{ "mode": "man", "parameter": "smtp", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/smtp/8/json", "generated": "2026-05-30T06:05:42Z", "synopsis": "smtp [generic Postfix daemon options] [flags=DORX]", "sections": { "NAME": { "content": "smtp - Postfix SMTP+LMTP client\n", "subsections": [] }, "SYNOPSIS": { "content": "smtp [generic Postfix daemon options] [flags=DORX]\n", "subsections": [] }, "DESCRIPTION": { "content": "The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery protocols. It pro‐\ncesses message delivery requests from the queue manager. Each request specifies a queue file,\na sender address, a domain or host to deliver to, and recipient information. This program\nexpects to be run from the master(8) process manager.\n\nThe SMTP+LMTP client updates the queue file and marks recipients as finished, or it informs\nthe queue manager that delivery should be tried again at a later time. Delivery status re‐\nports are sent to the bounce(8), defer(8) or trace(8) daemon as appropriate.\n\nThe SMTP+LMTP client looks up a list of mail exchanger addresses for the destination host,\nsorts the list by preference, and connects to each listed address until it finds a server\nthat responds.\n\nWhen a server is not reachable, or when mail delivery fails due to a recoverable error condi‐\ntion, the SMTP+LMTP client will try to deliver the mail to an alternate host.\n\nAfter a successful mail transaction, a connection may be saved to the scache(8) connection\ncache server, so that it may be used by any SMTP+LMTP client for a subsequent transaction.\n\nBy default, connection caching is enabled temporarily for destinations that have a high vol‐\nume of mail in the active queue. Connection caching can be enabled permanently for specific\ndestinations.\n", "subsections": [] }, "SMTP DESTINATION SYNTAX": { "content": "The Postfix SMTP+LMTP client supports multiple destinations separated by comma or whitespace\n(Postfix 3.5 and later). SMTP destinations have the following form:\n\ndomainname\n\ndomainname:port\nLook up the mail exchangers for the specified domain, and connect to the specified\nport (default: smtp).\n\n[hostname]\n\n[hostname]:port\nLook up the address(es) of the specified host, and connect to the specified port (de‐\nfault: smtp).\n\n[address]\n\n[address]:port\nConnect to the host at the specified address, and connect to the specified port (de‐\nfault: smtp). An IPv6 address must be formatted as [ipv6:address].\n", "subsections": [] }, "LMTP DESTINATION SYNTAX": { "content": "The Postfix SMTP+LMTP client supports multiple destinations separated by comma or whitespace\n(Postfix 3.5 and later). LMTP destinations have the following form:\n\nunix:pathname\nConnect to the local UNIX-domain server that is bound to the specified pathname. If\nthe process runs chrooted, an absolute pathname is interpreted relative to the Postfix\nqueue directory.\n\ninet:hostname\n\ninet:hostname:port\n\ninet:[address]\n\ninet:[address]:port\nConnect to the specified TCP port on the specified local or remote host. If no port is\nspecified, connect to the port defined as lmtp in services(4). If no such service is\nfound, the lmtptcpport configuration parameter (default value of 24) will be used.\nAn IPv6 address must be formatted as [ipv6:address].\n", "subsections": [] }, "SINGLE-RECIPIENT DELIVERY": { "content": "By default, the Postfix SMTP+LMTP client delivers mail to multiple recipients per delivery\nrequest. This is undesirable when prepending a Delivered-to: or X-Original-To: message\nheader. To prevent Postfix from sending multiple recipients per delivery request, specify\n\ntransportdestinationrecipientlimit = 1\n\nin the Postfix main.cf file, where transport is the name in the first column of the Postfix\nmaster.cf entry for this mail delivery service.\n", "subsections": [] }, "COMMAND ATTRIBUTE SYNTAX": { "content": "", "subsections": [ { "name": "flags=DORX (optional)", "content": "Optional message processing flags.\n\nD Prepend a \"Delivered-To: recipient\" message header with the envelope recipient\naddress. Note: for this to work, the transportdestinationrecipientlimit must\nbe 1 (see SINGLE-RECIPIENT DELIVERY above for details).\n\nThe D flag also enforces loop detection: if a message already contains a Deliv‐‐\nered-To: header with the same recipient address, then the message is returned\nas undeliverable. The address comparison is case insensitive.\n\nThis feature is available as of Postfix 3.5.\n\nO Prepend an \"X-Original-To: recipient\" message header with the recipient address\nas given to Postfix. Note: for this to work, the transportdestinationrecipi‐‐\nentlimit must be 1 (see SINGLE-RECIPIENT DELIVERY above for details).