1CLEANUP(8) System Manager's Manual CLEANUP(8)
2
6 cleanup - canonicalize and enqueue Postfix message
7
9 cleanup [generic Postfix daemon options]
10
12 The cleanup(8) daemon processes inbound mail, inserts it into the in‐
13 coming mail queue, and informs the queue manager of its arrival.
14 The cleanup(8) daemon performs the following transformations:
16 • Insert missing message headers: (Resent-) From:, To:, Mes‐
18 sage-Id:, and Date:.
19 This is enabled with the local_header_rewrite_clients and al‐
20 ways_add_missing_headers parameter settings.
21 • Transform envelope and header addresses to the standard
23 user@fully-qualified-domain form that is expected by other Post‐
24 fix programs. This task depends on the trivial-rewrite(8) dae‐
25 mon.
26 The header transformation is enabled with the local_header_re‐
27 write_clients parameter setting.
28 • Eliminate duplicate envelope recipient addresses.
30 This is enabled with the duplicate_filter_limit parameter set‐
31 ting.
32 • Remove message headers: Bcc, Content-Length, Resent-Bcc, Re‐
34 turn-Path.
35 This is enabled with the message_drop_headers parameter setting.
36 • Optionally, rewrite all envelope and header addresses according
38 to the mappings specified in the canonical(5) lookup tables.
39 The header transformation is enabled with the local_header_re‐
40 write_clients parameter setting.
41 • Optionally, masquerade envelope sender addresses and message
43 header addresses (i.e. strip host or domain information below
44 all domains listed in the masquerade_domains parameter, except
45 for user names listed in masquerade_exceptions). By default,
46 address masquerading does not affect envelope recipients.
47 The header transformation is enabled with the local_header_re‐
48 write_clients parameter setting.
49 • Optionally, expand envelope recipients according to information
51 found in the virtual_alias_maps lookup tables.
52 The cleanup(8) daemon performs sanity checks on the content of each
54 message. When it finds a problem, by default it returns a diagnostic
55 status to the cleanup service client, and leaves it up to the client to
56 deal with the problem. Alternatively, the client can request the
57 cleanup(8) daemon to bounce the message back to the sender in case of
58 trouble.
59
61 RFC 822 (ARPA Internet Text Messages)
62 RFC 2045 (MIME: Format of Internet Message Bodies)
63 RFC 2046 (MIME: Media Types)
64 RFC 2822 (Internet Message Format)
65 RFC 3463 (Enhanced Status Codes)
66 RFC 3464 (Delivery status notifications)
67 RFC 5322 (Internet Message Format)
68
70 Problems and transactions are logged to syslogd(8) or postlogd(8).
71
73 Table-driven rewriting rules make it hard to express if then else and
74 other logical relationships.
75
77 Changes to main.cf are picked up automatically, as cleanup(8) processes
78 run for only a limited amount of time. Use the command "postfix reload"
79 to speed up a change.
80 The text below provides only a parameter summary. See postconf(5) for
82 more details including examples.
83
85 undisclosed_recipients_header (see 'postconf -d' output)
86 Message header that the Postfix cleanup(8) server inserts when a
87 message contains no To: or Cc: message header.
88 Available in Postfix version 2.1 only:
90 enable_errors_to (no)
92 Report mail delivery errors to the address specified with the
93 non-standard Errors-To: message header, instead of the envelope
94 sender address (this feature is removed with Postfix version
95 2.2, is turned off by default with Postfix version 2.1, and is
96 always turned on with older Postfix versions).
97 Available in Postfix version 2.6 and later:
99 always_add_missing_headers (no)
101 Always add (Resent-) From:, To:, Date: or Message-ID: headers
102 when not present.
103 Available in Postfix version 2.9 and later:
105 enable_long_queue_ids (no)
107 Enable long, non-repeating, queue IDs (queue file names).
108 Available in Postfix version 3.0 and later:
110 message_drop_headers (bcc, content-length, resent-bcc, return-path)
112 Names of message headers that the cleanup(8) daemon will remove
113 after applying header_checks(5) and before invoking Milter ap‐
114 plications.
115 header_from_format (standard)
117 The format of the Postfix-generated From: header.
118
120 Postfix built-in content filtering is meant to stop a flood of worms or
121 viruses. It is not a general content filter.
122 body_checks (empty)
124 Optional lookup tables for content inspection as specified in
125 the body_checks(5) manual page.
