1SMTP(8) System Manager's Manual SMTP(8)
2
6 smtp - Postfix SMTP+LMTP client
7
9 smtp [generic Postfix daemon options] [flags=DORX]
10
12 The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
13 protocols. It processes message delivery requests from the queue man‐
14 ager. Each request specifies a queue file, a sender address, a domain
15 or host to deliver to, and recipient information. This program expects
16 to be run from the master(8) process manager.
17 The SMTP+LMTP client updates the queue file and marks recipients as
19 finished, or it informs the queue manager that delivery should be tried
20 again at a later time. Delivery status reports are sent to the
21 bounce(8), defer(8) or trace(8) daemon as appropriate.
22 The SMTP+LMTP client looks up a list of mail exchanger addresses for
24 the destination host, sorts the list by preference, and connects to
25 each listed address until it finds a server that responds.
26 When a server is not reachable, or when mail delivery fails due to a
28 recoverable error condition, the SMTP+LMTP client will try to deliver
29 the mail to an alternate host.
30 After a successful mail transaction, a connection may be saved to the
32 scache(8) connection cache server, so that it may be used by any
33 SMTP+LMTP client for a subsequent transaction.
34 By default, connection caching is enabled temporarily for destinations
36 that have a high volume of mail in the active queue. Connection caching
37 can be enabled permanently for specific destinations.
38
40 The Postfix SMTP+LMTP client supports multiple destinations separated
41 by comma or whitespace (Postfix 3.5 and later). SMTP destinations have
42 the following form:
43 domainname
45 domainname:port
47 Look up the mail exchangers for the specified domain, and con‐
48 nect to the specified port (default: smtp).
49 [hostname]
51 [hostname]:port
53 Look up the address(es) of the specified host, and connect to
54 the specified port (default: smtp).
55 [address]
57 [address]:port
59 Connect to the host at the specified address, and connect to the
60 specified port (default: smtp). An IPv6 address must be format‐
61 ted as [ipv6:address].
62
64 The Postfix SMTP+LMTP client supports multiple destinations separated
65 by comma or whitespace (Postfix 3.5 and later). LMTP destinations have
66 the following form:
67 unix:pathname
69 Connect to the local UNIX-domain server that is bound to the
70 specified pathname. If the process runs chrooted, an absolute
71 pathname is interpreted relative to the Postfix queue directory.
72 inet:hostname
74 inet:hostname:port
76 inet:[address]
78 inet:[address]:port
80 Connect to the specified TCP port on the specified local or
81 remote host. If no port is specified, connect to the port
82 defined as lmtp in services(4). If no such service is found,
83 the lmtp_tcp_port configuration parameter (default value of 24)
84 will be used. An IPv6 address must be formatted as
85 [ipv6:address].
86
88 By default, the Postfix SMTP+LMTP client delivers mail to multiple
89 recipients per delivery request. This is undesirable when prepending a
90 Delivered-to: or X-Original-To: message header. To prevent Postfix from
91 sending multiple recipients per delivery request, specify
92 transport_destination_recipient_limit = 1
94 in the Postfix main.cf file, where transport is the name in the first
96 column of the Postfix master.cf entry for this mail delivery service.
97
99 flags=DORX (optional)
100 Optional message processing flags.
101 D Prepend a "Delivered-To: recipient" message header with
103 the envelope recipient address. Note: for this to work,
104 the transport_destination_recipient_limit must be 1 (see
105 SINGLE-RECIPIENT DELIVERY above for details).
106 The D flag also enforces loop detection: if a message
108 already contains a Delivered-To: header with the same
109 recipient address, then the message is returned as unde‐
110 liverable. The address comparison is case insensitive.
111 This feature is available as of Postfix 3.5.
113 O Prepend an "X-Original-To: recipient" message header with
115 the recipient address as given to Postfix. Note: for this
116 to work, the transport_destination_recipient_limit must
117 be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
118 This feature is available as of Postfix 3.5.
120 R Prepend a "Return-Path: <sender>" message header with the
122 envelope sender address.
123 This feature is available as of Postfix 3.5.
125 X Indicates that the delivery is final. This flag affects
127 the status reported in "success" DSN (delivery status
128 notification) messages, and changes it from "relayed"
129 into "delivered".
130 This feature is available as of Postfix 3.5.
132
134 The SMTP+LMTP client is moderately security-sensitive. It
135 talks to SMTP or LMTP servers and to DNS servers on the
136 network. The SMTP+LMTP client can be run chrooted at fixed
137 low privilege.