\n\nThis feature is available as of Postfix 3.5.\n\nR Prepend a \"Return-Path: \" message header with the envelope sender ad‐\ndress.\n\nThis feature is available as of Postfix 3.5.\n\nX Indicates that the delivery is final. This flag affects the status reported in\n\"success\" DSN (delivery status notification) messages, and changes it from \"re‐\nlayed\" into \"delivered\".\n\nThis feature is available as of Postfix 3.5.\n" } ] }, "SECURITY": { "content": "The SMTP+LMTP client is moderately security-sensitive. It\ntalks to SMTP or LMTP servers and to DNS servers on the\nnetwork. The SMTP+LMTP client can be run chrooted at fixed\nlow privilege.\n", "subsections": [] }, "STANDARDS": { "content": "RFC 821 (SMTP protocol)\nRFC 822 (ARPA Internet Text Messages)\nRFC 1651 (SMTP service extensions)\nRFC 1652 (8bit-MIME transport)\nRFC 1870 (Message Size Declaration)\nRFC 2033 (LMTP protocol)\nRFC 2034 (SMTP Enhanced Error Codes)\nRFC 2045 (MIME: Format of Internet Message Bodies)\nRFC 2046 (MIME: Media Types)\nRFC 2554 (AUTH command)\nRFC 2821 (SMTP protocol)\nRFC 2920 (SMTP Pipelining)\nRFC 3207 (STARTTLS command)\nRFC 3461 (SMTP DSN Extension)\nRFC 3463 (Enhanced Status Codes)\nRFC 4954 (AUTH command)\nRFC 5321 (SMTP protocol)\nRFC 6531 (Internationalized SMTP)\nRFC 6533 (Internationalized Delivery Status Notifications)\nRFC 7672 (SMTP security via opportunistic DANE TLS)\n", "subsections": [] }, "DIAGNOSTICS": { "content": "Problems and transactions are logged to syslogd(8) or postlogd(8). Corrupted message files\nare marked so that the queue manager can move them to the corrupt queue for further inspec‐\ntion.\n\nDepending on the setting of the notifyclasses parameter, the postmaster is notified of\nbounces, protocol problems, and of other trouble.\n", "subsections": [] }, "BUGS": { "content": "SMTP and LMTP connection reuse for TLS (without closing the SMTP or LMTP connection) is not\nsupported before Postfix 3.4.\n\nSMTP and LMTP connection reuse assumes that SASL credentials are valid for all destinations\nthat map onto the same IP address and TCP port.\n", "subsections": [] }, "CONFIGURATION PARAMETERS": { "content": "Before Postfix version 2.3, the LMTP client is a separate program that implements only a sub‐\nset of the functionality available with SMTP: there is no support for TLS, and connections\nare cached in-process, making it ineffective when the client is used for multiple domains.\n\nMost smtpxxx configuration parameters have an lmtpxxx \"mirror\" parameter for the equivalent\nLMTP feature. This document describes only those LMTP-related parameters that aren't simply\n\"mirror\" parameters.\n\nChanges to main.cf are picked up automatically, as smtp(8) processes run for only a limited\namount of time. Use the command \"postfix reload\" to speed up a change.\n\nThe text below provides only a parameter summary. See postconf(5) for more details including\nexamples.\n", "subsections": [] }, "COMPATIBILITY CONTROLS": { "content": "ignoremxlookuperror (no)\nIgnore DNS MX lookups that produce no response.\n\nsmtpalwayssendehlo (yes)\nAlways send EHLO at the start of an SMTP session.\n\nsmtpneversendehlo (no)\nNever send EHLO at the start of an SMTP session.\n\nsmtpdeferifnomxaddressfound (no)\nDefer mail delivery when no MX record resolves to an IP address.\n\nsmtplinelengthlimit (998)\nThe maximal length of message header and body lines that Postfix will send via SMTP.\n\nsmtppixworkarounddelaytime (10s)\nHow long the Postfix SMTP client pauses before sending \".\" in order to work\naround the PIX firewall \".\" bug.\n\nsmtppixworkaroundthresholdtime (500s)\nHow long a message must be queued before the Postfix SMTP client turns on the PIX\nfirewall \".\" bug workaround for delivery through firewalls with \"smtp\nfixup\" mode turned on.\n\nsmtppixworkarounds (disableesmtp, delaydotcrlf)\nA list that specifies zero or more workarounds for CISCO PIX firewall bugs.\n\nsmtppixworkaroundmaps (empty)\nLookup tables, indexed by the remote SMTP server address, with per-destination work‐\narounds for CISCO PIX firewall bugs.\n\nsmtpquoterfc821envelope (yes)\nQuote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands as required by\nRFC 5321.\n\nsmtpreplyfilter (empty)\nA mechanism to transform replies from remote SMTP servers one line at a time.\n\nsmtpskip5xxgreeting (yes)\nSkip remote SMTP servers that greet with a 5XX status code.\n\nsmtpskipquitresponse (yes)\nDo not wait for the response to the SMTP QUIT command.