1SMTPD(8)                    System Manager's Manual                   SMTPD(8)
2
3
4

NAME

6       smtpd - Postfix SMTP server
7

SYNOPSIS

9       smtpd [generic Postfix daemon options]
10
11       sendmail -bs
12

DESCRIPTION

14       The  SMTP  server accepts network connection requests and performs zero
15       or more SMTP transactions per connection.   Each  received  message  is
16       piped  through  the  cleanup(8) daemon, and is placed into the incoming
17       queue as one single queue file.  For this mode of operation,  the  pro‐
18       gram expects to be run from the master(8) process manager.
19
20       Alternatively,  the SMTP server be can run in stand-alone mode; this is
21       traditionally obtained with "sendmail -bs".  When the SMTP server  runs
22       stand-alone  with  non  $mail_owner  privileges,  it receives mail even
23       while the mail system is not running, deposits messages  directly  into
24       the  maildrop queue, and disables the SMTP server's access policies. As
25       of Postfix version 2.3, the SMTP server refuses to  receive  mail  from
26       the network when it runs with non $mail_owner privileges.
27
28       The  SMTP  server  implements  a variety of policies for connection re‐
29       quests, and for parameters given to HELO, ETRN,  MAIL  FROM,  VRFY  and
30       RCPT TO commands. They are detailed below and in the main.cf configura‐
31       tion file.
32

SECURITY

34       The SMTP server is moderately  security-sensitive.  It  talks  to  SMTP
35       clients  and  to DNS servers on the network. The SMTP server can be run
36       chrooted at fixed low privilege.
37

STANDARDS

39       RFC 821 (SMTP protocol)
40       RFC 1123 (Host requirements)
41       RFC 1652 (8bit-MIME transport)
42       RFC 1869 (SMTP service extensions)
43       RFC 1870 (Message size declaration)
44       RFC 1985 (ETRN command)
45       RFC 2034 (SMTP enhanced status codes)
46       RFC 2554 (AUTH command)
47       RFC 2821 (SMTP protocol)
48       RFC 2920 (SMTP pipelining)
49       RFC 3030 (CHUNKING without BINARYMIME)
50       RFC 3207 (STARTTLS command)
51       RFC 3461 (SMTP DSN extension)
52       RFC 3463 (Enhanced status codes)
53       RFC 3848 (ESMTP transmission types)
54       RFC 4409 (Message submission)
55       RFC 4954 (AUTH command)
56       RFC 5321 (SMTP protocol)
57       RFC 6531 (Internationalized SMTP)
58       RFC 6533 (Internationalized Delivery Status Notifications)
59       RFC 7505 ("Null MX" No Service Resource Record)
60

DIAGNOSTICS

62       Problems and transactions are logged to syslogd(8) or postlogd(8).
63
64       Depending on the setting of the notify_classes parameter, the  postmas‐
65       ter  is  notified of bounces, protocol problems, policy violations, and
66       of other trouble.
67

CONFIGURATION PARAMETERS

69       Changes to main.cf are picked up automatically, as  smtpd(8)  processes
70       run for only a limited amount of time. Use the command "postfix reload"
71       to speed up a change.
72
73       The text below provides only a parameter summary. See  postconf(5)  for
74       more details including examples.
75

COMPATIBILITY CONTROLS

77       The  following  parameters  work  around implementation errors in other
78       software, and/or allow you to override standards in  order  to  prevent
79       undesirable use.
80
81       broken_sasl_auth_clients (no)
82              Enable  interoperability with remote SMTP clients that implement
83              an obsolete version of the AUTH command (RFC 4954).
84
85       disable_vrfy_command (no)
86              Disable the SMTP VRFY command.
87
88       smtpd_noop_commands (empty)
89              List of commands that the Postfix SMTP server  replies  to  with
90              "250  Ok",  without doing any syntax checks and without changing
91              state.
92
93       strict_rfc821_envelopes (no)
94              Require that addresses received in SMTP MAIL FROM  and  RCPT  TO
95              commands  are  enclosed with <>, and that those addresses do not
96              contain RFC 822 style comments or phrases.
97
98       Available in Postfix version 2.1 and later:
99
100       smtpd_reject_unlisted_sender (no)
101              Request that the Postfix SMTP server rejects mail  from  unknown
102              sender  addresses,  even when no explicit reject_unlisted_sender
103              access restriction is specified.
104
105       smtpd_sasl_exceptions_networks (empty)
106              What remote SMTP clients the Postfix SMTP server will not  offer
107              AUTH support to.
108
109       Available in Postfix version 2.2 and later:
110
111       smtpd_discard_ehlo_keyword_address_maps (empty)
112              Lookup  tables,  indexed by the remote SMTP client address, with
113              case insensitive lists of EHLO keywords  (pipelining,  starttls,
114              auth,  etc.)  that  the Postfix SMTP server will not send in the
115              EHLO response to a remote SMTP client.
116
117       smtpd_discard_ehlo_keywords (empty)
118              A case insensitive list of EHLO keywords (pipelining,  starttls,
119              auth,  etc.)  that  the Postfix SMTP server will not send in the
120              EHLO response to a remote SMTP client.
121
122       smtpd_delay_open_until_valid_rcpt (yes)
123              Postpone the start of an SMTP mail  transaction  until  a  valid
124              RCPT TO command is received.
125
126       Available in Postfix version 2.3 and later:
127
128       smtpd_tls_always_issue_session_ids (yes)
129              Force  the  Postfix  SMTP server to issue a TLS session id, even
130              when  TLS  session  caching  is   turned   off   (smtpd_tls_ses‐
131              sion_cache_database is empty).
132
133       Available in Postfix version 2.6 and later:
134
135       tcp_windowsize (0)
136              An  optional  workaround for routers that break TCP window scal‐
137              ing.
138
139       Available in Postfix version 2.7 and later:
140
141       smtpd_command_filter (empty)
142              A mechanism to transform commands from remote SMTP clients.
143
144       Available in Postfix version 2.9 and later:
145
146       smtpd_per_record_deadline (normal: no, overload: yes)
147              Change  the  behavior  of  the  smtpd_timeout  and  smtpd_start‐
148              tls_timeout  time  limits,  from  a time limit per read or write
149              system call, to a time limit  to  send  or  receive  a  complete
150              record  (an  SMTP command line, SMTP response line, SMTP message
151              content line, or TLS protocol message).
152
153       Available in Postfix version 3.0 and later:
154
155       smtpd_dns_reply_filter (empty)
156              Optional filter for Postfix SMTP server DNS lookup results.
157
158       Available in Postfix version 3.6 and later:
159
160       smtpd_relay_before_recipient_restrictions (see 'postconf -d' output)
161              Evaluate  smtpd_relay_restrictions  before   smtpd_recipient_re‐
162              strictions.
163
164       known_tcp_ports   (lmtp=24,   smtp=25,  smtps=submissions=465,  submis‐
165       sion=587)
166              Optional setting that avoids lookups in  the  services(5)  data‐
167              base.
168