138
140 RFC 821 (SMTP protocol)
141 RFC 822 (ARPA Internet Text Messages)
142 RFC 1651 (SMTP service extensions)
143 RFC 1652 (8bit-MIME transport)
144 RFC 1870 (Message Size Declaration)
145 RFC 2033 (LMTP protocol)
146 RFC 2034 (SMTP Enhanced Error Codes)
147 RFC 2045 (MIME: Format of Internet Message Bodies)
148 RFC 2046 (MIME: Media Types)
149 RFC 2554 (AUTH command)
150 RFC 2821 (SMTP protocol)
151 RFC 2920 (SMTP Pipelining)
152 RFC 3207 (STARTTLS command)
153 RFC 3461 (SMTP DSN Extension)
154 RFC 3463 (Enhanced Status Codes)
155 RFC 4954 (AUTH command)
156 RFC 5321 (SMTP protocol)
157 RFC 6531 (Internationalized SMTP)
158 RFC 6533 (Internationalized Delivery Status Notifications)
159 RFC 7672 (SMTP security via opportunistic DANE TLS)
160
162 Problems and transactions are logged to syslogd(8) or postlogd(8).
163 Corrupted message files are marked so that the queue manager can move
164 them to the corrupt queue for further inspection.
165 Depending on the setting of the notify_classes parameter, the postmas‐
167 ter is notified of bounces, protocol problems, and of other trouble.
168
170 SMTP and LMTP connection reuse for TLS (without closing the SMTP or
171 LMTP connection) is not supported before Postfix 3.4.
172 SMTP and LMTP connection reuse assumes that SASL credentials are valid
174 for all destinations that map onto the same IP address and TCP port.
175
177 Before Postfix version 2.3, the LMTP client is a separate program that
178 implements only a subset of the functionality available with SMTP:
179 there is no support for TLS, and connections are cached in-process,
180 making it ineffective when the client is used for multiple domains.
181 Most smtp_xxx configuration parameters have an lmtp_xxx "mirror" param‐
183 eter for the equivalent LMTP feature. This document describes only
184 those LMTP-related parameters that aren't simply "mirror" parameters.
185 Changes to main.cf are picked up automatically, as smtp(8) processes
187 run for only a limited amount of time. Use the command "postfix reload"
188 to speed up a change.
189 The text below provides only a parameter summary. See postconf(5) for
191 more details including examples.
192
194 ignore_mx_lookup_error (no)
195 Ignore DNS MX lookups that produce no response.
196 smtp_always_send_ehlo (yes)
198 Always send EHLO at the start of an SMTP session.
199 smtp_never_send_ehlo (no)
201 Never send EHLO at the start of an SMTP session.
202 smtp_defer_if_no_mx_address_found (no)
204 Defer mail delivery when no MX record resolves to an IP address.
205 smtp_line_length_limit (998)
207 The maximal length of message header and body lines that Postfix
208 will send via SMTP.
209 smtp_pix_workaround_delay_time (10s)
211 How long the Postfix SMTP client pauses before sending
212 ".<CR><LF>" in order to work around the PIX firewall
213 "<CR><LF>.<CR><LF>" bug.
214 smtp_pix_workaround_threshold_time (500s)
216 How long a message must be queued before the Postfix SMTP client
217 turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for
218 delivery through firewalls with "smtp fixup" mode turned on.
219 smtp_pix_workarounds (disable_esmtp, delay_dotcrlf)
221 A list that specifies zero or more workarounds for CISCO PIX
222 firewall bugs.
223 smtp_pix_workaround_maps (empty)
225 Lookup tables, indexed by the remote SMTP server address, with
226 per-destination workarounds for CISCO PIX firewall bugs.
227 smtp_quote_rfc821_envelope (yes)
229 Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
230 commands as required by RFC 5321.
231 smtp_reply_filter (empty)
233 A mechanism to transform replies from remote SMTP servers one
234 line at a time.
235 smtp_skip_5xx_greeting (yes)
237 Skip remote SMTP servers that greet with a 5XX status code.
238 smtp_skip_quit_response (yes)
240 Do not wait for the response to the SMTP QUIT command.
241 Available in Postfix version 2.0 and earlier:
243 smtp_skip_4xx_greeting (yes)
245 Skip SMTP servers that greet with a 4XX status code (go away,
246 try again later).
247 Available in Postfix version 2.2 and later:
249 smtp_discard_ehlo_keyword_address_maps (empty)
251 Lookup tables, indexed by the remote SMTP server address, with
252 case insensitive lists of EHLO keywords (pipelining, starttls,
253 auth, etc.) that the Postfix SMTP client will ignore in the EHLO
254 response from a remote SMTP server.