\n\nAvailable in Postfix version 2.0 and earlier:\n\nsmtpskip4xxgreeting (yes)\nSkip SMTP servers that greet with a 4XX status code (go away, try again later).\n\nAvailable in Postfix version 2.2 and later:\n\nsmtpdiscardehlokeywordaddressmaps (empty)\nLookup tables, indexed by the remote SMTP server address, with case insensitive lists\nof EHLO keywords (pipelining, starttls, auth, etc.) that the Postfix SMTP client will\nignore in the EHLO response from a remote SMTP server.\n\nsmtpdiscardehlokeywords (empty)\nA case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that the\nPostfix SMTP client will ignore in the EHLO response from a remote SMTP server.\n\nsmtpgenericmaps (empty)\nOptional lookup tables that perform address rewriting in the Postfix SMTP client, typ‐\nically to transform a locally valid address into a globally valid address when sending\nmail across the Internet.\n\nAvailable in Postfix version 2.2.9 and later:\n\nsmtpcnameoverridesservername (version dependent)\nWhen the remote SMTP servername is a DNS CNAME, replace the servername with the result\nfrom CNAME expansion for the purpose of logging, SASL password lookup, TLS policy de‐\ncisions, or TLS certificate verification.\n\nAvailable in Postfix version 2.3 and later:\n\nlmtpdiscardlhlokeywordaddressmaps (empty)\nLookup tables, indexed by the remote LMTP server address, with case insensitive lists\nof LHLO keywords (pipelining, starttls, auth, etc.) that the Postfix LMTP client will\nignore in the LHLO response from a remote LMTP server.\n\nlmtpdiscardlhlokeywords (empty)\nA case insensitive list of LHLO keywords (pipelining, starttls, auth, etc.) that the\nPostfix LMTP client will ignore in the LHLO response from a remote LMTP server.\n\nAvailable in Postfix version 2.4.4 and later:\n\nsendcyrussaslauthzid (no)\nWhen authenticating to a remote SMTP or LMTP server with the default setting \"no\",\nsend no SASL authoriZation ID (authzid); send only the SASL authentiCation ID (auth‐\ncid) plus the authcid's password.\n\nAvailable in Postfix version 2.5 and later:\n\nsmtpheaderchecks (empty)\nRestricted headerchecks(5) tables for the Postfix SMTP client.\n\nsmtpmimeheaderchecks (empty)\nRestricted mimeheaderchecks(5) tables for the Postfix SMTP client.\n\nsmtpnestedheaderchecks (empty)\nRestricted nestedheaderchecks(5) tables for the Postfix SMTP client.\n\nsmtpbodychecks (empty)\nRestricted bodychecks(5) tables for the Postfix SMTP client.\n\nAvailable in Postfix version 2.6 and later:\n\ntcpwindowsize (0)\nAn optional workaround for routers that break TCP window scaling.\n\nAvailable in Postfix version 2.8 and later:\n\nsmtpdnsresolveroptions (empty)\nDNS Resolver options for the Postfix SMTP client.\n\nAvailable in Postfix version 2.9 and later:\n\nsmtpperrecorddeadline (no)\nChange the behavior of the smtp*timeout time limits, from a time limit per read or\nwrite system call, to a time limit to send or receive a complete record (an SMTP com‐\nmand line, SMTP response line, SMTP message content line, or TLS protocol message).\n\nsmtpsenddummymailauth (no)\nWhether or not to append the \"AUTH=<>\" option to the MAIL FROM command in SASL-authen‐\nticated SMTP sessions.\n\nAvailable in Postfix version 2.11 and later:\n\nsmtpdnssupportlevel (empty)\nLevel of DNS support in the Postfix SMTP client.\n\nAvailable in Postfix version 3.0 and later:\n\nsmtpdeliverystatusfilter ($defaultdeliverystatusfilter)\nOptional filter for the smtp(8) delivery agent to change the delivery status code or\nexplanatory text of successful or unsuccessful deliveries.\n\nsmtpdnsreplyfilter (empty)\nOptional filter for Postfix SMTP client DNS lookup results.\n\nAvailable in Postfix version 3.3 and later:\n\nsmtpbalanceinetprotocols (yes)\nWhen a remote destination resolves to a combination of IPv4 and IPv6 addresses, ensure\nthat the Postfix SMTP client can try both address types before it runs into the\nsmtpmxaddresslimit.\n\nAvailable in Postfix 3.5 and later:\n\ninfologaddressformat (external)\nThe email address form that will be used in non-debug logging (info, warning, etc.).\n\nAvailable in Postfix 3.6 and later:\n\ndnssecprobe (ns:.)\nThe DNS query type (default: \"ns\") and DNS query name (default: \".\") that Postfix may\nuse to determine whether DNSSEC validation is available.\n\nknowntcpports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\nOptional setting that avoids lookups in the services(5) database.\n", "subsections": [] }, "MIME PROCESSING CONTROLS": { "content": "Available in Postfix version 2.0 and later:\n\ndisablemimeoutputconversion (no)\nDisable the conversion of 8BITMIME format to 7BIT format.