ADDRESS REWRITING CONTROLS

170       See  the ADDRESS_REWRITING_README document for a detailed discussion of
171       Postfix address rewriting.
172
173       receive_override_options (empty)
174              Enable or disable recipient validation, built-in content filter‐
175              ing, or address mapping.
176
177       Available in Postfix version 2.2 and later:
178
179       local_header_rewrite_clients (permit_inet_interfaces)
180              Rewrite  message header addresses in mail from these clients and
181              update incomplete addresses with the domain name in $myorigin or
182              $mydomain;  either  don't  rewrite  message  headers  from other
183              clients at all, or rewrite message headers and update incomplete
184              addresses  with  the  domain  specified in the remote_header_re‐
185              write_domain parameter.
186

BEFORE-SMTPD PROXY AGENT

188       Available in Postfix version 2.10 and later:
189
190       smtpd_upstream_proxy_protocol (empty)
191              The name of the proxy protocol used by an optional  before-smtpd
192              proxy agent.
193
194       smtpd_upstream_proxy_timeout (5s)
195              The  time  limit  for  the  proxy  protocol  specified  with the
196              smtpd_upstream_proxy_protocol parameter.
197

AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS

199       As of version 1.0, Postfix can be configured to send new mail to an ex‐
200       ternal  content filter AFTER the mail is queued. This content filter is
201       expected to inject mail back into a (Postfix or other) MTA for  further
202       delivery. See the FILTER_README document for details.
203
204       content_filter (empty)
205              After  the  message  is  queued,  send the entire message to the
206              specified transport:destination.
207

BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS

209       As of version 2.1, the Postfix SMTP server can be  configured  to  send
210       incoming  mail  to a real-time SMTP-based content filter BEFORE mail is
211       queued.  This content filter is expected to inject mail back into Post‐
212       fix.  See the SMTPD_PROXY_README document for details on how to config‐
213       ure and operate this feature.
214
215       smtpd_proxy_filter (empty)
216              The hostname and TCP port of the mail filtering proxy server.
217
218       smtpd_proxy_ehlo ($myhostname)
219              How the Postfix SMTP server announces itself to the  proxy  fil‐
220              ter.
221
222       smtpd_proxy_options (empty)
223              List  of options that control how the Postfix SMTP server commu‐
224              nicates with a before-queue content filter.
225
226       smtpd_proxy_timeout (100s)
227              The time limit for connecting to a proxy filter and for  sending
228              or receiving information.
229

BEFORE QUEUE MILTER CONTROLS

231       As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
232       filter) protocol. These content filters run outside Postfix.  They  can
233       inspect  the  SMTP  command stream and the message content, and can re‐
234       quest modifications before mail is queued. For  details  see  the  MIL‐
235       TER_README document.
236
237       smtpd_milters (empty)
238              A  list  of  Milter (mail filter) applications for new mail that
239              arrives via the Postfix smtpd(8) server.
240
241       milter_protocol (6)
242              The mail filter protocol version and  optional  protocol  exten‐
243              sions  for  communication  with  a  Milter application; prior to
244              Postfix 2.6 the default protocol is 2.
245
246       milter_default_action (tempfail)
247              The default action when a Milter (mail filter) response  is  un‐
248              available  (for  example,  bad  Postfix  configuration or Milter
249              failure).
250
251       milter_macro_daemon_name ($myhostname)
252              The {daemon_name} macro value for Milter (mail filter)  applica‐
253              tions.
254
255       milter_macro_v ($mail_name $mail_version)
256              The {v} macro value for Milter (mail filter) applications.
257
258       milter_connect_timeout (30s)
259              The time limit for connecting to a Milter (mail filter) applica‐
260              tion, and for negotiating protocol options.
261
262       milter_command_timeout (30s)
263              The time limit for sending an SMTP command  to  a  Milter  (mail
264              filter) application, and for receiving the response.
265
266       milter_content_timeout (300s)
267              The  time  limit  for  sending message content to a Milter (mail
268              filter) application, and for receiving the response.
269
270       milter_connect_macros (see 'postconf -d' output)
271              The macros that are sent to Milter  (mail  filter)  applications
272              after completion of an SMTP connection.
273
274       milter_helo_macros (see 'postconf -d' output)
275              The  macros  that  are sent to Milter (mail filter) applications
276              after the SMTP HELO or EHLO command.
277
278       milter_mail_macros (see 'postconf -d' output)
279              The macros that are sent to Milter  (mail  filter)  applications
280              after the SMTP MAIL FROM command.
281
282       milter_rcpt_macros (see 'postconf -d' output)
283              The  macros  that  are sent to Milter (mail filter) applications
284              after the SMTP RCPT TO command.
285
286       milter_data_macros (see 'postconf -d' output)
287              The macros that are sent to version 4  or  higher  Milter  (mail
288              filter) applications after the SMTP DATA command.
289
290       milter_unknown_command_macros (see 'postconf -d' output)
291              The  macros  that  are  sent to version 3 or higher Milter (mail
292              filter) applications after an unknown SMTP command.
293
294       milter_end_of_header_macros (see 'postconf -d' output)
295              The macros that are sent to Milter  (mail  filter)  applications
296              after the end of the message header.
297
298       milter_end_of_data_macros (see 'postconf -d' output)
299              The  macros  that  are sent to Milter (mail filter) applications
300              after the message end-of-data.
301
302       Available in Postfix version 3.1 and later:
303
304       milter_macro_defaults (empty)
305              Optional list of name=value pairs that  specify  default  values
306              for  arbitrary  macros  that Postfix may send to Milter applica‐
307              tions.
308
309       Available in Postfix version 3.2 and later:
310
311       smtpd_milter_maps (empty)
312              Lookup tables with Milter settings per remote SMTP client IP ad‐
313              dress.
314

GENERAL CONTENT INSPECTION CONTROLS

316       The  following parameters are applicable for both built-in and external
317       content filters.
318
319       Available in Postfix version 2.1 and later:
320
321       receive_override_options (empty)
322              Enable or disable recipient validation, built-in content filter‐
323              ing, or address mapping.
324

EXTERNAL CONTENT INSPECTION CONTROLS

326       The  following  parameters are applicable for both before-queue and af‐
327       ter-queue content filtering.
328
329       Available in Postfix version 2.1 and later:
330
331       smtpd_authorized_xforward_hosts (empty)
332              What remote SMTP clients are allowed to use  the  XFORWARD  fea‐
333              ture.
334

