Postfix, der sichere Mailserver (MTA) unter CentOS 7.x

Postfix-LogoFür die eMailkommunikation in unserem SOHO1)-LAN wie auch für die Versorgung unserer Kunden bedienen wir uns des MTA2)/SMTP-Server Postfix. Dies nicht zuletzt, da dieser, im Gegensatz zum Dinosaurier verschrieenen Sendmail wesentlich einfacher zu konfigurieren ist und auch sicherheitstechnische Vorteile bietet.

Die nachfolgende Beschreibung zeigt, wie man unter CentOS 7.x einen Postfix-Mailserver MTA3) aufsetzen und sicher betreiben kann. Die Installation und Konfiguration des aktuellen stable Release Postfix 3.x wird nachfolgend ab dieser Seite beschrieben.

Grundvoraussetzung eines jeden Postmasters ist entweder der Besitz und das eingehende, auch mehrmalige Studium des:


Empfehlenswert ist natürlich der Besuch eines Postfix Kurses beim „Postfix-Meister“ Heinlein in der Heinlein Akademie.


Oder noch besser ist natürlich die Buchung eines Postfix/AMaViS-Kurses beim „Postfix-Joda“ Koetter bei der sys4.

Viele der Design und Konfigurationsvorschläge stammen aus einem der beiden Postfix-Büchern. Bei der genaueren Betrachtung der hier gezeigten Konfigurationsdokumentation, werden wir noch über den ein oder anderen Querverweis auf einzelne Seiten und Kapiteln der Bücher stoßen.

Übersichtsskizze

Bevor wir uns in das Design und Konfiguration unseres Mailservers stürzen, werfen wir noch einen Blick auf die (möglichen) Mitspieler in Form von Servern, Diensten, Protokolle und Ports, die uns beim Verarbeiten der elektronischen begegnen werden.

Verarbeitungsschritte einer eMail

Beschreibung

Wie wir der oben stehenden Skizze entnehmen können, sind im Verlauf einer eMail-Verarbeitung viele Mailsysteme und Dienste/Protokolle beteidigt. Eine zentrale Stellung nimmt dabei das DNS4) ein, ohne dessen Informationen keine Mailzustellung und Verarbeitung erfolgen kann. Wir werden uns daher diesem Thema in einem gesonderten Kapitel "DNS Einstellungen rund um Mailserver" hier im WIKI widmen.

Zuerst wollen wr aber noch einen gezielten Blick auf die Begrifflickeiten, die in der obigen Skizze genannt wurden, werfen. Viele interessante und erklärende Informationen findet man auch im entsprechedem Artikel bei der Wikipedia.

Systeme

  • MHS: Mail Handling System, bezeichnet ein eMail-System welches mit Hilfe eines oder mehreren nachfolgend genannten Systemen Nachrichten annimmt, verarbeitet und zustellt.
  • MSA: Als Mail Submission Agent bezeichnet man ein System oder einen Server, der eMails von einem MUA (Mail User Agent) annimmt und zur weiteren Verarbeitung einem nachgelagertem System übergibt. In der Regel wird der Mailserver zur Annahme der eMails den Submission-Port 587 verwenden.
  • MTA: Ein Mail Transfer Agent beschreibt eine Anwendung eines MHS, die Emails annimmt, validiert und weiterleitet. Zur MTA - MTA Kommunikation zwischen zwei Mailservern, wird der SMTP-Port 25 verwendet. Zur Anbindung weiterer Subsysteme können weitere Ports oder Milter-Sockets geöffnet werden. Wird der MTA als Borderfilter oder als Front-Relay eingesetzt kommuniziert der MTA mit entfernten MTAs über Port 25 - erfolgt die Zustellung an einen MDA, so wird dessen LMTP5)-Port 24 verwendet.
  • MDA: Mail Delivery Agent, bezeichnet den Teil eines Mail Handling Systems, welches für die Zustellung der elektronischen Post in die einzelnen Benutzerkonten verantwortlich ist. Die eMail nimmt der MDA in der Regel auf Port 24 entgegen; zur Kommunikation mit den Clients werden POP3 via Port 110, POP3s via Port 995, IMAP via Port 143, IMAPs über Port 993 und ggf. der Manage Sieve Port 4190 angeboten.
  • MRA: Ein Mail Retrieval Agent holt eMails vom Mail Delivery Agent ab und speichert diese auf dem lokalen Rechner ab. Der MRA ist fester Bestandteil eines Mail User Agent der zum Herunterladen der Nachrichten mitteles POP3 verwendet wird. Der bekannteste Vertreter der MRAs ist z.B. das Konsolenprogramm fetchmail.
  • MUA: Mail User Agent oder auch kurz das eMail-Programm/-client bezeichnet ein Programm/Applikation, die ein Anwender benutzt, um eMails zu schreiben, zu versenden, zu empfangen und zu verwalten. Bekannte Vertreter sind z.B. Thunderbird, kMail, Evolution oder R2Mail2. Zum Abholen der Nachrichten wird entweder POP3 via Port 110, POP3s via Port 995 oder IMAP über den Port 143, IMAPs über Port 993 und zum Versenden an den MSA Port 587 verwendet.
  • ASAV: Mit Hilfe eines AntiSpam und AntiVirus Systems kann eine komplette eMail oder auch getrennt in Mail-Header und Mail-Body/Anhänge geprüft und bewertet werden, so dass keine unerwünschten Nachrichten versendet oder empfangen werden bzw. ob Schadcode enthalten ist.

Ports

Zur Kommunikation beim Senden, Transportieren und Abholen von eMails werden in der Regel folgende Ports verwendet bzw. von den Systemen angeboten.

  • 24: LMTP - Annahmeport eines MDAs bei dem der MTA die eMails abliefert
  • 25: SMTP - Port an dem ein MTA Nachrichten eines anderen MTAs entgegen nimmt
  • 465: SMTP over SSL (TLS) - Port an dem ein MTA Nachrichten eines anderen MTAs entgegen nimmt
  • 587: MSA - Mail Message Submission - Port auf dem der MSA die Nachrichten eines MUAs entgegennimmt.
  • 110: POP version 3 - Port über den ein MRA oder MUA die Nachrichten abholen kann.
  • 993: POP-3 over SSL - Port über den ein MRA oder MUA die Nachrichten „transportverschlüsselt“ abholen kann.
  • 143: IMAP - Interim Mail Access Port - Port über den ein MUA z.B. IMAP-Client seine Nachrichten verwalten kann.
  • 995: IMAP over SSL - Interim Mail Access Port - Port über den ein MUA z.B. IMAP-Client seine Nachrichten „transportverschlüsselt“ verwalten kann.
  • 4190: ManageSieve Protocol - Port über den ein Endanwender mit Hilfe seines MUAs Filterregeln auf dem MDA verwalten und (de-)aktivieren kann.

Protokolle

Zu guter Letzt werfen wir noch einen Blick auf die beteidigten Protokolle.

  • LMTP: LMTP Local Mail Transfer Protokoll benutzt der MTA zum Einliefern der eMails bei einem MDA.
  • SMTP: SMTP Simple Mail Transfer Protokoll Verwendet sowohl ein MUA zum Einliefern seiner Nachrichten beim MSA, wie auch zur Interkommunikation von unterscheidlichen MTAs und auch ASAVs
  • SMTPs: SMTPs - Port an dem ein MTA Nachrichten eines anderen MTAs entgegen nimmt
  • POP3: Post Office Protokoll 3 - Ein MRA holt die Nachrichten mit Hilfe von POP3 ab.
  • POP3s: secured Post Office Protokoll 3 - Ein MRA holt die Nachrichten mit Hilfe von POP3 „transportverschlüsselt“ beim MDA ab.
  • IMAP: Interim Mail Access Protokoll - Ein MUA kann mit Hilfe des Interim Mail Access Protokolls die Nachrichten auf dem IMAP-Server verwalten.
  • IMAPs secured Interim Mail Access Protokoll - Ein MUA kann mit Hilfe des Interim Mail Access Protokolls die Nachrichten auf dem IMAP-Server über einen „transportverschlüsselten Kanal „verwalten.
  • SIEVE: Eine Scriptsprache mit deren Hilfe ein eMailkonteninhaber die serverseitige Filterung auf dem MDA steuern und verwalten kann.

Bevor wir uns nun mit den einzelnen Modulen, Daemons und/oder Delivery-Agents befassen, werfen wir zum besseren Verständnis dieser Komponenten erst einfach mal einen Blick unter die Motorhaube unseres 12-Zylinders. ;)

Postfix MTA

Welche Aufgaben und Funktionen die einzelnen Dienste mitbringen wollen wir uns kurz befassen.

master

Die Steuerung der in der obigen Übersichtskizze dargestellten Daemone und Module erfolgt mit Hilfe des master-Daemon, welcher den Postfix-Main-Prozess definiert. Dieser Master-Prozess steuert und überwacht zum einen die einzelnen Postfix-Module, definiert wie viele Instanzen den einzelnen Modulen zugewiesen werden sollen. Zum anderen werden durch den Master-Prozess in regelmäßigen Abständen die Module zum Verwalten und Steuern der Queues gestartet.

Weitere Hinweise zum master-Daemon findet man in dessen manpage.

 # man 5 master
MASTER(5)                         File Formats Manual                         MASTER(5)

NAME
       master - Postfix master process configuration file format

DESCRIPTION
       The  Postfix  mail system is implemented by small number of (mostly) client com‐
       mands that are invoked by users, and by a larger number of services that run  in
       the background.

       Postfix  services  are  implemented  by daemon processes. These run in the back‐
       ground under control of the master(8) process.  The master.cf configuration file
       defines how a client program connects to a service, and what daemon program runs
       when a service is requested.  Most daemon processes are short-lived  and  termi‐
       nate voluntarily after serving max_use clients, or after inactivity for max_idle
       or more units of time.

       All daemons specified here must speak a Postfix-internal protocol. In  order  to
       execute  non-Postfix software use the local(8), pipe(8) or spawn(8) services, or
       run the server under control by inetd(8) or equivalent.

       After changing master.cf you must execute "postfix reload" to reload the config‐
       uration.

SYNTAX
       The general format of the master.cf file is as follows:

       ·      Empty  lines  and  whitespace-only  lines are ignored, as are lines whose
              first non-whitespace character is a `#'.

       ·      A logical line starts with non-whitespace text. A line that  starts  with
              whitespace continues a logical line.

       ·      Each  logical  line  defines  a  single Postfix service.  Each service is
              identified by its name and type as described below.  When multiple  lines
              specify  the same service name and type, only the last one is remembered.
              Otherwise, the order of master.cf service definitions does not matter.

       Each logical line consists of eight fields separated by whitespace.   These  are
       described below in the order as they appear in the master.cf file.

       Where  applicable  a  field  of  "-" requests that the built-in default value be
       used. For boolean fields specify "y" or "n" to override the default value.

       Service name
              The service name syntax depends on the service type as described next.

       Service type
              Specify one of the following service types:

              inet   The service listens on a TCP/IP socket and is accessible  via  the
                     network.

                     The  service name is specified as host:port, denoting the host and
                     port on which new connections should be accepted.  The  host  part
                     (and  colon)  may be omitted.  Either host or port may be given in
                     symbolic form (host or  service  name)  or  in  numeric  form  (IP
                     address  or port number).  Host information may be enclosed inside
                     "[]"; this form is necessary only with IPv6 addresses.

                     Examples: a service named 127.0.0.1:smtp or ::1:smtp receives mail
                     via the loopback interface only; and a service named 10025 accepts
                     connections on TCP port 10025 via all interfaces  configured  with
                     the inet_interfaces parameter.

                     Note:  with Postfix version 2.2 and later specify "inet_interfaces
                     = loopback-only" in main.cf, instead of  hard-coding  loopback  IP
                     address information in master.cf or in main.cf.

              unix   The  service listens on a UNIX-domain socket and is accessible for
                     local clients only.

                     The service name is a  pathname  relative  to  the  Postfix  queue
                     directory (pathname controlled with the queue_directory configura‐
                     tion parameter in main.cf).

                     On Solaris 8 and earlier systems the unix type is implemented with
                     streams sockets.

              fifo   The  service  listens on a FIFO (named pipe) and is accessible for
                     local clients only.

                     The service name is a  pathname  relative  to  the  Postfix  queue
                     directory (pathname controlled with the queue_directory configura‐
                     tion parameter in main.cf).

              pass   The service listens on a UNIX-domain socket, and is accessible  to
                     local clients only. It receives one open connection (file descrip‐
                     tor passing) per connection request.

                     The service name is a  pathname  relative  to  the  Postfix  queue
                     directory (pathname controlled with the queue_directory configura‐
                     tion parameter in main.cf).

                     On Solaris 8 and earlier systems the pass type is implemented with
                     streams sockets.

                     This feature is available as of Postfix version 2.5.

       Private (default: y)
              Whether  or  not access is restricted to the mail system.  Internet (type
              inet) services can't be private.

       Unprivileged (default: y)
              Whether the service runs with root privileges or  as  the  owner  of  the
              Postfix system (the owner name is controlled by the mail_owner configura‐
              tion variable in the main.cf file).

              The local(8), pipe(8), spawn(8), and virtual(8)  daemons  require  privi‐
              leges.

       Chroot (default: y)
              Whether  or  not  the  service  runs chrooted to the mail queue directory
              (pathname is controlled by the queue_directory configuration variable  in
              the main.cf file).

              Chroot  should not be used with the local(8), pipe(8), spawn(8), and vir‐
              tual(8) daemons.  Although the proxymap(8) server can run chrooted, doing
              so defeats most of the purpose of having that service in the first place.

              The files in the examples/chroot-setup subdirectory of the Postfix source
              archive show set up a Postfix chroot environment on a variety of systems.
              See also BASIC_CONFIGURATION_README for issues related to running daemons
              chrooted.

       Wake up time (default: 0)
              Automatically wake up the named service after  the  specified  number  of
              seconds.  The  wake  up  is  implemented by connecting to the service and
              sending a wake up request.  A ? at the end  of  the  wake-up  time  field
              requests  that  no wake up events be sent before the first time a service
              is used.  Specify 0 for no automatic wake up.

              The pickup(8), qmgr(8) and flush(8) daemons require a wake up timer.

       Process limit (default: $default_process_limit)
              The maximum number of processes that may execute this service  simultane‐
              ously. Specify 0 for no process count limit.

              NOTE:  Some  Postfix services must be configured as a single-process ser‐
              vice (for example, qmgr(8)) and some services must be configured with  no
              process  limit  (for  example,  cleanup(8)).   These  limits  must not be
              changed.

       Command name + arguments
              The command to be executed.  Characters that are  special  to  the  shell
              such  as  ">"  or  "|" have no special meaning here, and quotes cannot be
              used to protect arguments containing whitespace.

              The command name is relative to the Postfix daemon directory (pathname is
              controlled by the daemon_directory configuration variable).

              The  command  argument  syntax  for specific commands is specified in the
              respective daemon manual page.

              The following command-line options have the same effect  for  all  daemon
              programs:

              -D     Run  the  daemon  under  control by the command specified with the
                     debugger_command variable in the main.cf configuration file.   See
                     DEBUG_README for hints and tips.

              -o name=value
                     Override  the named main.cf configuration parameter. The parameter
                     value can refer to other parameters as $name etc.,  just  like  in
                     main.cf.  See postconf(5) for syntax.

                     NOTE  1:  do not specify whitespace around the "=" or in parameter
                     values. To specify a parameter value that contains whitespace, use
                     commas  instead  of spaces, or specify the value in main.cf. Exam‐
                     ple:

                     /etc/postfix/master.cf:
                         submission inet .... smtpd
                             -o smtpd_mumble=$submission_mumble

                     /etc/postfix/main.cf
                         submission_mumble = text with whitespace...

                     NOTE 2: Over-zealous use of parameter overrides makes the  Postfix
                     configuration  hard  to  understand  and  maintain.   At a certain
                     point, it might be easier to configure multiple instances of Post‐
                     fix, instead of configuring multiple personalities via master.cf.

              -v     Increase the verbose logging level. Specify multiple -v options to
                     make a Postfix daemon process increasingly verbose.

SEE ALSO
       master(8), process manager
       postconf(5), configuration parameters

README FILES
       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this
       information.
       BASIC_CONFIGURATION_README, basic configuration
       DEBUG_README, Postfix debugging

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Initial version by
       Magnus Baeck
       Lund Institute of Technology
       Sweden

       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                              MASTER(5)

lmtp, smtp, smtps und relay

Der smtp-Client wird benutzt, um Nachrichten an vom Postfix zu anderen SMTP/LMTP-Daemons weiterzurouten, die dieser vom queue-Manager zugewiesen bekommt. Der Client ermittelt selbst die Routinginformationen, wie er den Empfänger erreichen kann und versucht je nach Priorität der Nachricht diese erfolgreich zuzustellen. Weiterhin übergibt der Client Statusberichte zur Zustellung von Nachrichten an den bounce-, defer- und trace-daemon. Nach der erfolgreichen Übertragung der Nachricht, kann eine Verbindung an den scache-Daemon übergeben werden, damit die bestehende Verbindung ggf für weitere Nachrichtenübertragungen genutzt werden kann. Der smtps-Client benutzt zur Übertragung entsprechend TLS-geschützten Übertragungsweg.

Weitere Hinweise können der smtp manpage entnommen werden.

 # man 8 smtp
SMTP(8)                         System Manager's Manual                         SMTP(8)

NAME
       smtp - Postfix SMTP+LMTP client

SYNOPSIS
       smtp [generic Postfix daemon options]

DESCRIPTION
       The  Postfix  SMTP+LMTP client implements the SMTP and LMTP mail delivery proto‐
       cols. It processes message  delivery  requests  from  the  queue  manager.  Each
       request  specifies  a  queue file, a sender address, a domain or host to deliver
       to, and recipient information.  This program expects to be  run  from  the  mas‐
       ter(8) process manager.

       The SMTP+LMTP client updates the queue file and marks recipients as finished, or
       it informs the queue manager that delivery should be  tried  again  at  a  later
       time.  Delivery  status  reports are sent to the bounce(8), defer(8) or trace(8)
       daemon as appropriate.

       The SMTP+LMTP client looks up a list of mail exchanger addresses for the  desti‐
       nation  host,  sorts the list by preference, and connects to each listed address
       until it finds a server that responds.

       When a server is not reachable, or when mail delivery fails due to a recoverable
       error  condition, the SMTP+LMTP client will try to deliver the mail to an alter‐
       nate host.

       After a successful mail transaction, a connection may be saved to the  scache(8)
       connection  cache  server,  so that it may be used by any SMTP+LMTP client for a
       subsequent transaction.

       By default, connection caching is enabled temporarily for destinations that have
       a  high  volume  of  mail in the active queue. Connection caching can be enabled
       permanently for specific destinations.

SMTP DESTINATION SYNTAX
       SMTP destinations have the following form:
       domainname

       domainname:port
              Look up the mail exchangers for the specified domain, and connect to  the
              specified port (default: smtp).

       [hostname]

       [hostname]:port
              Look  up the address(es) of the specified host, and connect to the speci‐
              fied port (default: smtp).

       [address]

       [address]:port
              Connect to the host at the specified address, and connect to  the  speci‐
              fied  port  (default:  smtp).  An  IPv6  address  must  be  formatted  as
              [ipv6:address].

LMTP DESTINATION SYNTAX
       LMTP destinations have the following form:

       unix:pathname
              Connect to the local UNIX-domain server that is bound  to  the  specified
              pathname.  If  the  process runs chrooted, an absolute pathname is inter‐
              preted relative to the Postfix queue directory.

       inet:hostname

       inet:hostname:port

       inet:[address]

       inet:[address]:port
              Connect to the specified TCP port on the specified local or remote  host.
              If  no  port  is  specified,  connect to the port defined as lmtp in ser‐
              vices(4).  If no such service is found, the  lmtp_tcp_port  configuration
              parameter  (default  value  of 24) will be used.  An IPv6 address must be
              formatted as [ipv6:address].

SECURITY
       The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP or  LMTP
       servers  and  to  DNS  servers  on  the network. The SMTP+LMTP client can be run
       chrooted at fixed low privilege.

STANDARDS
       RFC 821 (SMTP protocol)
       RFC 822 (ARPA Internet Text Messages)
       RFC 1651 (SMTP service extensions)
       RFC 1652 (8bit-MIME transport)
       RFC 1870 (Message Size Declaration)
       RFC 2033 (LMTP protocol)
       RFC 2034 (SMTP Enhanced Error Codes)
       RFC 2045 (MIME: Format of Internet Message Bodies)
       RFC 2046 (MIME: Media Types)
       RFC 2554 (AUTH command)
       RFC 2821 (SMTP protocol)
       RFC 2920 (SMTP Pipelining)
       RFC 3207 (STARTTLS command)
       RFC 3461 (SMTP DSN Extension)
       RFC 3463 (Enhanced Status Codes)
       RFC 4954 (AUTH command)
       RFC 5321 (SMTP protocol)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).  Corrupted message files are
       marked  so that the queue manager can move them to the corrupt queue for further
       inspection.

       Depending on the setting of the  notify_classes  parameter,  the  postmaster  is
       notified of bounces, protocol problems, and of other trouble.

BUGS
       SMTP  and  LMTP connection caching does not work with TLS. The necessary support
       for TLS object passivation and re-activation does not exist without closing  the
       session, which defeats the purpose.

       SMTP and LMTP connection caching assumes that SASL credentials are valid for all
       destinations that map onto the same IP address and TCP port.

CONFIGURATION PARAMETERS
       Before Postfix version 2.3, the LMTP client is a separate  program  that  imple‐
       ments  only  a subset of the functionality available with SMTP: there is no sup‐
       port for TLS, and connections are cached in-process, making it ineffective  when
       the client is used for multiple domains.

       Most  smtp_xxx  configuration parameters have an lmtp_xxx "mirror" parameter for
       the equivalent LMTP feature. This document  describes  only  those  LMTP-related
       parameters that aren't simply "mirror" parameters.

       Changes  to  main.cf  are  picked up automatically, as smtp(8) processes run for
       only a limited amount of time. Use the command "postfix reload" to  speed  up  a
       change.

       The  text  below  provides  only  a  parameter summary. See postconf(5) for more
       details including examples.

COMPATIBILITY CONTROLS
       ignore_mx_lookup_error (no)
              Ignore DNS MX lookups that produce no response.

       smtp_always_send_ehlo (yes)
              Always send EHLO at the start of an SMTP session.

       smtp_never_send_ehlo (no)
              Never send EHLO at the start of an SMTP session.

       smtp_defer_if_no_mx_address_found (no)
              Defer mail delivery when no MX record resolves to an IP address.

       smtp_line_length_limit (998)
              The maximal length of message header and body  lines  that  Postfix  will
              send via SMTP.

       smtp_pix_workaround_delay_time (10s)
              How  long  the  Postfix  SMTP client pauses before sending ".<CR><LF>" in
              order to work around the PIX firewall "<CR><LF>.<CR><LF>" bug.

       smtp_pix_workaround_threshold_time (500s)
              How long a message must be queued before the Postfix SMTP client turns on
              the  PIX firewall "<CR><LF>.<CR><LF>" bug workaround for delivery through
              firewalls with "smtp fixup" mode turned on.

       smtp_pix_workarounds (disable_esmtp, delay_dotcrlf)
              A list that specifies zero or more workarounds  for  CISCO  PIX  firewall
              bugs.

       smtp_pix_workaround_maps (empty)
              Lookup tables, indexed by the remote SMTP server address, with per-desti‐
              nation workarounds for CISCO PIX firewall bugs.

       smtp_quote_rfc821_envelope (yes)
              Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands  as
              required by RFC 5321.

       smtp_reply_filter (empty)
              A  mechanism  to transform replies from remote SMTP servers one line at a
              time.

       smtp_skip_5xx_greeting (yes)
              Skip remote SMTP servers that greet with a 5XX status code.

       smtp_skip_quit_response (yes)
              Do not wait for the response to the SMTP QUIT command.

       Available in Postfix version 2.0 and earlier:

       smtp_skip_4xx_greeting (yes)
              Skip SMTP servers that greet with a 4XX status code (go away,  try  again
              later).

       Available in Postfix version 2.2 and later:

       smtp_discard_ehlo_keyword_address_maps (empty)
              Lookup  tables,  indexed  by  the  remote  SMTP server address, with case
              insensitive lists of EHLO keywords  (pipelining,  starttls,  auth,  etc.)
              that  the  Postfix  SMTP  client  will ignore in the EHLO response from a
              remote SMTP server.

       smtp_discard_ehlo_keywords (empty)
              A case insensitive list of EHLO  keywords  (pipelining,  starttls,  auth,
              etc.)  that the Postfix SMTP client will ignore in the EHLO response from
              a remote SMTP server.

       smtp_generic_maps (empty)
              Optional lookup tables that perform address rewriting in the Postfix SMTP
              client,  typically  to  transform a locally valid address into a globally
              valid address when sending mail across the Internet.

       Available in Postfix version 2.2.9 and later:

       smtp_cname_overrides_servername (version dependent)
              Allow DNS CNAME records to override the servername that the Postfix  SMTP
              client  uses  for logging, SASL password lookup, TLS policy decisions, or
              TLS certificate verification.

       Available in Postfix version 2.3 and later:

       lmtp_discard_lhlo_keyword_address_maps (empty)
              Lookup tables, indexed by the  remote  LMTP  server  address,  with  case
              insensitive  lists  of  LHLO  keywords (pipelining, starttls, auth, etc.)
              that the Postfix LMTP client will ignore in  the  LHLO  response  from  a
              remote LMTP server.

       lmtp_discard_lhlo_keywords (empty)
              A  case  insensitive  list  of LHLO keywords (pipelining, starttls, auth,
              etc.) that the Postfix LMTP client will ignore in the LHLO response  from
              a remote LMTP server.

       Available in Postfix version 2.4.4 and later:

       send_cyrus_sasl_authzid (no)
              When authenticating to a remote SMTP or LMTP server with the default set‐
              ting "no", send no SASL authoriZation ID (authzid); send  only  the  SASL
              authentiCation ID (authcid) plus the authcid's password.

       Available in Postfix version 2.5 and later:

       smtp_header_checks (empty)
              Restricted header_checks(5) tables for the Postfix SMTP client.

       smtp_mime_header_checks (empty)
              Restricted mime_header_checks(5) tables for the Postfix SMTP client.

       smtp_nested_header_checks (empty)
              Restricted nested_header_checks(5) tables for the Postfix SMTP client.

       smtp_body_checks (empty)
              Restricted body_checks(5) tables for the Postfix SMTP client.

       Available in Postfix version 2.6 and later:

       tcp_windowsize (0)
              An optional workaround for routers that break TCP window scaling.

       Available in Postfix version 2.8 and later:

       smtp_dns_resolver_options (empty)
              DNS Resolver options for the Postfix SMTP client.

       Available in Postfix version 2.9 and later:

       smtp_per_record_deadline (no)
              Change  the behavior of the smtp_*_timeout time limits, from a time limit
              per read or write system call, to a time limit to send or receive a  com‐
              plete record (an SMTP command line, SMTP response line, SMTP message con‐
              tent line, or TLS protocol message).

       smtp_send_dummy_mail_auth (no)
              Whether or not to append the "AUTH=<>" option to the MAIL FROM command in
              SASL-authenticated SMTP sessions.