\n\nmimeboundarylengthlimit (2048)\nThe maximal length of MIME multipart boundary strings.\n\nmimenestinglimit (100)\nThe maximal recursion level that the MIME processor will handle.\n", "subsections": [] }, "EXTERNAL CONTENT INSPECTION CONTROLS": { "content": "Available in Postfix version 2.1 and later:\n\nsmtpsendxforwardcommand (no)\nSend the non-standard XFORWARD command when the Postfix SMTP server EHLO response an‐\nnounces XFORWARD support.\n", "subsections": [] }, "SASL AUTHENTICATION CONTROLS": { "content": "smtpsaslauthenable (no)\nEnable SASL authentication in the Postfix SMTP client.\n\nsmtpsaslpasswordmaps (empty)\nOptional Postfix SMTP client lookup tables with one username:password entry per\nsender, remote hostname or next-hop domain.\n\nsmtpsaslsecurityoptions (noplaintext, noanonymous)\nPostfix SMTP client SASL security options; as of Postfix 2.3 the list of available\nfeatures depends on the SASL client implementation that is selected with\nsmtpsasltype.\n\nAvailable in Postfix version 2.2 and later:\n\nsmtpsaslmechanismfilter (empty)\nIf non-empty, a Postfix SMTP client filter for the remote SMTP server's list of of‐\nfered SASL mechanisms.\n\nAvailable in Postfix version 2.3 and later:\n\nsmtpsenderdependentauthentication (no)\nEnable sender-dependent authentication in the Postfix SMTP client; this is available\nonly with SASL authentication, and disables SMTP connection caching to ensure that\nmail from different senders will use the appropriate credentials.\n\nsmtpsaslpath (empty)\nImplementation-specific information that the Postfix SMTP client passes through to the\nSASL plug-in implementation that is selected with smtpsasltype.\n\nsmtpsasltype (cyrus)\nThe SASL plug-in type that the Postfix SMTP client should use for authentication.\n\nAvailable in Postfix version 2.5 and later:\n\nsmtpsaslauthcachename (empty)\nAn optional table to prevent repeated SASL authentication failures with the same re‐\nmote SMTP server hostname, username and password.\n\nsmtpsaslauthcachetime (90d)\nThe maximal age of an smtpsaslauthcachename entry before it is removed.\n\nsmtpsaslauthsoftbounce (yes)\nWhen a remote SMTP server rejects a SASL authentication request with a 535 reply code,\ndefer mail delivery instead of returning mail as undeliverable.\n\nAvailable in Postfix version 2.9 and later:\n\nsmtpsenddummymailauth (no)\nWhether or not to append the \"AUTH=<>\" option to the MAIL FROM command in SASL-authen‐\nticated SMTP sessions.\n", "subsections": [] }, "STARTTLS SUPPORT CONTROLS": { "content": "Detailed information about STARTTLS configuration may be found in the TLSREADME document.\n\nsmtptlssecuritylevel (empty)\nThe default SMTP TLS security level for the Postfix SMTP client; when a non-empty\nvalue is specified, this overrides the obsolete parameters smtpusetls, smtpen‐\nforcetls, and smtptlsenforcepeername.\n\nsmtpsasltlssecurityoptions ($smtpsaslsecurityoptions)\nThe SASL authentication security options that the Postfix SMTP client uses for TLS en‐\ncrypted SMTP sessions.\n\nsmtpstarttlstimeout (300s)\nTime limit for Postfix SMTP client write and read operations during TLS startup and\nshutdown handshake procedures.\n\nsmtptlsCAfile (empty)\nA file containing CA certificates of root CAs trusted to sign either remote SMTP\nserver certificates or intermediate CA certificates.\n\nsmtptlsCApath (empty)\nDirectory with PEM format Certification Authority certificates that the Postfix SMTP\nclient uses to verify a remote SMTP server certificate.\n\nsmtptlscertfile (empty)\nFile with the Postfix SMTP client RSA certificate in PEM format.\n\nsmtptlsmandatoryciphers (medium)\nThe minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS\nencryption.\n\nsmtptlsexcludeciphers (empty)\nList of ciphers or cipher types to exclude from the Postfix SMTP client cipher list at\nall TLS security levels.\n\nsmtptlsmandatoryexcludeciphers (empty)\nAdditional list of ciphers or cipher types to exclude from the Postfix SMTP client ci‐\npher list at mandatory TLS security levels.\n\nsmtptlsdcertfile (empty)\nFile with the Postfix SMTP client DSA certificate in PEM format.\n\nsmtptlsdkeyfile ($smtptlsdcertfile)\nFile with the Postfix SMTP client DSA private key in PEM format.\n\nsmtptlskeyfile ($smtptlscertfile)\nFile with the Postfix SMTP client RSA private key in PEM format.\n\nsmtptlsloglevel (0)\nEnable additional Postfix SMTP client logging of TLS activity.\n\nsmtptlsnotestarttlsoffer (no)\nLog the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already\nenabled for that server.