SASL AUTHENTICATION CONTROLS

336       Postfix SASL support (RFC 4954) can be used to authenticate remote SMTP
337       clients to the Postfix SMTP server, and  to  authenticate  the  Postfix
338       SMTP  client to a remote SMTP server.  See the SASL_README document for
339       details.
340
341       broken_sasl_auth_clients (no)
342              Enable interoperability with remote SMTP clients that  implement
343              an obsolete version of the AUTH command (RFC 4954).
344
345       smtpd_sasl_auth_enable (no)
346              Enable SASL authentication in the Postfix SMTP server.
347
348       smtpd_sasl_local_domain (empty)
349              The  name of the Postfix SMTP server's local SASL authentication
350              realm.
351
352       smtpd_sasl_security_options (noanonymous)
353              Postfix SMTP server SASL security options; as of Postfix 2.3 the
354              list  of available features depends on the SASL server implemen‐
355              tation that is selected with smtpd_sasl_type.
356
357       smtpd_sender_login_maps (empty)
358              Optional lookup table with the SASL login  names  that  own  the
359              sender (MAIL FROM) addresses.
360
361       Available in Postfix version 2.1 and later:
362
363       smtpd_sasl_exceptions_networks (empty)
364              What  remote SMTP clients the Postfix SMTP server will not offer
365              AUTH support to.
366
367       Available in Postfix version 2.1 and 2.2:
368
369       smtpd_sasl_application_name (smtpd)
370              The application name that the Postfix SMTP server uses for  SASL
371              server initialization.
372
373       Available in Postfix version 2.3 and later:
374
375       smtpd_sasl_authenticated_header (no)
376              Report the SASL authenticated user name in the smtpd(8) Received
377              message header.
378
379       smtpd_sasl_path (smtpd)
380              Implementation-specific information that the Postfix SMTP server
381              passes  through  to  the SASL plug-in implementation that is se‐
382              lected with smtpd_sasl_type.
383
384       smtpd_sasl_type (cyrus)
385              The SASL plug-in type that the Postfix SMTP  server  should  use
386              for authentication.
387
388       Available in Postfix version 2.5 and later:
389
390       cyrus_sasl_config_path (empty)
391              Search path for Cyrus SASL application configuration files, cur‐
392              rently used only to locate the $smtpd_sasl_path.conf file.
393
394       Available in Postfix version 2.11 and later:
395
396       smtpd_sasl_service (smtp)
397              The service name that is passed to the SASL plug-in that is  se‐
398              lected with smtpd_sasl_type and smtpd_sasl_path.
399
400       Available in Postfix version 3.4 and later:
401
402       smtpd_sasl_response_limit (12288)
403              The maximum length of a SASL client's response to a server chal‐
404              lenge.
405
406       Available in Postfix 3.6 and later:
407
408       smtpd_sasl_mechanism_filter (!external, static:rest)
409              If non-empty, a filter for the SASL  mechanism  names  that  the
410              Postfix SMTP server will announce in the EHLO response.
411

STARTTLS SUPPORT CONTROLS

413       Detailed  information  about STARTTLS configuration may be found in the
414       TLS_README document.
415
416       smtpd_tls_security_level (empty)
417              The SMTP TLS security level for the Postfix SMTP server; when  a
418              non-empty value is specified, this overrides the obsolete param‐
419              eters smtpd_use_tls and smtpd_enforce_tls.
420
421       smtpd_sasl_tls_security_options ($smtpd_sasl_security_options)
422              The SASL authentication security options that the  Postfix  SMTP
423              server uses for TLS encrypted SMTP sessions.
424
425       smtpd_starttls_timeout (see 'postconf -d' output)
426              The time limit for Postfix SMTP server write and read operations
427              during TLS startup and shutdown handshake procedures.
428
429       smtpd_tls_CAfile (empty)
430              A file containing (PEM  format)  CA  certificates  of  root  CAs
431              trusted to sign either remote SMTP client certificates or inter‐
432              mediate CA certificates.
433
434       smtpd_tls_CApath (empty)
435              A directory containing (PEM format) CA certificates of root  CAs
436              trusted to sign either remote SMTP client certificates or inter‐
437              mediate CA certificates.
438
439       smtpd_tls_always_issue_session_ids (yes)
440              Force the Postfix SMTP server to issue a TLS  session  id,  even
441              when   TLS   session   caching  is  turned  off  (smtpd_tls_ses‐
442              sion_cache_database is empty).
443
444       smtpd_tls_ask_ccert (no)
445              Ask a remote SMTP client for a client certificate.
446
447       smtpd_tls_auth_only (no)
448              When TLS encryption is optional in the Postfix SMTP  server,  do
449              not announce or accept SASL authentication over unencrypted con‐
450              nections.
451
452       smtpd_tls_ccert_verifydepth (9)
453              The verification depth for remote SMTP client certificates.
454
455       smtpd_tls_cert_file (empty)
456              File with the Postfix SMTP server RSA certificate in PEM format.
457
458       smtpd_tls_exclude_ciphers (empty)
459              List of ciphers or cipher types to exclude from the SMTP  server
460              cipher list at all TLS security levels.
461
462       smtpd_tls_dcert_file (empty)
463              File with the Postfix SMTP server DSA certificate in PEM format.
464
465       smtpd_tls_dh1024_param_file (empty)
466              File  with DH parameters that the Postfix SMTP server should use
467              with non-export EDH ciphers.
468
469       smtpd_tls_dh512_param_file (empty)
470              File with DH parameters that the Postfix SMTP server should  use
471              with export-grade EDH ciphers.
472
473       smtpd_tls_dkey_file ($smtpd_tls_dcert_file)
474              File with the Postfix SMTP server DSA private key in PEM format.
475
476       smtpd_tls_key_file ($smtpd_tls_cert_file)
477              File with the Postfix SMTP server RSA private key in PEM format.
478
479       smtpd_tls_loglevel (0)
480              Enable additional Postfix SMTP server logging of TLS activity.
481
482       smtpd_tls_mandatory_ciphers (medium)
483              The  minimum  TLS cipher grade that the Postfix SMTP server will
484              use with mandatory TLS encryption.
485
486       smtpd_tls_mandatory_exclude_ciphers (empty)
487              Additional list of ciphers or cipher types to exclude  from  the
488              Postfix  SMTP  server cipher list at mandatory TLS security lev‐
489              els.
490
491       smtpd_tls_mandatory_protocols (see 'postconf -d' output)
492              TLS protocols accepted by the Postfix SMTP server with mandatory
493              TLS encryption.
494
495       smtpd_tls_received_header (no)
496              Request that the Postfix SMTP server produces Received:  message
497              headers that include information about the protocol  and  cipher
498              used,  as  well  as the remote SMTP client CommonName and client
499              certificate issuer CommonName.
500
501       smtpd_tls_req_ccert (no)
502              With mandatory TLS encryption, require  a  trusted  remote  SMTP
503              client certificate in order to allow TLS connections to proceed.
504
505       smtpd_tls_wrappermode (no)
506              Run  the Postfix SMTP server in the non-standard "wrapper" mode,
507              instead of using the STARTTLS command.
508
509       tls_daemon_random_bytes (32)
510              The number of pseudo-random bytes that an  smtp(8)  or  smtpd(8)
511              process  requests from the tlsmgr(8) server in order to seed its
512              internal pseudo random number generator (PRNG).
513
514       tls_high_cipherlist (see 'postconf -d' output)
515              The OpenSSL cipherlist for "high" grade ciphers.
516
517       tls_medium_cipherlist (see 'postconf -d' output)
518              The OpenSSL cipherlist for "medium" or higher grade ciphers.
519
520       tls_low_cipherlist (see 'postconf -d' output)
521              The OpenSSL cipherlist for "low" or higher grade ciphers.
522
523       tls_export_cipherlist (see 'postconf -d' output)
524              The OpenSSL cipherlist for "export" or higher grade ciphers.
525
526       tls_null_cipherlist (eNULL:!aNULL)
527              The OpenSSL cipherlist for "NULL" grade ciphers that provide au‐
528              thentication without encryption.
529
530       Available in Postfix version 2.5 and later:
531
532       smtpd_tls_fingerprint_digest (see 'postconf -d' output)
533              The   message   digest   algorithm   to  construct  remote  SMTP
534              client-certificate  fingerprints  or  public  key   fingerprints
535              (Postfix   2.9   and  later)  for  check_ccert_access  and  per‐
536              mit_tls_clientcerts.
537
538       Available in Postfix version 2.6 and later:
539
540       smtpd_tls_protocols (see postconf -d output)
541              TLS protocols accepted by the Postfix SMTP  server  with  oppor‐
542              tunistic TLS encryption.
543
544       smtpd_tls_ciphers (medium)
545              The  minimum  TLS cipher grade that the Postfix SMTP server will
546              use with opportunistic TLS encryption.
547
548       smtpd_tls_eccert_file (empty)
549              File with the Postfix SMTP server ECDSA certificate in PEM  for‐
550              mat.
551
552       smtpd_tls_eckey_file ($smtpd_tls_eccert_file)
553              File  with the Postfix SMTP server ECDSA private key in PEM for‐
554              mat.
555
556       smtpd_tls_eecdh_grade (see 'postconf -d' output)
557              The Postfix SMTP server  security  grade  for  ephemeral  ellip‐
558              tic-curve Diffie-Hellman (EECDH) key exchange.
559
560       tls_eecdh_strong_curve (prime256v1)
561              The  elliptic curve used by the Postfix SMTP server for sensibly
562              strong ephemeral ECDH key exchange.
563
564       tls_eecdh_ultra_curve (secp384r1)
565              The elliptic curve used by the Postfix SMTP server for maximally
566              strong ephemeral ECDH key exchange.
567
568       Available in Postfix version 2.8 and later:
569
570       tls_preempt_cipherlist (no)
571              With SSLv3 and later, use the Postfix SMTP server's cipher pref‐
572              erence order instead of the remote  client's  cipher  preference
573              order.
574
575       tls_disable_workarounds (see 'postconf -d' output)
576              List or bit-mask of OpenSSL bug work-arounds to disable.
577
578       Available in Postfix version 2.11 and later:
579
580       tlsmgr_service_name (tlsmgr)
581              The name of the tlsmgr(8) service entry in master.cf.
582
583       Available in Postfix version 3.0 and later:
584
585       tls_session_ticket_cipher  (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0:
586       aes-128-cbc)
587              Algorithm used to encrypt RFC5077 TLS session tickets.
588
589       Available in Postfix version 3.2 and later:
590
591       tls_eecdh_auto_curves (see 'postconf -d' output)
592              The prioritized list of elliptic curves supported by the Postfix
593              SMTP client and server.
594
595       Available in Postfix version 3.4 and later:
596
597       smtpd_tls_chain_files (empty)
598              List  of one or more PEM files, each holding one or more private
599              keys directly followed by a corresponding certificate chain.
600
601       tls_server_sni_maps (empty)
602              Optional lookup tables that map names received from remote  SMTP
603              clients  via  the  TLS Server Name Indication (SNI) extension to
604              the appropriate keys and certificate chains.
605
606       Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
607
608       tls_fast_shutdown_enable (yes)
609              A workaround for implementations that hang Postfix  while  shut‐
610              ting down a TLS session, until Postfix times out.
611
612       Available in Postfix 3.5 and later:
613
614       info_log_address_format (external)
615              The  email  address  form that will be used in non-debug logging
616              (info, warning, etc.).
617

