{ "mode": "man", "parameter": "smtpd", "section": "8postfix", "url": "https://www.chedong.com/phpMan.php/man/smtpd/8postfix/json", "generated": "2026-06-02T22:31:51Z", "synopsis": "smtpd [generic Postfix daemon options]", "sections": { "NAME": { "content": "smtpd - Postfix SMTP server\n", "subsections": [] }, "SYNOPSIS": { "content": "smtpd [generic Postfix daemon options]\n", "subsections": [ { "name": "sendmail -bs", "content": "" } ] }, "DESCRIPTION": { "content": "The SMTP server accepts network connection requests and performs zero or more SMTP transac‐\ntions per connection. Each received message is piped through the cleanup(8) daemon, and is\nplaced into the incoming queue as one single queue file. For this mode of operation, the\nprogram expects to be run from the master(8) process manager.\n\nAlternatively, the SMTP server be can run in stand-alone mode; this is traditionally obtained\nwith \"sendmail -bs\". When the SMTP server runs stand-alone with non $mailowner privileges,\nit receives mail even while the mail system is not running, deposits messages directly into\nthe maildrop queue, and disables the SMTP server's access policies. As of Postfix version\n2.3, the SMTP server refuses to receive mail from the network when it runs with non\n$mailowner privileges.\n\nThe SMTP server implements a variety of policies for connection requests, and for parameters\ngiven to HELO, ETRN, MAIL FROM, VRFY and RCPT TO commands. They are detailed below and in the\nmain.cf configuration file.\n", "subsections": [] }, "SECURITY": { "content": "The SMTP server is moderately security-sensitive. It talks to SMTP clients and to DNS servers\non the network. The SMTP server can be run chrooted at fixed low privilege.\n", "subsections": [] }, "STANDARDS": { "content": "RFC 821 (SMTP protocol)\nRFC 1123 (Host requirements)\nRFC 1652 (8bit-MIME transport)\nRFC 1869 (SMTP service extensions)\nRFC 1870 (Message size declaration)\nRFC 1985 (ETRN command)\nRFC 2034 (SMTP enhanced status codes)\nRFC 2554 (AUTH command)\nRFC 2821 (SMTP protocol)\nRFC 2920 (SMTP pipelining)\nRFC 3030 (CHUNKING without BINARYMIME)\nRFC 3207 (STARTTLS command)\nRFC 3461 (SMTP DSN extension)\nRFC 3463 (Enhanced status codes)\nRFC 3848 (ESMTP transmission types)\nRFC 4409 (Message submission)\nRFC 4954 (AUTH command)\nRFC 5321 (SMTP protocol)\nRFC 6531 (Internationalized SMTP)\nRFC 6533 (Internationalized Delivery Status Notifications)\nRFC 7505 (\"Null MX\" No Service Resource Record)\n", "subsections": [] }, "DIAGNOSTICS": { "content": "Problems and transactions are logged to syslogd(8) or postlogd(8).\n\nDepending on the setting of the notifyclasses parameter, the postmaster is notified of\nbounces, protocol problems, policy violations, and of other trouble.\n", "subsections": [] }, "CONFIGURATION PARAMETERS": { "content": "Changes to main.cf are picked up automatically, as smtpd(8) processes run for only a limited\namount of time. Use the command \"postfix reload\" to speed up a change.\n\nThe text below provides only a parameter summary. See postconf(5) for more details including\nexamples.\n", "subsections": [] }, "COMPATIBILITY CONTROLS": { "content": "The following parameters work around implementation errors in other software, and/or allow\nyou to override standards in order to prevent undesirable use.\n\nbrokensaslauthclients (no)\nEnable interoperability with remote SMTP clients that implement an obsolete version of\nthe AUTH command (RFC 4954).\n\ndisablevrfycommand (no)\nDisable the SMTP VRFY command.\n\nsmtpdnoopcommands (empty)\nList of commands that the Postfix SMTP server replies to with \"250 Ok\", without doing\nany syntax checks and without changing state.\n\nstrictrfc821envelopes (no)\nRequire that addresses received in SMTP MAIL FROM and RCPT TO commands are enclosed\nwith <>, and that those addresses do not contain RFC 822 style comments or phrases.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpdrejectunlistedsender (no)\nRequest that the Postfix SMTP server rejects mail from unknown sender addresses, even\nwhen no explicit rejectunlistedsender access restriction is specified.\n\nsmtpdsaslexceptionsnetworks (empty)\nWhat remote SMTP clients the Postfix SMTP server will not offer AUTH support to.\n\nAvailable in Postfix version 2.2 and later:\n\nsmtpddiscardehlokeywordaddressmaps (empty)\nLookup tables, indexed by the remote SMTP client address, with case insensitive lists\nof EHLO keywords (pipelining, starttls, auth, etc.) that the Postfix SMTP server will\nnot send in the EHLO response to a remote SMTP client.\n\nsmtpddiscardehlokeywords (empty)\nA case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that the\nPostfix SMTP server will not send in the EHLO response to a remote SMTP client.\n\nsmtpddelayopenuntilvalidrcpt (yes)\nPostpone the start of an SMTP mail transaction until a valid RCPT TO command is re‐\nceived.\n\nAvailable in Postfix version 2.3 and later:\n\nsmtpdtlsalwaysissuesessionids (yes)\nForce the Postfix SMTP server to issue a TLS session id, even when TLS session caching\nis turned off (smtpdtlssessioncachedatabase is empty).\n\nAvailable in Postfix version 2.6 and later:\n\ntcpwindowsize (0)\nAn optional workaround for routers that break TCP window scaling.\n\nAvailable in Postfix version 2.7 and later:\n\nsmtpdcommandfilter (empty)\nA mechanism to transform commands from remote SMTP clients.\n\nAvailable in Postfix version 2.9 and later:\n\nsmtpdperrecorddeadline (normal: no, overload: yes)\nChange the behavior of the smtpdtimeout and smtpdstarttlstimeout time limits, from\na time limit per read or write system call, to a time limit to send or receive a com‐\nplete record (an SMTP command line, SMTP response line, SMTP message content line, or\nTLS protocol message).\n\nAvailable in Postfix version 3.0 and later:\n\nsmtpddnsreplyfilter (empty)\nOptional filter for Postfix SMTP server DNS lookup results.\n\nAvailable in Postfix version 3.6 and later:\n\nsmtpdrelaybeforerecipientrestrictions (see 'postconf -d' output)\nEvaluate smtpdrelayrestrictions before smtpdrecipientrestrictions.\n\nknowntcpports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\nOptional setting that avoids lookups in the services(5) database.\n", "subsections": [] }, "ADDRESS REWRITING CONTROLS": { "content": "See the ADDRESSREWRITINGREADME document for a detailed discussion of Postfix address\nrewriting.