\n\nsmtptlspolicymaps (empty)\nOptional lookup tables with the Postfix SMTP client TLS security policy by next-hop\ndestination; when a non-empty value is specified, this overrides the obsolete\nsmtptlspersite parameter.\n\nsmtptlsmandatoryprotocols (see 'postconf -d' output)\nTLS protocols that the Postfix SMTP client will use with mandatory TLS encryption.\n\nsmtptlsscertverifydepth (9)\nThe verification depth for remote SMTP server certificates.\n\nsmtptlssecurecertmatch (nexthop, dot-nexthop)\nHow the Postfix SMTP client verifies the server certificate peername for the \"secure\"\nTLS security level.\n\nsmtptlssessioncachedatabase (empty)\nName of the file containing the optional Postfix SMTP client TLS session cache.\n\nsmtptlssessioncachetimeout (3600s)\nThe expiration time of Postfix SMTP client TLS session cache information.\n\nsmtptlsverifycertmatch (hostname)\nHow the Postfix SMTP client verifies the server certificate peername for the \"verify\"\nTLS security level.\n\ntlsdaemonrandombytes (32)\nThe number of pseudo-random bytes that an smtp(8) or smtpd(8) process requests from\nthe tlsmgr(8) server in order to seed its internal pseudo random number generator\n(PRNG).\n\ntlshighcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"high\" grade ciphers.\n\ntlsmediumcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"medium\" or higher grade ciphers.\n\ntlslowcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"low\" or higher grade ciphers.\n\ntlsexportcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"export\" or higher grade ciphers.\n\ntlsnullcipherlist (eNULL:!aNULL)\nThe OpenSSL cipherlist for \"NULL\" grade ciphers that provide authentication without\nencryption.\n\nAvailable in Postfix version 2.4 and later:\n\nsmtpsasltlsverifiedsecurityoptions ($smtpsasltlssecurityoptions)\nThe SASL authentication security options that the Postfix SMTP client uses for TLS en‐\ncrypted SMTP sessions with a verified server certificate.\n\nAvailable in Postfix version 2.5 and later:\n\nsmtptlsfingerprintcertmatch (empty)\nList of acceptable remote SMTP server certificate fingerprints for the \"fingerprint\"\nTLS security level (smtptlssecuritylevel = fingerprint).\n\nsmtptlsfingerprintdigest (see 'postconf -d' output)\nThe message digest algorithm used to construct remote SMTP server certificate finger‐\nprints.\n\nAvailable in Postfix version 2.6 and later:\n\nsmtptlsprotocols (see postconf -d output)\nTLS protocols that the Postfix SMTP client will use with opportunistic TLS encryption.\n\nsmtptlsciphers (medium)\nThe minimum TLS cipher grade that the Postfix SMTP client will use with opportunistic\nTLS encryption.\n\nsmtptlseccertfile (empty)\nFile with the Postfix SMTP client ECDSA certificate in PEM format.\n\nsmtptlseckeyfile ($smtptlseccertfile)\nFile with the Postfix SMTP client ECDSA private key in PEM format.\n\nAvailable in Postfix version 2.7 and later:\n\nsmtptlsblockearlymailreply (no)\nTry to detect a mail hijacking attack based on a TLS protocol vulnerability\n(CVE-2009-3555), where an attacker prepends malicious HELO, MAIL, RCPT, DATA commands\nto a Postfix SMTP client TLS session.\n\nAvailable in Postfix version 2.8 and later:\n\ntlsdisableworkarounds (see 'postconf -d' output)\nList or bit-mask of OpenSSL bug work-arounds to disable.\n\nAvailable in Postfix version 2.11-3.1:\n\ntlsdanedigestagility (on)\nConfigure RFC7671 DANE TLSA digest algorithm agility.\n\ntlsdanetrustanchordigestenable (yes)\nEnable support for RFC 6698 (DANE TLSA) DNS records that contain digests of trust-an‐\nchors with certificate usage \"2\".\n\nAvailable in Postfix version 2.11 and later:\n\nsmtptlstrustanchorfile (empty)\nZero or more PEM-format files with trust-anchor certificates and/or public keys.\n\nsmtptlsforceinsecurehosttlsalookup (no)\nLookup the associated DANE TLSA RRset even when a hostname is not an alias and its ad‐\ndress records lie in an unsigned zone.\n\ntlsmgrservicename (tlsmgr)\nThe name of the tlsmgr(8) service entry in master.cf.\n\nAvailable in Postfix version 3.0 and later:\n\nsmtptlswrappermode (no)\nRequest that the Postfix SMTP client connects using the legacy SMTPS protocol instead\nof using the STARTTLS command.\n\nAvailable in Postfix version 3.1 and later:\n\nsmtptlsdaneinsecuremxpolicy (see 'postconf -d' output)\nThe TLS policy for MX hosts with \"secure\" TLSA records when the nexthop destination\nsecurity level is dane, but the MX record was found via an \"insecure\" MX lookup.\n\nAvailable in Postfix version 3.4 and later:\n\nsmtptlsconnectionreuse (no)\nTry to make multiple deliveries per TLS-encrypted connection.