255 smtp_discard_ehlo_keywords (empty)
257 A case insensitive list of EHLO keywords (pipelining, starttls,
258 auth, etc.) that the Postfix SMTP client will ignore in the EHLO
259 response from a remote SMTP server.
260 smtp_generic_maps (empty)
262 Optional lookup tables that perform address rewriting in the
263 Postfix SMTP client, typically to transform a locally valid
264 address into a globally valid address when sending mail across
265 the Internet.
266 Available in Postfix version 2.2.9 and later:
268 smtp_cname_overrides_servername (version dependent)
270 When the remote SMTP servername is a DNS CNAME, replace the
271 servername with the result from CNAME expansion for the purpose
272 of logging, SASL password lookup, TLS policy decisions, or TLS
273 certificate verification.
274 Available in Postfix version 2.3 and later:
276 lmtp_discard_lhlo_keyword_address_maps (empty)
278 Lookup tables, indexed by the remote LMTP server address, with
279 case insensitive lists of LHLO keywords (pipelining, starttls,
280 auth, etc.) that the Postfix LMTP client will ignore in the LHLO
281 response from a remote LMTP server.
282 lmtp_discard_lhlo_keywords (empty)
284 A case insensitive list of LHLO keywords (pipelining, starttls,
285 auth, etc.) that the Postfix LMTP client will ignore in the LHLO
286 response from a remote LMTP server.
287 Available in Postfix version 2.4.4 and later:
289 send_cyrus_sasl_authzid (no)
291 When authenticating to a remote SMTP or LMTP server with the
292 default setting "no", send no SASL authoriZation ID (authzid);
293 send only the SASL authentiCation ID (authcid) plus the auth‐
294 cid's password.
295 Available in Postfix version 2.5 and later:
297 smtp_header_checks (empty)
299 Restricted header_checks(5) tables for the Postfix SMTP client.
300 smtp_mime_header_checks (empty)
302 Restricted mime_header_checks(5) tables for the Postfix SMTP
303 client.
304 smtp_nested_header_checks (empty)
306 Restricted nested_header_checks(5) tables for the Postfix SMTP
307 client.
308 smtp_body_checks (empty)
310 Restricted body_checks(5) tables for the Postfix SMTP client.
311 Available in Postfix version 2.6 and later:
313 tcp_windowsize (0)
315 An optional workaround for routers that break TCP window scal‐
316 ing.
317 Available in Postfix version 2.8 and later:
319 smtp_dns_resolver_options (empty)
321 DNS Resolver options for the Postfix SMTP client.
322 Available in Postfix version 2.9 and later:
324 smtp_per_record_deadline (no)
326 Change the behavior of the smtp_*_timeout time limits, from a
327 time limit per read or write system call, to a time limit to
328 send or receive a complete record (an SMTP command line, SMTP
329 response line, SMTP message content line, or TLS protocol mes‐
330 sage).
331 smtp_send_dummy_mail_auth (no)
333 Whether or not to append the "AUTH=<>" option to the MAIL FROM
334 command in SASL-authenticated SMTP sessions.
335 Available in Postfix version 2.11 and later:
337 smtp_dns_support_level (empty)
339 Level of DNS support in the Postfix SMTP client.
340 Available in Postfix version 3.0 and later:
342 smtp_delivery_status_filter ($default_delivery_status_filter)
344 Optional filter for the smtp(8) delivery agent to change the
345 delivery status code or explanatory text of successful or unsuc‐
346 cessful deliveries.
347 smtp_dns_reply_filter (empty)
349 Optional filter for Postfix SMTP client DNS lookup results.
350 Available in Postfix version 3.3 and later:
352 smtp_balance_inet_protocols (yes)
354 When a remote destination resolves to a combination of IPv4 and
355 IPv6 addresses, ensure that the Postfix SMTP client can try both
356 address types before it runs into the smtp_mx_address_limit.
357 Available in Postfix 3.5 and later:
359 info_log_address_format (external)
361 The email address form that will be used in non-debug logging
362 (info, warning, etc.).
363
365 Available in Postfix version 2.0 and later:
366 disable_mime_output_conversion (no)
368 Disable the conversion of 8BITMIME format to 7BIT format.
369 mime_boundary_length_limit (2048)
371 The maximal length of MIME multipart boundary strings.
372 mime_nesting_limit (100)
374 The maximal recursion level that the MIME processor will handle.
375
377 Available in Postfix version 2.1 and later:
378 smtp_send_xforward_command (no)
380 Send the non-standard XFORWARD command when the Postfix SMTP
381 server EHLO response announces XFORWARD support.