       Available in Postfix version 2.11 and later:

       smtp_dns_support_level (empty)
              Level of DNS support in the Postfix SMTP client.

MIME PROCESSING CONTROLS
       Available in Postfix version 2.0 and later:

       disable_mime_output_conversion (no)
              Disable the conversion of 8BITMIME format to 7BIT format.

       mime_boundary_length_limit (2048)
              The maximal length of MIME multipart boundary strings.

       mime_nesting_limit (100)
              The maximal recursion level that the MIME processor will handle.

EXTERNAL CONTENT INSPECTION CONTROLS
       Available in Postfix version 2.1 and later:

       smtp_send_xforward_command (no)
              Send  the non-standard XFORWARD command when the Postfix SMTP server EHLO
              response announces XFORWARD support.

SASL AUTHENTICATION CONTROLS
       smtp_sasl_auth_enable (no)
              Enable SASL authentication in the Postfix SMTP client.

       smtp_sasl_password_maps (empty)
              Optional Postfix SMTP client lookup  tables  with  one  username:password
              entry per remote hostname or domain, or sender address when sender-depen‐
              dent authentication is enabled.

       smtp_sasl_security_options (noplaintext, noanonymous)
              Postfix SMTP client SASL security options; as of Postfix 2.3 the list  of
              available  features  depends  on  the  SASL client implementation that is
              selected with smtp_sasl_type.

       Available in Postfix version 2.2 and later:

       smtp_sasl_mechanism_filter (empty)
              If non-empty, a Postfix SMTP client filter for the remote  SMTP  server's
              list of offered SASL mechanisms.

       Available in Postfix version 2.3 and later:

       smtp_sender_dependent_authentication (no)
              Enable  sender-dependent  authentication in the Postfix SMTP client; this
              is available only with SASL authentication, and disables SMTP  connection
              caching to ensure that mail from different senders will use the appropri‐
              ate credentials.

       smtp_sasl_path (empty)
              Implementation-specific information that the Postfix SMTP  client  passes
              through  to  the  SASL  plug-in  implementation  that  is  selected  with
              smtp_sasl_type.

       smtp_sasl_type (cyrus)
              The SASL plug-in type that the Postfix SMTP client should use for authen‐
              tication.

       Available in Postfix version 2.5 and later:

       smtp_sasl_auth_cache_name (empty)
              An  optional  table to prevent repeated SASL authentication failures with
              the same remote SMTP server hostname, username and password.

       smtp_sasl_auth_cache_time (90d)
              The maximal age  of  an  smtp_sasl_auth_cache_name  entry  before  it  is
              removed.

       smtp_sasl_auth_soft_bounce (yes)
              When  a  remote  SMTP server rejects a SASL authentication request with a
              535 reply code, defer mail delivery instead of returning mail as undeliv‐
              erable.

       Available in Postfix version 2.9 and later:

       smtp_send_dummy_mail_auth (no)
              Whether or not to append the "AUTH=<>" option to the MAIL FROM command in
              SASL-authenticated SMTP sessions.

STARTTLS SUPPORT CONTROLS
       Detailed information about STARTTLS configuration may be found in the TLS_README
       document.

       smtp_tls_security_level (empty)
              The  default  SMTP TLS security level for the Postfix SMTP client; when a
              non-empty value is specified,  this  overrides  the  obsolete  parameters
              smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.

       smtp_sasl_tls_security_options ($smtp_sasl_security_options)
              The  SASL  authentication  security  options that the Postfix SMTP client
              uses for TLS encrypted SMTP sessions.

       smtp_starttls_timeout (300s)
              Time limit for Postfix SMTP client write and read operations  during  TLS
              startup and shutdown handshake procedures.

       smtp_tls_CAfile (empty)
              A  file  containing  CA  certificates  of root CAs trusted to sign either
              remote SMTP server certificates or intermediate CA certificates.

       smtp_tls_CApath (empty)
              Directory with PEM format certificate  authority  certificates  that  the
              Postfix SMTP client uses to verify a remote SMTP server certificate.

       smtp_tls_cert_file (empty)
              File with the Postfix SMTP client RSA certificate in PEM format.

       smtp_tls_mandatory_ciphers (medium)
              The  minimum  TLS cipher grade that the Postfix SMTP client will use with
              mandatory TLS encryption.

       smtp_tls_exclude_ciphers (empty)
              List of ciphers or cipher types to exclude from the Postfix  SMTP  client
              cipher list at all TLS security levels.

       smtp_tls_mandatory_exclude_ciphers (empty)
              Additional  list  of  ciphers or cipher types to exclude from the Postfix
              SMTP client cipher list at mandatory TLS security levels.

       smtp_tls_dcert_file (empty)
              File with the Postfix SMTP client DSA certificate in PEM format.

       smtp_tls_dkey_file ($smtp_tls_dcert_file)
              File with the Postfix SMTP client DSA private key in PEM format.

       smtp_tls_key_file ($smtp_tls_cert_file)
              File with the Postfix SMTP client RSA private key in PEM format.

       smtp_tls_loglevel (0)
              Enable additional Postfix SMTP client logging of TLS activity.

       smtp_tls_note_starttls_offer (no)
              Log the hostname of a remote SMTP server that offers STARTTLS,  when  TLS
              is not already enabled for that server.

       smtp_tls_policy_maps (empty)
              Optional  lookup  tables with the Postfix SMTP client TLS security policy
              by next-hop destination; when a non-empty value is specified, this  over‐
              rides the obsolete smtp_tls_per_site parameter.

       smtp_tls_mandatory_protocols (!SSLv2)
              List  of  SSL/TLS  protocols  that  the Postfix SMTP client will use with
              mandatory TLS encryption.

       smtp_tls_scert_verifydepth (9)
              The verification depth for remote SMTP server certificates.

       smtp_tls_secure_cert_match (nexthop, dot-nexthop)
              How the Postfix SMTP client verifies the server certificate peername  for
              the "secure" TLS security level.

       smtp_tls_session_cache_database (empty)
              Name  of the file containing the optional Postfix SMTP client TLS session
              cache.

       smtp_tls_session_cache_timeout (3600s)
              The expiration time of Postfix SMTP client TLS session cache information.

       smtp_tls_verify_cert_match (hostname)
              How the Postfix SMTP client verifies the server certificate peername  for
              the "verify" TLS security level.

       tls_daemon_random_bytes (32)
              The  number  of  pseudo-random  bytes that an smtp(8) or smtpd(8) process
              requests from the tlsmgr(8) server in order to seed its  internal  pseudo
              random number generator (PRNG).

       tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "HIGH" grade ciphers.

       tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.

       tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "LOW" or higher grade ciphers.

       tls_export_cipherlist (ALL:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.

       tls_null_cipherlist (eNULL:!aNULL)
              The  OpenSSL cipherlist for "NULL" grade ciphers that provide authentica‐
              tion without encryption.

       Available in Postfix version 2.4 and later:

       smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)
              The SASL authentication security options that  the  Postfix  SMTP  client
              uses for TLS encrypted SMTP sessions with a verified server certificate.

       Available in Postfix version 2.5 and later:

       smtp_tls_fingerprint_cert_match (empty)
              List  of  acceptable  remote SMTP server certificate fingerprints for the
              "fingerprint" TLS security level (smtp_tls_security_level = fingerprint).

       smtp_tls_fingerprint_digest (md5)
              The message digest algorithm used to construct remote  SMTP  server  cer‐
              tificate fingerprints.

       Available in Postfix version 2.6 and later:

       smtp_tls_protocols (!SSLv2)
              List  of  TLS  protocols  that  the  Postfix  SMTP client will exclude or
              include with opportunistic TLS encryption.

       smtp_tls_ciphers (export)
              The minimum TLS cipher grade that the Postfix SMTP client will  use  with
              opportunistic TLS encryption.

       smtp_tls_eccert_file (empty)
              File with the Postfix SMTP client ECDSA certificate in PEM format.

       smtp_tls_eckey_file ($smtp_tls_eccert_file)
              File with the Postfix SMTP client ECDSA private key in PEM format.

       Available in Postfix version 2.7 and later:

       smtp_tls_block_early_mail_reply (no)
              Try to detect a mail hijacking attack based on a TLS protocol vulnerabil‐
              ity (CVE-2009-3555), where an attacker  prepends  malicious  HELO,  MAIL,
              RCPT, DATA commands to a Postfix SMTP client TLS session.

       Available in Postfix version 2.8 and later:

       tls_disable_workarounds (see 'postconf -d' output)
              List or bit-mask of OpenSSL bug work-arounds to disable.

       Available in Postfix version 2.11 and later:

       smtp_tls_trust_anchor_file (empty)
              Zero  or more PEM-format files with trust-anchor certificates and/or pub‐
              lic keys.

       smtp_tls_force_insecure_host_tlsa_lookup (no)
              Lookup the associated DANE TLSA RRset even when  a  hostname  is  not  an
              alias and its address records lie in an unsigned zone.

       tls_dane_trust_anchor_digest_enable (yes)
              RFC 6698 trust-anchor digest support in the Postfix TLS library.

       tlsmgr_service_name (tlsmgr)
              The name of the tlsmgr(8) service entry in master.cf.

OBSOLETE STARTTLS CONTROLS
       The following configuration parameters exist for compatibility with Postfix ver‐
       sions before 2.3. Support for these will be removed in a future release.

       smtp_use_tls (no)
              Opportunistic mode: use TLS when a remote SMTP server announces  STARTTLS
              support, otherwise send the mail in the clear.

       smtp_enforce_tls (no)
              Enforcement  mode:  require  that remote SMTP servers use TLS encryption,
              and never send mail in the clear.

       smtp_tls_enforce_peername (yes)
              With mandatory TLS encryption, require that the remote SMTP server  host‐
              name matches the information in the remote SMTP server certificate.

       smtp_tls_per_site (empty)
              Optional  lookup  tables with the Postfix SMTP client TLS usage policy by
              next-hop destination and by remote SMTP server hostname.

       smtp_tls_cipherlist (empty)
              Obsolete Postfix < 2.3 control for the Postfix  SMTP  client  TLS  cipher
              list.

RESOURCE AND RATE CONTROLS
       smtp_destination_concurrency_limit ($default_destination_concurrency_limit)
              The maximal number of parallel deliveries to the same destination via the
              smtp message delivery transport.

       smtp_destination_recipient_limit ($default_destination_recipient_limit)
              The maximal number of recipients per message for the smtp message  deliv‐
              ery transport.

       smtp_connect_timeout (30s)
              The  Postfix  SMTP  client time limit for completing a TCP connection, or
              zero (use the operating system built-in time limit).

       smtp_helo_timeout (300s)
              The Postfix SMTP client time limit for sending the HELO or EHLO  command,
              and for receiving the initial remote SMTP server response.

       lmtp_lhlo_timeout (300s)
              The  Postfix LMTP client time limit for sending the LHLO command, and for
              receiving the initial remote LMTP server response.

       smtp_xforward_timeout (300s)
              The Postfix SMTP client time limit for sending the XFORWARD command,  and
              for receiving the remote SMTP server response.

       smtp_mail_timeout (300s)
              The Postfix SMTP client time limit for sending the MAIL FROM command, and
              for receiving the remote SMTP server response.

       smtp_rcpt_timeout (300s)
              The Postfix SMTP client time limit for sending the SMTP RCPT TO  command,
              and for receiving the remote SMTP server response.

       smtp_data_init_timeout (120s)
              The Postfix SMTP client time limit for sending the SMTP DATA command, and
              for receiving the remote SMTP server response.

       smtp_data_xfer_timeout (180s)
              The Postfix SMTP client time limit for sending the SMTP message content.

       smtp_data_done_timeout (600s)
              The Postfix SMTP client time limit for sending  the  SMTP  ".",  and  for
              receiving the remote SMTP server response.

       smtp_quit_timeout (300s)
              The  Postfix SMTP client time limit for sending the QUIT command, and for
              receiving the remote SMTP server response.

       Available in Postfix version 2.1 and later:

       smtp_mx_address_limit (5)
              The maximal number of MX (mail exchanger) IP addresses  that  can  result
              from Postfix SMTP client mail exchanger lookups, or zero (no limit).

       smtp_mx_session_limit (2)
              The maximal number of SMTP sessions per delivery request before the Post‐
              fix SMTP client gives up or delivers to a fall-back relay host,  or  zero
              (no limit).

       smtp_rset_timeout (20s)
              The  Postfix SMTP client time limit for sending the RSET command, and for
              receiving the remote SMTP server response.

       Available in Postfix version 2.2 and earlier:

       lmtp_cache_connection (yes)
              Keep Postfix LMTP client connections open for up to $max_idle seconds.

       Available in Postfix version 2.2 and later:

       smtp_connection_cache_destinations (empty)
              Permanently enable SMTP connection caching  for  the  specified  destina‐
              tions.

       smtp_connection_cache_on_demand (yes)
              Temporarily enable SMTP connection caching while a destination has a high
              volume of mail in the active queue.

       smtp_connection_reuse_time_limit (300s)
              The amount of time during which  Postfix  will  use  an  SMTP  connection
              repeatedly.

       smtp_connection_cache_time_limit (2s)
              When  SMTP  connection  caching  is  enabled,  the amount of time that an
              unused SMTP client socket is kept open before it is closed.

       Available in Postfix version 2.3 and later:

       connection_cache_protocol_timeout (5s)
              Time limit for connection cache connect, send or receive operations.

       Available in Postfix version 2.9 and later:

       smtp_per_record_deadline (no)
              Change the behavior of the smtp_*_timeout time limits, from a time  limit
              per  read or write system call, to a time limit to send or receive a com‐
              plete record (an SMTP command line, SMTP response line, SMTP message con‐
              tent line, or TLS protocol message).

       Available in Postfix version 2.11 and later:

       smtp_connection_reuse_count_limit (0)
              When SMTP connection caching is enabled, the number of times that an SMTP
              session may be reused before it is closed, or zero (no limit).

TROUBLE SHOOTING CONTROLS
       debug_peer_level (2)
              The increment in verbose logging level when a  remote  client  or  server
              matches a pattern in the debug_peer_list parameter.

       debug_peer_list (empty)
              Optional list of remote client or server hostname or network address pat‐
              terns that cause the verbose logging level  to  increase  by  the  amount
              specified in $debug_peer_level.

       error_notice_recipient (postmaster)
              The  recipient  of  postmaster notifications about mail delivery problems
              that are caused by policy, resource, software or protocol errors.

       internal_mail_filter_classes (empty)
              What categories of Postfix-generated mail  are  subject  to  before-queue
              content inspection by non_smtpd_milters, header_checks and body_checks.

       notify_classes (resource, software)
              The list of error classes that are reported to the postmaster.

MISCELLANEOUS CONTROLS
       best_mx_transport (empty)
              Where the Postfix SMTP client should deliver mail when it detects a "mail
              loops back to myself" error condition.

       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much  time  a  Postfix  daemon  process may take to handle a request
              before it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The maximal number of digits after the decimal point  when  logging  sub-
              second delay values.

       disable_dns_lookups (no)
              Disable DNS lookups in the Postfix SMTP and LMTP clients.

       inet_interfaces (all)
              The network interface addresses that this mail system receives mail on.

       inet_protocols (all)
              The Internet protocols Postfix will attempt to use when making or accept‐
              ing connections.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       lmtp_assume_final (no)
              When  a  remote  LMTP  server  announces  no DSN support, assume that the
              server performs final delivery,  and  send  "delivered"  delivery  status
              notifications instead of "relayed".

       lmtp_tcp_port (24)
              The default TCP port that the Postfix LMTP client connects to.

       max_idle (100s)
              The  maximum amount of time that an idle Postfix daemon process waits for
              an incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a Postfix daemon  process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       proxy_interfaces (empty)
              The network interface addresses that this mail system receives mail on by
              way of a proxy or network address translation unit.

       smtp_address_preference (any)
              The address type ("ipv6", "ipv4" or "any") that the Postfix  SMTP  client
              will try first, when a destination has IPv6 and IPv4 addresses with equal
              MX preference.

       smtp_bind_address (empty)
              An optional numerical network address that the Postfix SMTP client should
              bind to when making an IPv4 connection.

       smtp_bind_address6 (empty)
              An optional numerical network address that the Postfix SMTP client should
              bind to when making an IPv6 connection.

       smtp_helo_name ($myhostname)
              The hostname to send in the SMTP EHLO or HELO command.

       lmtp_lhlo_name ($myhostname)
              The hostname to send in the LMTP LHLO command.

       smtp_host_lookup (dns)
              What mechanisms the Postfix SMTP client uses  to  look  up  a  host's  IP
              address.

       smtp_randomize_addresses (yes)
              Randomize the order of equal-preference MX host addresses.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

       Available with Postfix 2.2 and earlier:

       fallback_relay (empty)
              Optional list of relay hosts for SMTP destinations that can't be found or
              that are unreachable.

       Available with Postfix 2.3 and later:

       smtp_fallback_relay ($fallback_relay)
              Optional list of relay hosts for SMTP destinations that can't be found or
              that are unreachable.

SEE ALSO
       generic(5), output address rewriting
       header_checks(5), message header content inspection
       body_checks(5), body parts content inspection
       qmgr(8), queue manager
       bounce(8), delivery status reports
       scache(8), connection cache server
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       tlsmgr(8), TLS session and PRNG management
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this
       information.
       SASL_README, Postfix SASL howto
       TLS_README, Postfix STARTTLS howto

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       Command pipelining in cooperation with:
       Jon Ribbens
       Oaktree Internet Solutions Ltd.,
       Internet House,
       Canal Basin,
       Coventry,
       CV1 4LY, United Kingdom.

       SASL support originally by:
       Till Franke
       SuSE Rhein/Main AG
       65760 Eschborn, Germany

       TLS support originally by:
       Lutz Jaenicke
       BTU Cottbus
       Allgemeine Elektrotechnik
       Universitaetsplatz 3-4
       D-03044 Cottbus, Germany

       Revised TLS and SMTP connection cache support by:
       Victor Duchovni
       Morgan Stanley

                                                                                SMTP(8)

pipe

Der pipe-Daemon ist neben den Mailclient-Programmen lmtp und smtp ein weiterer Dienst, der mit der Weiterverteilung der Nachrichten zu externen Mail-Transportprogrammen/-scripten zur Anwendung kommt. Bekannte Vertreter sind hier der Mailinglisten-Server Mailman oder auch der sks-keyserver oder ein Mail2Fax-Programm.

Detailinformationen zum pipe-Daemon findet man in dessen manpage.

 # man 8 pipe
PIPE(8)                         System Manager's Manual                         PIPE(8)

NAME
       pipe - Postfix delivery to external command

SYNOPSIS
       pipe [generic Postfix daemon options] command_attributes...

DESCRIPTION
       The  pipe(8) daemon processes requests from the Postfix queue manager to deliver
       messages to external commands.  This program expects to be  run  from  the  mas‐
       ter(8) process manager.

       Message  attributes  such as sender address, recipient address and next-hop host
       name can be specified as command-line macros that are expanded before the exter‐
       nal command is executed.

       The  pipe(8)  daemon updates queue files and marks recipients as finished, or it
       informs the queue manager that delivery should be tried again at a  later  time.
       Delivery  status  reports are sent to the bounce(8), defer(8) or trace(8) daemon
       as appropriate.

SINGLE-RECIPIENT DELIVERY
       Some destinations cannot handle more than one recipient  per  delivery  request.
       Examples  are  pagers or fax machines.  In addition, multi-recipient delivery is
       undesirable when prepending a Delivered-to: or X-Original-To: message header.

       To prevent Postfix from sending multiple recipients per delivery request,  spec‐
       ify

           transport_destination_recipient_limit = 1

       in  the Postfix main.cf file, where transport is the name in the first column of
       the Postfix master.cf entry for the pipe-based delivery transport.

COMMAND ATTRIBUTE SYNTAX
       The external command attributes are given in the master.cf file at the end of  a
       service definition.  The syntax is as follows:

       chroot=pathname (optional)
              Change  the  process  root  directory  and working directory to the named
              directory. This happens before switching to the privileges specified with
              the  user attribute, and before executing the optional directory=pathname
              directive. Delivery is deferred in case of failure.

              This feature is available as of Postfix 2.3.

       directory=pathname (optional)
              Change to the named directory before executing the external command.  The
              directory  must  be  accessible  for  the  user  specified  with the user
              attribute (see below).  The default working  directory  is  $queue_direc‐
              tory.  Delivery is deferred in case of failure.

              This feature is available as of Postfix 2.2.

       eol=string (optional, default: \n)
              The  output  record delimiter. Typically one would use either \r\n or \n.
              The usual C-style backslash escape sequences are recognized: \a \b \f  \n
              \r \t \v \ddd (up to three octal digits) and \\.

       flags=BDFORXhqu.> (optional)
              Optional  message  processing  flags.  By  default,  a  message is copied
              unchanged.

              B      Append a blank line at the end of each message. This  is  required
                     by  some  mail  user agents that recognize "From " lines only when
                     preceded by a blank line.

              D      Prepend a "Delivered-To: recipient" message header with the  enve‐
                     lope recipient address. Note: for this to work, the transport_des‐
                     tination_recipient_limit must be 1 (see SINGLE-RECIPIENT  DELIVERY
                     above for details).

                     The  D  flag also enforces loop detection (Postfix 2.5 and later):
                     if a message already contains a Delivered-To: header with the same
                     recipient  address, then the message is returned as undeliverable.
                     The address comparison is case insensitive.

                     This feature is available as of Postfix 2.0.

              F      Prepend a "From sender time_stamp" envelope header to the  message
                     content.  This is expected by, for example, UUCP software.

              O      Prepend  an  "X-Original-To:  recipient"  message  header with the
                     recipient address as given to Postfix. Note: for this to work, the
                     transport_destination_recipient_limit must be 1 (see SINGLE-RECIP‐
                     IENT DELIVERY above for details).

                     This feature is available as of Postfix 2.0.

              R      Prepend a Return-Path: message header  with  the  envelope  sender
                     address.

              X      Indicate  that the external command performs final delivery.  This
                     flag affects the status reported in "success" DSN (delivery status
                     notification) messages, and changes it from "relayed" into "deliv‐
                     ered".

                     This feature is available as of Postfix 2.5.

              h      Fold the command-line $original_recipient and  $recipient  address
                     domain  part  (text to the right of the right-most @ character) to
                     lower case; fold the entire command-line $domain and $nexthop host
                     or  domain  information  to  lower  case.  This is recommended for
                     delivery via UUCP.

              q      Quote white space and other special characters in the command-line
                     $sender,  $original_recipient  and  $recipient  address localparts
                     (text to the left of the right-most @ character), according to  an
                     8-bit  transparent  version  of  RFC 822.  This is recommended for
                     delivery via UUCP or BSMTP.

                     The result is compatible with the address parsing of  command-line
                     recipients by the Postfix sendmail(1) mail submission command.

                     The  q flag affects only entire addresses, not the partial address
                     information from the $user, $extension  or  $mailbox  command-line
                     macros.

              u      Fold  the  command-line $original_recipient and $recipient address
                     localpart (text to the left of  the  right-most  @  character)  to
                     lower case.  This is recommended for delivery via UUCP.

              .      Prepend  "."  to  lines  starting with ".". This is needed by, for
                     example, BSMTP software.

              >      Prepend ">" to lines starting with "From ". This is  expected  by,
                     for example, UUCP software.

       null_sender=replacement (default: MAILER-DAEMON)
              Replace the null sender address (typically used for delivery status noti‐
              fications) with the specified text when expanding  the  $sender  command-
              line macro, and when generating a From_ or Return-Path: message header.

              If  the  null  sender  replacement  text is a non-empty string then it is
              affected by the q flag for address quoting in command-line arguments.

              The null sender replacement text may be empty; this form  is  recommended
              for  content  filters  that feed mail back into Postfix. The empty sender
              address is not affected by the q flag for address quoting in command-line
              arguments.

              Caution:  a  null  sender address is easily mis-parsed by naive software.
              For example, when the pipe(8) daemon executes a command such as:

                  Wrong: command -f$sender -- $recipient

              the command will mis-parse the -f option value when the sender address is
              a  null  string.   For correct parsing, specify $sender as an argument by
              itself:

                  Right: command -f $sender -- $recipient

              This feature is available as of Postfix 2.3.

       size=size_limit (optional)
              Don't deliver messages that exceed this size  limit  (in  bytes);  return
              them to the sender instead.

       user=username (required)

       user=username:groupname
              Execute  the external command with the user ID and group ID of the speci‐
              fied username.  The software refuses to execute commands with root privi‐
              leges,  or  with the privileges of the mail system owner. If groupname is
              specified, the corresponding group ID is used instead of the group ID  of
              username.

       argv=command... (required)
              The  command  to  be executed. This must be specified as the last command
              attribute.  The command is executed directly, i.e. without interpretation
              of shell meta characters by a shell command interpreter.

              In  the  command argument vector, the following macros are recognized and
              replaced with corresponding information from the  Postfix  queue  manager
              delivery request.

              In  addition  to  the  form ${name}, the forms $name and $(name) are also
              recognized.  Specify $$ where a single $ is wanted.

              ${client_address}
                     This macro expands to the remote client network address.

                     This feature is available as of Postfix 2.2.

              ${client_helo}
                     This macro expands to the remote client HELO command parameter.

                     This feature is available as of Postfix 2.2.

              ${client_hostname}
                     This macro expands to the remote client hostname.

                     This feature is available as of Postfix 2.2.

              ${client_port}
                     This macro expands to the remote client TCP port number.

                     This feature is available as of Postfix 2.5.

              ${client_protocol}
                     This macro expands to the remote client protocol.

                     This feature is available as of Postfix 2.2.


              ${domain}
                     This macro expands to the domain portion of the recipient address.
                     For example, with an address user+foo@domain the domain is domain.

                     This information is modified by the h flag for case folding.

                     This feature is available as of Postfix 2.5.

              ${extension}
                     This  macro  expands to the extension part of a recipient address.
                     For example, with an address user+foo@domain the extension is foo.

                     A command-line argument that contains ${extension} expands into as
                     many command-line arguments as there are recipients.

                     This information is modified by the u flag for case folding.

              ${mailbox}
                     This  macro  expands  to  the  complete  local part of a recipient
                     address.  For example, with an address user+foo@domain the mailbox
                     is user+foo.

                     A  command-line  argument  that  contains ${mailbox} expands to as
                     many command-line arguments as there are recipients.

                     This information is modified by the u flag for case folding.

              ${nexthop}
                     This macro expands to the next-hop hostname.

                     This information is modified by the h flag for case folding.

              ${original_recipient}
                     This macro expands to the complete recipient  address  before  any
                     address rewriting or aliasing.

                     A   command-line   argument  that  contains  ${original_recipient}
                     expands to as many command-line arguments as there are recipients.

                     This information is modified by the hqu flags for quoting and case
                     folding.

                     This feature is available as of Postfix 2.5.

              ${queue_id}
                     This macro expands to the queue id.

                     This feature is available as of Postfix 2.11.

              ${recipient}
                     This macro expands to the complete recipient address.

