, from a
277              time limit per read or write system call, to  a  time  limit  to
278              send  or  receive  a complete record (an SMTP command line, SMTP
279              response line, SMTP message content line, or TLS  protocol  mes‐
280              sage).
281
282       smtp_send_dummy_mail_auth (no)
283              Whether  or  not to append the "AUTH=<>" option to the MAIL FROM
284              command in SASL-authenticated SMTP sessions.
285
286       Available in Postfix version 2.11 and later:
287
288       smtp_dns_support_level (empty)
289              Level of DNS support in the Postfix SMTP client.
290
291       Available in Postfix version 3.0 and later:
292
293       smtp_delivery_status_filter ($default_delivery_status_filter)
294              Optional filter for the smtp(8) delivery  agent  to  change  the
295              delivery status code or explanatory text of successful or unsuc‐
296              cessful deliveries.
297
298       smtp_dns_reply_filter (empty)
299              Optional filter for Postfix SMTP client DNS lookup results.
300
301       Available in Postfix version 3.3 and later:
302
303       smtp_balance_inet_protocols (yes)
304              When a remote destination resolves to a combination of IPv4  and
305              IPv6 addresses, ensure that the Postfix SMTP client can try both
306              address types before it runs into the smtp_mx_address_limit.
307

MIME PROCESSING CONTROLS

309       Available in Postfix version 2.0 and later:
310
311       disable_mime_output_conversion (no)
312              Disable the conversion of 8BITMIME format to 7BIT format.
313
314       mime_boundary_length_limit (2048)
315              The maximal length of MIME multipart boundary strings.
316
317       mime_nesting_limit (100)
318              The maximal recursion level that the MIME processor will handle.
319

EXTERNAL CONTENT INSPECTION CONTROLS

321       Available in Postfix version 2.1 and later:
322
323       smtp_send_xforward_command (no)
324              Send the non-standard XFORWARD command  when  the  Postfix  SMTP
325              server EHLO response announces XFORWARD support.
326

SASL AUTHENTICATION CONTROLS

328       smtp_sasl_auth_enable (no)
329              Enable SASL authentication in the Postfix SMTP client.
330
331       smtp_sasl_password_maps (empty)
332              Optional  Postfix  SMTP  client  lookup  tables  with  one user‐
333              name:password entry per  sender,  remote  hostname  or  next-hop
334              domain.
335
336       smtp_sasl_security_options (noplaintext, noanonymous)
337              Postfix SMTP client SASL security options; as of Postfix 2.3 the
338              list of available features depends on the SASL client  implemen‐
339              tation that is selected with smtp_sasl_type.
340
341       Available in Postfix version 2.2 and later:
342
343       smtp_sasl_mechanism_filter (empty)
344              If  non-empty,  a Postfix SMTP client filter for the remote SMTP
345              server's list of offered SASL mechanisms.
346
347       Available in Postfix version 2.3 and later:
348
349       smtp_sender_dependent_authentication (no)
350              Enable  sender-dependent  authentication  in  the  Postfix  SMTP
351              client;  this  is  available  only with SASL authentication, and
352              disables SMTP connection caching to ensure that mail  from  dif‐
353              ferent senders will use the appropriate credentials.
354
355       smtp_sasl_path (empty)
356              Implementation-specific information that the Postfix SMTP client
357              passes through  to  the  SASL  plug-in  implementation  that  is
358              selected with smtp_sasl_type.
359
360       smtp_sasl_type (cyrus)
361              The  SASL  plug-in  type that the Postfix SMTP client should use
362              for authentication.
363
364       Available in Postfix version 2.5 and later:
365
366       smtp_sasl_auth_cache_name (empty)
367              An optional table to prevent repeated SASL authentication  fail‐
368              ures  with  the  same  remote SMTP server hostname, username and
369              password.
370
371       smtp_sasl_auth_cache_time (90d)
372              The maximal age of an smtp_sasl_auth_cache_name entry before  it
373              is removed.
374
375       smtp_sasl_auth_soft_bounce (yes)
376              When  a remote SMTP server rejects a SASL authentication request
377              with a 535 reply code, defer mail delivery instead of  returning
378              mail as undeliverable.
379
380       Available in Postfix version 2.9 and later:
381
382       smtp_send_dummy_mail_auth (no)
383              Whether  or  not to append the "AUTH=<>" option to the MAIL FROM
384              command in SASL-authenticated SMTP sessions.
385