382
384 smtp_sasl_auth_enable (no)
385 Enable SASL authentication in the Postfix SMTP client.
386 smtp_sasl_password_maps (empty)
388 Optional Postfix SMTP client lookup tables with one user‐
389 name:password entry per sender, remote hostname or next-hop
390 domain.
391 smtp_sasl_security_options (noplaintext, noanonymous)
393 Postfix SMTP client SASL security options; as of Postfix 2.3 the
394 list of available features depends on the SASL client implemen‐
395 tation that is selected with smtp_sasl_type.
396 Available in Postfix version 2.2 and later:
398 smtp_sasl_mechanism_filter (empty)
400 If non-empty, a Postfix SMTP client filter for the remote SMTP
401 server's list of offered SASL mechanisms.
402 Available in Postfix version 2.3 and later:
404 smtp_sender_dependent_authentication (no)
406 Enable sender-dependent authentication in the Postfix SMTP
407 client; this is available only with SASL authentication, and
408 disables SMTP connection caching to ensure that mail from dif‐
409 ferent senders will use the appropriate credentials.
410 smtp_sasl_path (empty)
412 Implementation-specific information that the Postfix SMTP client
413 passes through to the SASL plug-in implementation that is
414 selected with smtp_sasl_type.
415 smtp_sasl_type (cyrus)
417 The SASL plug-in type that the Postfix SMTP client should use
418 for authentication.
419 Available in Postfix version 2.5 and later:
421 smtp_sasl_auth_cache_name (empty)
423 An optional table to prevent repeated SASL authentication fail‐
424 ures with the same remote SMTP server hostname, username and
425 password.
426 smtp_sasl_auth_cache_time (90d)
428 The maximal age of an smtp_sasl_auth_cache_name entry before it
429 is removed.
430 smtp_sasl_auth_soft_bounce (yes)
432 When a remote SMTP server rejects a SASL authentication request
433 with a 535 reply code, defer mail delivery instead of returning
434 mail as undeliverable.
435 Available in Postfix version 2.9 and later:
437 smtp_send_dummy_mail_auth (no)
439 Whether or not to append the "AUTH=<>" option to the MAIL FROM
440 command in SASL-authenticated SMTP sessions.
441
443 Detailed information about STARTTLS configuration may be found in the
444 TLS_README document.
445 smtp_tls_security_level (empty)
447 The default SMTP TLS security level for the Postfix SMTP client;
448 when a non-empty value is specified, this overrides the obsolete
449 parameters smtp_use_tls, smtp_enforce_tls, and
450 smtp_tls_enforce_peername.
451 smtp_sasl_tls_security_options ($smtp_sasl_security_options)
453 The SASL authentication security options that the Postfix SMTP
454 client uses for TLS encrypted SMTP sessions.
455 smtp_starttls_timeout (300s)
457 Time limit for Postfix SMTP client write and read operations
458 during TLS startup and shutdown handshake procedures.
459 smtp_tls_CAfile (empty)
461 A file containing CA certificates of root CAs trusted to sign
462 either remote SMTP server certificates or intermediate CA cer‐
463 tificates.
464 smtp_tls_CApath (empty)
466 Directory with PEM format Certification Authority certificates
467 that the Postfix SMTP client uses to verify a remote SMTP server
468 certificate.
469 smtp_tls_cert_file (empty)
471 File with the Postfix SMTP client RSA certificate in PEM format.
472 smtp_tls_mandatory_ciphers (medium)
474 The minimum TLS cipher grade that the Postfix SMTP client will
475 use with mandatory TLS encryption.
476 smtp_tls_exclude_ciphers (empty)
478 List of ciphers or cipher types to exclude from the Postfix SMTP
479 client cipher list at all TLS security levels.
480 smtp_tls_mandatory_exclude_ciphers (empty)
482 Additional list of ciphers or cipher types to exclude from the
483 Postfix SMTP client cipher list at mandatory TLS security lev‐
484 els.
485 smtp_tls_dcert_file (empty)
487 File with the Postfix SMTP client DSA certificate in PEM format.
488 smtp_tls_dkey_file ($smtp_tls_dcert_file)
490 File with the Postfix SMTP client DSA private key in PEM format.
491 smtp_tls_key_file ($smtp_tls_cert_file)
493 File with the Postfix SMTP client RSA private key in PEM format.
494 smtp_tls_loglevel (0)
496 Enable additional Postfix SMTP client logging of TLS activity.
497 smtp_tls_note_starttls_offer (no)
499 Log the hostname of a remote SMTP server that offers STARTTLS,
500 when TLS is not already enabled for that server.