                     A  command-line  argument that contains ${recipient} expands to as
                     many command-line arguments as there are recipients.

                     This information is modified by the hqu flags for quoting and case
                     folding.

              ${sasl_method}
                     This  macro  expands to the name of the SASL authentication mecha‐
                     nism in the AUTH command when the Postfix SMTP server received the
                     message.

                     This feature is available as of Postfix 2.2.

              ${sasl_sender}
                     This macro expands to the SASL sender name (i.e. the original sub‐
                     mitter as per RFC 4954) in the MAIL FROM command when the  Postfix
                     SMTP server received the message.

                     This feature is available as of Postfix 2.2.

              ${sasl_username}
                     This  macro expands to the SASL user name in the AUTH command when
                     the Postfix SMTP server received the message.

                     This feature is available as of Postfix 2.2.

              ${sender}
                     This macro expands to the envelope sender address. By default, the
                     null  sender address expands to MAILER-DAEMON; this can be changed
                     with the null_sender attribute, as described above.

                     This information is modified by the q flag for quoting.

              ${size}
                     This macro expands to Postfix's idea of the message size, which is
                     an approximation of the size of the message as delivered.

              ${user}
                     This  macro  expands  to the username part of a recipient address.
                     For example, with an address user+foo@domain the username part  is
                     user.

                     A command-line argument that contains ${user} expands into as many
                     command-line arguments as there are recipients.

                     This information is modified by the u flag for case folding.

STANDARDS
       RFC 3463 (Enhanced status codes)

DIAGNOSTICS
       Command exit status codes are expected to  follow  the  conventions  defined  in
       <sysexits.h>.  Exit status 0 means normal successful completion.

       In  the  case  of  a non-zero exit status, a limited amount of command output is
       reported in an delivery status notification.  When  the  output  begins  with  a
       4.X.X  or  5.X.X enhanced status code, the status code takes precedence over the
       non-zero exit status (Postfix version 2.3 and later).

       Problems and transactions are logged to syslogd(8).  Corrupted message files are
       marked  so that the queue manager can move them to the corrupt queue for further
       inspection.

SECURITY
       This program needs a dual personality 1) to access the private Postfix queue and
       IPC mechanisms, and 2) to execute external commands as the specified user. It is
       therefore security sensitive.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically as pipe(8) processes run for only
       a limited amount of time. Use the command "postfix reload" to speed up a change.

       The  text  below  provides  only  a  parameter summary. See postconf(5) for more
       details including examples.

RESOURCE AND RATE CONTROLS
       In the text below, transport is the first field in a master.cf entry.

       transport_destination_concurrency_limit ($default_destination_concurrency_limit)
              Limit the number of parallel deliveries  to  the  same  destination,  for
              delivery  via  the named transport.  The limit is enforced by the Postfix
              queue manager.

       transport_destination_recipient_limit ($default_destination_recipient_limit)
              Limit the number of recipients per message delivery, for delivery via the
              named transport.  The limit is enforced by the Postfix queue manager.

       transport_time_limit ($command_time_limit)
              Limit  the  time  for  delivery to external command, for delivery via the
              named transport.  The limit is enforced by the pipe delivery agent.

              Postfix 2.4 and later support a suffix that specifies the  time  unit:  s
              (seconds),  m (minutes), h (hours), d (days), w (weeks). The default time
              unit is seconds.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much  time  a  Postfix  daemon  process may take to handle a request
              before it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The maximal number of digits after the decimal point  when  logging  sub-
              second delay values.

       export_environment (see 'postconf -d' output)
              The  list  of environment variables that a Postfix process will export to
              non-Postfix processes.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       mail_owner (postfix)
              The UNIX system account that owns the Postfix queue and most Postfix dae‐
              mon processes.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits  for
              an incoming connection before terminating voluntarily.

       max_use (100)
              The  maximal number of incoming connections that a Postfix daemon process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       recipient_delimiter (empty)
              The set of characters that can separate a user name  from  its  extension
              (example: user+foo), or a .forward file name from its extension (example:
              .forward+foo).

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is prepended to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       qmgr(8), queue manager
       bounce(8), delivery status reports
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                PIPE(8)

sendmail

Der sendmail-Client ersetzt das ürsprüngliche, von Eric Allmann entwickelte sendmail-binary. Jedes extere Script oder Programm, welches das Client-Programm unter /usr/sbin/sendmail aufruft, benutzt somit die von Wietse Venema erstellte, wesentlich sicherere Variante, die sich unmittelbar an den Sicherheitsstandards von Postfix einfügt. Nachrichten werden vom sendmail-Client in die maildrop-Queue abgelegt, wo diese vom pickup-Daemon zur weiteren Verarbeitung abgeholt werden.

Weitere Informationen findet man zum sendmail-Client in dessen manpage.

 # man 8 sendmail
SENDMAIL(1)                     General Commands Manual                     SENDMAIL(1)

NAME
       sendmail - Postfix to Sendmail compatibility interface

SYNOPSIS
       sendmail [option ...] [recipient ...]

       mailq
       sendmail -bp

       newaliases
       sendmail -I

DESCRIPTION
       The Postfix sendmail(1) command implements the Postfix to Sendmail compatibility
       interface.  For the sake of compatibility with existing applications, some Send‐
       mail command-line options are recognized but silently ignored.

       By default, Postfix sendmail(1) reads a message from standard input until EOF or
       until it reads a line with only a . character, and arranges for delivery.  Post‐
       fix  sendmail(1) relies on the postdrop(1) command to create a queue file in the
       maildrop directory.

       Specific command aliases are provided for other common modes of operation:

       mailq  List the mail queue. Each entry shows the queue file  ID,  message  size,
              arrival time, sender, and the recipients that still need to be delivered.
              If mail could not be delivered upon the  last  attempt,  the  reason  for
              failure  is  shown. The queue ID string is followed by an optional status
              character:

              *      The message is in the active queue, i.e. the message  is  selected
                     for delivery.

              !      The message is in the hold queue, i.e. no further delivery attempt
                     will be made until the mail is taken off hold.

              This mode of operation is implemented by executing the postqueue(1)  com‐
              mand.

       newaliases
              Initialize  the  alias database.  If no input file is specified (with the
              -oA option, see below), the program processes the file(s) specified  with
              the alias_database configuration parameter.  If no alias database type is
              specified, the program uses the type  specified  with  the  default_data‐
              base_type configuration parameter.  This mode of operation is implemented
              by running the postalias(1) command.

              Note: it may take a minute or so before an alias database update  becomes
              visible. Use the "postfix reload" command to eliminate this delay.

       These  and other features can be selected by specifying the appropriate combina‐
       tion of command-line options. Some features are controlled by parameters in  the
       main.cf configuration file.

       The following options are recognized:

       -Am (ignored)

       -Ac (ignored)
              Postfix  sendmail  uses the same configuration file regardless of whether
              or not a message is an initial submission.

       -B body_type
              The message body MIME type: 7BIT or 8BITMIME.

       -bd    Go into daemon mode. This mode of operation is implemented  by  executing
              the "postfix start" command.

       -bh (ignored)

       -bH (ignored)
              Postfix has no persistent host status database.

       -bi    Initialize alias database. See the newaliases command above.

       -bl    Go  into daemon mode. To accept only local connections as with Sendmail´s
              -bl option, specify "inet_interfaces = loopback" in the  Postfix  main.cf
              configuration file.

       -bm    Read  mail  from  standard  input  and arrange for delivery.  This is the
              default mode of operation.

       -bp    List the mail queue. See the mailq command above.

       -bs    Stand-alone SMTP server mode. Read SMTP commands from standard input, and
              write  responses  to  standard  output.  In stand-alone SMTP server mode,
              mail relaying and other access  controls  are  disabled  by  default.  To
              enable them, run the process as the mail_owner user.

              This mode of operation is implemented by running the smtpd(8) daemon.

       -bv    Do  not collect or deliver a message. Instead, send an email report after
              verifying each recipient address.  This is  useful  for  testing  address
              rewriting and routing configurations.

              This feature is available in Postfix version 2.1 and later.

       -C config_file

       -C config_dir
              The  path  name  of the Postfix main.cf file, or of its parent directory.
              This information is ignored with Postfix versions before 2.3.

              With all Postfix versions, you can specify a directory pathname with  the
              MAIL_CONFIG  environment  variable to override the location of configura‐
              tion files.

       -F full_name
              Set the sender full name. This overrides the NAME  environment  variable,
              and is used only with messages that have no From: message header.

       -f sender
              Set the envelope sender address. This is the address where delivery prob‐
              lems are sent to. With Postfix versions before 2.1, the  Errors-To:  mes‐
              sage header overrides the error return address.

       -G     Gateway  (relay)  submission,  as  opposed  to  initial  user submission.
              Either do not rewrite addresses at all, or  update  incomplete  addresses
              with the domain information specified with remote_header_rewrite_domain.

              This option is ignored before Postfix version 2.3.

       -h hop_count (ignored)
              Hop count limit. Use the hopcount_limit configuration parameter instead.

       -I     Initialize alias database. See the newaliases command above.

       -i     When  reading a message from standard input, don´t treat a line with only
              a . character as the end of input.

       -L label (ignored)
              The logging label. Use the syslog_name configuration parameter instead.

       -m (ignored)
              Backwards compatibility.

       -N dsn (default: 'delay, failure')
              Delivery status notification control. Specify  either  a  comma-separated
              list with one or more of failure (send notification when delivery fails),
              delay (send notification when delivery  is  delayed),  or  success  (send
              notification when the message is delivered); or specify never (don't send
              any notifications at all).

              This feature is available in Postfix 2.3 and later.

       -n (ignored)
              Backwards compatibility.

       -oAalias_database
              Non-default  alias  database.  Specify  pathname  or  type:pathname.  See
              postalias(1) for details.

       -O option=value (ignored)
              Set the named option to value. Use the equivalent configuration parameter
              in main.cf instead.

       -o7 (ignored)

       -o8 (ignored)
              To send 8-bit or binary content, use an  appropriate  MIME  encapsulation
              and specify the appropriate -B command-line option.

       -oi    When  reading a message from standard input, don´t treat a line with only
              a . character as the end of input.

       -om (ignored)
              The sender is never eliminated from alias etc. expansions.

       -o x value (ignored)
              Set option x to value. Use  the  equivalent  configuration  parameter  in
              main.cf instead.

       -r sender
              Set the envelope sender address. This is the address where delivery prob‐
              lems are sent to. With Postfix versions before 2.1, the  Errors-To:  mes‐
              sage header overrides the error return address.

       -R return
              Delivery  status notification control.  Specify "hdrs" to return only the
              header when a message bounces, "full" to return a full copy (the  default
              behavior).

              The  -R  option  specifies  an  upper bound; Postfix will return only the
              header, when a full copy would exceed the bounce_size_limit setting.

              This option is ignored before Postfix version 2.10.

       -q     Attempt to deliver all queued mail. This is implemented by executing  the
              postqueue(1) command.

              Warning:  flushing  undeliverable  mail  frequently  will  result in poor
              delivery performance of all other mail.

       -qinterval (ignored)
              The interval between queue runs. Use  the  queue_run_delay  configuration
              parameter instead.

       -qIqueueid
              Schedule  immediate  delivery  of mail with the specified queue ID.  This
              option is implemented by  executing  the  postqueue(1)  command,  and  is
              available with Postfix version 2.4 and later.

       -qRsite
              Schedule  immediate  delivery  of  all  mail that is queued for the named
              site. This option accepts only site names that are eligible for the "fast
              flush" service, and is implemented by executing the postqueue(1) command.
              See flush(8) for more information about the "fast flush" service.

       -qSsite
              This command is not implemented. Use the  slower  "sendmail  -q"  command
              instead.

       -t     Extract  recipients  from message headers. These are added to any recipi‐
              ents specified on the command line.

              With Postfix versions prior to 2.1, this option requires that no  recipi‐
              ent addresses are specified on the command line.

       -U (ignored)
              Initial user submission.

       -V envid
              Specify the envelope ID for notification by servers that support DSN.

              This feature is available in Postfix 2.3 and later.

       -XV (Postfix 2.2 and earlier: -V)
              Variable  Envelope  Return  Path. Given an envelope sender address of the
              form owner-listname@origin, each recipient user@domain receives mail with
              a personalized envelope sender address.

              By  default,  the  personalized  envelope  sender  address is owner-list‐
              name+user=domain@origin. The default + and = characters are  configurable
              with the default_verp_delimiters configuration parameter.

       -XVxy (Postfix 2.2 and earlier: -Vxy)
              As -XV, but uses x and y as the VERP delimiter characters, instead of the
              characters  specified  with  the  default_verp_delimiters   configuration
              parameter.

       -v     Send  an email report of the first delivery attempt (Postfix versions 2.1
              and later). Mail delivery always happens in the background. When multiple
              -v options are given, enable verbose logging for debugging purposes.

       -X log_file (ignored)
              Log mailer traffic. Use the debug_peer_list and debug_peer_level configu‐
              ration parameters instead.

SECURITY
       By design, this program is not set-user (or group) id. However, it  must  handle
       data  from  untrusted, possibly remote, users.  Thus, the usual precautions need
       to be taken against malicious inputs.

DIAGNOSTICS
       Problems are logged to syslogd(8) and to the standard error stream.

ENVIRONMENT
       MAIL_CONFIG
              Directory with Postfix configuration files.

       MAIL_VERBOSE (value does not matter)
              Enable verbose logging for debugging purposes.

       MAIL_DEBUG (value does not matter)
              Enable debugging with an external command, as specified with  the  debug‐
              ger_command configuration parameter.

       NAME   The  sender full name. This is used only with messages that have no From:
              message header. See also the -F option above.

CONFIGURATION PARAMETERS
       The following main.cf parameters are especially relevant to this  program.   The
       text  below  provides only a parameter summary. See postconf(5) for more details
       including examples.

COMPATIBILITY CONTROLS
       Available with Postfix 2.9 and later:

       sendmail_fix_line_endings (always)
              Controls how the Postfix sendmail command  converts  email  message  line
              endings from <CR><LF> into UNIX format (<LF>).

TROUBLE SHOOTING CONTROLS
       The DEBUG_README file gives examples of how to trouble shoot a Postfix system.

       debugger_command (empty)
              The  external command to execute when a Postfix daemon program is invoked
              with the -D option.

       debug_peer_level (2)
              The increment in verbose logging level when a  remote  client  or  server
              matches a pattern in the debug_peer_list parameter.

       debug_peer_list (empty)
              Optional list of remote client or server hostname or network address pat‐
              terns that cause the verbose logging level  to  increase  by  the  amount
              specified in $debug_peer_level.

ACCESS CONTROLS
       Available in Postfix version 2.2 and later:

       authorized_flush_users (static:anyone)
              List of users who are authorized to flush the queue.

       authorized_mailq_users (static:anyone)
              List of users who are authorized to view the queue.

       authorized_submit_users (static:anyone)
              List of users who are authorized to submit mail with the sendmail(1) com‐
              mand (and with the privileged postdrop(1) helper command).

RESOURCE AND RATE CONTROLS
       bounce_size_limit (50000)
              The maximal amount of original message text that is sent in a  non-deliv‐
              ery notification.

       fork_attempts (5)
              The maximal number of attempts to fork() a child process.

       fork_delay (1s)
              The delay between attempts to fork() a child process.

       hopcount_limit (50)
              The  maximal  number of Received:  message headers that is allowed in the
              primary message headers.

       queue_run_delay (300s)
              The time between deferred queue scans by  the  queue  manager;  prior  to
              Postfix 2.4 the default value was 1000s.

FAST FLUSH CONTROLS
       The ETRN_README file describes configuration and operation details for the Post‐
       fix "fast flush" service.

       fast_flush_domains ($relay_domains)
              Optional list of destinations that are eligible for per-destination  log‐
              files with mail that is queued to those destinations.

VERP CONTROLS
       The  VERP_README  file  describes configuration and operation details of Postfix
       support for variable envelope return path addresses.

       default_verp_delimiters (+=)
              The two default VERP delimiter characters.

       verp_delimiter_filter (-=+)
              The characters Postfix accepts as VERP delimiter characters on the  Post‐
              fix sendmail(1) command line and in SMTP commands.

MISCELLANEOUS CONTROLS
       alias_database (see 'postconf -d' output)
              The   alias  databases  for  local(8)  delivery  that  are  updated  with
              "newaliases" or with "sendmail -bi".

       command_directory (see 'postconf -d' output)
              The location of all postfix administrative commands.

       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       daemon_directory (see 'postconf -d' output)
              The directory with Postfix support programs and daemon programs.

       default_database_type (see 'postconf -d' output)
              The  default  database  type  for  use in newaliases(1), postalias(1) and
              postmap(1) commands.

       delay_warning_time (0h)
              The time after which the sender receives a copy of the message headers of
              mail that is still queued.

       enable_errors_to (no)
              Report  mail  delivery errors to the address specified with the non-stan‐
              dard Errors-To: message header, instead of the  envelope  sender  address
              (this  feature  is  removed  with  Postfix  version 2.2, is turned off by
              default with Postfix version 2.1, and is  always  turned  on  with  older
              Postfix versions).

       mail_owner (postfix)
              The UNIX system account that owns the Postfix queue and most Postfix dae‐
              mon processes.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       remote_header_rewrite_domain (empty)
              Don't rewrite message headers from remote clients at all when this param‐
              eter  is  empty; otherwise, rewrite message headers and append the speci‐
              fied domain name to incomplete addresses.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is prepended to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

FILES
       /var/spool/postfix, mail queue
       /etc/postfix, configuration files

SEE ALSO
       pickup(8), mail pickup daemon
       qmgr(8), queue manager
       smtpd(8), SMTP server
       flush(8), fast flush service
       postsuper(1), queue maintenance
       postalias(1), create/update/query alias database
       postdrop(1), mail posting utility
       postfix(1), mail system control
       postqueue(1), mail queue control
       syslogd(8), system logging

README_FILES
       Use  "postconf  readme_directory"  or  "postconf  html_directory" to locate this
       information.
       DEBUG_README, Postfix debugging howto
       ETRN_README, Postfix ETRN howto
       VERP_README, Postfix VERP howto

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                            SENDMAIL(1)

smtpd

Der smtpd-Server nimmt Netzwerkverbindungen an und wickelt über die entsprechende Verbindung abhängig vom Prüfungsergebnis entweder keine, eine oder auch mehrere Nachrichten entgegen. Für diese Prüfung können DNS-Anfragen, black-/whitelists und noch viele weitere Kriterien herangezogen werden, die bei der Konfiguration dem smtpd-Daemon definiert worden sind. Auf diese Konfiguration werden wir später in einem weiterem Kapitel hier im Wiki eingehen. Jede akzeptierte Nachricht wird an den cleanup-Daemon weitergeleitet, der diese dann jeweils als separates Queue-File in die incoming-Queue stellt.

Weitere Informationen findet man natürlich auch in der manpage des smtpd-Servers.

 # man 8 smtpd 
SMTPD(8)                        System Manager's Manual                        SMTPD(8)

NAME
       smtpd - Postfix SMTP server

SYNOPSIS
       smtpd [generic Postfix daemon options]

       sendmail -bs

DESCRIPTION
       The  SMTP  server  accepts network connection requests and performs zero or more
       SMTP transactions per connection.  Each received message is  piped  through  the
       cleanup(8)  daemon,  and  is  placed into the incoming queue as one single queue
       file.  For this mode of operation, the program expects to be run from  the  mas‐
       ter(8) process manager.

       Alternatively,  the  SMTP  server be can run in stand-alone mode; this is tradi‐
       tionally obtained with "sendmail -bs".  When the SMTP  server  runs  stand-alone
       with  non $mail_owner privileges, it receives mail even while the mail system is
       not running, deposits messages directly into the maildrop  queue,  and  disables
       the  SMTP  server's  access policies. As of Postfix version 2.3, the SMTP server
       refuses to receive mail from the network when it runs with non $mail_owner priv‐
       ileges.

       The  SMTP  server  implements a variety of policies for connection requests, and
       for parameters given to HELO, ETRN, MAIL FROM, VRFY and RCPT TO  commands.  They
       are detailed below and in the main.cf configuration file.

SECURITY
       The  SMTP  server is moderately security-sensitive. It talks to SMTP clients and
       to DNS servers on the network. The SMTP server can be run chrooted at fixed  low
       privilege.

STANDARDS
       RFC 821 (SMTP protocol)
       RFC 1123 (Host requirements)
       RFC 1652 (8bit-MIME transport)
       RFC 1869 (SMTP service extensions)
       RFC 1870 (Message size declaration)
       RFC 1985 (ETRN command)
       RFC 2034 (SMTP enhanced status codes)
       RFC 2554 (AUTH command)
       RFC 2821 (SMTP protocol)
       RFC 2920 (SMTP pipelining)
       RFC 3207 (STARTTLS command)
       RFC 3461 (SMTP DSN extension)
       RFC 3463 (Enhanced status codes)
       RFC 3848 (ESMTP transmission types)
       RFC 4409 (Message submission)
       RFC 4954 (AUTH command)
       RFC 5321 (SMTP protocol)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

       Depending  on  the  setting  of  the notify_classes parameter, the postmaster is
       notified of bounces, protocol problems, policy violations, and of other trouble.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically, as smtpd(8)  processes  run  for
       only  a  limited  amount of time. Use the command "postfix reload" to speed up a
       change.

       The text below provides only a  parameter  summary.  See  postconf(5)  for  more
       details including examples.

COMPATIBILITY CONTROLS
       The  following  parameters  work around implementation errors in other software,
       and/or allow you to override standards in order to prevent undesirable use.

       broken_sasl_auth_clients (no)
              Enable inter-operability with remote SMTP clients that implement an obso‐
              lete version of the AUTH command (RFC 4954).

       disable_vrfy_command (no)
              Disable the SMTP VRFY command.

       smtpd_noop_commands (empty)
              List  of  commands that the Postfix SMTP server replies to with "250 Ok",
              without doing any syntax checks and without changing state.

       strict_rfc821_envelopes (no)
              Require that addresses received in SMTP MAIL FROM and  RCPT  TO  commands
              are  enclosed  with  <>,  and that those addresses do not contain RFC 822
              style comments or phrases.

       Available in Postfix version 2.1 and later:

       smtpd_reject_unlisted_sender (no)
              Request that the Postfix SMTP server rejects  mail  from  unknown  sender
              addresses,  even  when no explicit reject_unlisted_sender access restric‐
              tion is specified.

       smtpd_sasl_exceptions_networks (empty)
              What remote SMTP clients the Postfix SMTP server will not offer AUTH sup‐
              port to.

       Available in Postfix version 2.2 and later:

       smtpd_discard_ehlo_keyword_address_maps (empty)
              Lookup  tables,  indexed  by  the  remote  SMTP client address, with case
              insensitive lists of EHLO keywords  (pipelining,  starttls,  auth,  etc.)
              that  the  Postfix  SMTP  server  will not send in the EHLO response to a
              remote SMTP client.

       smtpd_discard_ehlo_keywords (empty)
              A case insensitive list of EHLO  keywords  (pipelining,  starttls,  auth,
              etc.)  that the Postfix SMTP server will not send in the EHLO response to
              a remote SMTP client.

       smtpd_delay_open_until_valid_rcpt (yes)
              Postpone the start of an SMTP mail transaction until a valid RCPT TO com‐
              mand is received.

       Available in Postfix version 2.3 and later:

       smtpd_tls_always_issue_session_ids (yes)
              Force  the  Postfix  SMTP server to issue a TLS session id, even when TLS
              session  caching  is  turned  off  (smtpd_tls_session_cache_database   is
              empty).

       Available in Postfix version 2.6 and later:

       tcp_windowsize (0)
              An optional workaround for routers that break TCP window scaling.

       Available in Postfix version 2.7 and later:

       smtpd_command_filter (empty)
              A mechanism to transform commands from remote SMTP clients.

       Available in Postfix version 2.9 and later:

       smtpd_per_record_deadline (normal: no, overload: yes)
              Change  the behavior of the smtpd_timeout and smtpd_starttls_timeout time
              limits, from a time limit per read or write system call, to a time  limit
              to send or receive a complete record (an SMTP command line, SMTP response
              line, SMTP message content line, or TLS protocol message).

ADDRESS REWRITING CONTROLS
       See the ADDRESS_REWRITING_README document for a detailed discussion  of  Postfix
       address rewriting.

       receive_override_options (empty)
              Enable  or  disable  recipient validation, built-in content filtering, or
              address mapping.

       Available in Postfix version 2.2 and later:

       local_header_rewrite_clients (permit_inet_interfaces)
              Rewrite message header addresses in mail from these  clients  and  update
              incomplete  addresses  with  the  domain  name in $myorigin or $mydomain;
              either don't rewrite message headers from other clients at  all,  or  re‐
              write  message  headers  and  update incomplete addresses with the domain
              specified in the remote_header_rewrite_domain parameter.

BEFORE-SMTPD PROXY AGENT
       Available in Postfix version 2.10 and later:

       smtpd_upstream_proxy_protocol (empty)
              The name of the proxy protocol used by  an  optional  before-smtpd  proxy
              agent.

       smtpd_upstream_proxy_timeout (5s)
              The   time   limit   for   the   proxy   protocol   specified   with  the
              smtpd_upstream_proxy_protocol parameter.

AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
       As of version 1.0, Postfix can be configured to send new  mail  to  an  external
       content  filter  AFTER  the  mail  is queued. This content filter is expected to
       inject mail back into a (Postfix or other) MTA for  further  delivery.  See  the
       FILTER_README document for details.

       content_filter (empty)
              After  the  message  is  queued, send the entire message to the specified
              transport:destination.

BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
       As of version 2.1, the Postfix SMTP server can be configured  to  send  incoming
       mail  to a real-time SMTP-based content filter BEFORE mail is queued.  This con‐
       tent  filter  is  expected  to  inject  mail  back  into   Postfix.    See   the
       SMTPD_PROXY_README  document  for  details  on how to configure and operate this
       feature.

       smtpd_proxy_filter (empty)
              The hostname and TCP port of the mail filtering proxy server.

       smtpd_proxy_ehlo ($myhostname)
              How the Postfix SMTP server announces itself to the proxy filter.

       smtpd_proxy_options (empty)
              List of options that control how the  Postfix  SMTP  server  communicates
              with a before-queue content filter.

       smtpd_proxy_timeout (100s)
              The  time  limit  for  connecting  to  a  proxy filter and for sending or
              receiving information.