\n\nreceiveoverrideoptions (empty)\nEnable or disable recipient validation, built-in content filtering, or address map‐\nping.\n\nAvailable in Postfix version 2.2 and later:\n\nlocalheaderrewriteclients (permitinetinterfaces)\nRewrite message header addresses in mail from these clients and update incomplete ad‐\ndresses with the domain name in $myorigin or $mydomain; either don't rewrite message\nheaders from other clients at all, or rewrite message headers and update incomplete\naddresses with the domain specified in the remoteheaderrewritedomain parameter.\n", "subsections": [] }, "BEFORE-SMTPD PROXY AGENT": { "content": "Available in Postfix version 2.10 and later:\n\nsmtpdupstreamproxyprotocol (empty)\nThe name of the proxy protocol used by an optional before-smtpd proxy agent.\n\nsmtpdupstreamproxytimeout (5s)\nThe time limit for the proxy protocol specified with the smtpdupstreamproxyprotocol\nparameter.\n", "subsections": [] }, "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS": { "content": "As of version 1.0, Postfix can be configured to send new mail to an external content filter\nAFTER the mail is queued. This content filter is expected to inject mail back into a (Postfix\nor other) MTA for further delivery. See the FILTERREADME document for details.\n\ncontentfilter (empty)\nAfter the message is queued, send the entire message to the specified transport:desti‐\nnation.\n", "subsections": [] }, "BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS": { "content": "As of version 2.1, the Postfix SMTP server can be configured to send incoming mail to a\nreal-time SMTP-based content filter BEFORE mail is queued. This content filter is expected\nto inject mail back into Postfix. See the SMTPDPROXYREADME document for details on how to\nconfigure and operate this feature.\n\nsmtpdproxyfilter (empty)\nThe hostname and TCP port of the mail filtering proxy server.\n\nsmtpdproxyehlo ($myhostname)\nHow the Postfix SMTP server announces itself to the proxy filter.\n\nsmtpdproxyoptions (empty)\nList of options that control how the Postfix SMTP server communicates with a be‐\nfore-queue content filter.\n\nsmtpdproxytimeout (100s)\nThe time limit for connecting to a proxy filter and for sending or receiving informa‐\ntion.\n", "subsections": [] }, "BEFORE QUEUE MILTER CONTROLS": { "content": "As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail filter) protocol.\nThese content filters run outside Postfix. They can inspect the SMTP command stream and the\nmessage content, and can request modifications before mail is queued. For details see the\nMILTERREADME document.\n\nsmtpdmilters (empty)\nA list of Milter (mail filter) applications for new mail that arrives via the Postfix\nsmtpd(8) server.\n\nmilterprotocol (6)\nThe mail filter protocol version and optional protocol extensions for communication\nwith a Milter application; prior to Postfix 2.6 the default protocol is 2.\n\nmilterdefaultaction (tempfail)\nThe default action when a Milter (mail filter) response is unavailable (for example,\nbad Postfix configuration or Milter failure).\n\nmiltermacrodaemonname ($myhostname)\nThe {daemonname} macro value for Milter (mail filter) applications.\n\nmiltermacrov ($mailname $mailversion)\nThe {v} macro value for Milter (mail filter) applications.\n\nmilterconnecttimeout (30s)\nThe time limit for connecting to a Milter (mail filter) application, and for negotiat‐\ning protocol options.\n\nmiltercommandtimeout (30s)\nThe time limit for sending an SMTP command to a Milter (mail filter) application, and\nfor receiving the response.\n\nmiltercontenttimeout (300s)\nThe time limit for sending message content to a Milter (mail filter) application, and\nfor receiving the response.\n\nmilterconnectmacros (see 'postconf -d' output)\nThe macros that are sent to Milter (mail filter) applications after completion of an\nSMTP connection.\n\nmilterhelomacros (see 'postconf -d' output)\nThe macros that are sent to Milter (mail filter) applications after the SMTP HELO or\nEHLO command.\n\nmiltermailmacros (see 'postconf -d' output)\nThe macros that are sent to Milter (mail filter) applications after the SMTP MAIL FROM\ncommand.\n\nmilterrcptmacros (see 'postconf -d' output)\nThe macros that are sent to Milter (mail filter) applications after the SMTP RCPT TO\ncommand.\n\nmilterdatamacros (see 'postconf -d' output)\nThe macros that are sent to version 4 or higher Milter (mail filter) applications af‐\nter the SMTP DATA command.\n\nmilterunknowncommandmacros (see 'postconf -d' output)\nThe macros that are sent to version 3 or higher Milter (mail filter) applications af‐\nter an unknown SMTP command.\n\nmilterendofheadermacros (see 'postconf -d' output)\nThe macros that are sent to Milter (mail filter) applications after the end of the\nmessage header.\n\nmilterendofdatamacros (see 'postconf -d' output)\nThe macros that are sent to Milter (mail filter) applications after the message\nend-of-data.\n\nAvailable in Postfix version 3.1 and later:\n\nmiltermacrodefaults (empty)\nOptional list of name=value pairs that specify default values for arbitrary macros\nthat Postfix may send to Milter applications.\n\nAvailable in Postfix version 3.2 and later:\n\nsmtpdmiltermaps (empty)\nLookup tables with Milter settings per remote SMTP client IP address.\n", "subsections": [] }, "GENERAL CONTENT INSPECTION CONTROLS": { "content": "The following parameters are applicable for both built-in and external content filters.\n\nAvailable in Postfix version 2.1 and later:\n\nreceiveoverrideoptions (empty)\nEnable or disable recipient validation, built-in content filtering, or address map‐\nping.\n", "subsections": [] }, "EXTERNAL CONTENT INSPECTION CONTROLS": { "content": "The following parameters are applicable for both before-queue and after-queue content filter‐\ning.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpdauthorizedxforwardhosts (empty)\nWhat remote SMTP clients are allowed to use the XFORWARD feature.\n", "subsections": [] }, "SASL AUTHENTICATION CONTROLS": { "content": "Postfix SASL support (RFC 4954) can be used to authenticate remote SMTP clients to the Post‐\nfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server. See\nthe SASLREADME document for details.\n\nbrokensaslauthclients (no)\nEnable interoperability with remote SMTP clients that implement an obsolete version of\nthe AUTH command (RFC 4954).\n\nsmtpdsaslauthenable (no)\nEnable SASL authentication in the Postfix SMTP server.