STARTTLS SUPPORT CONTROLS

387       Detailed information about STARTTLS configuration may be found  in  the
388       TLS_README document.
389
390       smtp_tls_security_level (empty)
391              The default SMTP TLS security level for the Postfix SMTP client;
392              when a non-empty value is specified, this overrides the obsolete
393              parameters       smtp_use_tls,       smtp_enforce_tls,       and
394              smtp_tls_enforce_peername.
395
396       smtp_sasl_tls_security_options ($smtp_sasl_security_options)
397              The SASL authentication security options that the  Postfix  SMTP
398              client uses for TLS encrypted SMTP sessions.
399
400       smtp_starttls_timeout (300s)
401              Time  limit  for  Postfix  SMTP client write and read operations
402              during TLS startup and shutdown handshake procedures.
403
404       smtp_tls_CAfile (empty)
405              A file containing CA certificates of root CAs  trusted  to  sign
406              either  remote  SMTP server certificates or intermediate CA cer‐
407              tificates.
408
409       smtp_tls_CApath (empty)
410              Directory with PEM format Certification  Authority  certificates
411              that the Postfix SMTP client uses to verify a remote SMTP server
412              certificate.
413
414       smtp_tls_cert_file (empty)
415              File with the Postfix SMTP client RSA certificate in PEM format.
416
417       smtp_tls_mandatory_ciphers (medium)
418              The minimum TLS cipher grade that the Postfix SMTP  client  will
419              use with mandatory TLS encryption.
420
421       smtp_tls_exclude_ciphers (empty)
422              List of ciphers or cipher types to exclude from the Postfix SMTP
423              client cipher list at all TLS security levels.
424
425       smtp_tls_mandatory_exclude_ciphers (empty)
426              Additional list of ciphers or cipher types to exclude  from  the
427              Postfix  SMTP  client cipher list at mandatory TLS security lev‐
428              els.
429
430       smtp_tls_dcert_file (empty)
431              File with the Postfix SMTP client DSA certificate in PEM format.
432
433       smtp_tls_dkey_file ($smtp_tls_dcert_file)
434              File with the Postfix SMTP client DSA private key in PEM format.
435
436       smtp_tls_key_file ($smtp_tls_cert_file)
437              File with the Postfix SMTP client RSA private key in PEM format.
438
439       smtp_tls_loglevel (0)
440              Enable additional Postfix SMTP client logging of TLS activity.
441
442       smtp_tls_note_starttls_offer (no)
443              Log the hostname of a remote SMTP server that  offers  STARTTLS,
444              when TLS is not already enabled for that server.
445
446       smtp_tls_policy_maps (empty)
447              Optional lookup tables with the Postfix SMTP client TLS security
448              policy by next-hop destination; when a non-empty value is speci‐
449              fied, this overrides the obsolete smtp_tls_per_site parameter.
450
451       smtp_tls_mandatory_protocols (!SSLv2, !SSLv3)
452              List  of SSL/TLS protocols that the Postfix SMTP client will use
453              with mandatory TLS encryption.
454
455       smtp_tls_scert_verifydepth (9)
456              The verification depth for remote SMTP server certificates.
457
458       smtp_tls_secure_cert_match (nexthop, dot-nexthop)
459              How the Postfix SMTP  client  verifies  the  server  certificate
460              peername for the "secure" TLS security level.
461
462       smtp_tls_session_cache_database (empty)
463              Name of the file containing the optional Postfix SMTP client TLS
464              session cache.
465
466       smtp_tls_session_cache_timeout (3600s)
467              The expiration time of Postfix SMTP  client  TLS  session  cache
468              information.
469
470       smtp_tls_verify_cert_match (hostname)
471              How  the  Postfix  SMTP  client  verifies the server certificate
472              peername for the "verify" TLS security level.
473
474       tls_daemon_random_bytes (32)
475              The number of pseudo-random bytes that an  smtp(8)  or  smtpd(8)
476              process  requests from the tlsmgr(8) server in order to seed its
477              internal pseudo random number generator (PRNG).
478
479       tls_high_cipherlist (see 'postconf -d' output)
480              The OpenSSL cipherlist for "high" grade ciphers.
481
482       tls_medium_cipherlist (see 'postconf -d' output)
483              The OpenSSL cipherlist for "medium" or higher grade ciphers.
484
485       tls_low_cipherlist (see 'postconf -d' output)
486              The OpenSSL cipherlist for "low" or higher grade ciphers.
487