\n\nsmtptlschainfiles (empty)\nList of one or more PEM files, each holding one or more private keys directly followed\nby a corresponding certificate chain.\n\nsmtptlsservername (empty)\nOptional name to send to the remote SMTP server in the TLS Server Name Indication\n(SNI) extension.\n\nAvailable in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:\n\ntlsfastshutdownenable (yes)\nA workaround for implementations that hang Postfix while shutting down a TLS session,\nuntil Postfix times out.\n", "subsections": [] }, "OBSOLETE STARTTLS CONTROLS": { "content": "The following configuration parameters exist for compatibility with Postfix versions before\n2.3. Support for these will be removed in a future release.\n\nsmtpusetls (no)\nOpportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, oth‐\nerwise send the mail in the clear.\n\nsmtpenforcetls (no)\nEnforcement mode: require that remote SMTP servers use TLS encryption, and never send\nmail in the clear.\n\nsmtptlsenforcepeername (yes)\nWith mandatory TLS encryption, require that the remote SMTP server hostname matches\nthe information in the remote SMTP server certificate.\n\nsmtptlspersite (empty)\nOptional lookup tables with the Postfix SMTP client TLS usage policy by next-hop des‐\ntination and by remote SMTP server hostname.\n\nsmtptlscipherlist (empty)\nObsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list.\n", "subsections": [] }, "RESOURCE AND RATE CONTROLS": { "content": "smtpconnecttimeout (30s)\nThe Postfix SMTP client time limit for completing a TCP connection, or zero (use the\noperating system built-in time limit).\n\nsmtphelotimeout (300s)\nThe Postfix SMTP client time limit for sending the HELO or EHLO command, and for re‐\nceiving the initial remote SMTP server response.\n\nlmtplhlotimeout (300s)\nThe Postfix LMTP client time limit for sending the LHLO command, and for receiving the\ninitial remote LMTP server response.\n\nsmtpxforwardtimeout (300s)\nThe Postfix SMTP client time limit for sending the XFORWARD command, and for receiving\nthe remote SMTP server response.\n\nsmtpmailtimeout (300s)\nThe Postfix SMTP client time limit for sending the MAIL FROM command, and for receiv‐\ning the remote SMTP server response.\n\nsmtprcpttimeout (300s)\nThe Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for re‐\nceiving the remote SMTP server response.\n\nsmtpdatainittimeout (120s)\nThe Postfix SMTP client time limit for sending the SMTP DATA command, and for receiv‐\ning the remote SMTP server response.\n\nsmtpdataxfertimeout (180s)\nThe Postfix SMTP client time limit for sending the SMTP message content.\n\nsmtpdatadonetimeout (600s)\nThe Postfix SMTP client time limit for sending the SMTP \".\", and for receiving the re‐\nmote SMTP server response.\n\nsmtpquittimeout (300s)\nThe Postfix SMTP client time limit for sending the QUIT command, and for receiving the\nremote SMTP server response.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpmxaddresslimit (5)\nThe maximal number of MX (mail exchanger) IP addresses that can result from Postfix\nSMTP client mail exchanger lookups, or zero (no limit).\n\nsmtpmxsessionlimit (2)\nThe maximal number of SMTP sessions per delivery request before the Postfix SMTP\nclient gives up or delivers to a fall-back relay host, or zero (no limit).\n\nsmtprsettimeout (20s)\nThe Postfix SMTP client time limit for sending the RSET command, and for receiving the\nremote SMTP server response.\n\nAvailable in Postfix version 2.2 and earlier:\n\nlmtpcacheconnection (yes)\nKeep Postfix LMTP client connections open for up to $maxidle seconds.\n\nAvailable in Postfix version 2.2 and later:\n\nsmtpconnectioncachedestinations (empty)\nPermanently enable SMTP connection caching for the specified destinations.\n\nsmtpconnectioncacheondemand (yes)\nTemporarily enable SMTP connection caching while a destination has a high volume of\nmail in the active queue.\n\nsmtpconnectionreusetimelimit (300s)\nThe amount of time during which Postfix will use an SMTP connection repeatedly.\n\nsmtpconnectioncachetimelimit (2s)\nWhen SMTP connection caching is enabled, the amount of time that an unused SMTP client\nsocket is kept open before it is closed.\n\nAvailable in Postfix version 2.3 and later:\n\nconnectioncacheprotocoltimeout (5s)\nTime limit for connection cache connect, send or receive operations.\n\nAvailable in Postfix version 2.9 and later:\n\nsmtpperrecorddeadline (no)\nChange the behavior of the smtp*timeout time limits, from a time limit per read or\nwrite system call, to a time limit to send or receive a complete record (an SMTP com‐\nmand line, SMTP response line, SMTP message content line, or TLS protocol message).