501 smtp_tls_policy_maps (empty)
503 Optional lookup tables with the Postfix SMTP client TLS security
504 policy by next-hop destination; when a non-empty value is speci‐
505 fied, this overrides the obsolete smtp_tls_per_site parameter.
506 smtp_tls_mandatory_protocols (!SSLv2, !SSLv3)
508 List of SSL/TLS protocols that the Postfix SMTP client will use
509 with mandatory TLS encryption.
510 smtp_tls_scert_verifydepth (9)
512 The verification depth for remote SMTP server certificates.
513 smtp_tls_secure_cert_match (nexthop, dot-nexthop)
515 How the Postfix SMTP client verifies the server certificate
516 peername for the "secure" TLS security level.
517 smtp_tls_session_cache_database (empty)
519 Name of the file containing the optional Postfix SMTP client TLS
520 session cache.
521 smtp_tls_session_cache_timeout (3600s)
523 The expiration time of Postfix SMTP client TLS session cache
524 information.
525 smtp_tls_verify_cert_match (hostname)
527 How the Postfix SMTP client verifies the server certificate
528 peername for the "verify" TLS security level.
529 tls_daemon_random_bytes (32)
531 The number of pseudo-random bytes that an smtp(8) or smtpd(8)
532 process requests from the tlsmgr(8) server in order to seed its
533 internal pseudo random number generator (PRNG).
534 tls_high_cipherlist (see 'postconf -d' output)
536 The OpenSSL cipherlist for "high" grade ciphers.
537 tls_medium_cipherlist (see 'postconf -d' output)
539 The OpenSSL cipherlist for "medium" or higher grade ciphers.
540 tls_low_cipherlist (see 'postconf -d' output)
542 The OpenSSL cipherlist for "low" or higher grade ciphers.
543 tls_export_cipherlist (see 'postconf -d' output)
545 The OpenSSL cipherlist for "export" or higher grade ciphers.
546 tls_null_cipherlist (eNULL:!aNULL)
548 The OpenSSL cipherlist for "NULL" grade ciphers that provide
549 authentication without encryption.
550 Available in Postfix version 2.4 and later:
552 smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_secu‐
554 rity_options)
555 The SASL authentication security options that the Postfix SMTP
556 client uses for TLS encrypted SMTP sessions with a verified
557 server certificate.
558 Available in Postfix version 2.5 and later:
560 smtp_tls_fingerprint_cert_match (empty)
562 List of acceptable remote SMTP server certificate fingerprints
563 for the "fingerprint" TLS security level (smtp_tls_secu‐
564 rity_level = fingerprint).
565 smtp_tls_fingerprint_digest (md5)
567 The message digest algorithm used to construct remote SMTP
568 server certificate fingerprints.
569 Available in Postfix version 2.6 and later:
571 smtp_tls_protocols (!SSLv2, !SSLv3)
573 List of TLS protocols that the Postfix SMTP client will exclude
574 or include with opportunistic TLS encryption.
575 smtp_tls_ciphers (medium)
577 The minimum TLS cipher grade that the Postfix SMTP client will
578 use with opportunistic TLS encryption.
579 smtp_tls_eccert_file (empty)
581 File with the Postfix SMTP client ECDSA certificate in PEM for‐
582 mat.
583 smtp_tls_eckey_file ($smtp_tls_eccert_file)
585 File with the Postfix SMTP client ECDSA private key in PEM for‐
586 mat.
587 Available in Postfix version 2.7 and later:
589 smtp_tls_block_early_mail_reply (no)
591 Try to detect a mail hijacking attack based on a TLS protocol
592 vulnerability (CVE-2009-3555), where an attacker prepends mali‐
593 cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
594 TLS session.
595 Available in Postfix version 2.8 and later:
597 tls_disable_workarounds (see 'postconf -d' output)
599 List or bit-mask of OpenSSL bug work-arounds to disable.
600 Available in Postfix version 2.11-3.1:
602 tls_dane_digest_agility (on)
604 Configure RFC7671 DANE TLSA digest algorithm agility.
605 tls_dane_trust_anchor_digest_enable (yes)
607 Enable support for RFC 6698 (DANE TLSA) DNS records that contain
608 digests of trust-anchors with certificate usage "2".
609 Available in Postfix version 2.11 and later:
611 smtp_tls_trust_anchor_file (empty)
613 Zero or more PEM-format files with trust-anchor certificates
614 and/or public keys.