488       tls_export_cipherlist (see 'postconf -d' output)
489              The OpenSSL cipherlist for "export" or higher grade ciphers.
490
491       tls_null_cipherlist (eNULL:!aNULL)
492              The OpenSSL cipherlist for "NULL"  grade  ciphers  that  provide
493              authentication without encryption.
494
495       Available in Postfix version 2.4 and later:
496
497       smtp_sasl_tls_verified_security_options           ($smtp_sasl_tls_secu‐
498       rity_options)
499              The SASL authentication security options that the  Postfix  SMTP
500              client  uses  for  TLS  encrypted  SMTP sessions with a verified
501              server certificate.
502
503       Available in Postfix version 2.5 and later:
504
505       smtp_tls_fingerprint_cert_match (empty)
506              List of acceptable remote SMTP server  certificate  fingerprints
507              for   the   "fingerprint"  TLS  security  level  (smtp_tls_secu‐
508              rity_level = fingerprint).
509
510       smtp_tls_fingerprint_digest (md5)
511              The message digest  algorithm  used  to  construct  remote  SMTP
512              server certificate fingerprints.
513
514       Available in Postfix version 2.6 and later:
515
516       smtp_tls_protocols (!SSLv2, !SSLv3)
517              List  of TLS protocols that the Postfix SMTP client will exclude
518              or include with opportunistic TLS encryption.
519
520       smtp_tls_ciphers (medium)
521              The minimum TLS cipher grade that the Postfix SMTP  client  will
522              use with opportunistic TLS encryption.
523
524       smtp_tls_eccert_file (empty)
525              File  with the Postfix SMTP client ECDSA certificate in PEM for‐
526              mat.
527
528       smtp_tls_eckey_file ($smtp_tls_eccert_file)
529              File with the Postfix SMTP client ECDSA private key in PEM  for‐
530              mat.
531
532       Available in Postfix version 2.7 and later:
533
534       smtp_tls_block_early_mail_reply (no)
535              Try  to  detect  a mail hijacking attack based on a TLS protocol
536              vulnerability (CVE-2009-3555), where an attacker prepends  mali‐
537              cious  HELO,  MAIL, RCPT, DATA commands to a Postfix SMTP client
538              TLS session.
539
540       Available in Postfix version 2.8 and later:
541
542       tls_disable_workarounds (see 'postconf -d' output)
543              List or bit-mask of OpenSSL bug work-arounds to disable.
544
545       Available in Postfix version 2.11-3.1:
546
547       tls_dane_digest_agility (on)
548              Configure RFC7671 DANE TLSA digest algorithm agility.
549
550       tls_dane_trust_anchor_digest_enable (yes)
551              Enable support for RFC 6698 (DANE TLSA) DNS records that contain
552              digests of trust-anchors with certificate usage "2".
553
554       Available in Postfix version 2.11 and later:
555
556       smtp_tls_trust_anchor_file (empty)
557              Zero  or  more  PEM-format  files with trust-anchor certificates
558              and/or public keys.
559
560       smtp_tls_force_insecure_host_tlsa_lookup (no)
561              Lookup the associated DANE TLSA RRset even when  a  hostname  is
562              not an alias and its address records lie in an unsigned zone.
563
564       tlsmgr_service_name (tlsmgr)
565              The name of the tlsmgr(8) service entry in master.cf.
566
567       Available in Postfix version 3.0 and later:
568
569       smtp_tls_wrappermode (no)
570              Request  that  the Postfix SMTP client connects using the legacy
571              SMTPS protocol instead of using the STARTTLS command.
572
573       Available in Postfix version 3.1 and later:
574
575       smtp_tls_dane_insecure_mx_policy (dane)
576              The TLS policy for MX hosts with "secure" TLSA records when  the
577              nexthop  destination  security  level is dane, but the MX record
578              was found via an "insecure" MX lookup.
579
580       Available in Postfix version 3.4 and later:
581
582       smtp_tls_connection_reuse (no)
583              Try to make multiple deliveries per TLS-encrypted connection.
584
585       smtp_tls_chain_files (empty)
586              List of one or more PEM files, each holding one or more  private
587              keys directly followed by a corresponding certificate chain.
588
589       smtp_tls_servername (empty)
590              Optional  name  to  send  to  the  remote SMTP server in the TLS
591              Server Name Indication (SNI) extension.
592
593       Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
594
595       tls_fast_shutdown_enable (yes)
596              A workaround for implementations that hang Postfix while shuting
597              down a TLS session, until Postfix times out.
598