\n\nAvailable in Postfix version 2.11 and later:\n\nsmtpconnectionreusecountlimit (0)\nWhen SMTP connection caching is enabled, the number of times that an SMTP session may\nbe reused before it is closed, or zero (no limit).\n\nAvailable in Postfix version 3.4 and later:\n\nsmtptlsconnectionreuse (no)\nTry to make multiple deliveries per TLS-encrypted connection.\n\nImplemented in the qmgr(8) daemon:\n\ntransportdestinationconcurrencylimit ($defaultdestinationconcurrencylimit)\nA transport-specific override for the defaultdestinationconcurrencylimit parameter\nvalue, where transport is the master.cf name of the message delivery transport.\n\ntransportdestinationrecipientlimit ($defaultdestinationrecipientlimit)\nA transport-specific override for the defaultdestinationrecipientlimit parameter\nvalue, where transport is the master.cf name of the message delivery transport.\n", "subsections": [] }, "SMTPUTF8 CONTROLS": { "content": "Preliminary SMTPUTF8 support is introduced with Postfix 3.0.\n\nsmtputf8enable (yes)\nEnable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533.\n\nsmtputf8autodetectclasses (sendmail, verify)\nDetect that a message requires SMTPUTF8 support for the specified mail origin classes.\n\nAvailable in Postfix version 3.2 and later:\n\nenableidna2003compatibility (no)\nEnable 'transitional' compatibility between IDNA2003 and IDNA2008, when converting\nUTF-8 domain names to/from the ASCII form that is used for DNS lookups.\n", "subsections": [] }, "TROUBLE SHOOTING CONTROLS": { "content": "debugpeerlevel (2)\nThe increment in verbose logging level when a nexthop destination, remote client or\nserver name or network address matches a pattern given with the debugpeerlist param‐\neter.\n\ndebugpeerlist (empty)\nOptional list of nexthop destination, remote client or server name or network address\npatterns that, if matched, cause the verbose logging level to increase by the amount\nspecified in $debugpeerlevel.\n\nerrornoticerecipient (postmaster)\nThe recipient of postmaster notifications about mail delivery problems that are caused\nby policy, resource, software or protocol errors.\n\ninternalmailfilterclasses (empty)\nWhat categories of Postfix-generated mail are subject to before-queue content inspec‐\ntion by nonsmtpdmilters, headerchecks and bodychecks.\n\nnotifyclasses (resource, software)\nThe list of error classes that are reported to the postmaster.\n", "subsections": [] }, "MISCELLANEOUS CONTROLS": { "content": "bestmxtransport (empty)\nWhere the Postfix SMTP client should deliver mail when it detects a \"mail loops back\nto myself\" error condition.\n\nconfigdirectory (see 'postconf -d' output)\nThe default location of the Postfix main.cf and master.cf configuration files.\n\ndaemontimeout (18000s)\nHow much time a Postfix daemon process may take to handle a request before it is ter‐\nminated by a built-in watchdog timer.\n\ndelayloggingresolutionlimit (2)\nThe maximal number of digits after the decimal point when logging sub-second delay\nvalues.\n\ndisablednslookups (no)\nDisable DNS lookups in the Postfix SMTP and LMTP clients.\n\ninetinterfaces (all)\nThe network interface addresses that this mail system receives mail on.\n\ninetprotocols (see 'postconf -d output')\nThe Internet protocols Postfix will attempt to use when making or accepting connec‐\ntions.\n\nipctimeout (3600s)\nThe time limit for sending or receiving information over an internal communication\nchannel.\n\nlmtpassumefinal (no)\nWhen a remote LMTP server announces no DSN support, assume that the server performs\nfinal delivery, and send \"delivered\" delivery status notifications instead of \"re‐\nlayed\".\n\nlmtptcpport (24)\nThe default TCP port that the Postfix LMTP client connects to.\n\nmaxidle (100s)\nThe maximum amount of time that an idle Postfix daemon process waits for an incoming\nconnection before terminating voluntarily.\n\nmaxuse (100)\nThe maximal number of incoming connections that a Postfix daemon process will service\nbefore terminating voluntarily.\n\nprocessid (read-only)\nThe process ID of a Postfix command or daemon process.\n\nprocessname (read-only)\nThe process name of a Postfix command or daemon process.\n\nproxyinterfaces (empty)\nThe network interface addresses that this mail system receives mail on by way of a\nproxy or network address translation unit.\n\nsmtpaddresspreference (any)\nThe address type (\"ipv6\", \"ipv4\" or \"any\") that the Postfix SMTP client will try\nfirst, when a destination has IPv6 and IPv4 addresses with equal MX preference.