\n\nsmtpdsasllocaldomain (empty)\nThe name of the Postfix SMTP server's local SASL authentication realm.\n\nsmtpdsaslsecurityoptions (noanonymous)\nPostfix SMTP server SASL security options; as of Postfix 2.3 the list of available\nfeatures depends on the SASL server implementation that is selected with\nsmtpdsasltype.\n\nsmtpdsenderloginmaps (empty)\nOptional lookup table with the SASL login names that own the sender (MAIL FROM) ad‐\ndresses.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpdsaslexceptionsnetworks (empty)\nWhat remote SMTP clients the Postfix SMTP server will not offer AUTH support to.\n\nAvailable in Postfix version 2.1 and 2.2:\n\nsmtpdsaslapplicationname (smtpd)\nThe application name that the Postfix SMTP server uses for SASL server initialization.\n\nAvailable in Postfix version 2.3 and later:\n\nsmtpdsaslauthenticatedheader (no)\nReport the SASL authenticated user name in the smtpd(8) Received message header.\n\nsmtpdsaslpath (smtpd)\nImplementation-specific information that the Postfix SMTP server passes through to the\nSASL plug-in implementation that is selected with smtpdsasltype.\n\nsmtpdsasltype (cyrus)\nThe SASL plug-in type that the Postfix SMTP server should use for authentication.\n\nAvailable in Postfix version 2.5 and later:\n\ncyrussaslconfigpath (empty)\nSearch path for Cyrus SASL application configuration files, currently used only to lo‐\ncate the $smtpdsaslpath.conf file.\n\nAvailable in Postfix version 2.11 and later:\n\nsmtpdsaslservice (smtp)\nThe service name that is passed to the SASL plug-in that is selected with\nsmtpdsasltype and smtpdsaslpath.\n\nAvailable in Postfix version 3.4 and later:\n\nsmtpdsaslresponselimit (12288)\nThe maximum length of a SASL client's response to a server challenge.\n\nAvailable in Postfix 3.6 and later:\n\nsmtpdsaslmechanismfilter (!external, static:rest)\nIf non-empty, a filter for the SASL mechanism names that the Postfix SMTP server will\nannounce in the EHLO response.\n", "subsections": [] }, "STARTTLS SUPPORT CONTROLS": { "content": "Detailed information about STARTTLS configuration may be found in the TLSREADME document.\n\nsmtpdtlssecuritylevel (empty)\nThe SMTP TLS security level for the Postfix SMTP server; when a non-empty value is\nspecified, this overrides the obsolete parameters smtpdusetls and smtpdenforcetls.\n\nsmtpdsasltlssecurityoptions ($smtpdsaslsecurityoptions)\nThe SASL authentication security options that the Postfix SMTP server uses for TLS en‐\ncrypted SMTP sessions.\n\nsmtpdstarttlstimeout (see 'postconf -d' output)\nThe time limit for Postfix SMTP server write and read operations during TLS startup\nand shutdown handshake procedures.\n\nsmtpdtlsCAfile (empty)\nA file containing (PEM format) CA certificates of root CAs trusted to sign either re‐\nmote SMTP client certificates or intermediate CA certificates.\n\nsmtpdtlsCApath (empty)\nA directory containing (PEM format) CA certificates of root CAs trusted to sign either\nremote SMTP client certificates or intermediate CA certificates.\n\nsmtpdtlsalwaysissuesessionids (yes)\nForce the Postfix SMTP server to issue a TLS session id, even when TLS session caching\nis turned off (smtpdtlssessioncachedatabase is empty).\n\nsmtpdtlsaskccert (no)\nAsk a remote SMTP client for a client certificate.\n\nsmtpdtlsauthonly (no)\nWhen TLS encryption is optional in the Postfix SMTP server, do not announce or accept\nSASL authentication over unencrypted connections.\n\nsmtpdtlsccertverifydepth (9)\nThe verification depth for remote SMTP client certificates.\n\nsmtpdtlscertfile (empty)\nFile with the Postfix SMTP server RSA certificate in PEM format.\n\nsmtpdtlsexcludeciphers (empty)\nList of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS\nsecurity levels.\n\nsmtpdtlsdcertfile (empty)\nFile with the Postfix SMTP server DSA certificate in PEM format.\n\nsmtpdtlsdh1024paramfile (empty)\nFile with DH parameters that the Postfix SMTP server should use with non-export EDH\nciphers.\n\nsmtpdtlsdh512paramfile (empty)\nFile with DH parameters that the Postfix SMTP server should use with export-grade EDH\nciphers.\n\nsmtpdtlsdkeyfile ($smtpdtlsdcertfile)\nFile with the Postfix SMTP server DSA private key in PEM format.\n\nsmtpdtlskeyfile ($smtpdtlscertfile)\nFile with the Postfix SMTP server RSA private key in PEM format.\n\nsmtpdtlsloglevel (0)\nEnable additional Postfix SMTP server logging of TLS activity.\n\nsmtpdtlsmandatoryciphers (medium)\nThe minimum TLS cipher grade that the Postfix SMTP server will use with mandatory TLS\nencryption.\n\nsmtpdtlsmandatoryexcludeciphers (empty)\nAdditional list of ciphers or cipher types to exclude from the Postfix SMTP server ci‐\npher list at mandatory TLS security levels.\n\nsmtpdtlsmandatoryprotocols (see 'postconf -d' output)\nTLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption.\n\nsmtpdtlsreceivedheader (no)\nRequest that the Postfix SMTP server produces Received: message headers that include\ninformation about the protocol and cipher used, as well as the remote SMTP client Com‐\nmonName and client certificate issuer CommonName.\n\nsmtpdtlsreqccert (no)\nWith mandatory TLS encryption, require a trusted remote SMTP client certificate in or‐\nder to allow TLS connections to proceed.\n\nsmtpdtlswrappermode (no)\nRun the Postfix SMTP server in the non-standard \"wrapper\" mode, instead of using the\nSTARTTLS command.\n\ntlsdaemonrandombytes (32)\nThe number of pseudo-random bytes that an smtp(8) or smtpd(8) process requests from\nthe tlsmgr(8) server in order to seed its internal pseudo random number generator\n(PRNG).\n\ntlshighcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"high\" grade ciphers.\n\ntlsmediumcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"medium\" or higher grade ciphers.\n\ntlslowcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"low\" or higher grade ciphers.\n\ntlsexportcipherlist (see 'postconf -d' output)\nThe OpenSSL cipherlist for \"export\" or higher grade ciphers.\n\ntlsnullcipherlist (eNULL:!aNULL)\nThe OpenSSL cipherlist for \"NULL\" grade ciphers that provide authentication without\nencryption.\n\nAvailable in Postfix version 2.5 and later:\n\nsmtpdtlsfingerprintdigest (see 'postconf -d' output)\nThe message digest algorithm to construct remote SMTP client-certificate fingerprints\nor public key fingerprints (Postfix 2.9 and later) for checkccertaccess and per‐‐\nmittlsclientcerts.