OBSOLETE STARTTLS CONTROLS

619       The following configuration parameters  exist  for  compatibility  with
620       Postfix versions before 2.3. Support for these will be removed in a fu‐
621       ture release.
622
623       smtpd_use_tls (no)
624              Opportunistic TLS: announce  STARTTLS  support  to  remote  SMTP
625              clients, but do not require that clients use TLS encryption.
626
627       smtpd_enforce_tls (no)
628              Mandatory TLS: announce STARTTLS support to remote SMTP clients,
629              and require that clients use TLS encryption.
630
631       smtpd_tls_cipherlist (empty)
632              Obsolete Postfix < 2.3 control for the Postfix SMTP  server  TLS
633              cipher list.
634

SMTPUTF8 CONTROLS

636       Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
637
638       smtputf8_enable (yes)
639              Enable  preliminary SMTPUTF8 support for the protocols described
640              in RFC 6531..6533.
641
642       strict_smtputf8 (no)
643              Enable stricter enforcement of the SMTPUTF8 protocol.
644
645       smtputf8_autodetect_classes (sendmail, verify)
646              Detect that a message requires SMTPUTF8 support for  the  speci‐
647              fied mail origin classes.
648
649       Available in Postfix version 3.2 and later:
650
651       enable_idna2003_compatibility (no)
652              Enable   'transitional'   compatibility   between  IDNA2003  and
653              IDNA2008, when converting UTF-8 domain names to/from  the  ASCII
654              form that is used for DNS lookups.
655

VERP SUPPORT CONTROLS

657       With  VERP  style delivery, each recipient of a message receives a cus‐
658       tomized copy of the message with his/her own recipient address  encoded
659       in the envelope sender address.  The VERP_README file describes config‐
660       uration and operation details of Postfix support for variable  envelope
661       return  path addresses.  VERP style delivery is requested with the SMTP
662       XVERP command or with the "sendmail  -V"  command-line  option  and  is
663       available in Postfix version 1.1 and later.
664
665       default_verp_delimiters (+=)
666              The two default VERP delimiter characters.
667
668       verp_delimiter_filter (-=+)
669              The  characters  Postfix accepts as VERP delimiter characters on
670              the Postfix sendmail(1) command line and in SMTP commands.
671
672       Available in Postfix version 1.1 and 2.0:
673
674       authorized_verp_clients ($mynetworks)
675              What remote SMTP clients are allowed to specify the  XVERP  com‐
676              mand.
677
678       Available in Postfix version 2.1 and later:
679
680       smtpd_authorized_verp_clients ($authorized_verp_clients)
681              What  remote  SMTP clients are allowed to specify the XVERP com‐
682              mand.
683