126 header_checks (empty)
128 Optional lookup tables for content inspection of primary
129 non-MIME message headers, as specified in the header_checks(5)
130 manual page.
131 Available in Postfix version 2.0 and later:
133 body_checks_size_limit (51200)
135 How much text in a message body segment (or attachment, if you
136 prefer to use that term) is subjected to body_checks inspection.
137 mime_header_checks ($header_checks)
139 Optional lookup tables for content inspection of MIME related
140 message headers, as described in the header_checks(5) manual
141 page.
142 nested_header_checks ($header_checks)
144 Optional lookup tables for content inspection of non-MIME mes‐
145 sage headers in attached messages, as described in the
146 header_checks(5) manual page.
147 Available in Postfix version 2.3 and later:
149 message_reject_characters (empty)
151 The set of characters that Postfix will reject in message con‐
152 tent.
153 message_strip_characters (empty)
155 The set of characters that Postfix will remove from message con‐
156 tent.
157
159 As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
160 filter) protocol. When mail is not received via the smtpd(8) server,
161 the cleanup(8) server will simulate SMTP events to the extent that this
162 is possible. For details see the MILTER_README document.
163 non_smtpd_milters (empty)
165 A list of Milter (mail filter) applications for new mail that
166 does not arrive via the Postfix smtpd(8) server.
167 milter_protocol (6)
169 The mail filter protocol version and optional protocol exten‐
170 sions for communication with a Milter application; prior to
171 Postfix 2.6 the default protocol is 2.
172 milter_default_action (tempfail)
174 The default action when a Milter (mail filter) response is un‐
175 available (for example, bad Postfix configuration or Milter
176 failure).
177 milter_macro_daemon_name ($myhostname)
179 The {daemon_name} macro value for Milter (mail filter) applica‐
180 tions.
181 milter_macro_v ($mail_name $mail_version)
183 The {v} macro value for Milter (mail filter) applications.
184 milter_connect_timeout (30s)
186 The time limit for connecting to a Milter (mail filter) applica‐
187 tion, and for negotiating protocol options.
188 milter_command_timeout (30s)
190 The time limit for sending an SMTP command to a Milter (mail
191 filter) application, and for receiving the response.
192 milter_content_timeout (300s)
194 The time limit for sending message content to a Milter (mail
195 filter) application, and for receiving the response.
196 milter_connect_macros (see 'postconf -d' output)
198 The macros that are sent to Milter (mail filter) applications
199 after completion of an SMTP connection.
200 milter_helo_macros (see 'postconf -d' output)
202 The macros that are sent to Milter (mail filter) applications
203 after the SMTP HELO or EHLO command.
204 milter_mail_macros (see 'postconf -d' output)
206 The macros that are sent to Milter (mail filter) applications
207 after the SMTP MAIL FROM command.
208 milter_rcpt_macros (see 'postconf -d' output)
210 The macros that are sent to Milter (mail filter) applications
211 after the SMTP RCPT TO command.
212 milter_data_macros (see 'postconf -d' output)
214 The macros that are sent to version 4 or higher Milter (mail
215 filter) applications after the SMTP DATA command.
216 milter_unknown_command_macros (see 'postconf -d' output)
218 The macros that are sent to version 3 or higher Milter (mail
219 filter) applications after an unknown SMTP command.
220 milter_end_of_data_macros (see 'postconf -d' output)
222 The macros that are sent to Milter (mail filter) applications
223 after the message end-of-data.
224 Available in Postfix version 2.5 and later:
226 milter_end_of_header_macros (see 'postconf -d' output)
228 The macros that are sent to Milter (mail filter) applications
229 after the end of the message header.
230 Available in Postfix version 2.7 and later:
232 milter_header_checks (empty)
234 Optional lookup tables for content inspection of message headers
235 that are produced by Milter applications.
236 Available in Postfix version 3.1 and later:
238 milter_macro_defaults (empty)
240 Optional list of name=value pairs that specify default values
241 for arbitrary macros that Postfix may send to Milter applica‐
242 tions.
243
245 Available in Postfix version 2.0 and later:
246 disable_mime_input_processing (no)
248 Turn off MIME processing while receiving mail.
249 mime_boundary_length_limit (2048)
251 The maximal length of MIME multipart boundary strings.
252 mime_nesting_limit (100)
254 The maximal recursion level that the MIME processor will handle.
255 strict_8bitmime (no)
257 Enable both strict_7bit_headers and strict_8bitmime_body.
258 strict_7bit_headers (no)
260 Reject mail with 8-bit text in message headers.
261 strict_8bitmime_body (no)
263 Reject 8-bit message body text without 8-bit MIME content encod‐
264 ing information.