\n\nAvailable in Postfix version 2.6 and later:\n\nsmtpdtlsprotocols (see postconf -d output)\nTLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption.\n\nsmtpdtlsciphers (medium)\nThe minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic\nTLS encryption.\n\nsmtpdtlseccertfile (empty)\nFile with the Postfix SMTP server ECDSA certificate in PEM format.\n\nsmtpdtlseckeyfile ($smtpdtlseccertfile)\nFile with the Postfix SMTP server ECDSA private key in PEM format.\n\nsmtpdtlseecdhgrade (see 'postconf -d' output)\nThe Postfix SMTP server security grade for ephemeral elliptic-curve Diffie-Hellman\n(EECDH) key exchange.\n\ntlseecdhstrongcurve (prime256v1)\nThe elliptic curve used by the Postfix SMTP server for sensibly strong ephemeral ECDH\nkey exchange.\n\ntlseecdhultracurve (secp384r1)\nThe elliptic curve used by the Postfix SMTP server for maximally strong ephemeral ECDH\nkey exchange.\n\nAvailable in Postfix version 2.8 and later:\n\ntlspreemptcipherlist (no)\nWith SSLv3 and later, use the Postfix SMTP server's cipher preference order instead of\nthe remote client's cipher preference order.\n\ntlsdisableworkarounds (see 'postconf -d' output)\nList or bit-mask of OpenSSL bug work-arounds to disable.\n\nAvailable in Postfix version 2.11 and later:\n\ntlsmgrservicename (tlsmgr)\nThe name of the tlsmgr(8) service entry in master.cf.\n\nAvailable in Postfix version 3.0 and later:\n\ntlssessionticketcipher (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)\nAlgorithm used to encrypt RFC5077 TLS session tickets.\n\nAvailable in Postfix version 3.2 and later:\n\ntlseecdhautocurves (see 'postconf -d' output)\nThe prioritized list of elliptic curves supported by the Postfix SMTP client and\nserver.\n\nAvailable in Postfix version 3.4 and later:\n\nsmtpdtlschainfiles (empty)\nList of one or more PEM files, each holding one or more private keys directly followed\nby a corresponding certificate chain.\n\ntlsserversnimaps (empty)\nOptional lookup tables that map names received from remote SMTP clients via the TLS\nServer Name Indication (SNI) extension to the appropriate keys and certificate chains.\n\nAvailable in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:\n\ntlsfastshutdownenable (yes)\nA workaround for implementations that hang Postfix while shutting down a TLS session,\nuntil Postfix times out.\n\nAvailable in Postfix 3.5 and later:\n\ninfologaddressformat (external)\nThe email address form that will be used in non-debug logging (info, warning, etc.).\n", "subsections": [] }, "OBSOLETE STARTTLS CONTROLS": { "content": "The following configuration parameters exist for compatibility with Postfix versions before\n2.3. Support for these will be removed in a future release.\n\nsmtpdusetls (no)\nOpportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not re‐\nquire that clients use TLS encryption.\n\nsmtpdenforcetls (no)\nMandatory TLS: announce STARTTLS support to remote SMTP clients, and require that\nclients use TLS encryption.\n\nsmtpdtlscipherlist (empty)\nObsolete Postfix < 2.3 control for the Postfix SMTP server TLS cipher list.\n", "subsections": [] }, "SMTPUTF8 CONTROLS": { "content": "Preliminary SMTPUTF8 support is introduced with Postfix 3.0.\n\nsmtputf8enable (yes)\nEnable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533.\n\nstrictsmtputf8 (no)\nEnable stricter enforcement of the SMTPUTF8 protocol.\n\nsmtputf8autodetectclasses (sendmail, verify)\nDetect that a message requires SMTPUTF8 support for the specified mail origin classes.\n\nAvailable in Postfix version 3.2 and later:\n\nenableidna2003compatibility (no)\nEnable 'transitional' compatibility between IDNA2003 and IDNA2008, when converting\nUTF-8 domain names to/from the ASCII form that is used for DNS lookups.\n", "subsections": [] }, "VERP SUPPORT CONTROLS": { "content": "With VERP style delivery, each recipient of a message receives a customized copy of the mes‐\nsage with his/her own recipient address encoded in the envelope sender address. The\nVERPREADME file describes configuration and operation details of Postfix support for vari‐\nable envelope return path addresses. VERP style delivery is requested with the SMTP XVERP\ncommand or with the \"sendmail -V\" command-line option and is available in Postfix version 1.1\nand later.\n\ndefaultverpdelimiters (+=)\nThe two default VERP delimiter characters.\n\nverpdelimiterfilter (-=+)\nThe characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1)\ncommand line and in SMTP commands.\n\nAvailable in Postfix version 1.1 and 2.0:\n\nauthorizedverpclients ($mynetworks)\nWhat remote SMTP clients are allowed to specify the XVERP command.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpdauthorizedverpclients ($authorizedverpclients)\nWhat remote SMTP clients are allowed to specify the XVERP command.\n", "subsections": [] }, "TROUBLE SHOOTING CONTROLS": { "content": "The DEBUGREADME document describes how to debug parts of the Postfix mail system. The meth‐\nods vary from making the software log a lot of detail, to running some daemon processes under\ncontrol of a call tracer or debugger.\n\ndebugpeerlevel (2)\nThe increment in verbose logging level when a nexthop destination, remote client or\nserver name or network address matches a pattern given with the debugpeerlist param‐\neter.\n\ndebugpeerlist (empty)\nOptional list of nexthop destination, remote client or server name or network address\npatterns that, if matched, cause the verbose logging level to increase by the amount\nspecified in $debugpeerlevel.\n\nerrornoticerecipient (postmaster)\nThe recipient of postmaster notifications about mail delivery problems that are caused\nby policy, resource, software or protocol errors.\n\ninternalmailfilterclasses (empty)\nWhat categories of Postfix-generated mail are subject to before-queue content inspec‐\ntion by nonsmtpdmilters, headerchecks and bodychecks.\n\nnotifyclasses (resource, software)\nThe list of error classes that are reported to the postmaster.\n\nsmtpdrejectfooter (empty)\nOptional information that is appended after each Postfix SMTP server 4XX or 5XX re‐\nsponse.\n\nsoftbounce (no)\nSafety net to keep mail queued that would otherwise be returned to the sender.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpdauthorizedxclienthosts (empty)\nWhat remote SMTP clients are allowed to use the XCLIENT feature.