TROUBLE SHOOTING CONTROLS

685       The DEBUG_README document describes how to debug parts of  the  Postfix
686       mail system. The methods vary from making the software log a lot of de‐
687       tail, to running some daemon processes under control of a  call  tracer
688       or debugger.
689
690       debug_peer_level (2)
691              The  increment  in verbose logging level when a nexthop destina‐
692              tion, remote client or server name or network address matches  a
693              pattern given with the debug_peer_list parameter.
694
695       debug_peer_list (empty)
696              Optional  list  of  nexthop destination, remote client or server
697              name or network address patterns that,  if  matched,  cause  the
698              verbose  logging  level  to  increase by the amount specified in
699              $debug_peer_level.
700
701       error_notice_recipient (postmaster)
702              The recipient of postmaster notifications  about  mail  delivery
703              problems that are caused by policy, resource, software or proto‐
704              col errors.
705
706       internal_mail_filter_classes (empty)
707              What categories of Postfix-generated mail  are  subject  to  be‐
708              fore-queue     content    inspection    by    non_smtpd_milters,
709              header_checks and body_checks.
710
711       notify_classes (resource, software)
712              The list of error classes that are reported to the postmaster.
713
714       smtpd_reject_footer (empty)
715              Optional information that is appended after  each  Postfix  SMTP
716              server 4XX or 5XX response.
717
718       soft_bounce (no)
719              Safety  net to keep mail queued that would otherwise be returned
720              to the sender.
721
722       Available in Postfix version 2.1 and later:
723
724       smtpd_authorized_xclient_hosts (empty)
725              What remote SMTP clients are allowed to use the XCLIENT feature.
726
727       Available in Postfix version 2.10 and later:
728
729       smtpd_log_access_permit_actions (empty)
730              Enable logging of the named "permit" actions in SMTP server  ac‐
731              cess  lists  (by  default, the SMTP server logs "reject" actions
732              but not "permit" actions).
733

KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS

735       As of Postfix version 2.0, the SMTP server rejects mail for unknown re‐
736       cipients. This prevents the mail queue from clogging up with undeliver‐
737       able MAILER-DAEMON messages. Additional information on this topic is in
738       the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents.
739
740       show_user_unknown_table_name (yes)
741              Display  the  name  of the recipient table in the "User unknown"
742              responses.
743
744       canonical_maps (empty)
745              Optional address mapping lookup tables for message  headers  and
746              envelopes.
747
748       recipient_canonical_maps (empty)
749              Optional  address  mapping lookup tables for envelope and header
750              recipient addresses.
751
752       sender_canonical_maps (empty)
753              Optional address mapping lookup tables for envelope  and  header
754              sender addresses.
755
756       Parameters concerning known/unknown local recipients:
757
758       mydestination ($myhostname, localhost.$mydomain, localhost)
759              The  list of domains that are delivered via the $local_transport
760              mail delivery transport.
761
762       inet_interfaces (all)
763              The network interface addresses that this mail  system  receives
764              mail on.
765
766       proxy_interfaces (empty)
767              The  network  interface addresses that this mail system receives
768              mail on by way of a proxy or network address translation unit.
769
770       inet_protocols (see 'postconf -d output')
771              The Internet protocols Postfix will attempt to use  when  making
772              or accepting connections.
773
774       local_recipient_maps (proxy:unix:passwd.byname $alias_maps)
775              Lookup tables with all names or addresses of local recipients: a
776              recipient address is local when its domain  matches  $mydestina‐
777              tion, $inet_interfaces or $proxy_interfaces.
778
779       unknown_local_recipient_reject_code (550)
780              The numerical Postfix SMTP server response code when a recipient
781              address is local, and $local_recipient_maps specifies a list  of
782              lookup tables that does not match the recipient.
783
784       Parameters concerning known/unknown recipients of relay destinations:
785
786       relay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)
787              What  destination  domains  (and subdomains thereof) this system
788              will relay mail to.
789
790       relay_recipient_maps (empty)
791              Optional lookup tables with all valid addresses in  the  domains
792              that match $relay_domains.
793
794       unknown_relay_recipient_reject_code (550)
795              The  numerical  Postfix  SMTP server reply code when a recipient
796              address matches $relay_domains, and relay_recipient_maps  speci‐
797              fies  a  list of lookup tables that does not match the recipient
798              address.
799
800       Parameters concerning known/unknown recipients  in  virtual  alias  do‐
801       mains:
802
803       virtual_alias_domains ($virtual_alias_maps)
804              Postfix  is  final destination for the specified list of virtual
805              alias domains, that is, domains  for  which  all  addresses  are
806              aliased to addresses in other local or remote domains.
807
808       virtual_alias_maps ($virtual_maps)
809              Optional lookup tables that alias specific mail addresses or do‐
810              mains to other local or remote address.
811
812       unknown_virtual_alias_reject_code (550)
813              The Postfix SMTP server reply  code  when  a  recipient  address
814              matches  $virtual_alias_domains,  and $virtual_alias_maps speci‐
815              fies a list of lookup tables that does not match  the  recipient
816              address.
817
818       Parameters  concerning  known/unknown recipients in virtual mailbox do‐
819       mains:
820
821       virtual_mailbox_domains ($virtual_mailbox_maps)
822              Postfix is final destination for the specified list of  domains;
823              mail  is  delivered  via  the  $virtual_transport  mail delivery
824              transport.
825
826       virtual_mailbox_maps (empty)
827              Optional lookup tables with all valid addresses in  the  domains
828              that match $virtual_mailbox_domains.
829
830       unknown_virtual_mailbox_reject_code (550)
831              The  Postfix  SMTP  server  reply  code when a recipient address
832              matches  $virtual_mailbox_domains,   and   $virtual_mailbox_maps
833              specifies a list of lookup tables that does not match the recip‐
834              ient address.
835

RESOURCE AND RATE CONTROLS

837       The following parameters limit resource usage by the SMTP server and/or
838       control client request rates.
839
840       line_length_limit (2048)
841              Upon  input,  long  lines  are chopped up into pieces of at most
842              this length; upon delivery, long lines are reconstructed.
843
844       queue_minfree (0)
845              The minimal amount of free space in bytes in the queue file sys‐
846              tem that is needed to receive mail.
847
848       message_size_limit (10240000)
849              The  maximal  size in bytes of a message, including envelope in‐
850              formation.
851
852       smtpd_recipient_limit (1000)
853              The maximal number of recipients that the  Postfix  SMTP  server
854              accepts per message delivery request.
855
856       smtpd_timeout (normal: 300s, overload: 10s)
857              The  time  limit  for sending a Postfix SMTP server response and
858              for receiving a remote SMTP client request.
859
860       smtpd_history_flush_threshold (100)
861              The maximal number of lines in the Postfix SMTP  server  command
862              history  before it is flushed upon receipt of EHLO, RSET, or end
863              of DATA.
864
865       Available in Postfix version 2.3 and later:
866
867       smtpd_peername_lookup (yes)
868              Attempt to look up the remote SMTP client hostname,  and  verify
869              that the name matches the client IP address.
870
871       The per SMTP client connection count and request rate limits are imple‐
872       mented in co-operation with the anvil(8) service, and are available  in
873       Postfix version 2.2 and later.
874
875       smtpd_client_connection_count_limit (50)
876              How  many simultaneous connections any client is allowed to make
877              to this service.
878
879       smtpd_client_connection_rate_limit (0)
880              The maximal number of connection attempts any client is  allowed
881              to make to this service per time unit.
882
883       smtpd_client_message_rate_limit (0)
884              The  maximal number of message delivery requests that any client
885              is allowed to make to this service per time unit, regardless  of
886              whether or not Postfix actually accepts those messages.
887
888       smtpd_client_recipient_rate_limit (0)
889              The maximal number of recipient addresses that any client is al‐
890              lowed to send to this  service  per  time  unit,  regardless  of
891              whether or not Postfix actually accepts those recipients.
892
893       smtpd_client_event_limit_exceptions ($mynetworks)
894              Clients  that  are excluded from smtpd_client_*_count/rate_limit
895              restrictions.
896
897       Available in Postfix version 2.3 and later:
898
899       smtpd_client_new_tls_session_rate_limit (0)
900              The maximal number of new (i.e., uncached) TLS sessions  that  a
901              remote SMTP client is allowed to negotiate with this service per
902              time unit.
903
904       Available in Postfix version 2.9 and later:
905
906       smtpd_per_record_deadline (normal: no, overload: yes)
907              Change  the  behavior  of  the  smtpd_timeout  and  smtpd_start‐
908              tls_timeout  time  limits,  from  a time limit per read or write
909              system call, to a time limit  to  send  or  receive  a  complete
910              record  (an  SMTP command line, SMTP response line, SMTP message
911              content line, or TLS protocol message).
912
913       Available in Postfix version 3.1 and later:
914
915       smtpd_client_auth_rate_limit (0)
916              The maximal number of AUTH commands that any client  is  allowed
917              to  send to this service per time unit, regardless of whether or
918              not Postfix actually accepts those commands.
919