265 strict_mime_encoding_domain (no)
267 Reject mail with invalid Content-Transfer-Encoding: information
268 for the message/* or multipart/* MIME content types.
269 Available in Postfix version 2.5 and later:
271 detect_8bit_encoding_header (yes)
273 Automatically detect 8BITMIME body content by looking at Con‐
274 tent-Transfer-Encoding: message headers; historically, this be‐
275 havior was hard-coded to be "always on".
276
278 Postfix can automatically add BCC (blind carbon copy) when mail enters
279 the mail system:
280 always_bcc (empty)
282 Optional address that receives a "blind carbon copy" of each
283 message that is received by the Postfix mail system.
284 Available in Postfix version 2.1 and later:
286 sender_bcc_maps (empty)
288 Optional BCC (blind carbon-copy) address lookup tables, indexed
289 by sender address.
290 recipient_bcc_maps (empty)
292 Optional BCC (blind carbon-copy) address lookup tables, indexed
293 by recipient address.
294
296 Address rewriting is delegated to the trivial-rewrite(8) daemon. The
297 cleanup(8) server implements table driven address mapping.
298 empty_address_recipient (MAILER-DAEMON)
300 The recipient of mail addressed to the null address.
301 canonical_maps (empty)
303 Optional address mapping lookup tables for message headers and
304 envelopes.
305 recipient_canonical_maps (empty)
307 Optional address mapping lookup tables for envelope and header
308 recipient addresses.
309 sender_canonical_maps (empty)
311 Optional address mapping lookup tables for envelope and header
312 sender addresses.
313 masquerade_classes (envelope_sender, header_sender, header_recipient)
315 What addresses are subject to address masquerading.
316 masquerade_domains (empty)
318 Optional list of domains whose subdomain structure will be
319 stripped off in email addresses.
320 masquerade_exceptions (empty)
322 Optional list of user names that are not subjected to address
323 masquerading, even when their addresses match $masquerade_do‐
324 mains.
325 propagate_unmatched_extensions (canonical, virtual)
327 What address lookup tables copy an address extension from the
328 lookup key to the lookup result.
329 Available before Postfix version 2.0:
331 virtual_maps (empty)
333 Optional lookup tables with a) names of domains for which all
334 addresses are aliased to addresses in other local or remote do‐
335 mains, and b) addresses that are aliased to addresses in other
336 local or remote domains.
337 Available in Postfix version 2.0 and later:
339 virtual_alias_maps ($virtual_maps)
341 Optional lookup tables that alias specific mail addresses or do‐
342 mains to other local or remote address.
343 Available in Postfix version 2.2 and later:
345 canonical_classes (envelope_sender, envelope_recipient, header_sender,
347 header_recipient)
348 What addresses are subject to canonical_maps address mapping.
349 recipient_canonical_classes (envelope_recipient, header_recipient)
351 What addresses are subject to recipient_canonical_maps address
352 mapping.
353 sender_canonical_classes (envelope_sender, header_sender)
355 What addresses are subject to sender_canonical_maps address map‐
356 ping.
357 remote_header_rewrite_domain (empty)
359 Don't rewrite message headers from remote clients at all when
360 this parameter is empty; otherwise, rewrite message headers and
361 append the specified domain name to incomplete addresses.
362
364 duplicate_filter_limit (1000)
365 The maximal number of addresses remembered by the address dupli‐
366 cate filter for aliases(5) or virtual(5) alias expansion, or for
367 showq(8) queue displays.
368 header_size_limit (102400)
370 The maximal amount of memory in bytes for storing a message
371 header.
372 hopcount_limit (50)
374 The maximal number of Received: message headers that is allowed
375 in the primary message headers.
376 in_flow_delay (1s)
378 Time to pause before accepting a new message, when the message
379 arrival rate exceeds the message delivery rate.
380 message_size_limit (10240000)
382 The maximal size in bytes of a message, including envelope in‐
383 formation.
384 Available in Postfix version 2.0 and later:
386 header_address_token_limit (10240)
388 The maximal number of address tokens are allowed in an address
389 message header.
390 mime_boundary_length_limit (2048)
392 The maximal length of MIME multipart boundary strings.
393 mime_nesting_limit (100)
395 The maximal recursion level that the MIME processor will handle.
396 queue_file_attribute_count_limit (100)
398 The maximal number of (name=value) attributes that may be stored
399 in a Postfix queue file.