BEFORE QUEUE MILTER CONTROLS
       As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail  filter)
       protocol.  These  content filters run outside Postfix. They can inspect the SMTP
       command stream and the message content, and  can  request  modifications  before
       mail is queued. For details see the MILTER_README document.

       smtpd_milters (empty)
              A list of Milter (mail filter) applications for new mail that arrives via
              the Postfix smtpd(8) server.

       milter_protocol (6)
              The mail filter protocol version and  optional  protocol  extensions  for
              communication with a Milter application; prior to Postfix 2.6 the default
              protocol is 2.

       milter_default_action (tempfail)
              The default action when a Milter (mail filter) application is unavailable
              or mis-configured.

       milter_macro_daemon_name ($myhostname)
              The {daemon_name} macro value for Milter (mail filter) applications.

       milter_macro_v ($mail_name $mail_version)
              The {v} macro value for Milter (mail filter) applications.

       milter_connect_timeout (30s)
              The  time limit for connecting to a Milter (mail filter) application, and
              for negotiating protocol options.

       milter_command_timeout (30s)
              The time limit for sending an SMTP command  to  a  Milter  (mail  filter)
              application, and for receiving the response.

       milter_content_timeout (300s)
              The  time  limit  for  sending  message content to a Milter (mail filter)
              application, and for receiving the response.

       milter_connect_macros (see 'postconf -d' output)
              The macros that are sent to Milter (mail filter) applications after  com‐
              pletion of an SMTP connection.

       milter_helo_macros (see 'postconf -d' output)
              The  macros  that are sent to Milter (mail filter) applications after the
              SMTP HELO or EHLO command.

       milter_mail_macros (see 'postconf -d' output)
              The macros that are sent to Milter (mail filter) applications  after  the
              SMTP MAIL FROM command.

       milter_rcpt_macros (see 'postconf -d' output)
              The  macros  that are sent to Milter (mail filter) applications after the
              SMTP RCPT TO command.

       milter_data_macros (see 'postconf -d' output)
              The macros that are sent to version 4  or  higher  Milter  (mail  filter)
              applications after the SMTP DATA command.

       milter_unknown_command_macros (see 'postconf -d' output)
              The  macros  that  are  sent  to version 3 or higher Milter (mail filter)
              applications after an unknown SMTP command.

       milter_end_of_header_macros (see 'postconf -d' output)
              The macros that are sent to Milter (mail filter) applications  after  the
              end of the message header.

       milter_end_of_data_macros (see 'postconf -d' output)
              The  macros  that are sent to Milter (mail filter) applications after the
              message end-of-data.

GENERAL CONTENT INSPECTION CONTROLS
       The following parameters are applicable for both built-in and  external  content
       filters.

       Available in Postfix version 2.1 and later:

       receive_override_options (empty)
              Enable  or  disable  recipient validation, built-in content filtering, or
              address mapping.

EXTERNAL CONTENT INSPECTION CONTROLS
       The following parameters are applicable for both  before-queue  and  after-queue
       content filtering.

       Available in Postfix version 2.1 and later:

       smtpd_authorized_xforward_hosts (empty)
              What remote SMTP clients are allowed to use the XFORWARD feature.

SASL AUTHENTICATION CONTROLS
       Postfix  SASL support (RFC 4954) can be used to authenticate remote SMTP clients
       to the Postfix SMTP server, and to authenticate the Postfix  SMTP  client  to  a
       remote SMTP server.  See the SASL_README document for details.

       broken_sasl_auth_clients (no)
              Enable inter-operability with remote SMTP clients that implement an obso‐
              lete version of the AUTH command (RFC 4954).

       smtpd_sasl_auth_enable (no)
              Enable SASL authentication in the Postfix SMTP server.

       smtpd_sasl_local_domain (empty)
              The name of the Postfix SMTP server's local SASL authentication realm.

       smtpd_sasl_security_options (noanonymous)
              Postfix SMTP server SASL security options; as of Postfix 2.3 the list  of
              available  features  depends  on  the  SASL server implementation that is
              selected with smtpd_sasl_type.

       smtpd_sender_login_maps (empty)
              Optional lookup table with the SASL login names  that  own  sender  (MAIL
              FROM) addresses.

       Available in Postfix version 2.1 and later:

       smtpd_sasl_exceptions_networks (empty)
              What remote SMTP clients the Postfix SMTP server will not offer AUTH sup‐
              port to.

       Available in Postfix version 2.1 and 2.2:

       smtpd_sasl_application_name (smtpd)
              The application name that the Postfix SMTP server uses  for  SASL  server
              initialization.

       Available in Postfix version 2.3 and later:

       smtpd_sasl_authenticated_header (no)
              Report  the SASL authenticated user name in the smtpd(8) Received message
              header.

       smtpd_sasl_path (smtpd)
              Implementation-specific information that the Postfix SMTP  server  passes
              through  to  the  SASL  plug-in  implementation  that  is  selected  with
              smtpd_sasl_type.

       smtpd_sasl_type (cyrus)
              The SASL plug-in type that the Postfix SMTP server should use for authen‐
              tication.

       Available in Postfix version 2.5 and later:

       cyrus_sasl_config_path (empty)
              Search  path  for  Cyrus  SASL application configuration files, currently
              used only to locate the $smtpd_sasl_path.conf file.

       Available in Postfix version 2.11 and later:

       smtpd_sasl_service (smtp)
              The service name that is passed to the SASL plug-in that is selected with
              smtpd_sasl_type and smtpd_sasl_path.

STARTTLS SUPPORT CONTROLS
       Detailed information about STARTTLS configuration may be found in the TLS_README
       document.

       smtpd_tls_security_level (empty)
              The SMTP TLS security level for the Postfix SMTP server; when a non-empty
              value  is specified, this overrides the obsolete parameters smtpd_use_tls
              and smtpd_enforce_tls.

       smtpd_sasl_tls_security_options ($smtpd_sasl_security_options)
              The SASL authentication security options that  the  Postfix  SMTP  server
              uses for TLS encrypted SMTP sessions.

       smtpd_starttls_timeout (see 'postconf -d' output)
              The  time  limit for Postfix SMTP server write and read operations during
              TLS startup and shutdown handshake procedures.

       smtpd_tls_CAfile (empty)
              A file containing (PEM format) CA certificates of  root  CAs  trusted  to
              sign  either  remote SMTP client certificates or intermediate CA certifi‐
              cates.

       smtpd_tls_CApath (empty)
              A directory containing (PEM format) CA certificates of root  CAs  trusted
              to  sign  either  remote SMTP client certificates or intermediate CA cer‐
              tificates.

       smtpd_tls_always_issue_session_ids (yes)
              Force the Postfix SMTP server to issue a TLS session id,  even  when  TLS
              session   caching  is  turned  off  (smtpd_tls_session_cache_database  is
              empty).

       smtpd_tls_ask_ccert (no)
              Ask a remote SMTP client for a client certificate.

       smtpd_tls_auth_only (no)
              When TLS encryption is optional  in  the  Postfix  SMTP  server,  do  not
              announce or accept SASL authentication over unencrypted connections.

       smtpd_tls_ccert_verifydepth (9)
              The verification depth for remote SMTP client certificates.

       smtpd_tls_cert_file (empty)
              File with the Postfix SMTP server RSA certificate in PEM format.

       smtpd_tls_exclude_ciphers (empty)
              List  of  ciphers  or cipher types to exclude from the SMTP server cipher
              list at all TLS security levels.

       smtpd_tls_dcert_file (empty)
              File with the Postfix SMTP server DSA certificate in PEM format.

       smtpd_tls_dh1024_param_file (empty)
              File with DH parameters that the Postfix SMTP server should use with non-
              export EDH ciphers.

       smtpd_tls_dh512_param_file (empty)
              File  with  DH  parameters  that  the Postfix SMTP server should use with
              export-grade EDH ciphers.

       smtpd_tls_dkey_file ($smtpd_tls_dcert_file)
              File with the Postfix SMTP server DSA private key in PEM format.

       smtpd_tls_key_file ($smtpd_tls_cert_file)
              File with the Postfix SMTP server RSA private key in PEM format.

       smtpd_tls_loglevel (0)
              Enable additional Postfix SMTP server logging of TLS activity.

       smtpd_tls_mandatory_ciphers (medium)
              The minimum TLS cipher grade that the Postfix SMTP server will  use  with
              mandatory TLS encryption.

       smtpd_tls_mandatory_exclude_ciphers (empty)
              Additional  list  of  ciphers or cipher types to exclude from the Postfix
              SMTP server cipher list at mandatory TLS security levels.

       smtpd_tls_mandatory_protocols (!SSLv2)
              The SSL/TLS protocols accepted by the Postfix SMTP server with  mandatory
              TLS encryption.

       smtpd_tls_received_header (no)
              Request  that the Postfix SMTP server produces Received:  message headers
              that include information about the protocol and cipher used, as  well  as
              the  remote  SMTP client CommonName and client certificate issuer Common‐
              Name.

       smtpd_tls_req_ccert (no)
              With mandatory TLS encryption, require a trusted remote SMTP client  cer‐
              tificate in order to allow TLS connections to proceed.

       smtpd_tls_wrappermode (no)
              Run  the  Postfix SMTP server in the non-standard "wrapper" mode, instead
              of using the STARTTLS command.

       tls_daemon_random_bytes (32)
              The number of pseudo-random bytes that an  smtp(8)  or  smtpd(8)  process
              requests  from  the tlsmgr(8) server in order to seed its internal pseudo
              random number generator (PRNG).

       tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "HIGH" grade ciphers.

       tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.

       tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "LOW" or higher grade ciphers.

       tls_export_cipherlist (ALL:+RC4:@STRENGTH)
              The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.

       tls_null_cipherlist (eNULL:!aNULL)
              The OpenSSL cipherlist for "NULL" grade ciphers that provide  authentica‐
              tion without encryption.

       Available in Postfix version 2.5 and later:

       smtpd_tls_fingerprint_digest (md5)
              The  message digest algorithm to construct remote SMTP client-certificate
              fingerprints or public key  fingerprints  (Postfix  2.9  and  later)  for
              check_ccert_access and permit_tls_clientcerts.

       Available in Postfix version 2.6 and later:

       smtpd_tls_protocols (empty)
              List  of  TLS  protocols  that  the  Postfix  SMTP server will exclude or
              include with opportunistic TLS encryption.

       smtpd_tls_ciphers (export)
              The minimum TLS cipher grade that the Postfix SMTP server will  use  with
              opportunistic TLS encryption.

       smtpd_tls_eccert_file (empty)
              File with the Postfix SMTP server ECDSA certificate in PEM format.

       smtpd_tls_eckey_file ($smtpd_tls_eccert_file)
              File with the Postfix SMTP server ECDSA private key in PEM format.

       smtpd_tls_eecdh_grade (see 'postconf -d' output)
              The  Postfix  SMTP  server  security  grade  for ephemeral elliptic-curve
              Diffie-Hellman (EECDH) key exchange.

       tls_eecdh_strong_curve (prime256v1)
              The elliptic curve used by the Postfix SMTP server  for  sensibly  strong
              ephemeral ECDH key exchange.

       tls_eecdh_ultra_curve (secp384r1)
              The  elliptic  curve used by the Postfix SMTP server for maximally strong
              ephemeral ECDH key exchange.

       Available in Postfix version 2.8 and later:

       tls_preempt_cipherlist (no)
              With SSLv3 and later, use the Postfix  SMTP  server's  cipher  preference
              order instead of the remote client's cipher preference order.

       tls_disable_workarounds (see 'postconf -d' output)
              List or bit-mask of OpenSSL bug work-arounds to disable.

       Available in Postfix version 2.11 and later:

       tlsmgr_service_name (tlsmgr)
              The name of the tlsmgr(8) service entry in master.cf.

OBSOLETE STARTTLS CONTROLS
       The following configuration parameters exist for compatibility with Postfix ver‐
       sions before 2.3. Support for these will be removed in a future release.

       smtpd_use_tls (no)
              Opportunistic TLS: announce STARTTLS support to remote SMTP clients,  but
              do not require that clients use TLS encryption.

       smtpd_enforce_tls (no)
              Mandatory  TLS:  announce  STARTTLS  support  to remote SMTP clients, and
              require that clients use TLS encryption.

       smtpd_tls_cipherlist (empty)
              Obsolete Postfix < 2.3 control for the Postfix  SMTP  server  TLS  cipher
              list.

VERP SUPPORT CONTROLS
       With VERP style delivery, each recipient of a message receives a customized copy
       of the message with his/her own recipient address encoded in the envelope sender
       address.   The VERP_README file describes configuration and operation details of
       Postfix support for variable envelope return path addresses.  VERP style  deliv‐
       ery  is requested with the SMTP XVERP command or with the "sendmail -V" command-
       line option and is available in Postfix version 1.1 and later.

       default_verp_delimiters (+=)
              The two default VERP delimiter characters.

       verp_delimiter_filter (-=+)
              The characters Postfix accepts as VERP delimiter characters on the  Post‐
              fix sendmail(1) command line and in SMTP commands.

       Available in Postfix version 1.1 and 2.0:

       authorized_verp_clients ($mynetworks)
              What remote SMTP clients are allowed to specify the XVERP command.

       Available in Postfix version 2.1 and later:

       smtpd_authorized_verp_clients ($authorized_verp_clients)
              What remote SMTP clients are allowed to specify the XVERP command.

TROUBLE SHOOTING CONTROLS
       The  DEBUG_README document describes how to debug parts of the Postfix mail sys‐
       tem. The methods vary from making the software log a lot of detail,  to  running
       some daemon processes under control of a call tracer or debugger.

       debug_peer_level (2)
              The  increment  in  verbose  logging level when a remote client or server
              matches a pattern in the debug_peer_list parameter.

       debug_peer_list (empty)
              Optional list of remote client or server hostname or network address pat‐
              terns  that  cause  the  verbose  logging level to increase by the amount
              specified in $debug_peer_level.

       error_notice_recipient (postmaster)
              The recipient of postmaster notifications about  mail  delivery  problems
              that are caused by policy, resource, software or protocol errors.

       internal_mail_filter_classes (empty)
              What  categories  of  Postfix-generated  mail are subject to before-queue
              content inspection by non_smtpd_milters, header_checks and body_checks.

       notify_classes (resource, software)
              The list of error classes that are reported to the postmaster.

       smtpd_reject_footer (empty)
              Optional information that is appended after each Postfix SMTP server  4XX
              or 5XX response.

       soft_bounce (no)
              Safety  net  to  keep mail queued that would otherwise be returned to the
              sender.

       Available in Postfix version 2.1 and later:

       smtpd_authorized_xclient_hosts (empty)
              What remote SMTP clients are allowed to use the XCLIENT feature.

       Available in Postfix version 2.10 and later:

       smtpd_log_access_permit_actions (empty)
              Enable logging of the named "permit" actions in SMTP server access  lists
              (by  default,  the  SMTP  server  logs  "reject" actions but not "permit"
              actions).

KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS
       As of Postfix version 2.0, the SMTP server rejects mail for unknown  recipients.
       This  prevents  the mail queue from clogging up with undeliverable MAILER-DAEMON
       messages. Additional information on this topic is in the  LOCAL_RECIPIENT_README
       and ADDRESS_CLASS_README documents.

       show_user_unknown_table_name (yes)
              Display the name of the recipient table in the "User unknown" responses.

       canonical_maps (empty)
              Optional address mapping lookup tables for message headers and envelopes.

       recipient_canonical_maps (empty)
              Optional  address mapping lookup tables for envelope and header recipient
              addresses.

       Parameters concerning known/unknown local recipients:

       mydestination ($myhostname, localhost.$mydomain, localhost)
              The list of domains that are  delivered  via  the  $local_transport  mail
              delivery transport.

       inet_interfaces (all)
              The network interface addresses that this mail system receives mail on.

       proxy_interfaces (empty)
              The network interface addresses that this mail system receives mail on by
              way of a proxy or network address translation unit.

       inet_protocols (all)
              The Internet protocols Postfix will attempt to use when making or accept‐
              ing connections.

       local_recipient_maps (proxy:unix:passwd.byname $alias_maps)
              Lookup  tables with all names or addresses of local recipients: a recipi‐
              ent address is local when its domain matches $mydestination, $inet_inter‐
              faces or $proxy_interfaces.

      unknown_local_recipient_reject_code (550)
              The  numerical Postfix SMTP server response code when a recipient address
              is local, and $local_recipient_maps specifies a  list  of  lookup  tables
              that does not match the recipient.

       Parameters concerning known/unknown recipients of relay destinations:

       relay_domains ($mydestination)
              What  destination domains (and subdomains thereof) this system will relay
              mail to.

       relay_recipient_maps (empty)
              Optional lookup tables with all valid addresses in the domains that match
              $relay_domains.

       unknown_relay_recipient_reject_code (550)
              The  numerical  Postfix  SMTP  server reply code when a recipient address
              matches $relay_domains, and  relay_recipient_maps  specifies  a  list  of
              lookup tables that does not match the recipient address.

       Parameters concerning known/unknown recipients in virtual alias domains:

       virtual_alias_domains ($virtual_alias_maps)
              Postfix  is  final  destination  for  the specified list of virtual alias
              domains, that  is,  domains  for  which  all  addresses  are  aliased  to
              addresses in other local or remote domains.

       virtual_alias_maps ($virtual_maps)
              Optional  lookup  tables that alias specific mail addresses or domains to
              other local or remote address.

       unknown_virtual_alias_reject_code (550)
              The Postfix SMTP server reply code when a recipient address matches $vir‐
              tual_alias_domains,  and  $virtual_alias_maps  specifies a list of lookup
              tables that does not match the recipient address.

       Parameters concerning known/unknown recipients in virtual mailbox domains:

       virtual_mailbox_domains ($virtual_mailbox_maps)
              Postfix is final destination for the specified list of domains;  mail  is
              delivered via the $virtual_transport mail delivery transport.

       virtual_mailbox_maps (empty)
              Optional lookup tables with all valid addresses in the domains that match
              $virtual_mailbox_domains.

       unknown_virtual_mailbox_reject_code (550)
              The Postfix SMTP server reply code when a recipient address matches $vir‐
              tual_mailbox_domains,  and  $virtual_mailbox_maps  specifies  a  list  of
              lookup tables that does not match the recipient address.

RESOURCE AND RATE CONTROLS
       The following parameters limit resource usage by the SMTP server and/or  control
       client request rates.

       line_length_limit (2048)
              Upon input, long lines are chopped up into pieces of at most this length;
              upon delivery, long lines are reconstructed.

       queue_minfree (0)
              The minimal amount of free space in bytes in the queue file  system  that
              is needed to receive mail.

       message_size_limit (10240000)
              The maximal size in bytes of a message, including envelope information.

       smtpd_recipient_limit (1000)
              The maximal number of recipients that the Postfix SMTP server accepts per
              message delivery request.

       smtpd_timeout (normal: 300s, overload: 10s)
              The time limit for sending a Postfix SMTP server response and for receiv‐
              ing a remote SMTP client request.

       smtpd_history_flush_threshold (100)
              The  maximal  number  of lines in the Postfix SMTP server command history
              before it is flushed upon receipt of EHLO, RSET, or end of DATA.

       Available in Postfix version 2.3 and later:

       smtpd_peername_lookup (yes)
              Attempt to look up the remote SMTP client hostname, and verify  that  the
              name matches the client IP address.

       The  per SMTP client connection count and request rate limits are implemented in
       co-operation with the anvil(8) service, and are available in Postfix version 2.2
       and later.

       smtpd_client_connection_count_limit (50)
              How  many  simultaneous connections any client is allowed to make to this
              service.

       smtpd_client_connection_rate_limit (0)
              The maximal number of connection attempts any client is allowed  to  make
              to this service per time unit.

       smtpd_client_message_rate_limit (0)
              The  maximal  number  of  message  delivery  requests  that any client is
              allowed to make to this service per time unit, regardless of  whether  or
              not Postfix actually accepts those messages.

       smtpd_client_recipient_rate_limit (0)
              The  maximal  number of recipient addresses that any client is allowed to
              send to this service per time unit, regardless of whether or not  Postfix
              actually accepts those recipients.

       smtpd_client_event_limit_exceptions ($mynetworks)
              Clients  that  are excluded from smtpd_client_*_count/rate_limit restric‐
              tions.

       Available in Postfix version 2.3 and later:

       smtpd_client_new_tls_session_rate_limit (0)
              The maximal number of new (i.e., uncached) TLS  sessions  that  a  remote
              SMTP client is allowed to negotiate with this service per time unit.

       Available in Postfix version 2.9 and later:

       smtpd_per_record_deadline (normal: no, overload: yes)
              Change  the behavior of the smtpd_timeout and smtpd_starttls_timeout time
              limits, from a time limit per read or write system call, to a time  limit
              to send or receive a complete record (an SMTP command line, SMTP response
              line, SMTP message content line, or TLS protocol message).

TARPIT CONTROLS
       When a remote SMTP client makes errors,  the  Postfix  SMTP  server  can  insert
       delays  before  responding.  This  can help to slow down run-away software.  The
       behavior is controlled by an error counter that  counts  the  number  of  errors
       within an SMTP session that a client makes without delivering mail.

       smtpd_error_sleep_time (1s)
              With  Postfix version 2.1 and later: the SMTP server response delay after
              a client has made more than  $smtpd_soft_error_limit  errors,  and  fewer
              than $smtpd_hard_error_limit errors, without delivering mail.

       smtpd_soft_error_limit (10)
              The  number  of  errors  a  remote SMTP client is allowed to make without
              delivering mail before  the  Postfix  SMTP  server  slows  down  all  its
              responses.

       smtpd_hard_error_limit (normal: 20, overload: 1)
              The  maximal  number  of  errors  a remote SMTP client is allowed to make
              without delivering mail.

       smtpd_junk_command_limit (normal: 100, overload: 1)
              The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote SMTP
              client  can  send  before the Postfix SMTP server starts to increment the
              error counter with each junk command.

       Available in Postfix version 2.1 and later:

       smtpd_recipient_overshoot_limit (1000)
              The number of recipients that a remote SMTP client can send in excess  of
              the  limit specified with $smtpd_recipient_limit, before the Postfix SMTP
              server increments the per-session error count for each excess recipient.

ACCESS POLICY DELEGATION CONTROLS
       As of version 2.1, Postfix can be configured to delegate access policy decisions
       to  an  external  server  that  runs  outside  Postfix.  See the file SMTPD_POL‐
       ICY_README for more information.

       smtpd_policy_service_max_idle (300s)
              The time after which an idle SMTPD policy service connection is closed.

       smtpd_policy_service_max_ttl (1000s)
              The time after which an active SMTPD policy service connection is closed.

       smtpd_policy_service_timeout (100s)
              The time limit for connecting to, writing to or receiving  from  a  dele‐
              gated SMTPD policy server.

ACCESS CONTROLS
       The  SMTPD_ACCESS_README  document  gives an introduction to all the SMTP server
       access control features.

       smtpd_delay_reject (yes)
              Wait until the RCPT TO command before  evaluating  $smtpd_client_restric‐
              tions,  $smtpd_helo_restrictions  and $smtpd_sender_restrictions, or wait
              until the ETRN command before evaluating  $smtpd_client_restrictions  and
              $smtpd_helo_restrictions.

       parent_domain_matches_subdomains (see 'postconf -d' output)
              What  Postfix  features  match  subdomains of "domain.tld" automatically,
              instead of requiring an explicit ".domain.tld" pattern.

       smtpd_client_restrictions (empty)
              Optional restrictions that the Postfix SMTP server applies in the context
              of a client connection request.

       smtpd_helo_required (no)
              Require that a remote SMTP client introduces itself with the HELO or EHLO
              command before sending the MAIL command or other  commands  that  require
              EHLO negotiation.

       smtpd_helo_restrictions (empty)
              Optional restrictions that the Postfix SMTP server applies in the context
              of a client HELO command.

       smtpd_sender_restrictions (empty)
              Optional restrictions that the Postfix SMTP server applies in the context
              of a client MAIL FROM command.

       smtpd_recipient_restrictions (see 'postconf -d' output)
              Optional restrictions that the Postfix SMTP server applies in the context
              of a client RCPT TO command, after smtpd_relay_restrictions.

       smtpd_etrn_restrictions (empty)
              Optional restrictions that the Postfix SMTP server applies in the context
              of a client ETRN command.

       allow_untrusted_routing (no)
              Forward  mail  with  sender-specified  routing (user[@%!]remote[@%!]site)
              from untrusted clients to destinations matching $relay_domains.

       smtpd_restriction_classes (empty)
              User-defined aliases for groups of access restrictions.

       smtpd_null_access_lookup_key (<>)
              The lookup key to be used in SMTP access(5) tables instead  of  the  null
              sender address.

       permit_mx_backup_networks (empty)
              Restrict  the  use  of  the  permit_mx_backup SMTP access feature to only
              domains whose primary MX hosts match the listed networks.

       Available in Postfix version 2.0 and later:

       smtpd_data_restrictions (empty)
              Optional access restrictions that the Postfix SMTP server applies in  the
              context of the SMTP DATA command.

       smtpd_expansion_filter (see 'postconf -d' output)
              What characters are allowed in $name expansions of RBL reply templates.

       Available in Postfix version 2.1 and later:

       smtpd_reject_unlisted_sender (no)
              Request  that  the  Postfix  SMTP server rejects mail from unknown sender
              addresses, even when no explicit reject_unlisted_sender  access  restric‐
              tion is specified.

       smtpd_reject_unlisted_recipient (yes)
              Request  that  the Postfix SMTP server rejects mail for unknown recipient
              addresses,  even  when  no  explicit   reject_unlisted_recipient   access
              restriction is specified.

       Available in Postfix version 2.2 and later:

       smtpd_end_of_data_restrictions (empty)
              Optional  access restrictions that the Postfix SMTP server applies in the
              context of the SMTP END-OF-DATA command.

       Available in Postfix version 2.10 and later:

       smtpd_relay_restrictions     (permit_mynetworks,      permit_sasl_authenticated,
       defer_unauth_destination)
              Access  restrictions  for mail relay control that the Postfix SMTP server
              applies in the context of  the  RCPT  TO  command,  before  smtpd_recipi‐
              ent_restrictions.

SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS
       Postfix  version 2.1 introduces sender and recipient address verification.  This
       feature is implemented by sending probe email messages  that  are  not  actually
       delivered.   This  feature  is  requested  via  the reject_unverified_sender and
       reject_unverified_recipient access restrictions.   The  status  of  verification
       probes  is  maintained  by the verify(8) server.  See the file ADDRESS_VERIFICA‐
       TION_README for information about how  to  configure  and  operate  the  Postfix
       sender/recipient address verification service.

       address_verify_poll_count (normal: 3, overload: 1)
              How  many  times  to query the verify(8) service for the completion of an
              address verification request in progress.

       address_verify_poll_delay (3s)
              The delay between queries for the completion of an  address  verification
              request in progress.

       address_verify_sender ($double_bounce_sender)
              The  sender address to use in address verification probes; prior to Post‐
              fix 2.5 the default was "postmaster".

       unverified_sender_reject_code (450)
              The numerical Postfix SMTP server response code when a recipient  address
              is rejected by the reject_unverified_sender restriction.

       unverified_recipient_reject_code (450)
              The  numerical  Postfix  SMTP server response when a recipient address is
              rejected by the reject_unverified_recipient restriction.

       Available in Postfix version 2.6 and later:

       unverified_sender_defer_code (450)
              The numerical Postfix SMTP server response code  when  a  sender  address
              probe fails due to a temporary error condition.

       unverified_recipient_defer_code (450)
              The numerical Postfix SMTP server response when a recipient address probe
              fails due to a temporary error condition.

       unverified_sender_reject_reason (empty)
              The Postfix SMTP server's reply when rejecting mail  with  reject_unveri‐
              fied_sender.

       unverified_recipient_reject_reason (empty)
              The  Postfix  SMTP server's reply when rejecting mail with reject_unveri‐
              fied_recipient.

       unverified_sender_tempfail_action ($reject_tempfail_action)
              The Postfix SMTP server's action when reject_unverified_sender fails  due
              to a temporary error condition.

       unverified_recipient_tempfail_action ($reject_tempfail_action)
              The  Postfix  SMTP server's action when reject_unverified_recipient fails
              due to a temporary error condition.