TARPIT CONTROLS

921       When a remote SMTP client makes errors, the Postfix SMTP server can in‐
922       sert  delays  before  responding.  This  can help to slow down run-away
923       software.  The behavior is controlled by an error counter  that  counts
924       the number of errors within an SMTP session that a client makes without
925       delivering mail.
926
927       smtpd_error_sleep_time (1s)
928              With Postfix version 2.1 and later: the SMTP server response de‐
929              lay  after  a  client has made more than $smtpd_soft_error_limit
930              errors, and fewer than $smtpd_hard_error_limit  errors,  without
931              delivering mail.
932
933       smtpd_soft_error_limit (10)
934              The  number  of  errors  a remote SMTP client is allowed to make
935              without delivering mail before the  Postfix  SMTP  server  slows
936              down all its responses.
937
938       smtpd_hard_error_limit (normal: 20, overload: 1)
939              The  maximal number of errors a remote SMTP client is allowed to
940              make without delivering mail.
941
942       smtpd_junk_command_limit (normal: 100, overload: 1)
943              The number of junk commands (NOOP, VRFY, ETRN or  RSET)  that  a
944              remote  SMTP  client  can  send  before  the Postfix SMTP server
945              starts to increment the error counter with each junk command.
946
947       Available in Postfix version 2.1 and later:
948
949       smtpd_recipient_overshoot_limit (1000)
950              The number of recipients that a remote SMTP client can  send  in
951              excess  of  the limit specified with $smtpd_recipient_limit, be‐
952              fore the Postfix SMTP server increments  the  per-session  error
953              count for each excess recipient.
954

ACCESS POLICY DELEGATION CONTROLS

956       As  of version 2.1, Postfix can be configured to delegate access policy
957       decisions to an external server that runs  outside  Postfix.   See  the
958       file SMTPD_POLICY_README for more information.
959
960       smtpd_policy_service_max_idle (300s)
961              The  time after which an idle SMTPD policy service connection is
962              closed.
963
964       smtpd_policy_service_max_ttl (1000s)
965              The time after which an active SMTPD policy  service  connection
966              is closed.
967
968       smtpd_policy_service_timeout (100s)
969              The  time limit for connecting to, writing to, or receiving from
970              a delegated SMTPD policy server.
971
972       Available in Postfix version 3.0 and later:
973
974       smtpd_policy_service_default_action  (451  4.3.5  Server  configuration
975       problem)
976              The default action when an SMTPD policy service request fails.
977
978       smtpd_policy_service_request_limit (0)
979              The  maximal number of requests per SMTPD policy service connec‐
980              tion, or zero (no limit).
981
982       smtpd_policy_service_try_limit (2)
983              The maximal number of attempts to send an SMTPD  policy  service
984              request before giving up.
985
986       smtpd_policy_service_retry_delay (1s)
987              The  delay between attempts to resend a failed SMTPD policy ser‐
988              vice request.
989
990       Available in Postfix version 3.1 and later:
991
992       smtpd_policy_service_policy_context (empty)
993              Optional information that the Postfix SMTP server  specifies  in
994              the  "policy_context"  attribute  of  a  policy  service request
995              (originally, to share the same service endpoint  among  multiple
996              check_policy_service clients).
997

ACCESS CONTROLS

999       The  SMTPD_ACCESS_README document gives an introduction to all the SMTP
1000       server access control features.
1001
1002       smtpd_delay_reject (yes)
1003              Wait   until   the   RCPT   TO   command    before    evaluating
1004              $smtpd_client_restrictions,     $smtpd_helo_restrictions     and
1005              $smtpd_sender_restrictions, or wait until the ETRN  command  be‐
1006              fore  evaluating  $smtpd_client_restrictions and $smtpd_helo_re‐
1007              strictions.
1008
1009       parent_domain_matches_subdomains (see 'postconf -d' output)
1010              A list of Postfix features where the pattern "example.com"  also
1011              matches  subdomains  of example.com, instead of requiring an ex‐
1012              plicit ".example.com" pattern.
1013
1014       smtpd_client_restrictions (empty)
1015              Optional restrictions that the Postfix SMTP  server  applies  in
1016              the context of a client connection request.
1017
1018       smtpd_helo_required (no)
1019              Require  that  a  remote  SMTP client introduces itself with the
1020              HELO or EHLO command before sending the MAIL  command  or  other
1021              commands that require EHLO negotiation.
1022
1023       smtpd_helo_restrictions (empty)
1024              Optional  restrictions  that  the Postfix SMTP server applies in
1025              the context of a client HELO command.
1026
1027       smtpd_sender_restrictions (empty)
1028              Optional restrictions that the Postfix SMTP  server  applies  in
1029              the context of a client MAIL FROM command.
1030
1031       smtpd_recipient_restrictions (see 'postconf -d' output)
1032              Optional  restrictions  that  the Postfix SMTP server applies in
1033              the context of a client RCPT TO command,  after  smtpd_relay_re‐
1034              strictions.
1035
1036       smtpd_etrn_restrictions (empty)
1037              Optional  restrictions  that  the Postfix SMTP server applies in
1038              the context of a client ETRN command.
1039
1040       allow_untrusted_routing (no)
1041              Forward  mail  with   sender-specified   routing   (user[@%!]re‐
1042              mote[@%!]site)  from  untrusted clients to destinations matching
1043              $relay_domains.
1044
1045       smtpd_restriction_classes (empty)
1046              User-defined aliases for groups of access restrictions.
1047
1048       smtpd_null_access_lookup_key (<>)
1049              The lookup key to be used in SMTP access(5)  tables  instead  of
1050              the null sender address.
1051
1052       permit_mx_backup_networks (empty)
1053              Restrict  the use of the permit_mx_backup SMTP access feature to
1054              only domains whose primary MX hosts match the listed networks.
1055
1056       Available in Postfix version 2.0 and later:
1057
1058       smtpd_data_restrictions (empty)
1059              Optional access restrictions that the Postfix  SMTP  server  ap‐
1060              plies in the context of the SMTP DATA command.
1061
1062       smtpd_expansion_filter (see 'postconf -d' output)
1063              What  characters  are  allowed  in $name expansions of RBL reply
1064              templates.
1065
1066       Available in Postfix version 2.1 and later:
1067
1068       smtpd_reject_unlisted_sender (no)
1069              Request that the Postfix SMTP server rejects mail  from  unknown
1070              sender  addresses,  even when no explicit reject_unlisted_sender
1071              access restriction is specified.
1072
1073       smtpd_reject_unlisted_recipient (yes)
1074              Request that the Postfix SMTP server rejects  mail  for  unknown
1075              recipient  addresses,  even when no explicit reject_unlisted_re‐
1076              cipient access restriction is specified.
1077
1078       Available in Postfix version 2.2 and later:
1079
1080       smtpd_end_of_data_restrictions (empty)
1081              Optional access restrictions that the Postfix  SMTP  server  ap‐
1082              plies in the context of the SMTP END-OF-DATA command.
1083
1084       Available in Postfix version 2.10 and later:
1085
1086       smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated,
1087       defer_unauth_destination)
1088              Access restrictions for mail relay control that the Postfix SMTP
1089              server  applies  in  the  context of the RCPT TO command, before
1090              smtpd_recipient_restrictions.
1091

SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS

1093       Postfix version 2.1 introduces sender and recipient  address  verifica‐
1094       tion.  This feature is implemented by sending probe email messages that
1095       are not actually delivered.  This feature  is  requested  via  the  re‐
1096       ject_unverified_sender  and reject_unverified_recipient access restric‐
1097       tions.  The status of verification probes is  maintained  by  the  ver‐
1098       ify(8)  server.   See the file ADDRESS_VERIFICATION_README for informa‐
1099       tion about how to configure and operate  the  Postfix  sender/recipient
1100       address verification service.
1101
1102       address_verify_poll_count (normal: 3, overload: 1)
1103              How many times to query the verify(8) service for the completion
1104              of an address verification request in progress.
1105
1106       address_verify_poll_delay (3s)
1107              The delay between queries for the completion of an address veri‐
1108              fication request in progress.
1109
1110       address_verify_sender ($double_bounce_sender)
1111              The  sender address to use in address verification probes; prior
1112              to Postfix 2.5 the default was "postmaster".
1113
1114       unverified_sender_reject_code (450)
1115              The numerical Postfix SMTP server response code when a recipient
1116              address is rejected by the reject_unverified_sender restriction.
1117
1118       unverified_recipient_reject_code (450)
1119              The  numerical Postfix SMTP server response when a recipient ad‐
1120              dress is rejected by  the  reject_unverified_recipient  restric‐
1121              tion.
1122
1123       Available in Postfix version 2.6 and later:
1124
1125       unverified_sender_defer_code (450)
1126              The  numerical  Postfix  SMTP server response code when a sender
1127              address probe fails due to a temporary error condition.
1128
1129       unverified_recipient_defer_code (450)
1130              The numerical Postfix SMTP server response when a recipient  ad‐
1131              dress probe fails due to a temporary error condition.
1132
1133       unverified_sender_reject_reason (empty)
1134              The  Postfix  SMTP  server's  reply when rejecting mail with re‐
1135              ject_unverified_sender.
1136
1137       unverified_recipient_reject_reason (empty)
1138              The Postfix SMTP server's reply when  rejecting  mail  with  re‐
1139              ject_unverified_recipient.
1140
1141       unverified_sender_tempfail_action ($reject_tempfail_action)
1142              The  Postfix  SMTP server's action when reject_unverified_sender
1143              fails due to a temporary error condition.
1144
1145       unverified_recipient_tempfail_action ($reject_tempfail_action)
1146              The Postfix SMTP server's action when  reject_unverified_recipi‐
1147              ent fails due to a temporary error condition.
1148
1149       Available with Postfix 2.9 and later:
1150
1151       address_verify_sender_ttl (0s)
1152              The  time  between  changes in the time-dependent portion of ad‐
1153              dress verification probe sender addresses.
1154

ACCESS CONTROL RESPONSES

1156       The following parameters control numerical SMTP reply codes and/or text
1157       responses.
1158
1159       access_map_reject_code (554)
1160              The numerical Postfix SMTP server response code for an access(5)
1161              map "reject" action.
1162
1163       defer_code (450)
1164              The numerical Postfix SMTP server response code  when  a  remote
1165              SMTP client request is rejected by the "defer" restriction.
1166
1167       invalid_hostname_reject_code (501)
1168              The  numerical Postfix SMTP server response code when the client
1169              HELO or EHLO command parameter is  rejected  by  the  reject_in‐
1170              valid_helo_hostname restriction.
1171
1172       maps_rbl_reject_code (554)
1173              The  numerical  Postfix  SMTP server response code when a remote
1174              SMTP client request is blocked  by  the  reject_rbl_client,  re‐
1175              ject_rhsbl_client,        reject_rhsbl_reverse_client,       re‐
1176              ject_rhsbl_sender or reject_rhsbl_recipient restriction.
1177
1178       non_fqdn_reject_code (504)
1179              The numerical Postfix SMTP server reply code when a  client  re‐
1180              quest  is  rejected  by  the  reject_non_fqdn_helo_hostname, re‐
1181              ject_non_fqdn_sender or reject_non_fqdn_recipient restriction.
1182
1183       plaintext_reject_code (450)
1184              The numerical Postfix SMTP server response code when  a  request
1185              is rejected by the reject_plaintext_session restriction.
1186
1187       reject_code (554)
1188              The  numerical  Postfix  SMTP server response code when a remote
1189              SMTP client request is rejected by the "reject" restriction.
1190
1191       relay_domains_reject_code (554)
1192              The numerical Postfix SMTP server response code  when  a  client
1193              request  is  rejected by the reject_unauth_destination recipient
1194              restriction.
1195
1196       unknown_address_reject_code (450)
1197              The numerical response code when the Postfix SMTP server rejects
1198              a sender or recipient address because its domain is unknown.
1199
1200       unknown_client_reject_code (450)
1201              The  numerical  Postfix  SMTP server response code when a client
1202              without valid address <=> name mapping is rejected  by  the  re‐
1203              ject_unknown_client_hostname restriction.
1204
1205       unknown_hostname_reject_code (450)
1206              The  numerical  Postfix SMTP server response code when the host‐
1207              name specified with the HELO or EHLO command is rejected by  the
1208              reject_unknown_helo_hostname restriction.
1209
1210       Available in Postfix version 2.0 and later:
1211
1212       default_rbl_reply (see 'postconf -d' output)
1213              The  default Postfix SMTP server response template for a request
1214              that is rejected by an RBL-based restriction.
1215
1216       multi_recipient_bounce_reject_code (550)
1217              The numerical Postfix SMTP server response code  when  a  remote
1218              SMTP  client  request  is  blocked  by  the reject_multi_recipi‐
1219              ent_bounce restriction.
1220
1221       rbl_reply_maps (empty)
1222              Optional lookup tables with RBL response templates.
1223
1224       Available in Postfix version 2.6 and later:
1225
1226       access_map_defer_code (450)
1227              The numerical Postfix SMTP server response code for an access(5)
1228              map "defer" action, including "defer_if_permit" or "defer_if_re‐
1229              ject".
1230
1231       reject_tempfail_action (defer_if_permit)
1232              The Postfix SMTP server's action when a reject-type  restriction
1233              fails due to a temporary error condition.
1234
1235       unknown_helo_hostname_tempfail_action ($reject_tempfail_action)
1236              The  Postfix SMTP server's action when reject_unknown_helo_host‐
1237              name fails due to a temporary error condition.
1238
1239       unknown_address_tempfail_action ($reject_tempfail_action)
1240              The Postfix SMTP server's action when  reject_unknown_sender_do‐
1241              main  or reject_unknown_recipient_domain fail due to a temporary
1242              error condition.
1243