\n\nAvailable in Postfix version 2.10 and later:\n\nsmtpdlogaccesspermitactions (empty)\nEnable logging of the named \"permit\" actions in SMTP server access lists (by default,\nthe SMTP server logs \"reject\" actions but not \"permit\" actions).\n", "subsections": [] }, "KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS": { "content": "As of Postfix version 2.0, the SMTP server rejects mail for unknown recipients. This prevents\nthe mail queue from clogging up with undeliverable MAILER-DAEMON messages. Additional infor‐\nmation on this topic is in the LOCALRECIPIENTREADME and ADDRESSCLASSREADME documents.\n\nshowuserunknowntablename (yes)\nDisplay the name of the recipient table in the \"User unknown\" responses.\n\ncanonicalmaps (empty)\nOptional address mapping lookup tables for message headers and envelopes.\n\nrecipientcanonicalmaps (empty)\nOptional address mapping lookup tables for envelope and header recipient addresses.\n\nsendercanonicalmaps (empty)\nOptional address mapping lookup tables for envelope and header sender addresses.\n\nParameters concerning known/unknown local recipients:\n", "subsections": [ { "name": "mydestination ($myhostname, localhost.$mydomain, localhost)", "content": "The list of domains that are delivered via the $localtransport mail delivery trans‐\nport.\n\ninetinterfaces (all)\nThe network interface addresses that this mail system receives mail on.\n\nproxyinterfaces (empty)\nThe network interface addresses that this mail system receives mail on by way of a\nproxy or network address translation unit.\n\ninetprotocols (see 'postconf -d output')\nThe Internet protocols Postfix will attempt to use when making or accepting connec‐\ntions.\n\nlocalrecipientmaps (proxy:unix:passwd.byname $aliasmaps)\nLookup tables with all names or addresses of local recipients: a recipient address is\nlocal when its domain matches $mydestination, $inetinterfaces or $proxyinterfaces.\n\nunknownlocalrecipientrejectcode (550)\nThe numerical Postfix SMTP server response code when a recipient address is local, and\n$localrecipientmaps specifies a list of lookup tables that does not match the recip‐\nient.\n\nParameters concerning known/unknown recipients of relay destinations:\n\nrelaydomains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)\nWhat destination domains (and subdomains thereof) this system will relay mail to.\n\nrelayrecipientmaps (empty)\nOptional lookup tables with all valid addresses in the domains that match $relaydo‐\nmains.\n\nunknownrelayrecipientrejectcode (550)\nThe numerical Postfix SMTP server reply code when a recipient address matches $re‐\nlaydomains, and relayrecipientmaps specifies a list of lookup tables that does not\nmatch the recipient address.\n\nParameters concerning known/unknown recipients in virtual alias domains:\n\nvirtualaliasdomains ($virtualaliasmaps)\nPostfix is final destination for the specified list of virtual alias domains, that is,\ndomains for which all addresses are aliased to addresses in other local or remote do‐\nmains.\n\nvirtualaliasmaps ($virtualmaps)\nOptional lookup tables that alias specific mail addresses or domains to other local or\nremote address.\n\nunknownvirtualaliasrejectcode (550)\nThe Postfix SMTP server reply code when a recipient address matches $virtualaliasdo‐\nmains, and $virtualaliasmaps specifies a list of lookup tables that does not match\nthe recipient address.\n\nParameters concerning known/unknown recipients in virtual mailbox domains:\n\nvirtualmailboxdomains ($virtualmailboxmaps)\nPostfix is final destination for the specified list of domains; mail is delivered via\nthe $virtualtransport mail delivery transport.\n\nvirtualmailboxmaps (empty)\nOptional lookup tables with all valid addresses in the domains that match $vir‐\ntualmailboxdomains.\n\nunknownvirtualmailboxrejectcode (550)\nThe Postfix SMTP server reply code when a recipient address matches $virtualmail‐\nboxdomains, and $virtualmailboxmaps specifies a list of lookup tables that does not\nmatch the recipient address.\n" } ] }, "RESOURCE AND RATE CONTROLS": { "content": "The following parameters limit resource usage by the SMTP server and/or control client re‐\nquest rates.\n\nlinelengthlimit (2048)\nUpon input, long lines are chopped up into pieces of at most this length; upon deliv‐\nery, long lines are reconstructed.\n\nqueueminfree (0)\nThe minimal amount of free space in bytes in the queue file system that is needed to\nreceive mail.\n\nmessagesizelimit (10240000)\nThe maximal size in bytes of a message, including envelope information.\n\nsmtpdrecipientlimit (1000)\nThe maximal number of recipients that the Postfix SMTP server accepts per message de‐\nlivery request.\n\nsmtpdtimeout (normal: 300s, overload: 10s)\nThe time limit for sending a Postfix SMTP server response and for receiving a remote\nSMTP client request.\n\nsmtpdhistoryflushthreshold (100)\nThe maximal number of lines in the Postfix SMTP server command history before it is\nflushed upon receipt of EHLO, RSET, or end of DATA.\n\nAvailable in Postfix version 2.3 and later:\n\nsmtpdpeernamelookup (yes)\nAttempt to look up the remote SMTP client hostname, and verify that the name matches\nthe client IP address.\n\nThe per SMTP client connection count and request rate limits are implemented in co-operation\nwith the anvil(8) service, and are available in Postfix version 2.2 and later.\n\nsmtpdclientconnectioncountlimit (50)\nHow many simultaneous connections any client is allowed to make to this service.\n\nsmtpdclientconnectionratelimit (0)\nThe maximal number of connection attempts any client is allowed to make to this ser‐\nvice per time unit.\n\nsmtpdclientmessageratelimit (0)\nThe maximal number of message delivery requests that any client is allowed to make to\nthis service per time unit, regardless of whether or not Postfix actually accepts\nthose messages.\n\nsmtpdclientrecipientratelimit (0)\nThe maximal number of recipient addresses that any client is allowed to send to this\nservice per time unit, regardless of whether or not Postfix actually accepts those re‐\ncipients.\n\nsmtpdclienteventlimitexceptions ($mynetworks)\nClients that are excluded from smtpdclient*count/ratelimit restrictions.\n\nAvailable in Postfix version 2.3 and later:\n\nsmtpdclientnewtlssessionratelimit (0)\nThe maximal number of new (i.e., uncached) TLS sessions that a remote SMTP client is\nallowed to negotiate with this service per time unit.