       Available with Postfix 2.9 and later:

       address_verify_sender_ttl (0s)
              The time between changes in the time-dependent portion of address verifi‐
              cation probe sender addresses.

ACCESS CONTROL RESPONSES
       The  following  parameters  control  numerical  SMTP  reply  codes  and/or  text
       responses.

       access_map_reject_code (554)
              The numerical Postfix SMTP server response  code  for  an  access(5)  map
              "reject" action.

       defer_code (450)
              The numerical Postfix SMTP server response code when a remote SMTP client
              request is rejected by the "defer" restriction.

       invalid_hostname_reject_code (501)
              The numerical Postfix SMTP server response code when the client  HELO  or
              EHLO  command  parameter  is rejected by the reject_invalid_helo_hostname
              restriction.

       maps_rbl_reject_code (554)
              The numerical Postfix SMTP server response code when a remote SMTP client
              request   is   blocked  by  the  reject_rbl_client,  reject_rhsbl_client,
              reject_rhsbl_reverse_client, reject_rhsbl_sender or  reject_rhsbl_recipi‐
              ent restriction.

       non_fqdn_reject_code (504)
              The  numerical  Postfix  SMTP  server reply code when a client request is
              rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender  or
              reject_non_fqdn_recipient restriction.

       plaintext_reject_code (450)
              The  numerical  Postfix  SMTP  server  response  code  when  a request is
              rejected by the reject_plaintext_session restriction.

       reject_code (554)
              The numerical Postfix SMTP server response code when a remote SMTP client
              request is rejected by the "reject" restriction.

       relay_domains_reject_code (554)
              The  numerical Postfix SMTP server response code when a client request is
              rejected by the reject_unauth_destination recipient restriction.

       unknown_address_reject_code (450)
              The numerical Postfix SMTP server response code when a sender or  recipi‐
              ent   address   is   rejected   by  the  reject_unknown_sender_domain  or
              reject_unknown_recipient_domain restriction.

       unknown_client_reject_code (450)
              The numerical Postfix SMTP server response code  when  a  client  without
              valid    address    <=>    name    mapping    is    rejected    by    the
              reject_unknown_client_hostname restriction.

       unknown_hostname_reject_code (450)
              The numerical Postfix SMTP server response code when the hostname  speci‐
              fied   with   the   HELO   or   EHLO   command   is   rejected   by   the
              reject_unknown_helo_hostname restriction.

       Available in Postfix version 2.0 and later:

       default_rbl_reply (see 'postconf -d' output)
              The default Postfix SMTP server response template for a request  that  is
              rejected by an RBL-based restriction.

       multi_recipient_bounce_reject_code (550)
              The numerical Postfix SMTP server response code when a remote SMTP client
              request is blocked by the reject_multi_recipient_bounce restriction.

       rbl_reply_maps (empty)
              Optional lookup tables with RBL response templates.

       Available in Postfix version 2.6 and later:

       access_map_defer_code (450)
              The numerical Postfix SMTP server response  code  for  an  access(5)  map
              "defer" action, including "defer_if_permit" or "defer_if_reject".

       reject_tempfail_action (defer_if_permit)
              The Postfix SMTP server's action when a reject-type restriction fails due
              to a temporary error condition.

       unknown_helo_hostname_tempfail_action ($reject_tempfail_action)
              The Postfix SMTP server's action when reject_unknown_helo_hostname  fails
              due to an temporary error condition.

       unknown_address_tempfail_action ($reject_tempfail_action)
              The  Postfix  SMTP  server's  action when reject_unknown_sender_domain or
              reject_unknown_recipient_domain fail due to a temporary error condition.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much  time  a  Postfix  daemon  process may take to handle a request
              before it is terminated by a built-in watchdog timer.

       command_directory (see 'postconf -d' output)
              The location of all postfix administrative commands.

       double_bounce_sender (double-bounce)
              The sender address of postmaster notifications that are generated by  the
              mail system.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       mail_name (Postfix)
              The mail system name that is displayed in Received: headers, in the  SMTP
              greeting banner, and in bounced mail.

       mail_owner (postfix)
              The UNIX system account that owns the Postfix queue and most Postfix dae‐
              mon processes.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits  for
              an incoming connection before terminating voluntarily.

       max_use (100)
              The  maximal number of incoming connections that a Postfix daemon process
              will service before terminating voluntarily.

       myhostname (see 'postconf -d' output)
              The internet hostname of this mail system.

       mynetworks (see 'postconf -d' output)
              The list of "trusted" remote SMTP clients that have more privileges  than
              "strangers".

       myorigin ($myhostname)
              The  domain  name that locally-posted mail appears to come from, and that
              locally posted mail is delivered to.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       recipient_delimiter (empty)
              The set of characters that can separate a user name  from  its  extension
              (example: user+foo), or a .forward file name from its extension (example:
              .forward+foo).

       smtpd_banner ($myhostname ESMTP $mail_name)
              The text that follows the 220 status code in the SMTP greeting banner.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is prepended to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

       Available in Postfix version 2.2 and later:

       smtpd_forbidden_commands (CONNECT, GET, POST)
              List of commands that cause the Postfix SMTP server to immediately termi‐
              nate the session with a 221 code.

       Available in Postfix version 2.5 and later:

       smtpd_client_port_logging (no)
              Enable logging of the remote SMTP client port in addition to the hostname
              and IP address.

SEE ALSO
       anvil(8), connection/rate limiting
       cleanup(8), message canonicalization
       tlsmgr(8), TLS session and PRNG management
       trivial-rewrite(8), address resolver
       verify(8), address verification service
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use  "postconf  readme_directory"  or  "postconf  html_directory" to locate this
       information.
       ADDRESS_CLASS_README, blocking unknown hosted or relay recipients
       ADDRESS_REWRITING_README Postfix address manipulation
       FILTER_README, external after-queue content filter
       LOCAL_RECIPIENT_README, blocking unknown local recipients
       MILTER_README, before-queue mail filter applications
       SMTPD_ACCESS_README, built-in access policies
       SMTPD_POLICY_README, external policy server
       SMTPD_PROXY_README, external before-queue content filter
       SASL_README, Postfix SASL howto
       TLS_README, Postfix STARTTLS howto
       VERP_README, Postfix XVERP extension
       XCLIENT_README, Postfix XCLIENT extension
       XFORWARD_README, Postfix XFORWARD extension

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       SASL support originally by:
       Till Franke
       SuSE Rhein/Main AG
       65760 Eschborn, Germany

       TLS support originally by:
       Lutz Jaenicke
       BTU Cottbus
       Allgemeine Elektrotechnik
       Universitaetsplatz 3-4
       D-03044 Cottbus, Germany

       Revised TLS support by:
       Victor Duchovni
       Morgan Stanley

                                                                               SMTPD(8)

postscreen

Mit Hilfe des postscreen-Daemon kann helfen, die smtpd-Serverprozesse vor unerwünschten Verkehr, die z.B. von SPAM-Botnetzen aus den Server mit SPAM überfluten wollen. Ein postscreen-Prozess kann mehrere smtpd-Prozesse absichern. Typischerweise schützt man damit den SMTP-Port 25, auf dem andere Mailserver ihre Nachrichten einliefern wollen. Zum “wie“ und „Warum“ werden wir hier im Wiki noch in einem gesonderten Kapitel eingehender vertiefen.

Weitere Informationen sind ggf. auch in der manpage von postscreen zu entnehmen.

 # man 8 postscreen
POSTSCREEN(8)                   System Manager's Manual                   POSTSCREEN(8)

NAME
       postscreen - Postfix zombie blocker

SYNOPSIS
       postscreen [generic Postfix daemon options]

DESCRIPTION
       The  Postfix  postscreen(8)  server  provides additional protection against mail
       server overload. One postscreen(8) process handles multiple inbound SMTP connec‐
       tions,  and decides which clients may talk to a Postfix SMTP server process.  By
       keeping spambots away, postscreen(8) leaves more SMTP server processes available
       for legitimate clients, and delays the onset of server overload conditions.

       This  program  should  not be used on SMTP ports that receive mail from end-user
       clients (MUAs). In a typical deployment, postscreen(8) handles the MX service on
       TCP  port  25,  while  MUA clients submit mail via the submission service on TCP
       port 587 which requires client authentication.  Alternatively, a site could  set
       up  a  dedicated, non-postscreen, "port 25" server that provides submission ser‐
       vice and client authentication, but no MX service.

       postscreen(8) maintains a temporary whitelist for clients  that  have  passed  a
       number  of  tests.  When an SMTP client IP address is whitelisted, postscreen(8)
       hands off the connection immediately to a Postfix SMTP server process. This min‐
       imizes the overhead for legitimate mail.

       By  default,  postscreen(8)  logs statistics and hands off every connection to a
       Postfix SMTP server process, while excluding  clients  in  mynetworks  from  all
       tests  (primarily,  to  avoid problems with non-standard SMTP implementations in
       network appliances).  This mode is useful for non-destructive testing.

       In a typical production setting, postscreen(8) is configured to reject mail from
       clients  that  fail one or more tests. postscreen(8) logs rejected mail with the
       client address, helo, sender and recipient information.

       postscreen(8) is not an SMTP proxy; this is intentional.  The purpose is to keep
       spambots  away from Postfix SMTP server processes, while minimizing overhead for
       legitimate traffic.

SECURITY
       The  postscreen(8)  server  is  moderately  security-sensitive.   It  talks   to
       untrusted  clients  on the network. The process can be run chrooted at fixed low
       privilege.

STANDARDS
       RFC 821 (SMTP protocol)
       RFC 1123 (Host requirements)
       RFC 1652 (8bit-MIME transport)
       RFC 1869 (SMTP service extensions)
       RFC 1870 (Message Size Declaration)
       RFC 1985 (ETRN command)
       RFC 2034 (SMTP Enhanced Status Codes)
       RFC 2821 (SMTP protocol)
       Not: RFC 2920 (SMTP Pipelining)
       RFC 3207 (STARTTLS command)
       RFC 3461 (SMTP DSN Extension)
       RFC 3463 (Enhanced Status Codes)
       RFC 5321 (SMTP protocol, including multi-line 220 banners)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       The postscreen(8) built-in SMTP protocol engine currently does not announce sup‐
       port  for  AUTH, XCLIENT or XFORWARD.  If you need to make these services avail‐
       able on port 25, then do not enable the optional  "after  220  server  greeting"
       tests,  and  do  not use DNSBLs that reject traffic from dial-up and residential
       networks.

       The optional "after 220 server greeting" tests involve postscreen(8)'s  built-in
       SMTP protocol engine. When these tests succeed, postscreen(8) adds the client to
       the temporary whitelist, but it cannot not hand off the "live" connection  to  a
       Postfix  SMTP server process in the middle of a session.  Instead, postscreen(8)
       defers attempts to deliver mail with a 4XX status, and waits for the  client  to
       disconnect.  When the client connects again, postscreen(8) will allow the client
       to talk to a Postfix SMTP server process (provided that the whitelist status has
       not  expired).   postscreen(8) mitigates the impact of this limitation by giving
       the "after 220 server greeting" tests a long expiration time.

CONFIGURATION PARAMETERS
       Changes to main.cf are not picked up automatically, as  postscreen(8)  processes
       may  run for several hours.  Use the command "postfix reload" after a configura‐
       tion change.

       The text below provides only a  parameter  summary.  See  postconf(5)  for  more
       details including examples.

       NOTE:  Some  postscreen(8) parameters implement stress-dependent behavior.  This
       is supported only when the default parameter value is stress-dependent (that is,
       it  looks  like ${stress?X}${stress:Y}, or it is the $name of an smtpd parameter
       with a stress-dependent default).  Other parameters always evaluate  as  if  the
       stress parameter value is the empty string.

COMPATIBILITY CONTROLS
       postscreen_command_filter ($smtpd_command_filter)
              A mechanism to transform commands from remote SMTP clients.

       postscreen_discard_ehlo_keyword_address_maps           ($smtpd_discard_ehlo_key‐
       word_address_maps)
              Lookup tables, indexed by the  remote  SMTP  client  address,  with  case
              insensitive  lists  of  EHLO  keywords (pipelining, starttls, auth, etc.)
              that the postscreen(8) server will not send in the  EHLO  response  to  a
              remote SMTP client.

       postscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords)
              A  case  insensitive  list  of EHLO keywords (pipelining, starttls, auth,
              etc.) that the postscreen(8) server will not send in the EHLO response to
              a remote SMTP client.

TROUBLE SHOOTING CONTROLS
       postscreen_expansion_filter (see 'postconf -d' output)
              List   of  characters  that  are  permitted  in  postscreen_reject_footer
              attribute expansions.

       postscreen_reject_footer ($smtpd_reject_footer)
              Optional information that is appended after a 4XX  or  5XX  postscreen(8)
              server response.

       soft_bounce (no)
              Safety  net  to  keep mail queued that would otherwise be returned to the
              sender.

BEFORE-POSTSCREEN PROXY AGENT
       Available in Postfix version 2.10 and later:

       postscreen_upstream_proxy_protocol (empty)
              The name of the proxy protocol  used  by  an  optional  before-postscreen
              proxy agent.

       postscreen_upstream_proxy_timeout (5s)
              The   time   limit   for   the   proxy   protocol   specified   with  the
              postscreen_upstream_proxy_protocol parameter.

PERMANENT WHITE/BLACKLIST TEST
       This test is executed immediately after a remote  SMTP  client  connects.  If  a
       client  is permanently whitelisted, the client will be handed off immediately to
       a Postfix SMTP server process.

       postscreen_access_list (permit_mynetworks)
              Permanent white/blacklist for remote SMTP client IP addresses.

       postscreen_blacklist_action (ignore)
              The action that postscreen(8) takes when a remote SMTP client  is  perma‐
              nently blacklisted with the postscreen_access_list parameter.

MAIL EXCHANGER POLICY TESTS
       When postscreen(8) is configured to monitor all primary and backup MX addresses,
       it can refuse to whitelist clients that connect to a backup MX address only. For
       small  sites,  this  requires configuring primary and backup MX addresses on the
       same MTA. Larger sites would have to share the postscreen(8) cache between  pri‐
       mary and backup MTAs, which would introduce a common point of failure.

       postscreen_whitelist_interfaces (static:all)
              A list of local postscreen(8) server IP addresses where a non-whitelisted
              remote SMTP client can obtain postscreen(8)'s temporary whitelist status.

BEFORE 220 GREETING TESTS
       These tests are executed before the remote SMTP client receives the "220 server‐
       name"  greeting.  If  no  tests  remain  after the successful completion of this
       phase, the client will be handed  off  immediately  to  a  Postfix  SMTP  server
       process.

       dnsblog_service_name (dnsblog)
              The name of the dnsblog(8) service entry in master.cf.

       postscreen_dnsbl_action (ignore)
              The  action that postscreen(8) takes when a remote SMTP client's combined
              DNSBL score is equal to or greater than a threshold (as defined with  the
              postscreen_dnsbl_sites and postscreen_dnsbl_threshold parameters).

       postscreen_dnsbl_reply_map (empty)
              A mapping from actual DNSBL domain name which includes a secret password,
              to the DNSBL domain name that postscreen will reply with when it  rejects
              mail.

       postscreen_dnsbl_sites (empty)
              Optional list of DNS white/blacklist domains, filters and weight factors.

       postscreen_dnsbl_threshold (1)
              The inclusive lower bound for blocking a remote SMTP client, based on its
              combined DNSBL score as defined with the  postscreen_dnsbl_sites  parame‐
              ter.

       postscreen_greet_action (ignore)
              The  action  that  postscreen(8)  takes  when a remote SMTP client speaks
              before its turn within the time specified with the  postscreen_greet_wait
              parameter.

       postscreen_greet_banner ($smtpd_banner)
              The text in the optional "220-text..." server response that postscreen(8)
              sends ahead of the real Postfix SMTP server's "220 text..." response,  in
              an  attempt  to  confuse bad SMTP clients so that they speak before their
              turn (pre-greet).

       postscreen_greet_wait (${stress?2}${stress:6}s)
              The amount of time that postscreen(8) will wait for  an  SMTP  client  to
              send  a  command before its turn, and for DNS blocklist lookup results to
              arrive (default: up to 2 seconds under stress, up  to  6  seconds  other‐
              wise).

       smtpd_service_name (smtpd)
              The internal service that postscreen(8) hands off allowed connections to.

       Available in Postfix version 2.11 and later:

       postscreen_dnsbl_whitelist_threshold (0)
              Allow a remote SMTP client to skip "before" and "after 220 greeting" pro‐
              tocol tests, based on its  combined  DNSBL  score  as  defined  with  the
              postscreen_dnsbl_sites parameter.

AFTER 220 GREETING TESTS
       These  tests are executed after the remote SMTP client receives the "220 server‐
       name" greeting. If a client passes all tests during this phase, it will  receive
       a  4XX response to all RCPT TO commands. After the client reconnects, it will be
       allowed to talk directly to a Postfix SMTP server process.

       postscreen_bare_newline_action (ignore)
              The action that postscreen(8) takes when a remote  SMTP  client  sends  a
              bare  newline  character,  that  is,  a  newline not preceded by carriage
              return.

       postscreen_bare_newline_enable (no)
              Enable "bare newline" SMTP protocol tests in the postscreen(8) server.

       postscreen_disable_vrfy_command ($disable_vrfy_command)
              Disable the SMTP VRFY command in the postscreen(8) daemon.

       postscreen_forbidden_commands ($smtpd_forbidden_commands)
              List of commands that the postscreen(8) server considers in violation  of
              the SMTP protocol.

       postscreen_helo_required ($smtpd_helo_required)
              Require  that a remote SMTP client sends HELO or EHLO before commencing a
              MAIL transaction.

       postscreen_non_smtp_command_action (drop)
              The action that postscreen(8) takes when a remote SMTP client sends  non-
              SMTP commands as specified with the postscreen_forbidden_commands parame‐
              ter.

       postscreen_non_smtp_command_enable (no)
              Enable "non-SMTP command" tests in the postscreen(8) server.

       postscreen_pipelining_action (enforce)
              The action that postscreen(8) takes when a remote SMTP client sends  mul‐
              tiple  commands instead of sending one command and waiting for the server
              to respond.

       postscreen_pipelining_enable (no)
              Enable "pipelining" SMTP protocol tests in the postscreen(8) server.

CACHE CONTROLS
       postscreen_cache_cleanup_interval (12h)
              The amount of time between postscreen(8) cache cleanup runs.

       postscreen_cache_map (btree:$data_directory/postscreen_cache)
              Persistent storage for the postscreen(8) server decisions.

       postscreen_cache_retention_time (7d)
              The amount of time that postscreen(8) will  cache  an  expired  temporary
              whitelist entry before it is removed.

       postscreen_bare_newline_ttl (30d)
              The amount of time that postscreen(8) will use the result from a success‐
              ful "bare newline" SMTP protocol test.

       postscreen_dnsbl_ttl (1h)
              The amount of time that postscreen(8) will use the result from a success‐
              ful DNS blocklist test.

       postscreen_greet_ttl (1d)
              The amount of time that postscreen(8) will use the result from a success‐
              ful PREGREET test.

       postscreen_non_smtp_command_ttl (30d)
              The amount of time that postscreen(8) will use the result from a success‐
              ful "non_smtp_command" SMTP protocol test.

       postscreen_pipelining_ttl (30d)
              The amount of time that postscreen(8) will use the result from a success‐
              ful "pipelining" SMTP protocol test.

RESOURCE CONTROLS
       line_length_limit (2048)
              Upon input, long lines are chopped up into pieces of at most this length;
              upon delivery, long lines are reconstructed.

       postscreen_client_connection_count_limit ($smtpd_client_connection_count_limit)
              How  many  simultaneous  connections any remote SMTP client is allowed to
              have with the postscreen(8) daemon.

       postscreen_command_count_limit (20)
              The  limit  on  the  total  number  of  commands  per  SMTP  session  for
              postscreen(8)'s built-in SMTP protocol engine.

       postscreen_command_time_limit (${stress?10}${stress:300}s)
              The time limit to read an entire command line with postscreen(8)'s built-
              in SMTP protocol engine.

       postscreen_post_queue_limit ($default_process_limit)
              The number of clients that can be waiting for service from a real Postfix
              SMTP server process.

       postscreen_pre_queue_limit ($default_process_limit)
              The  number of non-whitelisted clients that can be waiting for a decision
              whether they will  receive  service  from  a  real  Postfix  SMTP  server
              process.

       postscreen_watchdog_timeout (10s)
              How  much  time  a  postscreen(8) process may take to respond to a remote
              SMTP client command or to perform a cache operation before it  is  termi‐
              nated by a built-in watchdog timer.

STARTTLS CONTROLS
       postscreen_tls_security_level ($smtpd_tls_security_level)
              The  SMTP  TLS  security  level for the postscreen(8) server; when a non-
              empty  value  is  specified,  this  overrides  the  obsolete   parameters
              postscreen_use_tls and postscreen_enforce_tls.

       tlsproxy_service_name (tlsproxy)
              The name of the tlsproxy(8) service entry in master.cf.

OBSOLETE STARTTLS SUPPORT CONTROLS
       These  parameters  are  supported for compatibility with smtpd(8) legacy parame‐
       ters.

       postscreen_use_tls ($smtpd_use_tls)
              Opportunistic TLS: announce STARTTLS support to remote SMTP clients,  but
              do not require that clients use TLS encryption.

       postscreen_enforce_tls ($smtpd_enforce_tls)
              Mandatory  TLS:  announce  STARTTLS  support  to remote SMTP clients, and
              require that clients use TLS encryption.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       delay_logging_resolution_limit (2)
              The  maximal  number  of digits after the decimal point when logging sub-
              second delay values.

       command_directory (see 'postconf -d' output)
              The location of all postfix administrative commands.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits  for
              an incoming connection before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       smtpd(8), Postfix SMTP server
       tlsproxy(8), Postfix TLS proxy server
       dnsblog(8), DNS black/whitelist logger
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this
       information.
       POSTSCREEN_README, Postfix Postscreen Howto

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 2.8.

       Many ideas in postscreen(8) were explored in earlier work by Michael Tokarev, in
       OpenBSD spamd, and in MailChannels Traffic Control.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                          POSTSCREEN(8)

dnsblog

Der dnsblog-Daemon implementiert einen ad-hoc DNS white/blacklist lookup service. Wietse Venema plant diesen Daemon direkt als eigenes UDP-Client im postscreen-Modul zu implementieren. Weitere Hinweise findet man in der manpage zum dnsblog-Daemon.

 # man 8 dnsblog
DNSBLOG(8)                      System Manager's Manual                      DNSBLOG(8)

NAME
       dnsblog - Postfix DNS white/blacklist logger

SYNOPSIS
       dnsblog [generic Postfix daemon options]

DESCRIPTION
       The  dnsblog(8)  server implements an ad-hoc DNS white/blacklist lookup service.
       This may eventually be replaced by an UDP client that is built directly into the
       postscreen(8) server.

PROTOCOL
       With  each  connection,  the  dnsblog(8)  server  receives a DNS white/blacklist
       domain name, IP address, and an ID.  If the address  is  listed  under  the  DNS
       white/blacklist, the dnsblog(8) server logs the match and replies with the query
       arguments plus an address list with the  resulting  IP  addresses  separated  by
       whitespace.  Otherwise it replies with the query arguments plus an empty address
       list.  Finally, The dnsblog(8) server closes the connection.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically, as dnsblog(8) processes run  for
       only  a  limited  amount of time. Use the command "postfix reload" to speed up a
       change.

       The text below provides only a  parameter  summary.  See  postconf(5)  for  more
       details including examples.

       config_directory (see 'postconf -d' output)
              The  default  location of the Postfix main.cf and master.cf configuration
              files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process  may  take  to  handle  a  request
              before it is terminated by a built-in watchdog timer.

       postscreen_dnsbl_sites (empty)
              Optional list of DNS white/blacklist domains, filters and weight factors.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is prepended to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       smtpd(8), Postfix SMTP server
       postconf(5), configuration parameters
       syslogd(5), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 2.8.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                             DNSBLOG(8)

tlsproxy

Der tlsproxy Daemon stellt einen Serverseitigen TLS-Proxy-Dienst zur Verfügung, der von postscreen dazu benutzt wird, um mit Clients, die nicht in der whitelist stehen. Ebenso kann der tlsproxy für „Nicht-SMTP-Protokolle“ verwendet werden. Eine tlsproxy-Verbindung kann dabei für mehrere Session gleichzeitig genutzt werden. Somit kann die Load des Servers begrenzt werden, der daqnn auch unter hohen Verkehrsaufkommen erreichbar bleiben kann.

Weitere informationen zum tlsproxy Daemon findet man in dessen manpage.

 # man 8 tlsproxy
TLSPROXY(8)                     System Manager's Manual                     TLSPROXY(8)

NAME
       tlsproxy - Postfix TLS proxy

SYNOPSIS
       tlsproxy [generic Postfix daemon options]

DESCRIPTION
       The  tlsproxy(8)  server  implements  a  server-side  TLS  proxy.  It is used by
       postscreen(8) to talk SMTP-over-TLS  with  remote  SMTP  clients  that  are  not
       whitelisted  (including  clients  whose  whitelist  status  has expired), but it
       should also work for non-SMTP protocols.

       Although one tlsproxy(8) process can serve multiple sessions at the  same  time,
       it  is  a  good  idea to allow the number of processes to increase with load, so
       that the service remains responsive.

PROTOCOL EXAMPLE
       The example below concerns postscreen(8). However,  the  tlsproxy(8)  server  is
       agnostic of the application protocol, and the example is easily adapted to other
       applications.

       After receiving a valid remote SMTP client STARTTLS command,  the  postscreen(8)
       server  sends  the  remote  SMTP  client  endpoint  string,  the  requested role
       (server), and the requested timeout to tlsproxy(8).  postscreen(8) then receives
       a "TLS available" indication from tlsproxy(8).  If the TLS service is available,
       postscreen(8) sends the remote SMTP client file descriptor to  tlsproxy(8),  and
       sends  the  plaintext 220 greeting to the remote SMTP client.  This triggers TLS
       negotiations between the remote SMTP client and tlsproxy(8).  Upon completion of
       the  TLS-level  handshake,  tlsproxy(8)  translates  between  plaintext  from/to
       postscreen(8) and ciphertext to/from the remote SMTP client.

SECURITY
       The tlsproxy(8) server is moderately security-sensitive.  It talks to  untrusted
       clients on the network. The process can be run chrooted at fixed low privilege.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).


CONFIGURATION PARAMETERS
       Changes to main.cf are not picked up automatically, as tlsproxy(8) processes may
       run for a long time depending on mail server load.   Use  the  command  "postfix
       reload" to speed up a change.

       The  text  below  provides  only  a  parameter summary. See postconf(5) for more
       details including examples.