OBSOLETE STARTTLS CONTROLS

600       The  following  configuration  parameters  exist for compatibility with
601       Postfix versions before 2.3. Support for these will  be  removed  in  a
602       future release.
603
604       smtp_use_tls (no)
605              Opportunistic  mode: use TLS when a remote SMTP server announces
606              STARTTLS support, otherwise send the mail in the clear.
607
608       smtp_enforce_tls (no)
609              Enforcement mode: require  that  remote  SMTP  servers  use  TLS
610              encryption, and never send mail in the clear.
611
612       smtp_tls_enforce_peername (yes)
613              With  mandatory  TLS  encryption,  require  that the remote SMTP
614              server hostname matches  the  information  in  the  remote  SMTP
615              server certificate.
616
617       smtp_tls_per_site (empty)
618              Optional  lookup  tables  with the Postfix SMTP client TLS usage
619              policy by next-hop destination and by remote SMTP  server  host‐
620              name.
621
622       smtp_tls_cipherlist (empty)
623              Obsolete  Postfix  < 2.3 control for the Postfix SMTP client TLS
624              cipher list.
625

RESOURCE AND RATE CONTROLS

627       smtp_connect_timeout (30s)
628              The Postfix SMTP client time limit for completing a TCP  connec‐
629              tion, or zero (use the operating system built-in time limit).
630
631       smtp_helo_timeout (300s)
632              The  Postfix SMTP client time limit for sending the HELO or EHLO
633              command, and  for  receiving  the  initial  remote  SMTP  server
634              response.
635
636       lmtp_lhlo_timeout (300s)
637              The Postfix LMTP client time limit for sending the LHLO command,
638              and for receiving the initial remote LMTP server response.
639
640       smtp_xforward_timeout (300s)
641              The Postfix SMTP client time limit for sending the XFORWARD com‐
642              mand, and for receiving the remote SMTP server response.
643
644       smtp_mail_timeout (300s)
645              The  Postfix  SMTP  client  time limit for sending the MAIL FROM
646              command, and for receiving the remote SMTP server response.
647
648       smtp_rcpt_timeout (300s)
649              The Postfix SMTP client time limit for sending the SMTP RCPT  TO
650              command, and for receiving the remote SMTP server response.
651
652       smtp_data_init_timeout (120s)
653              The  Postfix  SMTP  client  time limit for sending the SMTP DATA
654              command, and for receiving the remote SMTP server response.
655
656       smtp_data_xfer_timeout (180s)
657              The Postfix SMTP client time limit for sending the SMTP  message
658              content.
659
660       smtp_data_done_timeout (600s)
661              The Postfix SMTP client time limit for sending the SMTP ".", and
662              for receiving the remote SMTP server response.
663
664       smtp_quit_timeout (300s)
665              The Postfix SMTP client time limit for sending the QUIT command,
666              and for receiving the remote SMTP server response.
667
668       Available in Postfix version 2.1 and later:
669
670       smtp_mx_address_limit (5)
671              The  maximal number of MX (mail exchanger) IP addresses that can
672              result from Postfix SMTP client mail exchanger lookups, or  zero
673              (no limit).
674
675       smtp_mx_session_limit (2)
676              The  maximal number of SMTP sessions per delivery request before
677              the Postfix SMTP client gives up  or  delivers  to  a  fall-back
678              relay host, or zero (no limit).
679
680       smtp_rset_timeout (20s)
681              The Postfix SMTP client time limit for sending the RSET command,
682              and for receiving the remote SMTP server response.
683
684       Available in Postfix version 2.2 and earlier:
685
686       lmtp_cache_connection (yes)
687              Keep Postfix LMTP client connections open for  up  to  $max_idle
688              seconds.
689
690       Available in Postfix version 2.2 and later:
691
692       smtp_connection_cache_destinations (empty)
693              Permanently  enable  SMTP  connection  caching for the specified
694              destinations.
695
696       smtp_connection_cache_on_demand (yes)
697              Temporarily enable SMTP connection caching while  a  destination
698              has a high volume of mail in the active queue.
699
700       smtp_connection_reuse_time_limit (300s)
701              The amount of time during which Postfix will use an SMTP connec‐
702              tion repeatedly.
703
704       smtp_connection_cache_time_limit (2s)
705              When SMTP connection caching is enabled, the amount of time that
706              an unused SMTP client socket is kept open before it is closed.
707
708       Available in Postfix version 2.3 and later:
709
710       connection_cache_protocol_timeout (5s)
711              Time  limit for connection cache connect, send or receive opera‐
712              tions.
713
714       Available in Postfix version 2.9 and later:
715
716       smtp_per_record_deadline (no)
717              Change the behavior of the smtp_*_timeout time  limits,  from  a
718              time  limit  per  read  or write system call, to a time limit to
719              send or receive a complete record (an SMTP  command  line,  SMTP
720              response  line,  SMTP message content line, or TLS protocol mes‐
721              sage).
722
723       Available in Postfix version 2.11 and later:
724
725       smtp_connection_reuse_count_limit (0)
726              When SMTP connection caching is enabled,  the  number  of  times
727              that  an SMTP session may be reused before it is closed, or zero
728              (no limit).
729
730       Available in Postfix version 3.4 and later:
731
732       smtp_tls_connection_reuse (no)
733              Try to make multiple deliveries per TLS-encrypted connection.
734
735       Implemented in the qmgr(8) daemon:
736
737       transport_destination_concurrency_limit   ($default_destination_concur‐
738       rency_limit)
739              A  transport-specific  override for the default_destination_con‐
740              currency_limit parameter value, where transport is the master.cf
741              name of the message delivery transport.
742
743       transport_destination_recipient_limit     ($default_destination_recipi‐
744       ent_limit)
745              A transport-specific override for the default_destination_recip‐
746              ient_limit  parameter  value,  where  transport is the master.cf
747              name of the message delivery transport.
748