\n\nAvailable in Postfix version 2.9 and later:\n\nsmtpdperrecorddeadline (normal: no, overload: yes)\nChange the behavior of the smtpdtimeout and smtpdstarttlstimeout time limits, from\na time limit per read or write system call, to a time limit to send or receive a com‐\nplete record (an SMTP command line, SMTP response line, SMTP message content line, or\nTLS protocol message).\n\nAvailable in Postfix version 3.1 and later:\n\nsmtpdclientauthratelimit (0)\nThe maximal number of AUTH commands that any client is allowed to send to this service\nper time unit, regardless of whether or not Postfix actually accepts those commands.\n\nAvailable in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:\n\nsmtpdforbidbarenewline (Postfix < 3.9: no)\nReject or restrict input lines from an SMTP client that end in instead of the\nstandard .\n\nsmtpdforbidbarenewlineexclusions ($mynetworks)\nExclude the specified clients from smtpdforbidbarenewline enforcement.\n\nAvailable in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and later:\n\nsmtpdforbidbarenewlinerejectcode (550)\nThe numerical Postfix SMTP server response code when rejecting a request with\n\"smtpdforbidbarenewline = reject\".\n", "subsections": [] }, "TARPIT CONTROLS": { "content": "When a remote SMTP client makes errors, the Postfix SMTP server can insert delays before re‐\nsponding. This can help to slow down run-away software. The behavior is controlled by an er‐\nror counter that counts the number of errors within an SMTP session that a client makes with‐\nout delivering mail.\n\nsmtpderrorsleeptime (1s)\nWith Postfix version 2.1 and later: the SMTP server response delay after a client has\nmade more than $smtpdsofterrorlimit errors, and fewer than $smtpdharderrorlimit\nerrors, without delivering mail.\n\nsmtpdsofterrorlimit (10)\nThe number of errors a remote SMTP client is allowed to make without delivering mail\nbefore the Postfix SMTP server slows down all its responses.\n\nsmtpdharderrorlimit (normal: 20, overload: 1)\nThe maximal number of errors a remote SMTP client is allowed to make without deliver‐\ning mail.\n\nsmtpdjunkcommandlimit (normal: 100, overload: 1)\nThe number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote SMTP client can\nsend before the Postfix SMTP server starts to increment the error counter with each\njunk command.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpdrecipientovershootlimit (1000)\nThe number of recipients that a remote SMTP client can send in excess of the limit\nspecified with $smtpdrecipientlimit, before the Postfix SMTP server increments the\nper-session error count for each excess recipient.\n", "subsections": [] }, "ACCESS POLICY DELEGATION CONTROLS": { "content": "As of version 2.1, Postfix can be configured to delegate access policy decisions to an exter‐\nnal server that runs outside Postfix. See the file SMTPDPOLICYREADME for more information.\n\nsmtpdpolicyservicemaxidle (300s)\nThe time after which an idle SMTPD policy service connection is closed.\n\nsmtpdpolicyservicemaxttl (1000s)\nThe time after which an active SMTPD policy service connection is closed.\n\nsmtpdpolicyservicetimeout (100s)\nThe time limit for connecting to, writing to, or receiving from a delegated SMTPD pol‐\nicy server.\n\nAvailable in Postfix version 3.0 and later:\n\nsmtpdpolicyservicedefaultaction (451 4.3.5 Server configuration problem)\nThe default action when an SMTPD policy service request fails.\n\nsmtpdpolicyservicerequestlimit (0)\nThe maximal number of requests per SMTPD policy service connection, or zero (no\nlimit).\n\nsmtpdpolicyservicetrylimit (2)\nThe maximal number of attempts to send an SMTPD policy service request before giving\nup.\n\nsmtpdpolicyserviceretrydelay (1s)\nThe delay between attempts to resend a failed SMTPD policy service request.\n\nAvailable in Postfix version 3.1 and later:\n\nsmtpdpolicyservicepolicycontext (empty)\nOptional information that the Postfix SMTP server specifies in the \"policycontext\"\nattribute of a policy service request (originally, to share the same service endpoint\namong multiple checkpolicyservice clients).\n", "subsections": [] }, "ACCESS CONTROLS": { "content": "The SMTPDACCESSREADME document gives an introduction to all the SMTP server access control\nfeatures.\n\nsmtpddelayreject (yes)\nWait until the RCPT TO command before evaluating $smtpdclientrestrictions,\n$smtpdhelorestrictions and $smtpdsenderrestrictions, or wait until the ETRN com‐\nmand before evaluating $smtpdclientrestrictions and $smtpdhelorestrictions.\n\nparentdomainmatchessubdomains (see 'postconf -d' output)\nA list of Postfix features where the pattern \"example.com\" also matches subdomains of\nexample.com, instead of requiring an explicit \".example.com\" pattern.\n\nsmtpdclientrestrictions (empty)\nOptional restrictions that the Postfix SMTP server applies in the context of a client\nconnection request.\n\nsmtpdhelorequired (no)\nRequire that a remote SMTP client introduces itself with the HELO or EHLO command be‐\nfore sending the MAIL command or other commands that require EHLO negotiation.\n\nsmtpdhelorestrictions (empty)\nOptional restrictions that the Postfix SMTP server applies in the context of a client\nHELO command.\n\nsmtpdsenderrestrictions (empty)\nOptional restrictions that the Postfix SMTP server applies in the context of a client\nMAIL FROM command.\n\nsmtpdrecipientrestrictions (see 'postconf -d' output)\nOptional restrictions that the Postfix SMTP server applies in the context of a client\nRCPT TO command, after smtpdrelayrestrictions.\n\nsmtpdetrnrestrictions (empty)\nOptional restrictions that the Postfix SMTP server applies in the context of a client\nETRN command.\n\nallowuntrustedrouting (no)\nForward mail with sender-specified routing (user[@%!]remote[@%!]site) from untrusted\nclients to destinations matching $relaydomains.\n\nsmtpdrestrictionclasses (empty)\nUser-defined aliases for groups of access restrictions.\n\nsmtpdnullaccesslookupkey (<>)\nThe lookup key to be used in SMTP access(5) tables instead of the null sender address.\n\npermitmxbackupnetworks (empty)\nRestrict the use of the permitmxbackup SMTP access feature to only domains whose\nprimary MX hosts match the listed networks.\n\nAvailable in Postfix version 2.0 and later:\n\nsmtpddatarestrictions (empty)\nOptional access restrictions that the Postfix SMTP server applies in the context of\nthe SMTP DATA command.