615 smtp_tls_force_insecure_host_tlsa_lookup (no)
617 Lookup the associated DANE TLSA RRset even when a hostname is
618 not an alias and its address records lie in an unsigned zone.
619 tlsmgr_service_name (tlsmgr)
621 The name of the tlsmgr(8) service entry in master.cf.
622 Available in Postfix version 3.0 and later:
624 smtp_tls_wrappermode (no)
626 Request that the Postfix SMTP client connects using the legacy
627 SMTPS protocol instead of using the STARTTLS command.
628 Available in Postfix version 3.1 and later:
630 smtp_tls_dane_insecure_mx_policy (dane)
632 The TLS policy for MX hosts with "secure" TLSA records when the
633 nexthop destination security level is dane, but the MX record
634 was found via an "insecure" MX lookup.
635 Available in Postfix version 3.4 and later:
637 smtp_tls_connection_reuse (no)
639 Try to make multiple deliveries per TLS-encrypted connection.
640 smtp_tls_chain_files (empty)
642 List of one or more PEM files, each holding one or more private
643 keys directly followed by a corresponding certificate chain.
644 smtp_tls_servername (empty)
646 Optional name to send to the remote SMTP server in the TLS
647 Server Name Indication (SNI) extension.
648 Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
650 tls_fast_shutdown_enable (yes)
652 A workaround for implementations that hang Postfix while shut‐
653 ting down a TLS session, until Postfix times out.
654
656 The following configuration parameters exist for compatibility with
657 Postfix versions before 2.3. Support for these will be removed in a
658 future release.
659 smtp_use_tls (no)
661 Opportunistic mode: use TLS when a remote SMTP server announces
662 STARTTLS support, otherwise send the mail in the clear.
663 smtp_enforce_tls (no)
665 Enforcement mode: require that remote SMTP servers use TLS
666 encryption, and never send mail in the clear.
667 smtp_tls_enforce_peername (yes)
669 With mandatory TLS encryption, require that the remote SMTP
670 server hostname matches the information in the remote SMTP
671 server certificate.
672 smtp_tls_per_site (empty)
674 Optional lookup tables with the Postfix SMTP client TLS usage
675 policy by next-hop destination and by remote SMTP server host‐
676 name.
677 smtp_tls_cipherlist (empty)
679 Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
680 cipher list.
681
683 smtp_connect_timeout (30s)
684 The Postfix SMTP client time limit for completing a TCP connec‐
685 tion, or zero (use the operating system built-in time limit).
686 smtp_helo_timeout (300s)
688 The Postfix SMTP client time limit for sending the HELO or EHLO
689 command, and for receiving the initial remote SMTP server
690 response.
691 lmtp_lhlo_timeout (300s)
693 The Postfix LMTP client time limit for sending the LHLO command,
694 and for receiving the initial remote LMTP server response.
695 smtp_xforward_timeout (300s)
697 The Postfix SMTP client time limit for sending the XFORWARD com‐
698 mand, and for receiving the remote SMTP server response.
699 smtp_mail_timeout (300s)
701 The Postfix SMTP client time limit for sending the MAIL FROM
702 command, and for receiving the remote SMTP server response.
703 smtp_rcpt_timeout (300s)
705 The Postfix SMTP client time limit for sending the SMTP RCPT TO
706 command, and for receiving the remote SMTP server response.
707 smtp_data_init_timeout (120s)
709 The Postfix SMTP client time limit for sending the SMTP DATA
710 command, and for receiving the remote SMTP server response.
711 smtp_data_xfer_timeout (180s)
713 The Postfix SMTP client time limit for sending the SMTP message
714 content.
715 smtp_data_done_timeout (600s)
717 The Postfix SMTP client time limit for sending the SMTP ".", and
718 for receiving the remote SMTP server response.
719 smtp_quit_timeout (300s)
721 The Postfix SMTP client time limit for sending the QUIT command,
722 and for receiving the remote SMTP server response.
723 Available in Postfix version 2.1 and later:
725 smtp_mx_address_limit (5)
727 The maximal number of MX (mail exchanger) IP addresses that can
728 result from Postfix SMTP client mail exchanger lookups, or zero
729 (no limit).
730 smtp_mx_session_limit (2)
732 The maximal number of SMTP sessions per delivery request before
733 the Postfix SMTP client gives up or delivers to a fall-back
734 relay host, or zero (no limit).
735 smtp_rset_timeout (20s)
737 The Postfix SMTP client time limit for sending the RSET command,
738 and for receiving the remote SMTP server response.
739 Available in Postfix version 2.2 and earlier:
741 lmtp_cache_connection (yes)
743 Keep Postfix LMTP client connections open for up to $max_idle
744 seconds.