STARTTLS SUPPORT CONTROLS
       tlsproxy_tls_CAfile ($smtpd_tls_CAfile)
              A file containing (PEM format) CA certificates of  root  CAs  trusted  to
              sign  either  remote SMTP client certificates or intermediate CA certifi‐
              cates.

       tlsproxy_tls_CApath ($smtpd_tls_CApath)
              A directory containing (PEM format) CA certificates of root  CAs  trusted
              to  sign  either  remote SMTP client certificates or intermediate CA cer‐
              tificates.

       tlsproxy_tls_always_issue_session_ids ($smtpd_tls_always_issue_session_ids)
              Force the Postfix tlsproxy(8) server to issue a TLS session id, even when
              TLS session caching is turned off.

       tlsproxy_tls_ask_ccert ($smtpd_tls_ask_ccert)
              Ask a remote SMTP client for a client certificate.

       tlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verifydepth)
              The verification depth for remote SMTP client certificates.

       tlsproxy_tls_cert_file ($smtpd_tls_cert_file)
              File with the Postfix tlsproxy(8) server RSA certificate in PEM format.

       tlsproxy_tls_ciphers ($smtpd_tls_ciphers)
              The minimum TLS cipher grade that the Postfix tlsproxy(8) server will use
              with opportunistic TLS encryption.

       tlsproxy_tls_dcert_file ($smtpd_tls_dcert_file)
              File with the Postfix tlsproxy(8) server DSA certificate in PEM format.

       tlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)
              File with DH parameters that the Postfix tlsproxy(8)  server  should  use
              with non-export EDH ciphers.

       tlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)
              File  with  DH  parameters that the Postfix tlsproxy(8) server should use
              with export-grade EDH ciphers.

       tlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)
              File with the Postfix tlsproxy(8) server DSA private key in PEM format.

       tlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)
              File with the Postfix tlsproxy(8) server ECDSA certificate in PEM format.

       tlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)
              File with the Postfix tlsproxy(8) server ECDSA private key in PEM format.

       tlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)
              The Postfix tlsproxy(8) server security  grade  for  ephemeral  elliptic-
              curve Diffie-Hellman (EECDH) key exchange.

       tlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers)
              List  of  ciphers  or cipher types to exclude from the tlsproxy(8) server
              cipher list at all TLS security levels.

       tlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest)
              The message digest algorithm to construct remote SMTP  client-certificate
              fingerprints.

       tlsproxy_tls_key_file ($smtpd_tls_key_file)
              File with the Postfix tlsproxy(8) server RSA private key in PEM format.

       tlsproxy_tls_loglevel ($smtpd_tls_loglevel)
              Enable additional Postfix tlsproxy(8) server logging of TLS activity.

       tlsproxy_tls_mandatory_ciphers ($smtpd_tls_mandatory_ciphers)
              The minimum TLS cipher grade that the Postfix tlsproxy(8) server will use
              with mandatory TLS encryption.

       tlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_mandatory_exclude_ciphers)
              Additional  list  of  ciphers  or  cipher  types  to  exclude  from   the
              tlsproxy(8) server cipher list at mandatory TLS security levels.

       tlsproxy_tls_mandatory_protocols ($smtpd_tls_mandatory_protocols)
              The  SSL/TLS  protocols  accepted  by the Postfix tlsproxy(8) server with
              mandatory TLS encryption.

       tlsproxy_tls_protocols ($smtpd_tls_protocols)
              List of TLS protocols that the Postfix tlsproxy(8) server will exclude or
              include with opportunistic TLS encryption.

       tlsproxy_tls_req_ccert ($smtpd_tls_req_ccert)
              With  mandatory TLS encryption, require a trusted remote SMTP client cer‐
              tificate in order to allow TLS connections to proceed.

       tlsproxy_tls_security_level ($smtpd_tls_security_level)
              The SMTP TLS security level for the Postfix tlsproxy(8)  server;  when  a
              non-empty  value  is  specified,  this  overrides the obsolete parameters
              smtpd_use_tls and smtpd_enforce_tls.

       Available in Postfix version 2.11 and later:

       tlsmgr_service_name (tlsmgr)
              The name of the tlsmgr(8) service entry in master.cf.

OBSOLETE STARTTLS SUPPORT CONTROLS
       These parameters are supported for compatibility with  smtpd(8)  legacy  parame‐
       ters.

       tlsproxy_use_tls ($smtpd_use_tls)
              Opportunistic  TLS: announce STARTTLS support to remote SMTP clients, but
              do not require that clients use TLS encryption.

       tlsproxy_enforce_tls ($smtpd_enforce_tls)
              Mandatory TLS: announce STARTTLS support  to  remote  SMTP  clients,  and
              require that clients use TLS encryption.

RESOURCE CONTROLS
       tlsproxy_watchdog_timeout (10s)
              How  much  time a tlsproxy(8) process may take to process local or remote
              I/O before it is terminated by a built-in watchdog timer.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       postscreen(8), Postfix zombie blocker
       smtpd(8), Postfix SMTP server
       postconf(5), configuration parameters
       syslogd(5), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 2.8.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                            TLSPROXY(8)

submission

Zu Entgegennahme von Nachrichten bedient der smtpd Server auf Port 587 ausschließlich von authentifizierten Benutzer. Dieser Daemon stellt den MSA6)-Server zur Verfügung, auf dem die MUAs7) Ihre eMail einliefern können. Nach Prüfung gibt der Submission-Server die nachricht an den cleanup-Daemon weiter.

qmqpd

Der qmqpd, stellt aus kompatibilitätsgründen QMQP8) zur Verfügung. Der Postfix QMQP Server empfängt eine Nachricht pro Anschluss, die er dann zum cleanup-Modul weitergeleitet wird. In der incoming-Queue wird jede einzelne Nachricht in einem eigenen Queue-File geschrieben. Zur Absicherung des Daemon werden Verbindungen nur von extra berechtigten Clients angenommen (access policy). Nähere Hinweise zum qmqpd findet man in dessen manpage.

 # man 8 qmqpd
QMQPD(8)                        System Manager's Manual                        QMQPD(8)

NAME
       qmqpd - Postfix QMQP server

SYNOPSIS
       qmqpd [generic Postfix daemon options]

DESCRIPTION
       The  Postfix  QMQP  server receives one message per connection.  Each message is
       piped through the cleanup(8) daemon, and is placed into the  incoming  queue  as
       one single queue file.  The program expects to be run from the master(8) process
       manager.

       The QMQP server implements one access policy: only explicitly authorized  client
       hosts are allowed to use the service.

SECURITY
       The  QMQP  server is moderately security-sensitive. It talks to QMQP clients and
       to DNS servers on the network. The QMQP server can be run chrooted at fixed  low
       privilege.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       The  QMQP  protocol  provides  only one server reply per message delivery. It is
       therefore not possible to reject individual recipients.

       The QMQP protocol requires the server  to  receive  the  entire  message  before
       replying.  If  a  message  is malformed, or if any netstring component is longer
       than acceptable, Postfix replies immediately and closes the  connection.  It  is
       left up to the client to handle the situation.

CONFIGURATION PARAMETERS
       Changes  to  main.cf  are picked up automatically, as qmqpd(8) processes run for
       only a limited amount of time. Use the command "postfix reload" to  speed  up  a
       change.

       The  text  below  provides  only  a  parameter summary. See postconf(5) for more
       details including examples.

CONTENT INSPECTION CONTROLS
       content_filter (empty)
              After the message is queued, send the entire  message  to  the  specified
              transport:destination.

       receive_override_options (empty)
              Enable  or  disable  recipient validation, built-in content filtering, or
              address mapping.

RESOURCE AND RATE CONTROLS
       line_length_limit (2048)
              Upon input, long lines are chopped up into pieces of at most this length;
              upon delivery, long lines are reconstructed.

       hopcount_limit (50)
              The  maximal  number of Received:  message headers that is allowed in the
              primary message headers.

       message_size_limit (10240000)
              The maximal size in bytes of a message, including envelope information.

       qmqpd_timeout (300s)
              The time limit for sending or receiving information over the network.

TROUBLE SHOOTING CONTROLS
       debug_peer_level (2)
              The increment in verbose logging level when a  remote  client  or  server
              matches a pattern in the debug_peer_list parameter.

       debug_peer_list (empty)
              Optional list of remote client or server hostname or network address pat‐
              terns that cause the verbose logging level  to  increase  by  the  amount
              specified in $debug_peer_level.

       soft_bounce (no)
              Safety  net  to  keep mail queued that would otherwise be returned to the
              sender.

TARPIT CONTROLS
       qmqpd_error_delay (1s)
              How long the Postfix QMQP server will pause  before  sending  a  negative
              reply to the remote QMQP client.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The  default  location of the Postfix main.cf and master.cf configuration
              files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process  may  take  to  handle  a  request
              before it is terminated by a built-in watchdog timer.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits  for
              an incoming connection before terminating voluntarily.

       max_use (100)
              The  maximal number of incoming connections that a Postfix daemon process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       qmqpd_authorized_clients (empty)
              What remote QMQP clients are allowed  to  connect  to  the  Postfix  QMQP
              server port.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

       verp_delimiter_filter (-=+)
              The characters Postfix accepts as VERP delimiter characters on the  Post‐
              fix sendmail(1) command line and in SMTP commands.

       Available in Postfix version 2.5 and later:

       qmqpd_client_port_logging (no)
              Enable logging of the remote QMQP client port in addition to the hostname
              and IP address.

SEE ALSO
       http://cr.yp.to/proto/qmqp.html, QMQP protocol
       cleanup(8), message canonicalization
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this
       information.
       QMQP_README, Postfix ezmlm-idx howto.

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The qmqpd service was introduced with Postfix version 1.1.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                               QMQPD(8)

pickup

Der pickup-Daemon hat die Aufgabe Nachrichten aus der maildrop-Queue abzuholen, die dort vom sendmail-Client-Programm abgelegt wurden und übergibt die Nachricht dann nach erfolgter Prüfung an den cleanup-Daemon.

Weitere Hinweise zum pickup-Daemon findet man in dessen manpage.

 # man 8 pickup
PICKUP(8)                       System Manager's Manual                       PICKUP(8)

NAME
       pickup - Postfix local mail pickup

SYNOPSIS
       pickup [generic Postfix daemon options]

DESCRIPTION
       The  pickup(8)  daemon  waits  for hints that new mail has been dropped into the
       maildrop directory, and feeds it  into  the  cleanup(8)  daemon.   Ill-formatted
       files  are deleted without notifying the originator.  This program expects to be
       run from the master(8) process manager.

STANDARDS
       None. The pickup(8) daemon does not interact with the outside world.

SECURITY
       The pickup(8) daemon is moderately security sensitive. It runs  with  fixed  low
       privilege  and  can  run  in a chrooted environment.  However, the program reads
       files from potentially hostile users.  The pickup(8) daemon opens no  files  for
       writing, is careful about what files it opens for reading, and does not actually
       touch any data that is sent to its public service endpoint.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       The pickup(8) daemon copies mail from file to the cleanup(8) daemon.   It  could
       avoid  message  copying  overhead  by  sending a file descriptor instead of file
       data, but then the already complex cleanup(8) daemon would  have  to  deal  with
       unfiltered user data.

CONFIGURATION PARAMETERS
       As  the pickup(8) daemon is a relatively long-running process, up to an hour may
       pass before a main.cf change takes effect.  Use  the  command  "postfix  reload"
       command to speed up a change.

       The  text  below  provides  only  a  parameter summary. See postconf(5) for more
       details including examples.

CONTENT INSPECTION CONTROLS
       content_filter (empty)
              After the message is queued, send the entire  message  to  the  specified
              transport:destination.

       receive_override_options (empty)
              Enable  or  disable  recipient validation, built-in content filtering, or
              address mapping.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       line_length_limit (2048)
              Upon input, long lines are chopped up into pieces of at most this length;
              upon delivery, long lines are reconstructed.

       max_idle (100s)
              The  maximum amount of time that an idle Postfix daemon process waits for
              an incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a Postfix daemon  process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       cleanup(8), message canonicalization
       sendmail(1), Sendmail-compatible interface
       postdrop(1), mail posting agent
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                              PICKUP(8)

cleanup

Der cleanup-Daemon verarbeitet eingehende Nachrichten. So werden ggf. fehlende Mailheader From:, To:, Message-Id: sowie Date: ergänzt oder auch Adressen mit Hilfe der beiden Tabellen virtual_maps und cannonical_maps umgeschrieben. Nach der initialen Verarbeitung der Nachricht, legt der cleanup-Daemon die Nachricht in der incoming-Queue ab und informiert den qmgr-Daemon.

Nähere Informationen zum cleanup-Daemon findet man in dessen manpage.

 # man 8 cleanup
CLEANUP(8)                      System Manager's Manual                      CLEANUP(8)

NAME
       cleanup - canonicalize and enqueue Postfix message

SYNOPSIS
       cleanup [generic Postfix daemon options]

DESCRIPTION
       The  cleanup(8) daemon processes inbound mail, inserts it into the incoming mail
       queue, and informs the queue manager of its arrival.

       The cleanup(8) daemon always performs the following transformations:

       ·      Insert missing message headers: (Resent-) From:,  To:,  Message-Id:,  and
              Date:.

       ·      Transform envelope and header addresses to the standard user@fully-quali‐
              fied-domain form that is expected by other Postfix programs.   This  task
              is delegated to the trivial-rewrite(8) daemon.

       ·      Eliminate duplicate envelope recipient addresses.

       The following address transformations are optional:

       ·      Optionally,  rewrite  all  envelope and header addresses according to the
              mappings specified in the canonical(5) lookup tables.

       ·      Optionally, masquerade  envelope  sender  addresses  and  message  header
              addresses (i.e. strip host or domain information below all domains listed
              in the masquerade_domains parameter, except for user names listed in mas‐
              querade_exceptions).   By  default,  address masquerading does not affect
              envelope recipients.

       ·      Optionally, expand envelope recipients according to information found  in
              the virtual(5) lookup tables.

       The  cleanup(8)  daemon  performs  sanity checks on the content of each message.
       When it finds a problem, by default  it  returns  a  diagnostic  status  to  the
       client,  and leaves it up to the client to deal with the problem. Alternatively,
       the client can request the cleanup(8) daemon to bounce the message back  to  the
       sender in case of trouble.

STANDARDS
       RFC 822 (ARPA Internet Text Messages)
       RFC 2045 (MIME: Format of Internet Message Bodies)
       RFC 2046 (MIME: Media Types)
       RFC 2822 (Internet Message Format)
       RFC 3463 (Enhanced Status Codes)
       RFC 3464 (Delivery status notifications)
       RFC 5322 (Internet Message Format)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       Table-driven rewriting rules make it hard to express if then else and other log‐
       ical relationships.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically, as cleanup(8) processes run  for
       only  a  limited  amount of time. Use the command "postfix reload" to speed up a
       change.

       The text below provides only a  parameter  summary.  See  postconf(5)  for  more
       details including examples.

COMPATIBILITY CONTROLS
       undisclosed_recipients_header (see 'postconf -d' output)
              Message  header that the Postfix cleanup(8) server inserts when a message
              contains no To: or Cc: message header.

       Available in Postfix version 2.1 only:

       enable_errors_to (no)
              Report mail delivery errors to the address specified with  the  non-stan‐
              dard  Errors-To:  message  header, instead of the envelope sender address
              (this feature is removed with Postfix  version  2.2,  is  turned  off  by
              default  with  Postfix  version  2.1,  and is always turned on with older
              Postfix versions).

       Available in Postfix version 2.6 and later:

       always_add_missing_headers (no)
              Always add (Resent-) From:, To:, Date: or Message-ID:  headers  when  not
              present.

       Available in Postfix version 2.9 and later:

       enable_long_queue_ids (no)
              Enable long, non-repeating, queue IDs (queue file names).

BUILT-IN CONTENT FILTERING CONTROLS
       Postfix built-in content filtering is meant to stop a flood of worms or viruses.
       It is not a general content filter.

       body_checks (empty)
              Optional lookup  tables  for  content  inspection  as  specified  in  the
              body_checks(5) manual page.

       header_checks (empty)
              Optional lookup tables for content inspection of primary non-MIME message
              headers, as specified in the header_checks(5) manual page.

       Available in Postfix version 2.0 and later:

       body_checks_size_limit (51200)
              How much text in a message body segment (or attachment, if you prefer  to
              use that term) is subjected to body_checks inspection.

       mime_header_checks ($header_checks)
              Optional  lookup  tables  for  content inspection of MIME related message
              headers, as described in the header_checks(5) manual page.

       nested_header_checks ($header_checks)
              Optional lookup tables for content inspection of non-MIME message headers
              in attached messages, as described in the header_checks(5) manual page.

       Available in Postfix version 2.3 and later:

       message_reject_characters (empty)
              The set of characters that Postfix will reject in message content.

       message_strip_characters (empty)
              The set of characters that Postfix will remove from message content.

BEFORE QUEUE MILTER CONTROLS
       As  of version 2.3, Postfix supports the Sendmail version 8 Milter (mail filter)
       protocol. When mail is not received via  the  smtpd(8)  server,  the  cleanup(8)
       server  will  simulate  SMTP  events  to  the  extent that this is possible. For
       details see the MILTER_README document.

       non_smtpd_milters (empty)
              A list of Milter (mail filter) applications for new mail  that  does  not
              arrive via the Postfix smtpd(8) server.

       milter_protocol (6)
              The  mail  filter  protocol  version and optional protocol extensions for
              communication with a Milter application; prior to Postfix 2.6 the default
              protocol is 2.

       milter_default_action (tempfail)
              The default action when a Milter (mail filter) application is unavailable
              or mis-configured.

       milter_macro_daemon_name ($myhostname)
              The {daemon_name} macro value for Milter (mail filter) applications.

       milter_macro_v ($mail_name $mail_version)
              The {v} macro value for Milter (mail filter) applications.

       milter_connect_timeout (30s)
              The time limit for connecting to a Milter (mail filter) application,  and
              for negotiating protocol options.

       milter_command_timeout (30s)
              The  time  limit  for  sending  an SMTP command to a Milter (mail filter)
              application, and for receiving the response.

       milter_content_timeout (300s)
              The time limit for sending message content  to  a  Milter  (mail  filter)
              application, and for receiving the response.

       milter_connect_macros (see 'postconf -d' output)
              The  macros that are sent to Milter (mail filter) applications after com‐
              pletion of an SMTP connection.

       milter_helo_macros (see 'postconf -d' output)
              The macros that are sent to Milter (mail filter) applications  after  the
              SMTP HELO or EHLO command.

       milter_mail_macros (see 'postconf -d' output)
              The  macros  that are sent to Milter (mail filter) applications after the
              SMTP MAIL FROM command.

       milter_rcpt_macros (see 'postconf -d' output)
              The macros that are sent to Milter (mail filter) applications  after  the
              SMTP RCPT TO command.

       milter_data_macros (see 'postconf -d' output)
              The  macros  that  are  sent  to version 4 or higher Milter (mail filter)
              applications after the SMTP DATA command.

       milter_unknown_command_macros (see 'postconf -d' output)
              The macros that are sent to version 3  or  higher  Milter  (mail  filter)
              applications after an unknown SMTP command.

       milter_end_of_data_macros (see 'postconf -d' output)
              The  macros  that are sent to Milter (mail filter) applications after the
              message end-of-data.

       Available in Postfix version 2.5 and later:

       milter_end_of_header_macros (see 'postconf -d' output)
              The macros that are sent to Milter (mail filter) applications  after  the
              end of the message header.

       Available in Postfix version 2.7 and later:

       milter_header_checks (empty)
              Optional lookup tables for content inspection of message headers that are
              produced by Milter applications.

MIME PROCESSING CONTROLS
       Available in Postfix version 2.0 and later:

       disable_mime_input_processing (no)
              Turn off MIME processing while receiving mail.

       mime_boundary_length_limit (2048)
              The maximal length of MIME multipart boundary strings.

       mime_nesting_limit (100)
              The maximal recursion level that the MIME processor will handle.

       strict_8bitmime (no)
              Enable both strict_7bit_headers and strict_8bitmime_body.

       strict_7bit_headers (no)
              Reject mail with 8-bit text in message headers.

       strict_8bitmime_body (no)
              Reject 8-bit message body text without 8-bit MIME content encoding infor‐
              mation.

       strict_mime_encoding_domain (no)
              Reject  mail  with invalid Content-Transfer-Encoding: information for the
              message/* or multipart/* MIME content types.

       Available in Postfix version 2.5 and later:

       detect_8bit_encoding_header (yes)
              Automatically detect 8BITMIME body content by looking  at  Content-Trans‐
              fer-Encoding: message headers; historically, this behavior was hard-coded
              to be "always on".

AUTOMATIC BCC RECIPIENT CONTROLS
       Postfix can automatically add BCC (blind carbon copy) when mail enters the  mail
       system:

       always_bcc (empty)
              Optional address that receives a "blind carbon copy" of each message that
              is received by the Postfix mail system.

       Available in Postfix version 2.1 and later:

       sender_bcc_maps (empty)
              Optional BCC (blind carbon-copy) address lookup tables, indexed by sender
              address.

       recipient_bcc_maps (empty)
              Optional BCC (blind carbon-copy) address lookup tables, indexed by recip‐
              ient address.

ADDRESS TRANSFORMATION CONTROLS
       Address rewriting is delegated to the trivial-rewrite(8) daemon.  The cleanup(8)
       server implements table driven address mapping.

       empty_address_recipient (MAILER-DAEMON)
              The recipient of mail addressed to the null address.

       canonical_maps (empty)
              Optional address mapping lookup tables for message headers and envelopes.

       recipient_canonical_maps (empty)
              Optional  address mapping lookup tables for envelope and header recipient
              addresses.

       sender_canonical_maps (empty)
              Optional address mapping lookup tables for  envelope  and  header  sender
              addresses.

       masquerade_classes (envelope_sender, header_sender, header_recipient)
              What addresses are subject to address masquerading.

       masquerade_domains (empty)
              Optional  list  of domains whose subdomain structure will be stripped off
              in email addresses.

       masquerade_exceptions (empty)
              Optional list of user names that are not subjected to address  masquerad‐
              ing, even when their address matches $masquerade_domains.

       propagate_unmatched_extensions (canonical, virtual)
              What  address lookup tables copy an address extension from the lookup key
              to the lookup result.

       Available before Postfix version 2.0:

       virtual_maps (empty)
              Optional lookup tables with a) names of domains for which  all  addresses
              are  aliased  to  addresses  in  other  local  or  remote domains, and b)
              addresses that are aliased to addresses in other local or remote domains.

       Available in Postfix version 2.0 and later:

       virtual_alias_maps ($virtual_maps)
              Optional lookup tables that alias specific mail addresses or  domains  to
              other local or remote address.

       Available in Postfix version 2.2 and later:

       canonical_classes     (envelope_sender,    envelope_recipient,    header_sender,
       header_recipient)
              What addresses are subject to canonical_maps address mapping.
       recipient_canonical_classes (envelope_recipient, header_recipient)
              What addresses are subject to recipient_canonical_maps address mapping.

       sender_canonical_classes (envelope_sender, header_sender)
              What addresses are subject to sender_canonical_maps address mapping.

       remote_header_rewrite_domain (empty)
              Don't rewrite message headers from remote clients at all when this param‐
              eter  is  empty; otherwise, rewrite message headers and append the speci‐
              fied domain name to incomplete addresses.

RESOURCE AND RATE CONTROLS
       duplicate_filter_limit (1000)
              The maximal number of addresses remembered by the address duplicate  fil‐
              ter  for  aliases(5) or virtual(5) alias expansion, or for showq(8) queue
              displays.

       header_size_limit (102400)
              The maximal amount of memory in bytes for storing a message header.

       hopcount_limit (50)
              The maximal number of Received:  message headers that is allowed  in  the
              primary message headers.

       in_flow_delay (1s)
              Time  to  pause  before accepting a new message, when the message arrival
              rate exceeds the message delivery rate.

       message_size_limit (10240000)
              The maximal size in bytes of a message, including envelope information.

       Available in Postfix version 2.0 and later:

       header_address_token_limit (10240)
              The maximal number of address tokens are allowed in  an  address  message
              header.

       mime_boundary_length_limit (2048)
              The maximal length of MIME multipart boundary strings.

       mime_nesting_limit (100)
              The maximal recursion level that the MIME processor will handle.

       queue_file_attribute_count_limit (100)
              The  maximal  number  of  (name=value) attributes that may be stored in a
              Postfix queue file.

       Available in Postfix version 2.1 and later:

       virtual_alias_expansion_limit (1000)
              The maximal number of addresses that  virtual  alias  expansion  produces
              from each original recipient.

       virtual_alias_recursion_limit (1000)
              The maximal nesting depth of virtual alias expansion.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The  default  location of the Postfix main.cf and master.cf configuration
              files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process  may  take  to  handle  a  request
              before it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The  maximal  number  of digits after the decimal point when logging sub-
              second delay values.

       delay_warning_time (0h)
              The time after which the sender receives a copy of the message headers of
              mail that is still queued.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits  for
              an incoming connection before terminating voluntarily.

       max_use (100)
              The  maximal number of incoming connections that a Postfix daemon process
              will service before terminating voluntarily.

       myhostname (see 'postconf -d' output)
              The internet hostname of this mail system.

       myorigin ($myhostname)
              The domain name that locally-posted mail appears to come from,  and  that
              locally posted mail is delivered to.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       soft_bounce (no)
              Safety  net  to  keep mail queued that would otherwise be returned to the
              sender.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is prepended to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

       Available in Postfix version 2.1 and later:

       enable_original_recipient (yes)
              Enable support for the X-Original-To message header.

FILES
       /etc/postfix/canonical*, canonical mapping table
       /etc/postfix/virtual*, virtual mapping table

SEE ALSO
       trivial-rewrite(8), address rewriting
       qmgr(8), queue manager
       header_checks(5), message header content inspection
       body_checks(5), body parts content inspection
       canonical(5), canonical address lookup table format
       virtual(5), virtual alias lookup table format
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use  "postconf  readme_directory"  or  "postconf  html_directory" to locate this
       information.
       ADDRESS_REWRITING_README Postfix address manipulation
       CONTENT_INSPECTION_README content inspection

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                             CLEANUP(8)

qmgr

Der qmgr-Daemon erwartet ankommende Nachrichten in der incoming-Queue und kümmert sich dann um die entsprechend richtige Zuordnung der eMails an die betreffenden ausgehenden Mail-Daemone lmtp, local, smtp bzw. pipe-Daemon. Dabei verwaltet der Queue-Manger-Daemon die gerade in der Verarbeit befindlichen Nachrichten in der active-Queue. Können Nachrichten gerade nicht zugestellt werden, verschiebt der qmgr-Daemon vom Arbeitsspeicher in Richtung deferred-Queue, also in Richtung Storage. Neben der drei bereits genannten Mail-Queues kenn postfix noch die hold-Queue, in der Nachrichten gehalten werden, bis diese wieder freigegeben werden. Die letzte Queue ist die corrupt-Queue, in der unlesbare bzw. beschädigte Queue-Dateien abgelegt werden, damit diese später separat (vom Mailadmin) geprüft werden können.