\n\nsmtpbindaddress (empty)\nAn optional numerical network address that the Postfix SMTP client should bind to when\nmaking an IPv4 connection.\n\nsmtpbindaddress6 (empty)\nAn optional numerical network address that the Postfix SMTP client should bind to when\nmaking an IPv6 connection.\n\nsmtpheloname ($myhostname)\nThe hostname to send in the SMTP HELO or EHLO command.\n\nlmtplhloname ($myhostname)\nThe hostname to send in the LMTP LHLO command.\n\nsmtphostlookup (dns)\nWhat mechanisms the Postfix SMTP client uses to look up a host's IP address.\n\nsmtprandomizeaddresses (yes)\nRandomize the order of equal-preference MX host addresses.\n\nsyslogfacility (mail)\nThe syslog facility of Postfix logging.\n\nsyslogname (see 'postconf -d' output)\nA prefix that is prepended to the process name in syslog records, so that, for exam‐\nple, \"smtpd\" becomes \"prefix/smtpd\".\n\nAvailable with Postfix 2.2 and earlier:\n\nfallbackrelay (empty)\nOptional list of relay hosts for SMTP destinations that can't be found or that are un‐\nreachable.\n\nAvailable with Postfix 2.3 and later:\n\nsmtpfallbackrelay ($fallbackrelay)\nOptional list of relay hosts for SMTP destinations that can't be found or that are un‐\nreachable.\n\nAvailable with Postfix 3.0 and later:\n\nsmtpaddressverifytarget (rcpt)\nIn the context of email address verification, the SMTP protocol stage that determines\nwhether an email address is deliverable.\n\nAvailable with Postfix 3.1 and later:\n\nlmtpfallbackrelay (empty)\nOptional list of relay hosts for LMTP destinations that can't be found or that are un‐\nreachable.\n\nAvailable with Postfix 3.2 and later:\n\nsmtptcpport (smtp)\nThe default TCP port that the Postfix SMTP client connects to.\n\nAvailable in Postfix 3.3 and later:\n\nservicename (read-only)\nThe master.cf service name of a Postfix daemon process.\n", "subsections": [] }, "SEE ALSO": { "content": "generic(5), output address rewriting\nheaderchecks(5), message header content inspection\nbodychecks(5), body parts content inspection\nqmgr(8), queue manager\nbounce(8), delivery status reports\nscache(8), connection cache server\npostconf(5), configuration parameters\nmaster(5), generic daemon options\nmaster(8), process manager\ntlsmgr(8), TLS session and PRNG management\npostlogd(8), Postfix logging\nsyslogd(8), system logging\n", "subsections": [] }, "README FILES": { "content": "Use \"postconf readmedirectory\" or \"postconf htmldirectory\" to locate this information.\nSASLREADME, Postfix SASL howto\nTLSREADME, Postfix STARTTLS howto\n", "subsections": [] }, "LICENSE": { "content": "The Secure Mailer license must be distributed with this software.\n\nAUTHOR(S)\nWietse Venema\nIBM T.J. Watson Research\nP.O. Box 704\nYorktown Heights, NY 10598, USA\n\nWietse Venema\nGoogle, Inc.\n111 8th Avenue\nNew York, NY 10011, USA\n\nCommand pipelining in cooperation with:\nJon Ribbens\nOaktree Internet Solutions Ltd.,\nInternet House,\nCanal Basin,\nCoventry,\nCV1 4LY, United Kingdom.\n\nSASL support originally by:\nTill Franke\nSuSE Rhein/Main AG\n65760 Eschborn, Germany\n\nTLS support originally by:\nLutz Jaenicke\nBTU Cottbus\nAllgemeine Elektrotechnik\nUniversitaetsplatz 3-4\nD-03044 Cottbus, Germany\n\nRevised TLS and SMTP connection cache support by:\nVictor Duchovni\nMorgan Stanley\n\n\n\nSMTP(8postfix)", "subsections": [] } }, "summary": "smtp - Postfix SMTP+LMTP client", "flags": [], "examples": [], "see_also": [ { "name": "generic", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/generic/5/json" }, { "name": "headerchecks", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/headerchecks/5/json" }, { "name": "bodychecks", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/bodychecks/5/json" }, { "name": "qmgr", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/qmgr/8/json" }, { "name": "bounce", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/bounce/8/json" }, { "name": "scache", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/scache/8/json" }, { "name": "postconf", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/postconf/5/json" }, { "name": "master", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/master/5/json" }, { "name": "master", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/master/8/json" }, { "name": "tlsmgr", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/tlsmgr/8/json" }, { "name": "postlogd", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/postlogd/8/json" }, { "name": "syslogd", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/syslogd/8/json" } ] }