400 Available in Postfix version 2.1 and later:
402 virtual_alias_expansion_limit (1000)
404 The maximal number of addresses that virtual alias expansion
405 produces from each original recipient.
406 virtual_alias_recursion_limit (1000)
408 The maximal nesting depth of virtual alias expansion.
409 Available in Postfix version 3.0 and later:
411 virtual_alias_address_length_limit (1000)
413 The maximal length of an email address after virtual alias ex‐
414 pansion.
415
417 Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
418 smtputf8_enable (yes)
420 Enable preliminary SMTPUTF8 support for the protocols described
421 in RFC 6531..6533.
422 smtputf8_autodetect_classes (sendmail, verify)
424 Detect that a message requires SMTPUTF8 support for the speci‐
425 fied mail origin classes.
426 Available in Postfix version 3.2 and later:
428 enable_idna2003_compatibility (no)
430 Enable 'transitional' compatibility between IDNA2003 and
431 IDNA2008, when converting UTF-8 domain names to/from the ASCII
432 form that is used for DNS lookups.
433
435 config_directory (see 'postconf -d' output)
436 The default location of the Postfix main.cf and master.cf con‐
437 figuration files.
438 daemon_timeout (18000s)
440 How much time a Postfix daemon process may take to handle a re‐
441 quest before it is terminated by a built-in watchdog timer.
442 delay_logging_resolution_limit (2)
444 The maximal number of digits after the decimal point when log‐
445 ging sub-second delay values.
446 delay_warning_time (0h)
448 The time after which the sender receives a copy of the message
449 headers of mail that is still queued.
450 ipc_timeout (3600s)
452 The time limit for sending or receiving information over an in‐
453 ternal communication channel.
454 max_idle (100s)
456 The maximum amount of time that an idle Postfix daemon process
457 waits for an incoming connection before terminating voluntarily.
458 max_use (100)
460 The maximal number of incoming connections that a Postfix daemon
461 process will service before terminating voluntarily.
462 myhostname (see 'postconf -d' output)
464 The internet hostname of this mail system.
465 myorigin ($myhostname)
467 The domain name that locally-posted mail appears to come from,
468 and that locally posted mail is delivered to.
469 process_id (read-only)
471 The process ID of a Postfix command or daemon process.
472 process_name (read-only)
474 The process name of a Postfix command or daemon process.
475 queue_directory (see 'postconf -d' output)
477 The location of the Postfix top-level queue directory.
478 soft_bounce (no)
480 Safety net to keep mail queued that would otherwise be returned
481 to the sender.
482 syslog_facility (mail)
484 The syslog facility of Postfix logging.
485 syslog_name (see 'postconf -d' output)
487 A prefix that is prepended to the process name in syslog
488 records, so that, for example, "smtpd" becomes "prefix/smtpd".
489 Available in Postfix version 2.1 and later:
491 enable_original_recipient (yes)
493 Enable support for the original recipient address after an ad‐
494 dress is rewritten to a different address (for example with
495 aliasing or with canonical mapping).
496 Available in Postfix 3.3 and later:
498 service_name (read-only)
500 The master.cf service name of a Postfix daemon process.
501 Available in Postfix 3.5 and later:
503 info_log_address_format (external)
505 The email address form that will be used in non-debug logging
506 (info, warning, etc.).
507
509 /etc/postfix/canonical*, canonical mapping table
510 /etc/postfix/virtual*, virtual mapping table
511
513 trivial-rewrite(8), address rewriting
514 qmgr(8), queue manager
515 header_checks(5), message header content inspection
516 body_checks(5), body parts content inspection
517 canonical(5), canonical address lookup table format
518 virtual(5), virtual alias lookup table format
519 postconf(5), configuration parameters
520 master(5), generic daemon options
521 master(8), process manager
522 postlogd(8), Postfix logging
523 syslogd(8), system logging
524
526 Use "postconf readme_directory" or "postconf html_directory" to locate
527 this information.
528 ADDRESS_REWRITING_README Postfix address manipulation
529 CONTENT_INSPECTION_README content inspection
530
532 The Secure Mailer license must be distributed with this software.
533
535 Wietse Venema
536 IBM T.J. Watson Research
537 P.O. Box 704
538 Yorktown Heights, NY 10598, USA
539 Wietse Venema
541 Google, Inc.
542 111 8th Avenue
543 New York, NY 10011, USA
544 CLEANUP(8)