Nähere Hinweise findet man wie immer in der manpage des Daemon.

 # man 8 qmgr
QMGR(8)                         System Manager's Manual                         QMGR(8)

NAME
       qmgr - Postfix queue manager

SYNOPSIS
       qmgr [generic Postfix daemon options]

DESCRIPTION
       The  qmgr(8)  daemon  awaits  the  arrival of incoming mail and arranges for its
       delivery via Postfix delivery processes.  The actual mail  routing  strategy  is
       delegated to the trivial-rewrite(8) daemon.  This program expects to be run from
       the master(8) process manager.

       Mail addressed to the local double-bounce address is logged and discarded.  This
       stops potential loops caused by undeliverable bounce notifications.

MAIL QUEUES
       The qmgr(8) daemon maintains the following queues:

       incoming
              Inbound  mail  from the network, or mail picked up by the local pickup(8)
              daemon from the maildrop directory.

       active Messages that the queue manager has opened for delivery. Only  a  limited
              number  of  messages  is  allowed to enter the active queue (leaky bucket
              strategy, for a fixed delivery rate).

       deferred
              Mail that could not be delivered upon the first attempt. The  queue  man‐
              ager implements exponential backoff by doubling the time between delivery
              attempts.

       corrupt
              Unreadable or damaged queue files are moved here for inspection.

       hold   Messages that are kept "on hold" are kept here until  someone  sets  them
              free.

DELIVERY STATUS REPORTS
       The  qmgr(8)  daemon  keeps an eye on per-message delivery status reports in the
       following directories. Each status report file has the same name as  the  corre‐
       sponding message file:

       bounce Per-recipient  status information about why mail is bounced.  These files
              are maintained by the bounce(8) daemon.

       defer  Per-recipient status information about why mail is delayed.  These  files
              are maintained by the defer(8) daemon.

       trace  Per-recipient  status information as requested with the Postfix "sendmail
              -v" or "sendmail  -bv"  command.   These  files  are  maintained  by  the
              trace(8) daemon.

       The qmgr(8) daemon is responsible for asking the bounce(8), defer(8) or trace(8)
       daemons to send delivery reports.

STRATEGIES
       The queue manager implements a variety of strategies for  either  opening  queue
       files (input) or for message delivery (output).

       leaky bucket
              This  strategy limits the number of messages in the active queue and pre‐
              vents the queue manager from running out of memory under heavy load.

       fairness
              When the active queue has room, the queue manager takes one message  from
              the incoming queue and one from the deferred queue. This prevents a large
              mail backlog from blocking the delivery of new mail.

       slow start
              This strategy eliminates "thundering herd" problems by  slowly  adjusting
              the number of parallel deliveries to the same destination.

       round robin
              The  queue  manager  sorts delivery requests by destination.  Round-robin
              selection prevents one destination from dominating  deliveries  to  other
              destinations.

       exponential backoff
              Mail  that  cannot  be delivered upon the first attempt is deferred.  The
              time interval between delivery attempts is doubled after each attempt.

       destination status cache
              The queue manager avoids unnecessary delivery attempts by  maintaining  a
              short-term, in-memory list of unreachable destinations.

       preemptive message scheduling
              The  queue  manager  attempts to minimize the average per-recipient delay
              while still preserving the correct per-message delays, using a  sophisti‐
              cated preemptive message scheduling.

TRIGGERS
       On an idle system, the queue manager waits for the arrival of trigger events, or
       it waits for a timer to go off. A trigger is a one-byte message.   Depending  on
       the  message  received,  the queue manager performs one of the following actions
       (the message is followed by the symbolic constant used internally by  the  soft‐
       ware):

       D (QMGR_REQ_SCAN_DEFERRED)
              Start  a  deferred  queue  scan.   If a deferred queue scan is already in
              progress, that scan will be restarted as soon as it finishes.

       I (QMGR_REQ_SCAN_INCOMING)
              Start an incoming queue scan. If an incoming queue  scan  is  already  in
              progress, that scan will be restarted as soon as it finishes.

       A (QMGR_REQ_SCAN_ALL)
              Ignore  deferred  queue  file  time  stamps. The request affects the next
              deferred queue scan.

       F (QMGR_REQ_FLUSH_DEAD)
              Purge all information about dead transports and destinations.

       W (TRIGGER_REQ_WAKEUP)
              Wakeup call, This is used by the master  server  to  instantiate  servers
              that should not go away forever. The action is to start an incoming queue
              scan.

       The qmgr(8) daemon reads an entire buffer worth of triggers.  Multiple identical
       trigger requests are collapsed into one, and trigger requests are sorted so that
       A and F precede D and I. Thus, in order to force a deferred queue run, one would
       request  A  F D; in order to notify the queue manager of the arrival of new mail
       one would request I.

STANDARDS
       RFC 3463 (Enhanced status codes)
       RFC 3464 (Delivery status notifications)

SECURITY
       The qmgr(8) daemon is not security sensitive. It reads single-character messages
       from  untrusted  local  users,  and thus may be susceptible to denial of service
       attacks. The qmgr(8) daemon does not talk to the outside world, and  it  can  be
       run at fixed low privilege in a chrooted environment.

DIAGNOSTICS
       Problems  and  transactions  are logged to the syslog daemon.  Corrupted message
       files are saved to the corrupt queue for further inspection.

       Depending on the setting of the  notify_classes  parameter,  the  postmaster  is
       notified of bounces and of other trouble.

BUGS
       A  single  queue  manager  process  has to compete for disk access with multiple
       front-end processes such as cleanup(8). A sudden burst of inbound mail can nega‐
       tively impact outbound delivery rates.

CONFIGURATION PARAMETERS
       Changes  to  main.cf  are not picked up automatically as qmgr(8) is a persistent
       process. Use the "postfix reload" command after a configuration change.

       The text below provides only a  parameter  summary.  See  postconf(5)  for  more
       details including examples.

       In the text below, transport is the first field in a master.cf entry.

COMPATIBILITY CONTROLS
       Available before Postfix version 2.5:

       allow_min_user (no)
              Allow a sender or recipient address to have `-' as the first character.

       Available with Postfix version 2.7 and later:

       default_filter_nexthop (empty)
              When  a  content_filter  or FILTER request specifies no explicit next-hop
              destination, use $default_filter_nexthop  instead;  when  that  value  is
              empty, use the domain in the recipient address.

ACTIVE QUEUE CONTROLS
       qmgr_clog_warn_time (300s)
              The  minimal  delay between warnings that a specific destination is clog‐
              ging up the Postfix active queue.

       qmgr_message_active_limit (20000)
              The maximal number of messages in the active queue.

       qmgr_message_recipient_limit (20000)
              The maximal number of recipients held in memory by the Postfix queue man‐
              ager,  and  the maximal size of the short-term, in-memory "dead" destina‐
              tion status cache.

       qmgr_message_recipient_minimum (10)
              The minimal number of in-memory recipients for any message.

       default_recipient_limit (20000)
              The default per-transport upper limit on the number of in-memory  recipi‐
              ents.

       transport_recipient_limit ($default_recipient_limit)
              Idem, for delivery via the named message transport.

       default_extra_recipient_limit (1000)
              The default value for the extra per-transport limit imposed on the number
              of in-memory recipients.

       transport_extra_recipient_limit ($default_extra_recipient_limit)
              Idem, for delivery via the named message transport.

       Available in Postfix version 2.4 and later:

       default_recipient_refill_limit (100)
              The default per-transport limit on the number of recipients  refilled  at
              once.

       transport_recipient_refill_limit ($default_recipient_refill_limit)
              Idem, for delivery via the named message transport.

       default_recipient_refill_delay (5s)
              The default per-transport maximum delay between recipients refills.

       transport_recipient_refill_delay ($default_recipient_refill_delay)
              Idem, for delivery via the named message transport.

DELIVERY CONCURRENCY CONTROLS
       initial_destination_concurrency (5)
              The  initial  per-destination  concurrency level for parallel delivery to
              the same destination.

       default_destination_concurrency_limit (20)
              The default maximal number of parallel deliveries to  the  same  destina‐
              tion.

       transport_destination_concurrency_limit ($default_destination_concurrency_limit)
              Idem, for delivery via the named message transport.

       Available in Postfix version 2.5 and later:

       transport_initial_destination_concurrency ($initial_destination_concurrency)
              Initial concurrency for delivery via the named message transport.

       default_destination_concurrency_failed_cohort_limit (1)
              How  many  pseudo-cohorts  must  suffer  connection  or handshake failure
              before a specific destination  is  considered  unavailable  (and  further
              delivery is suspended).

       transport_destination_concurrency_failed_cohort_limit ($default_destination_con‐
       currency_failed_cohort_limit)
              Idem, for delivery via the named message transport.

       default_destination_concurrency_negative_feedback (1)
              The per-destination amount of  delivery  concurrency  negative  feedback,
              after a delivery completes with a connection or handshake failure.

       transport_destination_concurrency_negative_feedback   ($default_destination_con‐
       currency_negative_feedback)
              Idem, for delivery via the named message transport.

       default_destination_concurrency_positive_feedback (1)
              The per-destination amount of  delivery  concurrency  positive  feedback,
              after a delivery completes without connection or handshake failure.

       transport_destination_concurrency_positive_feedback   ($default_destination_con‐
       currency_positive_feedback)
              Idem, for delivery via the named message transport.

       destination_concurrency_feedback_debug (no)
              Make the queue manager's feedback algorithm verbose for performance anal‐
              ysis purposes.

RECIPIENT SCHEDULING CONTROLS
       default_destination_recipient_limit (50)
              The default maximal number of recipients per message delivery.

       transport_destination_recipient_limit ($default_destination_recipient_limit)
              Idem, for delivery via the named message transport.

MESSAGE SCHEDULING CONTROLS
       default_delivery_slot_cost (5)
              How  often  the  Postfix  queue manager's scheduler is allowed to preempt
              delivery of one message with another.

       transport_delivery_slot_cost ($default_delivery_slot_cost)
              Idem, for delivery via the named message transport.

       default_minimum_delivery_slots (3)
              How many recipients a message must have in order to  invoke  the  Postfix
              queue manager's scheduling algorithm at all.

       transport_minimum_delivery_slots ($default_minimum_delivery_slots)
              Idem, for delivery via the named message transport.

       default_delivery_slot_discount (50)
              The  default  value  for  transport-specific _delivery_slot_discount set‐
              tings.

       transport_delivery_slot_discount ($default_delivery_slot_discount)
              Idem, for delivery via the named message transport.

       default_delivery_slot_loan (3)
              The default value for transport-specific _delivery_slot_loan settings.

       transport_delivery_slot_loan ($default_delivery_slot_loan)
              Idem, for delivery via the named message transport.

OTHER RESOURCE AND RATE CONTROLS
       minimal_backoff_time (300s)
              The minimal time between attempts to deliver a deferred message; prior to
              Postfix 2.4 the default value was 1000s.

       maximal_backoff_time (4000s)
              The maximal time between attempts to deliver a deferred message.

       maximal_queue_lifetime (5d)
              Consider a message as undeliverable, when delivery fails with a temporary
              error, and the time in the queue has reached  the  maximal_queue_lifetime
              limit.

       queue_run_delay (300s)
              The  time  between  deferred  queue  scans by the queue manager; prior to
              Postfix 2.4 the default value was 1000s.

       transport_retry_time (60s)
              The time between attempts by the Postfix queue manager to contact a  mal‐
              functioning message delivery transport.

       Available in Postfix version 2.1 and later:

       bounce_queue_lifetime (5d)
              Consider  a  bounce  message as undeliverable, when delivery fails with a
              temporary  error,  and  the  time  in   the   queue   has   reached   the
              bounce_queue_lifetime limit.

       Available in Postfix version 2.5 and later:

       default_destination_rate_delay (0s)
              The  default amount of delay that is inserted between individual deliver‐
              ies to the same destination; the resulting behavior depends on the  value
              of the corresponding per-destination recipient limit.

       transport_destination_rate_delay $default_destination_rate_delay
              Idem, for delivery via the named message transport.

SAFETY CONTROLS
       qmgr_daemon_timeout (1000s)
              How  much  time  a  Postfix  queue  manager  process may take to handle a
              request before it is terminated by a built-in watchdog timer.

       qmgr_ipc_timeout (60s)
              The time limit for the queue manager to send or receive information  over
              an internal communication channel.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The  default  location of the Postfix main.cf and master.cf configuration
              files.

       defer_transports (empty)
              The names of message delivery transports that  should  not  deliver  mail
              unless someone issues "sendmail -q" or equivalent.

       delay_logging_resolution_limit (2)
              The  maximal  number  of digits after the decimal point when logging sub-
              second delay values.

       helpful_warnings (yes)
              Log warnings about problematic configuration settings, and provide  help‐
              ful suggestions.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

FILES
       /var/spool/postfix/incoming, incoming queue
       /var/spool/postfix/active, active queue
       /var/spool/postfix/deferred, deferred queue
       /var/spool/postfix/bounce, non-delivery status
       /var/spool/postfix/defer, non-delivery status
       /var/spool/postfix/trace, delivery status

SEE ALSO
       trivial-rewrite(8), address routing
       bounce(8), delivery status reports
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this
       information.
       SCHEDULER_README, scheduling algorithm
       QSHAPE_README, Postfix queue analysis

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       Preemptive scheduler enhancements:
       Patrik Rak
       Modra 6
       155 00, Prague, Czech Republic

                                                                                QMGR(8)

tlsmgr

Der tlsmgr-Daemon verwendet die Postfix TLS Session Caches. Er speichert und empfängt Cache-Einträge des smtpd-Daemons und auch smtp-Clientprogramms und löscht diese wieder, sobald diese abgelaufen sind. Darüber hinaus verwaltet der tlsmgr-Daemon den PRNG9)-Pool.

Weitere Informationen findet man in der manpage des tlsmgr-Daemon.

 # man 8 tlsmgr
TLSMGR(8)                       System Manager's Manual                       TLSMGR(8)

NAME
       tlsmgr - Postfix TLS session cache and PRNG manager

SYNOPSIS
       tlsmgr [generic Postfix daemon options]

DESCRIPTION
       The  tlsmgr(8)  manages the Postfix TLS session caches.  It stores and retrieves
       cache entries on request by smtpd(8) and  smtp(8)  processes,  and  periodically
       removes entries that have expired.

       The  tlsmgr(8)  also  manages the PRNG (pseudo random number generator) pool. It
       answers queries by the smtpd(8) and smtp(8) processes  to  seed  their  internal
       PRNG pools.

       The  tlsmgr(8)'s  PRNG  pool  is  initially seeded from an external source (EGD,
       /dev/urandom, or regular file).  It is  updated  at  configurable  pseudo-random
       intervals  with  data  from the external source. It is updated periodically with
       data from TLS session cache entries and with the time of  day,  and  is  updated
       with the time of day whenever a process requests tlsmgr(8) service.

       The tlsmgr(8) saves the PRNG state to an exchange file periodically and when the
       process terminates, and reads the exchange file when initializing its PRNG.

SECURITY
       The tlsmgr(8) is not security-sensitive. The code that  maintains  the  external
       and  internal  PRNG pools does not "trust" the data that it manipulates, and the
       code that maintains the TLS session cache does not touch  the  contents  of  the
       cached entries, except for seeding its internal PRNG pool.

       The  tlsmgr(8)  can  be  run  chrooted  and with reduced privileges.  At process
       startup it connects to the entropy source and  exchange  file,  and  creates  or
       truncates the optional TLS session cache files.

       With Postfix version 2.5 and later, the tlsmgr(8) no longer uses root privileges
       when opening cache files. These files should now be stored  under  the  Postfix-
       owned data_directory.  As a migration aid, an attempt to open a cache file under
       a non-Postfix directory is redirected to the Postfix-owned data_directory, and a
       warning is logged.

DIAGNOSTICS
       Problems and transactions are logged to the syslog daemon.

BUGS
       There  is  no  automatic means to limit the number of entries in the TLS session
       caches and/or the size of the TLS cache files.

CONFIGURATION PARAMETERS
       Changes to main.cf are not picked up automatically, because tlsmgr(8) is a  per‐
       sistent  processes.   Use  the  command  "postfix  reload" after a configuration
       change.

       The text below provides only a  parameter  summary.  See  postconf(5)  for  more
       details including examples.

TLS SESSION CACHE
       lmtp_tls_loglevel (0)
              The  LMTP-specific version of the smtp_tls_loglevel configuration parame‐
              ter.

       lmtp_tls_session_cache_database (empty)
              The LMTP-specific version of the smtp_tls_session_cache_database configu‐
              ration parameter.

       lmtp_tls_session_cache_timeout (3600s)
              The  LMTP-specific version of the smtp_tls_session_cache_timeout configu‐
              ration parameter.

       smtp_tls_loglevel (0)
              Enable additional Postfix SMTP client logging of TLS activity.

       smtp_tls_session_cache_database (empty)
              Name of the file containing the optional Postfix SMTP client TLS  session
              cache.

       smtp_tls_session_cache_timeout (3600s)
              The expiration time of Postfix SMTP client TLS session cache information.

       smtpd_tls_loglevel (0)
              Enable additional Postfix SMTP server logging of TLS activity.

       smtpd_tls_session_cache_database (empty)
              Name  of the file containing the optional Postfix SMTP server TLS session
              cache.

       smtpd_tls_session_cache_timeout (3600s)
              The expiration time of Postfix SMTP server TLS session cache information.

PSEUDO RANDOM NUMBER GENERATOR
       tls_random_source (see 'postconf -d' output)
              The external entropy source for the  in-memory  tlsmgr(8)  pseudo  random
              number generator (PRNG) pool.

       tls_random_bytes (32)
              The  number  of  bytes  that tlsmgr(8) reads from $tls_random_source when
              (re)seeding the in-memory pseudo random number generator (PRNG) pool.

       tls_random_exchange_name (see 'postconf -d' output)
              Name of the pseudo random number generator  (PRNG)  state  file  that  is
              maintained by tlsmgr(8).

       tls_random_prng_update_period (3600s)
              The  time  between  attempts by tlsmgr(8) to save the state of the pseudo
              random number generator (PRNG)  to  the  file  specified  with  $tls_ran‐
              dom_exchange_name.

       tls_random_reseed_period (3600s)
              The  maximal  time between attempts by tlsmgr(8) to re-seed the in-memory
              pseudo random number generator (PRNG) pool from external sources.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       data_directory (see 'postconf -d' output)
              The  directory  with  Postfix-writable  data  files (for example: caches,
              pseudo-random numbers).

       daemon_timeout (18000s)
              How much time a Postfix daemon process  may  take  to  handle  a  request
              before it is terminated by a built-in watchdog timer.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       smtp(8), Postfix SMTP client
       smtpd(8), Postfix SMTP server
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this
       information.
       TLS_README, Postfix TLS configuration and operation

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 2.2.

AUTHOR(S)
       Lutz Jaenicke
       BTU Cottbus
       Allgemeine Elektrotechnik
       Universitaetsplatz 3-4
       D-03044 Cottbus, Germany

       Adapted by:
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                              TLSMGR(8)

trivial-rewrite

Der trivial-rewrite-Daemon ist für drei verschiedene Clientanfragen zuständig, den rewrite, resolve und verify.

  1. rewrite Hier werden Adressen, die nicht dem Standardformat „user@fqdn“ entsprechen geprüft, korrigiert und umgeschrieben.
  2. resolve Hier ermittelt der Daemon anhand der Informationen aus transport, nexthop, recipient und flags wohin die Nachricht vom qmgr als nächstes geroutet werden soll.
  3. verify Hier bearbeitet die Daemon entsprechende Adressverification-Anfragen.

Nähere Hinwiese zum trivial-rewrite-Daemon findet man in dessen manpage.

 # man 8 trivial-rewrite
TRIVIAL-REWRITE(8)               System Manager's Manual               TRIVIAL-REWRITE(8)

NAME
       trivial-rewrite - Postfix address rewriting and resolving daemon

SYNOPSIS
       trivial-rewrite [generic Postfix daemon options]

DESCRIPTION
       The trivial-rewrite(8) daemon processes three types of client service requests:

       rewrite context address
              Rewrite  an  address  to  standard form, according to the address rewriting
              context:

              local  Append the domain names specified with  $myorigin  or  $mydomain  to
                     incomplete  addresses;  do swap_bangpath and allow_percent_hack pro‐
                     cessing as  described  below,  and  strip  source  routed  addresses
                     (@site,@site:user@domain) to user@domain form.

              remote Append  the domain name specified with $remote_header_rewrite_domain
                     to incomplete addresses. Otherwise the result is identical  to  that
                     of  the  local address rewriting context. This prevents Postfix from
                     appending the local  domain  to  spam  from  poorly  written  remote
                     clients.

       resolve sender address
              Resolve  the address to a (transport, nexthop, recipient, flags) quadruple.
              The meaning of the results is as follows:

              transport
                     The delivery agent to use. This is the first field of  an  entry  in
                     the master.cf file.
              nexthop
                     The host to send to and optional delivery method information.

              recipient
                     The envelope recipient address that is passed on to nexthop.

              flags  The  address  class,  whether the address requires relaying, whether
                     the address has problems, and whether the request failed.

       verify sender address
              Resolve the address for address verification purposes.

SERVER PROCESS MANAGEMENT
       The trivial-rewrite(8) servers run under control by  the  Postfix  master  server.
       Each  server  can  handle multiple simultaneous connections.  When all servers are
       busy while a client connects, the master creates a new  server  process,  provided
       that  the  trivial-rewrite server process limit is not exceeded.  Each trivial-re‐
       write server terminates after serving at least $max_use clients of after $max_idle
       seconds of idle time.

STANDARDS
       None. The command does not interact with the outside world.

SECURITY
       The  trivial-rewrite(8) daemon is not security sensitive.  By default, this daemon
       does not talk to remote or local users.  It can run at a fixed low privilege in  a
       chrooted environment.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

CONFIGURATION PARAMETERS
       On  busy mail systems a long time may pass before a main.cf change affecting triv‐
       ial-rewrite(8) is picked up. Use the  command  "postfix  reload"  to  speed  up  a
       change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

COMPATIBILITY CONTROLS
       resolve_dequoted_address (yes)
              Resolve a recipient address safely instead of correctly, by looking  inside
              quotes.

       Available with Postfix version 2.1 and later:

       resolve_null_domain (no)
              Resolve  an  address that ends in the "@" null domain as if the local host‐
              name were specified, instead of rejecting the address as invalid.

       Available with Postfix version 2.3 and later:

       resolve_numeric_domain (no)
              Resolve "user@ipaddress" as "user@[ipaddress]", instead  of  rejecting  the
              address as invalid.

       Available with Postfix version 2.5 and later:

       allow_min_user (no)
              Allow a sender or recipient address to have `-' as the first character.

ADDRESS REWRITING CONTROLS
       myorigin ($myhostname)
              The  domain  name  that  locally-posted mail appears to come from, and that
              locally posted mail is delivered to.
       allow_percent_hack (yes)
              Enable the rewriting of the form "user%domain" to "user@domain".

       append_at_myorigin (yes)
              With locally  submitted  mail,  append  the  string  "@$myorigin"  to  mail
              addresses without domain information.

       append_dot_mydomain (yes)
              With  locally  submitted  mail, append the string ".$mydomain" to addresses
              that have no ".domain" information.

       recipient_delimiter (empty)
              The set of characters that can separate a  user  name  from  its  extension
              (example:  user+foo),  or a .forward file name from its extension (example:
              .forward+foo).

       swap_bangpath (yes)
              Enable the rewriting of "site!user" into "user@site".

       Available in Postfix 2.2 and later:

       remote_header_rewrite_domain (empty)
              Don't rewrite message headers from remote clients at all when this  parame‐
              ter  is  empty; otherwise, rewrite message headers and append the specified
              domain name to incomplete addresses.

ROUTING CONTROLS
       The following is applicable to Postfix version 2.0 and later.  Earlier versions do
       not  have  support for: virtual_transport, relay_transport, virtual_alias_domains,
       virtual_mailbox_domains or proxy_interfaces.

       local_transport (local:$myhostname)
              The default mail delivery transport  and  next-hop  destination  for  final
              delivery to domains listed with mydestination, and for [ipaddress] destina‐
              tions that match $inet_interfaces or $proxy_interfaces.

       virtual_transport (virtual)
              The default mail delivery transport  and  next-hop  destination  for  final
              delivery to domains listed with $virtual_mailbox_domains.

       relay_transport (relay)
              The  default  mail  delivery  transport and next-hop destination for remote
              delivery to domains listed with $relay_domains.

       default_transport (smtp)
              The default mail delivery transport and next-hop destination  for  destina‐
              tions  that  do  not  match $mydestination, $inet_interfaces, $proxy_inter‐
              faces, $virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains.

       parent_domain_matches_subdomains (see 'postconf -d' output)
              What Postfix  features  match  subdomains  of  "domain.tld"  automatically,
              instead of requiring an explicit ".domain.tld" pattern.

       relayhost (empty)
              The  next-hop destination of non-local mail; overrides non-local domains in
              recipient addresses.

       transport_maps (empty)
              Optional lookup tables with mappings from  recipient  address  to  (message
              delivery transport, next-hop destination).

       Available in Postfix version 2.3 and later:

       sender_dependent_relayhost_maps (empty)
              A sender-dependent override for the global relayhost parameter setting.
       Available in Postfix version 2.5 and later:

       empty_address_relayhost_maps_lookup_key (<>)
              The sender_dependent_relayhost_maps search string that will be used instead
              of the null sender address.

       Available in Postfix version 2.7 and later:

       empty_address_default_transport_maps_lookup_key (<>)
              The sender_dependent_default_transport_maps search string that will be used
              instead of the null sender address.

       sender_dependent_default_transport_maps (empty)
              A sender-dependent override for the global default_transport parameter set‐
              ting.

ADDRESS VERIFICATION CONTROLS
       Postfix version 2.1 introduces sender and recipient  address  verification.   This
       feature  is  implemented  by  sending  probe  email messages that are not actually
       delivered.  By default, address verification probes use the same route as  regular
       mail.  To  override  specific  aspects of message routing for address verification
       probes, specify one or more of the following:

       address_verify_local_transport ($local_transport)
              Overrides the local_transport parameter setting  for  address  verification
              probes.

       address_verify_virtual_transport ($virtual_transport)
              Overrides  the virtual_transport parameter setting for address verification
              probes.

       address_verify_relay_transport ($relay_transport)
              Overrides the relay_transport parameter setting  for  address  verification
              probes.

       address_verify_default_transport ($default_transport)
              Overrides  the default_transport parameter setting for address verification
              probes.

       address_verify_relayhost ($relayhost)
              Overrides the relayhost parameter setting for address verification probes.

       address_verify_transport_maps ($transport_maps)
              Overrides the transport_maps parameter  setting  for  address  verification
              probes.

       Available in Postfix version 2.3 and later:

       address_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)
              Overrides the sender_dependent_relayhost_maps parameter setting for address
              verification probes.