\n\nsmtpdexpansionfilter (see 'postconf -d' output)\nWhat characters are allowed in $name expansions of RBL reply templates.\n\nAvailable in Postfix version 2.1 and later:\n\nsmtpdrejectunlistedsender (no)\nRequest that the Postfix SMTP server rejects mail from unknown sender addresses, even\nwhen no explicit rejectunlistedsender access restriction is specified.\n\nsmtpdrejectunlistedrecipient (yes)\nRequest that the Postfix SMTP server rejects mail for unknown recipient addresses,\neven when no explicit rejectunlistedrecipient access restriction is specified.\n\nAvailable in Postfix version 2.2 and later:\n\nsmtpdendofdatarestrictions (empty)\nOptional access restrictions that the Postfix SMTP server applies in the context of\nthe SMTP END-OF-DATA command.\n\nAvailable in Postfix version 2.10 and later:\n\nsmtpdrelayrestrictions (permitmynetworks, permitsaslauthenticated, deferunauthdestina‐‐", "subsections": [ { "name": "tion)", "content": "Access restrictions for mail relay control that the Postfix SMTP server applies in the\ncontext of the RCPT TO command, before smtpdrecipientrestrictions.\n" } ] }, "SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS": { "content": "Postfix version 2.1 introduces sender and recipient address verification. This feature is\nimplemented by sending probe email messages that are not actually delivered. This feature is\nrequested via the rejectunverifiedsender and rejectunverifiedrecipient access restric‐\ntions. The status of verification probes is maintained by the verify(8) server. See the\nfile ADDRESSVERIFICATIONREADME for information about how to configure and operate the Post‐\nfix sender/recipient address verification service.\n\naddressverifypollcount (normal: 3, overload: 1)\nHow many times to query the verify(8) service for the completion of an address verifi‐\ncation request in progress.\n\naddressverifypolldelay (3s)\nThe delay between queries for the completion of an address verification request in\nprogress.\n\naddressverifysender ($doublebouncesender)\nThe sender address to use in address verification probes; prior to Postfix 2.5 the de‐\nfault was \"postmaster\".\n\nunverifiedsenderrejectcode (450)\nThe numerical Postfix SMTP server response code when a recipient address is rejected\nby the rejectunverifiedsender restriction.\n\nunverifiedrecipientrejectcode (450)\nThe numerical Postfix SMTP server response when a recipient address is rejected by the\nrejectunverifiedrecipient restriction.\n\nAvailable in Postfix version 2.6 and later:\n\nunverifiedsenderdefercode (450)\nThe numerical Postfix SMTP server response code when a sender address probe fails due\nto a temporary error condition.\n\nunverifiedrecipientdefercode (450)\nThe numerical Postfix SMTP server response when a recipient address probe fails due to\na temporary error condition.\n\nunverifiedsenderrejectreason (empty)\nThe Postfix SMTP server's reply when rejecting mail with rejectunverifiedsender.\n\nunverifiedrecipientrejectreason (empty)\nThe Postfix SMTP server's reply when rejecting mail with rejectunverifiedrecipient.\n\nunverifiedsendertempfailaction ($rejecttempfailaction)\nThe Postfix SMTP server's action when rejectunverifiedsender fails due to a tempo‐\nrary error condition.\n\nunverifiedrecipienttempfailaction ($rejecttempfailaction)\nThe Postfix SMTP server's action when rejectunverifiedrecipient fails due to a tem‐\nporary error condition.\n\nAvailable with Postfix 2.9 and later:\n\naddressverifysenderttl (0s)\nThe time between changes in the time-dependent portion of address verification probe\nsender addresses.\n", "subsections": [] }, "ACCESS CONTROL RESPONSES": { "content": "The following parameters control numerical SMTP reply codes and/or text responses.\n\naccessmaprejectcode (554)\nThe numerical Postfix SMTP server response code for an access(5) map \"reject\" action.\n\ndefercode (450)\nThe numerical Postfix SMTP server response code when a remote SMTP client request is\nrejected by the \"defer\" restriction.\n\ninvalidhostnamerejectcode (501)\nThe numerical Postfix SMTP server response code when the client HELO or EHLO command\nparameter is rejected by the rejectinvalidhelohostname restriction.\n\nmapsrblrejectcode (554)\nThe numerical Postfix SMTP server response code when a remote SMTP client request is\nblocked by the rejectrblclient, rejectrhsblclient, rejectrhsblreverseclient,\nrejectrhsblsender or rejectrhsblrecipient restriction.\n\nnonfqdnrejectcode (504)\nThe numerical Postfix SMTP server reply code when a client request is rejected by the\nrejectnonfqdnhelohostname, rejectnonfqdnsender or rejectnonfqdnrecipient re‐\nstriction.\n\nplaintextrejectcode (450)\nThe numerical Postfix SMTP server response code when a request is rejected by the re‐‐\njectplaintextsession restriction.\n\nrejectcode (554)\nThe numerical Postfix SMTP server response code when a remote SMTP client request is\nrejected by the \"reject\" restriction.\n\nrelaydomainsrejectcode (554)\nThe numerical Postfix SMTP server response code when a client request is rejected by\nthe rejectunauthdestination recipient restriction.\n\nunknownaddressrejectcode (450)\nThe numerical response code when the Postfix SMTP server rejects a sender or recipient\naddress because its domain is unknown.\n\nunknownclientrejectcode (450)\nThe numerical Postfix SMTP server response code when a client without valid address\n<=> name mapping is rejected by the rejectunknownclienthostname restriction.\n\nunknownhostnamerejectcode (450)\nThe numerical Postfix SMTP server response code when the hostname specified with the\nHELO or EHLO command is rejected by the rejectunknownhelohostname restriction.\n\nAvailable in Postfix version 2.0 and later:\n\ndefaultrblreply (see 'postconf -d' output)\nThe default Postfix SMTP server response template for a request that is rejected by an\nRBL-based restriction.\n\nmultirecipientbouncerejectcode (550)\nThe numerical Postfix SMTP server response code when a remote SMTP client request is\nblocked by the rejectmultirecipientbounce restriction.\n\nrblreplymaps (empty)\nOptional lookup tables with RBL response templates.\n\nAvailable in Postfix version 2.6 and later:\n\naccessmapdefercode (450)\nThe numerical Postfix SMTP server response code for an access(5) map \"defer\" action,\nincluding \"deferifpermit\" or \"deferifreject\".