745 Available in Postfix version 2.2 and later:
747 smtp_connection_cache_destinations (empty)
749 Permanently enable SMTP connection caching for the specified
750 destinations.
751 smtp_connection_cache_on_demand (yes)
753 Temporarily enable SMTP connection caching while a destination
754 has a high volume of mail in the active queue.
755 smtp_connection_reuse_time_limit (300s)
757 The amount of time during which Postfix will use an SMTP connec‐
758 tion repeatedly.
759 smtp_connection_cache_time_limit (2s)
761 When SMTP connection caching is enabled, the amount of time that
762 an unused SMTP client socket is kept open before it is closed.
763 Available in Postfix version 2.3 and later:
765 connection_cache_protocol_timeout (5s)
767 Time limit for connection cache connect, send or receive opera‐
768 tions.
769 Available in Postfix version 2.9 and later:
771 smtp_per_record_deadline (no)
773 Change the behavior of the smtp_*_timeout time limits, from a
774 time limit per read or write system call, to a time limit to
775 send or receive a complete record (an SMTP command line, SMTP
776 response line, SMTP message content line, or TLS protocol mes‐
777 sage).
778 Available in Postfix version 2.11 and later:
780 smtp_connection_reuse_count_limit (0)
782 When SMTP connection caching is enabled, the number of times
783 that an SMTP session may be reused before it is closed, or zero
784 (no limit).
785 Available in Postfix version 3.4 and later:
787 smtp_tls_connection_reuse (no)
789 Try to make multiple deliveries per TLS-encrypted connection.
790 Implemented in the qmgr(8) daemon:
792 transport_destination_concurrency_limit ($default_destination_concur‐
794 rency_limit)
795 A transport-specific override for the default_destination_con‐
796 currency_limit parameter value, where transport is the master.cf
797 name of the message delivery transport.
798 transport_destination_recipient_limit ($default_destination_recipi‐
800 ent_limit)
801 A transport-specific override for the default_destination_recip‐
802 ient_limit parameter value, where transport is the master.cf
803 name of the message delivery transport.
804
806 Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
807 smtputf8_enable (yes)
809 Enable preliminary SMTPUTF8 support for the protocols described
810 in RFC 6531..6533.
811 smtputf8_autodetect_classes (sendmail, verify)
813 Detect that a message requires SMTPUTF8 support for the speci‐
814 fied mail origin classes.
815 Available in Postfix version 3.2 and later:
817 enable_idna2003_compatibility (no)
819 Enable 'transitional' compatibility between IDNA2003 and
820 IDNA2008, when converting UTF-8 domain names to/from the ASCII
821 form that is used for DNS lookups.
822
824 debug_peer_level (2)
825 The increment in verbose logging level when a remote client or
826 server matches a pattern in the debug_peer_list parameter.
827 debug_peer_list (empty)
829 Optional list of remote client or server hostname or network
830 address patterns that cause the verbose logging level to
831 increase by the amount specified in $debug_peer_level.
832 error_notice_recipient (postmaster)
834 The recipient of postmaster notifications about mail delivery
835 problems that are caused by policy, resource, software or proto‐
836 col errors.
837 internal_mail_filter_classes (empty)
839 What categories of Postfix-generated mail are subject to
840 before-queue content inspection by non_smtpd_milters,
841 header_checks and body_checks.
842 notify_classes (resource, software)
844 The list of error classes that are reported to the postmaster.
845
847 best_mx_transport (empty)
848 Where the Postfix SMTP client should deliver mail when it
849 detects a "mail loops back to myself" error condition.
850 config_directory (see 'postconf -d' output)
852 The default location of the Postfix main.cf and master.cf con‐
853 figuration files.
854 daemon_timeout (18000s)
856 How much time a Postfix daemon process may take to handle a
857 request before it is terminated by a built-in watchdog timer.
858 delay_logging_resolution_limit (2)
860 The maximal number of digits after the decimal point when log‐
861 ging sub-second delay values.
862 disable_dns_lookups (no)
864 Disable DNS lookups in the Postfix SMTP and LMTP clients.
865 inet_interfaces (all)
867 The network interface addresses that this mail system receives
868 mail on.
869 inet_protocols (all)
871 The Internet protocols Postfix will attempt to use when making
872 or accepting connections.
873 ipc_timeout (3600s)
875 The time limit for sending or receiving information over an
876 internal communication channel.
877 lmtp_assume_final (no)
879 When a remote LMTP server announces no DSN support, assume that
880 the server performs final delivery, and send "delivered" deliv‐
881 ery status notifications instead of "relayed".