MISCELLANEOUS CONTROLS

1245       config_directory (see 'postconf -d' output)
1246              The default location of the Postfix main.cf and  master.cf  con‐
1247              figuration files.
1248
1249       daemon_timeout (18000s)
1250              How  much time a Postfix daemon process may take to handle a re‐
1251              quest before it is terminated by a built-in watchdog timer.
1252
1253       command_directory (see 'postconf -d' output)
1254              The location of all postfix administrative commands.
1255
1256       double_bounce_sender (double-bounce)
1257              The sender address of postmaster notifications that  are  gener‐
1258              ated by the mail system.
1259
1260       ipc_timeout (3600s)
1261              The  time limit for sending or receiving information over an in‐
1262              ternal communication channel.
1263
1264       mail_name (Postfix)
1265              The mail system name that is displayed in Received: headers,  in
1266              the SMTP greeting banner, and in bounced mail.
1267
1268       mail_owner (postfix)
1269              The  UNIX  system  account  that owns the Postfix queue and most
1270              Postfix daemon processes.
1271
1272       max_idle (100s)
1273              The maximum amount of time that an idle Postfix  daemon  process
1274              waits for an incoming connection before terminating voluntarily.
1275
1276       max_use (100)
1277              The maximal number of incoming connections that a Postfix daemon
1278              process will service before terminating voluntarily.
1279
1280       myhostname (see 'postconf -d' output)
1281              The internet hostname of this mail system.
1282
1283       mynetworks (see 'postconf -d' output)
1284              The list of "trusted" remote SMTP clients that have more  privi‐
1285              leges than "strangers".
1286
1287       myorigin ($myhostname)
1288              The  domain  name that locally-posted mail appears to come from,
1289              and that locally posted mail is delivered to.
1290
1291       process_id (read-only)
1292              The process ID of a Postfix command or daemon process.
1293
1294       process_name (read-only)
1295              The process name of a Postfix command or daemon process.
1296
1297       queue_directory (see 'postconf -d' output)
1298              The location of the Postfix top-level queue directory.
1299
1300       recipient_delimiter (empty)
1301              The set of characters that can separate an email address  local‐
1302              part, user name, or a .forward file name from its extension.
1303
1304       smtpd_banner ($myhostname ESMTP $mail_name)
1305              The  text  that follows the 220 status code in the SMTP greeting
1306              banner.
1307
1308       syslog_facility (mail)
1309              The syslog facility of Postfix logging.
1310
1311       syslog_name (see 'postconf -d' output)
1312              A prefix that  is  prepended  to  the  process  name  in  syslog
1313              records, so that, for example, "smtpd" becomes "prefix/smtpd".
1314
1315       Available in Postfix version 2.2 and later:
1316
1317       smtpd_forbidden_commands (CONNECT, GET, POST)
1318              List  of  commands that cause the Postfix SMTP server to immedi‐
1319              ately terminate the session with a 221 code.
1320
1321       Available in Postfix version 2.5 and later:
1322
1323       smtpd_client_port_logging (no)
1324              Enable logging of the remote SMTP client port in addition to the
1325              hostname and IP address.
1326
1327       Available in Postfix 3.3 and later:
1328
1329       service_name (read-only)
1330              The master.cf service name of a Postfix daemon process.
1331
1332       Available in Postfix 3.4 and later:
1333
1334       smtpd_reject_footer_maps (empty)
1335              Lookup  tables,  indexed by the complete Postfix SMTP server 4xx
1336              or 5xx response, with reject footer templates.
1337

SEE ALSO

1339       anvil(8), connection/rate limiting
1340       cleanup(8), message canonicalization
1341       tlsmgr(8), TLS session and PRNG management
1342       trivial-rewrite(8), address resolver
1343       verify(8), address verification service
1344       postconf(5), configuration parameters
1345       master(5), generic daemon options
1346       master(8), process manager
1347       postlogd(8), Postfix logging
1348       syslogd(8), system logging
1349

README FILES

1351       Use "postconf readme_directory" or "postconf html_directory" to  locate
1352       this information.
1353       ADDRESS_CLASS_README, blocking unknown hosted or relay recipients
1354       ADDRESS_REWRITING_README, Postfix address manipulation
1355       BDAT_README, Postfix CHUNKING support
1356       FILTER_README, external after-queue content filter
1357       LOCAL_RECIPIENT_README, blocking unknown local recipients
1358       MILTER_README, before-queue mail filter applications
1359       SMTPD_ACCESS_README, built-in access policies
1360       SMTPD_POLICY_README, external policy server
1361       SMTPD_PROXY_README, external before-queue content filter
1362       SASL_README, Postfix SASL howto
1363       TLS_README, Postfix STARTTLS howto
1364       VERP_README, Postfix XVERP extension
1365       XCLIENT_README, Postfix XCLIENT extension
1366       XFORWARD_README, Postfix XFORWARD extension
1367

LICENSE

1369       The Secure Mailer license must be distributed with this software.
1370

AUTHOR(S)

1372       Wietse Venema
1373       IBM T.J. Watson Research
1374       P.O. Box 704
1375       Yorktown Heights, NY 10598, USA
1376
1377       Wietse Venema
1378       Google, Inc.
1379       111 8th Avenue
1380       New York, NY 10011, USA
1381
1382       SASL support originally by:
1383       Till Franke
1384       SuSE Rhein/Main AG
1385       65760 Eschborn, Germany
1386
1387       TLS support originally by:
1388       Lutz Jaenicke
1389       BTU Cottbus
1390       Allgemeine Elektrotechnik
1391       Universitaetsplatz 3-4
1392       D-03044 Cottbus, Germany
1393
1394       Revised TLS support by:
1395       Victor Duchovni
1396       Morgan Stanley
1397
1398
1399
1400                                                                      SMTPD(8)
Impressum