\n\nrejecttempfailaction (deferifpermit)\nThe Postfix SMTP server's action when a reject-type restriction fails due to a tempo‐\nrary error condition.\n\nunknownhelohostnametempfailaction ($rejecttempfailaction)\nThe Postfix SMTP server's action when rejectunknownhelohostname fails due to a tem‐\nporary error condition.\n\nunknownaddresstempfailaction ($rejecttempfailaction)\nThe Postfix SMTP server's action when rejectunknownsenderdomain or rejectun‐\nknownrecipientdomain fail due to a temporary error condition.\n", "subsections": [] }, "MISCELLANEOUS CONTROLS": { "content": "configdirectory (see 'postconf -d' output)\nThe default location of the Postfix main.cf and master.cf configuration files.\n\ndaemontimeout (18000s)\nHow much time a Postfix daemon process may take to handle a request before it is ter‐\nminated by a built-in watchdog timer.\n\ncommanddirectory (see 'postconf -d' output)\nThe location of all postfix administrative commands.\n\ndoublebouncesender (double-bounce)\nThe sender address of postmaster notifications that are generated by the mail system.\n\nipctimeout (3600s)\nThe time limit for sending or receiving information over an internal communication\nchannel.\n\nmailname (Postfix)\nThe mail system name that is displayed in Received: headers, in the SMTP greeting ban‐\nner, and in bounced mail.\n\nmailowner (postfix)\nThe UNIX system account that owns the Postfix queue and most Postfix daemon processes.\n\nmaxidle (100s)\nThe maximum amount of time that an idle Postfix daemon process waits for an incoming\nconnection before terminating voluntarily.\n\nmaxuse (100)\nThe maximal number of incoming connections that a Postfix daemon process will service\nbefore terminating voluntarily.\n", "subsections": [ { "name": "myhostname (see 'postconf -d' output)", "content": "The internet hostname of this mail system.\n" }, { "name": "mynetworks (see 'postconf -d' output)", "content": "The list of \"trusted\" remote SMTP clients that have more privileges than \"strangers\".\n" }, { "name": "myorigin ($myhostname)", "content": "The domain name that locally-posted mail appears to come from, and that locally posted\nmail is delivered to.\n\nprocessid (read-only)\nThe process ID of a Postfix command or daemon process.\n\nprocessname (read-only)\nThe process name of a Postfix command or daemon process.\n\nqueuedirectory (see 'postconf -d' output)\nThe location of the Postfix top-level queue directory.\n\nrecipientdelimiter (empty)\nThe set of characters that can separate an email address localpart, user name, or a\n.forward file name from its extension.\n\nsmtpdbanner ($myhostname ESMTP $mailname)\nThe text that follows the 220 status code in the SMTP greeting banner.\n\nsyslogfacility (mail)\nThe syslog facility of Postfix logging.\n\nsyslogname (see 'postconf -d' output)\nA prefix that is prepended to the process name in syslog records, so that, for exam‐\nple, \"smtpd\" becomes \"prefix/smtpd\".\n\nAvailable in Postfix version 2.2 and later:\n\nsmtpdforbiddencommands (CONNECT, GET, POST)\nList of commands that cause the Postfix SMTP server to immediately terminate the ses‐\nsion with a 221 code.\n\nAvailable in Postfix version 2.5 and later:\n\nsmtpdclientportlogging (no)\nEnable logging of the remote SMTP client port in addition to the hostname and IP ad‐\ndress.\n\nAvailable in Postfix 3.3 and later:\n\nservicename (read-only)\nThe master.cf service name of a Postfix daemon process.\n\nAvailable in Postfix 3.4 and later:\n\nsmtpdrejectfootermaps (empty)\nLookup tables, indexed by the complete Postfix SMTP server 4xx or 5xx response, with\nreject footer templates.\n" } ] }, "SEE ALSO": { "content": "anvil(8), connection/rate limiting\ncleanup(8), message canonicalization\ntlsmgr(8), TLS session and PRNG management\ntrivial-rewrite(8), address resolver\nverify(8), address verification service\npostconf(5), configuration parameters\nmaster(5), generic daemon options\nmaster(8), process manager\npostlogd(8), Postfix logging\nsyslogd(8), system logging\n", "subsections": [] }, "README FILES": { "content": "Use \"postconf readmedirectory\" or \"postconf htmldirectory\" to locate this information.\nADDRESSCLASSREADME, blocking unknown hosted or relay recipients\nADDRESSREWRITINGREADME, Postfix address manipulation\nBDATREADME, Postfix CHUNKING support\nFILTERREADME, external after-queue content filter\nLOCALRECIPIENTREADME, blocking unknown local recipients\nMILTERREADME, before-queue mail filter applications\nSMTPDACCESSREADME, built-in access policies\nSMTPDPOLICYREADME, external policy server\nSMTPDPROXYREADME, external before-queue content filter\nSASLREADME, Postfix SASL howto\nTLSREADME, Postfix STARTTLS howto\nVERPREADME, Postfix XVERP extension\nXCLIENTREADME, Postfix XCLIENT extension\nXFORWARDREADME, Postfix XFORWARD extension\n", "subsections": [] }, "LICENSE": { "content": "The Secure Mailer license must be distributed with this software.\n\nAUTHOR(S)\nWietse Venema\nIBM T.J. Watson Research\nP.O. Box 704\nYorktown Heights, NY 10598, USA\n\nWietse Venema\nGoogle, Inc.\n111 8th Avenue\nNew York, NY 10011, USA\n\nSASL support originally by:\nTill Franke\nSuSE Rhein/Main AG\n65760 Eschborn, Germany\n\nTLS support originally by:\nLutz Jaenicke\nBTU Cottbus\nAllgemeine Elektrotechnik\nUniversitaetsplatz 3-4\nD-03044 Cottbus, Germany\n\nRevised TLS support by:\nVictor Duchovni\nMorgan Stanley\n\n\n\nSMTPD(8postfix)", "subsections": [] } }, "summary": "smtpd - Postfix SMTP server", "flags": [], "examples": [], "see_also": [ { "name": "anvil", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/anvil/8/json" }, { "name": "cleanup", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/cleanup/8/json" }, { "name": "tlsmgr", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/tlsmgr/8/json" }, { "name": "trivial-rewrite", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/trivial-rewrite/8/json" }, { "name": "verify", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/verify/8/json" }, { "name": "postconf", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/postconf/5/json" }, { "name": "master", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/master/5/json" }, { "name": "master", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/master/8/json" }, { "name": "postlogd", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/postlogd/8/json" }, { "name": "syslogd", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/syslogd/8/json" } ] }