882 lmtp_tcp_port (24)
884 The default TCP port that the Postfix LMTP client connects to.
885 max_idle (100s)
887 The maximum amount of time that an idle Postfix daemon process
888 waits for an incoming connection before terminating voluntarily.
889 max_use (100)
891 The maximal number of incoming connections that a Postfix daemon
892 process will service before terminating voluntarily.
893 process_id (read-only)
895 The process ID of a Postfix command or daemon process.
896 process_name (read-only)
898 The process name of a Postfix command or daemon process.
899 proxy_interfaces (empty)
901 The network interface addresses that this mail system receives
902 mail on by way of a proxy or network address translation unit.
903 smtp_address_preference (any)
905 The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
906 client will try first, when a destination has IPv6 and IPv4
907 addresses with equal MX preference.
908 smtp_bind_address (empty)
910 An optional numerical network address that the Postfix SMTP
911 client should bind to when making an IPv4 connection.
912 smtp_bind_address6 (empty)
914 An optional numerical network address that the Postfix SMTP
915 client should bind to when making an IPv6 connection.
916 smtp_helo_name ($myhostname)
918 The hostname to send in the SMTP HELO or EHLO command.
919 lmtp_lhlo_name ($myhostname)
921 The hostname to send in the LMTP LHLO command.
922 smtp_host_lookup (dns)
924 What mechanisms the Postfix SMTP client uses to look up a host's
925 IP address.
926 smtp_randomize_addresses (yes)
928 Randomize the order of equal-preference MX host addresses.
929 syslog_facility (mail)
931 The syslog facility of Postfix logging.
932 syslog_name (see 'postconf -d' output)
934 A prefix that is prepended to the process name in syslog
935 records, so that, for example, "smtpd" becomes "prefix/smtpd".
936 Available with Postfix 2.2 and earlier:
938 fallback_relay (empty)
940 Optional list of relay hosts for SMTP destinations that can't be
941 found or that are unreachable.
942 Available with Postfix 2.3 and later:
944 smtp_fallback_relay ($fallback_relay)
946 Optional list of relay hosts for SMTP destinations that can't be
947 found or that are unreachable.
948 Available with Postfix 3.0 and later:
950 smtp_address_verify_target (rcpt)
952 In the context of email address verification, the SMTP protocol
953 stage that determines whether an email address is deliverable.
954 Available with Postfix 3.1 and later:
956 lmtp_fallback_relay (empty)
958 Optional list of relay hosts for LMTP destinations that can't be
959 found or that are unreachable.
960 Available with Postfix 3.2 and later:
962 smtp_tcp_port (smtp)
964 The default TCP port that the Postfix SMTP client connects to.
965 Available in Postfix 3.3 and later:
967 service_name (read-only)
969 The master.cf service name of a Postfix daemon process.
970
972 generic(5), output address rewriting
973 header_checks(5), message header content inspection
974 body_checks(5), body parts content inspection
975 qmgr(8), queue manager
976 bounce(8), delivery status reports
977 scache(8), connection cache server
978 postconf(5), configuration parameters
979 master(5), generic daemon options
980 master(8), process manager
981 tlsmgr(8), TLS session and PRNG management
982 postlogd(8), Postfix logging
983 syslogd(8), system logging
984
986 Use "postconf readme_directory" or "postconf html_directory" to locate
987 this information.
988 SASL_README, Postfix SASL howto
989 TLS_README, Postfix STARTTLS howto
990
992 The Secure Mailer license must be distributed with this software.
993
995 Wietse Venema
996 IBM T.J. Watson Research
997 P.O. Box 704
998 Yorktown Heights, NY 10598, USA
999 Wietse Venema
1001 Google, Inc.
1002 111 8th Avenue
1003 New York, NY 10011, USA
1004 Command pipelining in cooperation with:
1006 Jon Ribbens
1007 Oaktree Internet Solutions Ltd.,
1008 Internet House,
1009 Canal Basin,
1010 Coventry,
1011 CV1 4LY, United Kingdom.
1012 SASL support originally by:
1014 Till Franke
1015 SuSE Rhein/Main AG
1016 65760 Eschborn, Germany
1017 TLS support originally by:
1019 Lutz Jaenicke
1020 BTU Cottbus
1021 Allgemeine Elektrotechnik
1022 Universitaetsplatz 3-4
1023 D-03044 Cottbus, Germany
1024 Revised TLS and SMTP connection cache support by:
1026 Victor Duchovni
1027 Morgan Stanley
1028 SMTP(8)