SMTPUTF8 CONTROLS

750       Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
751
752       smtputf8_enable (yes)
753              Enable preliminary SMTPUTF8 support for the protocols  described
754              in RFC 6531..6533.
755
756       smtputf8_autodetect_classes (sendmail, verify)
757              Detect  that  a message requires SMTPUTF8 support for the speci‐
758              fied mail origin classes.
759
760       Available in Postfix version 3.2 and later:
761
762       enable_idna2003_compatibility (no)
763              Enable  'transitional'  compatibility   between   IDNA2003   and
764              IDNA2008,  when  converting UTF-8 domain names to/from the ASCII
765              form that is used for DNS lookups.
766

TROUBLE SHOOTING CONTROLS

768       debug_peer_level (2)
769              The increment in verbose logging level when a remote  client  or
770              server matches a pattern in the debug_peer_list parameter.
771
772       debug_peer_list (empty)
773              Optional  list  of  remote  client or server hostname or network
774              address  patterns  that  cause  the  verbose  logging  level  to
775              increase by the amount specified in $debug_peer_level.
776
777       error_notice_recipient (postmaster)
778              The  recipient  of  postmaster notifications about mail delivery
779              problems that are caused by policy, resource, software or proto‐
780              col errors.
781
782       internal_mail_filter_classes (empty)
783              What   categories  of  Postfix-generated  mail  are  subject  to
784              before-queue   content    inspection    by    non_smtpd_milters,
785              header_checks and body_checks.
786
787       notify_classes (resource, software)
788              The list of error classes that are reported to the postmaster.
789

MISCELLANEOUS CONTROLS

791       best_mx_transport (empty)
792              Where  the  Postfix  SMTP  client  should  deliver  mail when it
793              detects a "mail loops back to myself" error condition.
794
795       config_directory (see 'postconf -d' output)
796              The default location of the Postfix main.cf and  master.cf  con‐
797              figuration files.
798
799       daemon_timeout (18000s)
800              How  much  time  a  Postfix  daemon process may take to handle a
801              request before it is terminated by a built-in watchdog timer.
802
803       delay_logging_resolution_limit (2)
804              The maximal number of digits after the decimal point  when  log‐
805              ging sub-second delay values.
806
807       disable_dns_lookups (no)
808              Disable DNS lookups in the Postfix SMTP and LMTP clients.
809
810       inet_interfaces (all)
811              The  network  interface addresses that this mail system receives
812              mail on.
813
814       inet_protocols (all)
815              The Internet protocols Postfix will attempt to use  when  making
816              or accepting connections.
817
818       ipc_timeout (3600s)
819              The  time  limit  for  sending  or receiving information over an
820              internal communication channel.
821
822       lmtp_assume_final (no)
823              When a remote LMTP server announces no DSN support, assume  that
824              the  server performs final delivery, and send "delivered" deliv‐
825              ery status notifications instead of "relayed".
826
827       lmtp_tcp_port (24)
828              The default TCP port that the Postfix LMTP client connects to.
829
830       max_idle (100s)
831              The maximum amount of time that an idle Postfix  daemon  process
832              waits for an incoming connection before terminating voluntarily.
833
834       max_use (100)
835              The maximal number of incoming connections that a Postfix daemon
836              process will service before terminating voluntarily.
837
838       process_id (read-only)
839              The process ID of a Postfix command or daemon process.
840
841       process_name (read-only)
842              The process name of a Postfix command or daemon process.
843
844       proxy_interfaces (empty)
845              The network interface addresses that this mail  system  receives
846              mail on by way of a proxy or network address translation unit.
847
848       smtp_address_preference (any)
849              The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
850              client will try first, when a  destination  has  IPv6  and  IPv4
851              addresses with equal MX preference.
852
853       smtp_bind_address (empty)
854              An  optional  numerical  network  address  that the Postfix SMTP
855              client should bind to when making an IPv4 connection.
856
857       smtp_bind_address6 (empty)
858              An optional numerical network  address  that  the  Postfix  SMTP
859              client should bind to when making an IPv6 connection.
860
861       smtp_helo_name ($myhostname)
862              The hostname to send in the SMTP HELO or EHLO command.
863
864       lmtp_lhlo_name ($myhostname)
865              The hostname to send in the LMTP LHLO command.
866
867       smtp_host_lookup (dns)
868              What mechanisms the Postfix SMTP client uses to look up a host's
869              IP address.
870
871       smtp_randomize_addresses (yes)
872              Randomize the order of equal-preference MX host addresses.
873
874       syslog_facility (mail)
875              The syslog facility of Postfix logging.
876
877       syslog_name (see 'postconf -d' output)
878              A prefix that  is  prepended  to  the  process  name  in  syslog
879              records, so that, for example, "smtpd" becomes "prefix/smtpd".
880
881       Available with Postfix 2.2 and earlier:
882
883       fallback_relay (empty)
884              Optional list of relay hosts for SMTP destinations that can't be
885              found or that are unreachable.
886
887       Available with Postfix 2.3 and later:
888
889       smtp_fallback_relay ($fallback_relay)
890              Optional list of relay hosts for SMTP destinations that can't be
891              found or that are unreachable.
892
893       Available with Postfix 3.0 and later:
894
895       smtp_address_verify_target (rcpt)
896              In  the context of email address verification, the SMTP protocol
897              stage that determines whether an email address is deliverable.
898
899       Available with Postfix 3.1 and later:
900
901       lmtp_fallback_relay (empty)
902              Optional list of relay hosts for LMTP destinations that can't be
903              found or that are unreachable.
904
905       Available with Postfix 3.2 and later:
906
907       smtp_tcp_port (smtp)
908              The default TCP port that the Postfix SMTP client connects to.
909
910       Available in Postfix 3.3 and later:
911
912       service_name (read-only)
913              The master.cf service name of a Postfix daemon process.
914

SEE ALSO

916       generic(5), output address rewriting
917       header_checks(5), message header content inspection
918       body_checks(5), body parts content inspection
919       qmgr(8), queue manager
920       bounce(8), delivery status reports
921       scache(8), connection cache server
922       postconf(5), configuration parameters
923       master(5), generic daemon options
924       master(8), process manager
925       tlsmgr(8), TLS session and PRNG management
926       postlogd(8), Postfix logging
927       syslogd(8), system logging
928

README FILES

930       Use  "postconf readme_directory" or "postconf html_directory" to locate
931       this information.
932       SASL_README, Postfix SASL howto
933       TLS_README, Postfix STARTTLS howto
934

LICENSE

936       The Secure Mailer license must be distributed with this software.
937

AUTHOR(S)

939       Wietse Venema
940       IBM T.J. Watson Research
941       P.O. Box 704
942       Yorktown Heights, NY 10598, USA
943
944       Wietse Venema
945       Google, Inc.
946       111 8th Avenue
947       New York, NY 10011, USA
948
949       Command pipelining in cooperation with:
950       Jon Ribbens
951       Oaktree Internet Solutions Ltd.,
952       Internet House,
953       Canal Basin,
954       Coventry,
955       CV1 4LY, United Kingdom.
956
957       SASL support originally by:
958       Till Franke
959       SuSE Rhein/Main AG
960       65760 Eschborn, Germany
961
962       TLS support originally by:
963       Lutz Jaenicke
964       BTU Cottbus
965       Allgemeine Elektrotechnik
966       Universitaetsplatz 3-4
967       D-03044 Cottbus, Germany
968
969       Revised TLS and SMTP connection cache support by:
970       Victor Duchovni
971       Morgan Stanley
972
973
974
975                                                                       SMTP(8)
Impressum