       Available in Postfix version 2.7 and later:

       address_verify_sender_dependent_default_transport_maps             ($sender_depen‐
       dent_default_transport_maps)
              Overrides the sender_dependent_default_transport_maps parameter setting for
              address verification probes.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix  main.cf  and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to handle a request before
              it is terminated by a built-in watchdog timer.

       empty_address_recipient (MAILER-DAEMON)
              The recipient of mail addressed to the null address.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a  Postfix  daemon  process
              will service before terminating voluntarily.

       relocated_maps (empty)
              Optional  lookup  tables  with new contact information for users or domains
              that no longer exist.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       show_user_unknown_table_name (yes)
              Display the name of the recipient table in the "User unknown" responses.
       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is  prepended  to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

       Available in Postfix version 2.0 and later:

       helpful_warnings (yes)
              Log  warnings about problematic configuration settings, and provide helpful
              suggestions.

SEE ALSO
       postconf(5), configuration parameters
       transport(5), transport table format
       relocated(5), format of the "user has moved" table
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate this infor‐
       mation.
       ADDRESS_CLASS_README, Postfix address classes howto
       ADDRESS_VERIFICATION_README, Postfix address verification

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                       TRIVIAL-REWRITE(8)

bounce, defer, trace

Die drei Daemons bounce, defer und trace bilden zwei wesentliche Funktionen des MTA ab. Zum einen verständigen diese bei Bedarf einen Absender, sofern seine eMail zugestellt wurde, verzögert zugestellt oder eben nicht zugestellt werden konnte. Dazu stehen diese Daemons in direktem Kontakt mit dem qmgr-Daemon damit diese die vorgenannten Statusberichte versenden oder Nachrichten, die nicht zugestellt worden sind, in die deferred-Queue verschieben können.

Weitere Hinweise findet man zu den drei Daemons in der manpage von bounce.

 # man 8 bounce
BOUNCE(8)                        System Manager's Manual                        BOUNCE(8)

NAME
       bounce - Postfix delivery status reports

SYNOPSIS
       bounce [generic Postfix daemon options]

DESCRIPTION
       The bounce(8) daemon maintains per-message log files with delivery status informa‐
       tion. Each log file is named after the queue file that it corresponds to,  and  is
       kept  in  a  queue subdirectory named after the service name in the master.cf file
       (either bounce, defer or trace).  This program expects to be  run  from  the  mas‐
       ter(8) process manager.

       The bounce(8) daemon processes two types of service requests:

       ·      Append a recipient (non-)delivery status record to a per-message log file.

       ·      Enqueue  a  delivery status notification message, with a copy of a per-mes‐
              sage log file and of the corresponding message.  When the  delivery  status
              notification  message is enqueued successfully, the per-message log file is
              deleted.

       The software does a best notification effort. A non-delivery notification is  sent
       even when the log file or the original message cannot be read.

       Optionally,  a  bounce  (defer, trace) client can request that the per-message log
       file be deleted when the requested operation fails.  This is used by clients  that
       cannot  retry  transactions by themselves, and that depend on retry logic in their
       own client.

STANDARDS
       RFC 822 (ARPA Internet Text Messages)
       RFC 2045 (Format of Internet Message Bodies)
       RFC 2822 (Internet Message Format)
       RFC 3462 (Delivery Status Notifications)
       RFC 3464 (Delivery Status Notifications)
       RFC 3834 (Auto-Submitted: message header)
       RFC 5322 (Internet Message Format)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically, as  bounce(8)  processes  run  for
       only  a  limited  amount  of  time. Use the command "postfix reload" to speed up a
       change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

       2bounce_notice_recipient (postmaster)
              The recipient of undeliverable mail that cannot be returned to the sender.

       backwards_bounce_logfile_compatibility (yes)
              Produce  additional  bounce(8)  logfile records that can be read by Postfix
              versions before 2.0.

       bounce_notice_recipient (postmaster)
              The recipient of postmaster notifications with the message headers of  mail
              that  Postfix  did not deliver and of SMTP conversation transcripts of mail
              that Postfix did not receive.

       bounce_size_limit (50000)
              The maximal amount of original message text that is sent in a  non-delivery
              notification.

       bounce_template_file (empty)
              Pathname of a configuration file with bounce message templates.

       config_directory (see 'postconf -d' output)
              The  default  location  of  the Postfix main.cf and master.cf configuration
              files.
       daemon_timeout (18000s)
              How much time a Postfix daemon process may take to handle a request  before
              it is terminated by a built-in watchdog timer.

       delay_notice_recipient (postmaster)
              The  recipient of postmaster notifications with the message headers of mail
              that cannot be delivered within $delay_warning_time time units.

       deliver_lock_attempts (20)
              The maximal number of attempts to acquire an exclusive lock  on  a  mailbox
              file or bounce(8) logfile.

       deliver_lock_delay (1s)
              The time between attempts to acquire an exclusive lock on a mailbox file or
              bounce(8) logfile.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       internal_mail_filter_classes (empty)
              What  categories of Postfix-generated mail are subject to before-queue con‐
              tent inspection by non_smtpd_milters, header_checks and body_checks.

       mail_name (Postfix)
              The mail system name that is displayed in Received: headers,  in  the  SMTP
              greeting banner, and in bounced mail.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a  Postfix  daemon  process
              will service before terminating voluntarily.

       notify_classes (resource, software)
              The list of error classes that are reported to the postmaster.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is  prepended  to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

FILES
       /var/spool/postfix/bounce/* non-delivery records
       /var/spool/postfix/defer/* non-delivery records
       /var/spool/postfix/trace/* delivery status records

SEE ALSO
       bounce(5), bounce message template format
       qmgr(8), queue manager
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                BOUNCE(8)

verify

Der verify-Daemon erstellt und verwaltet eine Liste aller Empfängeradressen und vermerkt dabei, ob diese zustellbar bzw. unzustellbar sind. Dabei werden alle Routing und Rewrite-Mechanismen in der Mailzustellung bewertet. Das Prüfungsergebnis, ob eine Empfängeradresse als grundsätzlich erreichbar oder nicht erreichbar vermerkt wird, basieren auf dem nächsten MTA-Hop!

Weitere Informationen zum verify-Daemon findet man in dessen manpage.

 # man 8 verify
VERIFY(8)                        System Manager's Manual                        VERIFY(8)

NAME
       verify - Postfix address verification server

SYNOPSIS
       verify [generic Postfix daemon options]

DESCRIPTION
       The  verify(8)  address  verification  server maintains a record of what recipient
       addresses are known to be deliverable or undeliverable.

       Addresses are verified by injecting probe messages into the Postfix  queue.  Probe
       messages  are run through all the routing and rewriting machinery except for final
       delivery, and are discarded rather than being deferred or bounced.

       Address verification relies on the answer from the nearest MTA for  the  specified
       address, and will therefore not detect all undeliverable addresses.

       The  verify(8)  server  is  designed  to  run  under control by the Postfix master
       server. It maintains an optional persistent database.  To avoid being  interrupted
       by  "postfix stop" in the middle of a database update, the process runs in a sepa‐
       rate process group.

       The verify(8) server implements the following requests:

       update address status text
              Update the status and text of the specified address.

       query address
              Look up the status and text for the specified address.  If  the  status  is
              unknown, a probe is sent and an "in progress" status is returned.

SECURITY
       The address verification server is not security-sensitive. It does not talk to the
       network, and it does not talk to local users.  The verify server can run  chrooted
       at fixed low privilege.

       The  address  verification  server  can  be  coerced to store unlimited amounts of
       garbage. Limiting the cache expiry time trades one problem (disk space exhaustion)
       for another one (poor response time to client requests).

       With Postfix version 2.5 and later, the verify(8) server no longer uses root priv‐
       ileges when opening the address_verify_map cache file.  The  file  should  now  be
       stored  under the Postfix-owned data_directory.  As a migration aid, an attempt to
       open a cache file under a non-Postfix directory is redirected to the Postfix-owned
       data_directory, and a warning is logged.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       Address  verification  probe  messages  add  additional traffic to the mail queue.
       Recipient verification may cause an increased load on down-stream servers  in  the
       case  of  a  dictionary  attack or a flood of backscatter bounces.  Sender address
       verification may cause your site to be blacklisted by some providers.

       If the persistent database ever gets corrupted then the world comes to an end  and
       human intervention is needed. This violates a basic Postfix principle.

CONFIGURATION PARAMETERS
       Changes  to  main.cf  are  not picked up automatically, as verify(8) processes are
       long-lived. Use the command "postfix reload" after a configuration change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.
PROBE MESSAGE CONTROLS
       address_verify_sender ($double_bounce_sender)
              The  sender address to use in address verification probes; prior to Postfix
              2.5 the default was "postmaster".

       Available with Postfix 2.9 and later:

       address_verify_sender_ttl (0s)
              The time between changes in the time-dependent portion of address verifica‐
              tion probe sender addresses.

CACHE CONTROLS
       address_verify_map (see 'postconf -d' output)
              Lookup table for persistent address verification status storage.

       address_verify_positive_expire_time (31d)
              The  time after which a successful probe expires from the address verifica‐
              tion cache.

       address_verify_positive_refresh_time (7d)
              The time after which a successful address verification probe  needs  to  be
              refreshed.

       address_verify_negative_cache (yes)
              Enable caching of failed address verification probe results.

       address_verify_negative_expire_time (3d)
              The  time  after which a failed probe expires from the address verification
              cache.

       address_verify_negative_refresh_time (3h)
              The time after which a  failed  address  verification  probe  needs  to  be
              refreshed.

       Available with Postfix 2.7 and later:

       address_verify_cache_cleanup_interval (12h)
              The  amount of time between verify(8) address verification database cleanup
              runs.

PROBE MESSAGE ROUTING CONTROLS
       By default, probe messages are delivered via the same route as  regular  messages.
       The  following  parameters can be used to override specific message routing mecha‐
       nisms.

       address_verify_relayhost ($relayhost)
              Overrides the relayhost parameter setting for address verification probes.

       address_verify_transport_maps ($transport_maps)
              Overrides the transport_maps parameter  setting  for  address  verification
              probes.

       address_verify_local_transport ($local_transport)
              Overrides  the  local_transport  parameter setting for address verification
              probes.

       address_verify_virtual_transport ($virtual_transport)
              Overrides the virtual_transport parameter setting for address  verification
              probes.

       address_verify_relay_transport ($relay_transport)
              Overrides  the  relay_transport  parameter setting for address verification
              probes.

       address_verify_default_transport ($default_transport)
              Overrides the default_transport parameter setting for address  verification
              probes.

       Available in Postfix 2.3 and later:

       address_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)
              Overrides the sender_dependent_relayhost_maps parameter setting for address
              verification probes.

       Available in Postfix 2.7 and later:

       address_verify_sender_dependent_default_transport_maps             ($sender_depen‐
       dent_default_transport_maps)
              Overrides the sender_dependent_default_transport_maps parameter setting for
              address verification probes.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix  main.cf  and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to handle a request before
              it is terminated by a built-in watchdog timer.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is  prepended  to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       smtpd(8), Postfix SMTP server
       cleanup(8), enqueue Postfix message
       postconf(5), configuration parameters
       syslogd(5), system logging

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate this infor‐
       mation.
       ADDRESS_VERIFICATION_README, address verification howto

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 2.1.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                VERIFY(8)

flush

Der flush-Daemon verwaltet die Nachrichten in der deferred-Queue und erstellt dazu eine zielabhängige Liste. Somit kann z.B. der smtp-delivery-agent mit Hilfe des ETRN-SMTP-Kommandos eine bestehende Verbindung zu einem anderen MTA weiterverwenden und somit während einer Verbindungs-Session die vom flush-Daemon generierte Liste abarbeiten, sprich alle Nachrichten zu einer Zieldomäne in einem Rutsch versenden.

Weitere Hinweise zum flush-Daemon findet man in dessen manpage.

 # man 8 flush
FLUSH(8)                         System Manager's Manual                         FLUSH(8)

NAME
       flush - Postfix fast flush server

SYNOPSIS
       flush [generic Postfix daemon options]

DESCRIPTION
       The  flush(8)  server  maintains  a  record of deferred mail by destination.  This
       information is used to improve the performance of the SMTP ETRN  request,  and  of
       its  command-line  equivalent,  "sendmail  -qR"  or  "postqueue -f".  This program
       expects to be run from the master(8) process manager.

       The record is implemented as a per-destination logfile with as contents the  queue
       IDs  of deferred mail. A logfile is append-only, and is truncated when delivery is
       requested for the corresponding destination. A destination  is  the  part  on  the
       right-hand side of the right-most @ in an email address.

       Per-destination  logfiles of deferred mail are maintained only for eligible desti‐
       nations.   The   list   of   eligible   destinations   is   specified   with   the
       fast_flush_domains configuration parameter, which defaults to $relay_domains.

       This server implements the following requests:

       add sitename queueid
              Inform  the flush(8) server that the message with the specified queue ID is
              queued for the specified destination.

       send_site sitename
              Request delivery of mail that is queued for the specified destination.

       send_file queueid
              Request delivery of the specified deferred message.

       refresh
              Refresh  non-empty  per-destination  logfiles  that  were   not   read   in
              $fast_flush_refresh_time hours, by simulating send requests (see above) for
              the corresponding destinations.

              Delete  empty  per-destination  logfiles   that   were   not   updated   in
              $fast_flush_purge_time days.

              This request completes in the background.

       purge  Do a refresh for all per-destination logfiles.

SECURITY
       The  flush(8)  server  is not security-sensitive. It does not talk to the network,
       and it does not talk to local users.  The fast flush server can  run  chrooted  at
       fixed low privilege.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       Fast  flush  logfiles  are truncated only after a "send" request, not when mail is
       actually delivered, and therefore can accumulate outdated or  redundant  data.  In
       order  to  maintain  sanity,  "refresh" must be executed periodically. This can be
       automated with a suitable wakeup timer  setting  in  the  master.cf  configuration
       file.

       Upon  receipt  of  a  request  to  deliver  mail  for an eligible destination, the
       flush(8) server requests delivery of all messages that are listed in that destina‐
       tion's  logfile,  regardless  of  the recipients of those messages. This is not an
       issue for mail that is sent to a relay_domains destination because such mail typi‐
       cally only has recipients in one domain.

CONFIGURATION PARAMETERS
       Changes  to main.cf are picked up automatically as flush(8) processes run for only
       a limited amount of time. Use the command "postfix reload" to speed up a change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.
       config_directory (see 'postconf -d' output)
              The  default  location  of  the Postfix main.cf and master.cf configuration
              files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process may take to handle a request  before
              it is terminated by a built-in watchdog timer.

       fast_flush_domains ($relay_domains)
              Optional  list  of  destinations that are eligible for per-destination log‐
              files with mail that is queued to those destinations.

       fast_flush_refresh_time (12h)
              The time after which a non-empty but unread  per-destination  "fast  flush"
              logfile needs to be refreshed.

       fast_flush_purge_time (7d)
              The  time  after  which  an  empty  per-destination "fast flush" logfile is
              deleted.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a  Postfix  daemon  process
              will service before terminating voluntarily.

       parent_domain_matches_subdomains (see 'postconf -d' output)
              What  Postfix  features  match  subdomains  of  "domain.tld" automatically,
              instead of requiring an explicit ".domain.tld" pattern.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is  prepended  to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

FILES
       /var/spool/postfix/flush, "fast flush" logfiles.

SEE ALSO
       smtpd(8), SMTP server
       qmgr(8), queue manager
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate this infor‐
       mation.
       ETRN_README, Postfix ETRN howto

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 1.0.
AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                 FLUSH(8)

proxymap, proxywrite

Der proxymap-Daemon stellt anderen Postix-Prozessen Lookup-Tabellen zur Verfügung, damit diese bei entsprechenden Anfragen bereits bestehende Verbindungen mit-/weiterbenutzen können. Somit fällt der Overhead beim Verbindungsauf- und -abbau z.B. zu einem mySQL- oder ldap-Datenbankbackendsystem weg und diue Systemressourcen werden weniger belastet. Abhängig vom verwendetetn Namen proxymap und proxywrite können diese Verbindungen readonly oder auch als beschreibbar definiert werden.

Zusätzliche informationen zum proxymap/proxywrite-Daemon findet man in dessen manpage.

 # man 8 proxymap
PROXYMAP(8)                      System Manager's Manual                      PROXYMAP(8)

NAME
       proxymap - Postfix lookup table proxy server

SYNOPSIS
       proxymap [generic Postfix daemon options]

DESCRIPTION
       The  proxymap(8)  server  provides read-only or read-write table lookup service to
       Postfix processes. These services are implemented  with  distinct  service  names:
       proxymap and proxywrite, respectively. The purpose of these services is:

       ·      To  overcome chroot restrictions. For example, a chrooted SMTP server needs
              access to the system passwd file in order to reject mail  for  non-existent
              local  addresses,  but it is not practical to maintain a copy of the passwd
              file in the chroot jail.  The solution:

              local_recipient_maps =
                  proxy:unix:passwd.byname $alias_maps

       ·      To consolidate the number of open lookup tables by sharing one  open  table
              among  multiple processes. For example, making mysql connections from every
              Postfix daemon process results in "too many connections" errors. The  solu‐
              tion:

              virtual_alias_maps =
                  proxy:mysql:/etc/postfix/virtual_alias.cf

              The total number of connections is limited by the number of proxymap server
              processes.

       ·      To provide single-updater functionality for lookup tables that do not reli‐
              ably support multiple writers (i.e. all file-based tables).

       The proxymap(8) server implements the following requests:

       open maptype:mapname flags
              Open  the table with type maptype and name mapname, as controlled by flags.
              The reply includes the maptype dependent  flags  (to  distinguish  a  fixed
              string table from a regular expression table).

       lookup maptype:mapname flags key
              Look  up the data stored under the requested key.  The reply is the request
              completion status code and the lookup result  value.   The  maptype:mapname
              and flags are the same as with the open request.

       update maptype:mapname flags key value
              Update  the  data stored under the requested key.  The reply is the request
              completion status code.  The maptype:mapname and flags are the same as with
              the open request.

              To  implement single-updater maps, specify a process limit of 1 in the mas‐
              ter.cf file entry for the proxywrite service.

              This request is supported in Postfix 2.5 and later.

       delete maptype:mapname flags key
              Delete the data stored under the requested key.  The reply is  the  request
              completion status code.  The maptype:mapname and flags are the same as with
              the open request.

              This request is supported in Postfix 2.5 and later.

       sequence maptype:mapname flags function
              Iterate  over  the   specified   database.   The   function   is   one   of
              DICT_SEQ_FUN_FIRST  or DICT_SEQ_FUN_NEXT.  The reply is the request comple‐
              tion status code and a lookup key and result value, if found.

              This request is supported in Postfix 2.9 and later.

       The request completion status is one of OK, RETRY, NOKEY  (lookup  failed  because
       the key was not found), BAD (malformed request) or DENY (the table is not approved
       for proxy read or update access).

       There is no close command, nor are tables implicitly closed when a client  discon‐
       nects. The purpose is to share tables among multiple client processes.

SERVER PROCESS MANAGEMENT
       proxymap(8)  servers  run  under  control  by  the Postfix master(8) server.  Each
       server can handle multiple simultaneous connections.  When all  servers  are  busy
       while  a  client connects, the master(8) creates a new proxymap(8) server process,
       provided that the process limit is not exceeded.   Each  server  terminates  after
       serving at least $max_use clients or after $max_idle seconds of idle time.

SECURITY
       The proxymap(8) server opens only tables that are approved via the proxy_read_maps
       or proxy_write_maps configuration parameters, does not talk to users, and can  run
       at  fixed  low  privilege,  chrooted or not.  However, running the proxymap server
       chrooted severely limits usability, because it can open only chrooted tables.

       The proxymap(8) server is not a trusted daemon process, and must not  be  used  to
       look  up sensitive information such as UNIX user or group IDs, mailbox file/direc‐
       tory names or external commands.

       In Postfix version 2.2 and later,  the  proxymap  client  recognizes  requests  to
       access a table for security-sensitive purposes, and opens the table directly. This
       allows the same main.cf setting to be used by  sensitive  and  non-sensitive  pro‐
       cesses.

       Postfix-writable  data  files should be stored under a dedicated directory that is
       writable only by the Postfix mail system, such as  the  Postfix-owned  data_direc‐
       tory.

       In  particular,  Postfix-writable  files should never exist in root-owned directo‐
       ries. That would open up a particular type of security hole where ownership  of  a
       file or directory does not match the provider of its content.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       The  proxymap(8)  server  provides service to multiple clients, and must therefore
       not be used for tables that have high-latency lookups.

       The proxymap(8) read-write service does not explicitly close lookup  tables  (even
       if  it  did,  this  could  not be relied on, because the process may be terminated
       between table updates).  The read-write service should therefore not be used  with
       tables that leave persistent storage in an inconsistent state between updates (for
       example, CDB). Tables that support "sync on update" should be safe  (for  example,
       Berkeley DB) as should tables that are implemented by a real DBMS.

CONFIGURATION PARAMETERS
       On  busy  mail systems a long time may pass before proxymap(8) relevant changes to
       main.cf are picked up. Use the command "postfix reload" to speed up a change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

       config_directory (see 'postconf -d' output)
              The  default  location  of  the Postfix main.cf and master.cf configuration
              files.

       data_directory (see 'postconf -d' output)
              The directory  with  Postfix-writable  data  files  (for  example:  caches,
              pseudo-random numbers).

       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to handle a request before
              it is terminated by a built-in watchdog timer.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a  Postfix  daemon  process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       proxy_read_maps (see 'postconf -d' output)
              The  lookup tables that the proxymap(8) server is allowed to access for the
              read-only service.

       Available in Postfix 2.5 and later:

       data_directory (see 'postconf -d' output)
              The directory  with  Postfix-writable  data  files  (for  example:  caches,
              pseudo-random numbers).

       proxy_write_maps (see 'postconf -d' output)
              The  lookup tables that the proxymap(8) server is allowed to access for the
              read-write service.

SEE ALSO
       postconf(5), configuration parameters
       master(5), generic daemon options

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate this infor‐
       mation.
       DATABASE_README, Postfix lookup table overview

LICENSE
       The Secure Mailer license must be distributed with this software.
HISTORY
       The proxymap service was introduced with Postfix 2.0.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                              PROXYMAP(8)

showq

Der showq-Daemon zeigt den Inhalt der Mailqueue an und wird von dem Shell-Scrip mailq angesprochen.

Weitere Hinweise zum showq-Daemon entnimmt man dessen manpage.

 # man 8 showq
SHOWQ(8)                         System Manager's Manual                         SHOWQ(8)

NAME
       showq - list the Postfix mail queue

SYNOPSIS
       showq [generic Postfix daemon options]

DESCRIPTION
       The showq(8) daemon reports the Postfix mail queue status.  It is the program that
       emulates the sendmail `mailq' command.

       The showq(8) daemon can also be run in stand-alone mode  by  the  superuser.  This
       mode  of  operation  is used to emulate the `mailq' command while the Postfix mail
       system is down.

SECURITY
       The showq(8) daemon can run in a chroot jail at fixed low privilege, and takes  no
       input from the client. Its service port is accessible to local untrusted users, so
       the service can be susceptible to denial of service attacks.

STANDARDS
       None. The showq(8) daemon does not interact with the outside world.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically as showq(8) processes run for  only
       a limited amount of time. Use the command "postfix reload" to speed up a change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

       config_directory (see 'postconf -d' output)
              The default location of the Postfix  main.cf  and  master.cf  configuration
              files.
       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to handle a request before
              it is terminated by a built-in watchdog timer.

       duplicate_filter_limit (1000)
              The maximal number of addresses remembered by the address duplicate  filter
              for  aliases(5)  or  virtual(5) alias expansion, or for showq(8) queue dis‐
              plays.

       empty_address_recipient (MAILER-DAEMON)
              The recipient of mail addressed to the null address.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a  Postfix  daemon  process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is  prepended  to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

       Available in Postfix version 2.9 and later:

       enable_long_queue_ids (no)
              Enable long, non-repeating, queue IDs (queue file names).

FILES
       /var/spool/postfix, queue directories

SEE ALSO
       pickup(8), local mail pickup service
       cleanup(8), canonicalize and enqueue mail
       qmgr(8), queue manager
       postconf(5), configuration parameters
       master(8), process manager
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                 SHOWQ(8)

error, retry

Der error-delivery agent verarbeitet Zustellanfragen des qmgr-Daemon. Im Gegensatz zu den beiden Zustell-Agenten local oder smtp stellt der Agent aber keine Nachrichten zu, sondern generiert abhängig vom definierten Servicenamen in der master.cf-Datei entweder einen negativen Zustellbericht (Bounce) als error oder als retry. So kann der Absender informiert werden, dass eine einzelne Adresse oder auch eine ganze Mail-Domain nicht mehr oder gerade nicht zustellbar ist.

Weitere Hinweise zum Delivery-Agent error findet man in dessen manpage.

 # man 8 error
ERROR(8)                         System Manager's Manual                         ERROR(8)

NAME
       error - Postfix error/retry mail delivery agent

SYNOPSIS
       error [generic Postfix daemon options]

DESCRIPTION
       The  Postfix  error(8)  delivery  agent processes delivery requests from the queue
       manager. Each request specifies a queue file, a sender  address,  the  reason  for
       non-delivery  (specified  as the next-hop destination), and recipient information.
       The reason may be prefixed with an RFC 3463-compatible detail  code;  if  none  is
       specified  a default 4.0.0 or 5.0.0 code is used instead.  This program expects to
       be run from the master(8) process manager.

       Depending on the service name in master.cf, error or retry, the server bounces  or
       defers  all recipients in the delivery request using the "next-hop" information as
       the reason for non-delivery. The retry service name is  supported  as  of  Postfix
       2.4.

       Delivery  status reports are sent to the bounce(8), defer(8) or trace(8) daemon as
       appropriate.

SECURITY
       The error(8) mailer is not security-sensitive. It does not talk  to  the  network,
       and can be run chrooted at fixed low privilege.

STANDARDS
       RFC 3463 (Enhanced Status Codes)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

       Depending  on the setting of the notify_classes parameter, the postmaster is noti‐
       fied of bounces and of other trouble.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically as error(8) processes run for  only
       a limited amount of time. Use the command "postfix reload" to speed up a change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

       2bounce_notice_recipient (postmaster)
              The recipient of undeliverable mail that cannot be returned to the sender.

       bounce_notice_recipient (postmaster)
              The recipient of postmaster notifications with the message headers of  mail
              that  Postfix  did not deliver and of SMTP conversation transcripts of mail
              that Postfix did not receive.

       config_directory (see 'postconf -d' output)
              The default location of the Postfix  main.cf  and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to handle a request before
              it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The maximal number of digits after the decimal point when logging  sub-sec‐
              ond delay values.

       double_bounce_sender (double-bounce)
              The  sender  address  of postmaster notifications that are generated by the
              mail system.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a  Postfix  daemon  process
              will service before terminating voluntarily.

       notify_classes (resource, software)
              The list of error classes that are reported to the postmaster.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is  prepended  to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       qmgr(8), queue manager
       bounce(8), delivery status reports
       discard(8), Postfix discard delivery agent
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                 ERROR(8)

discard

Der discard-delivery agent verarbeitet die Zustellanfragen des qmgr-Daemon. Zustellbenachrichtigungen übergibt der Agent gegebenenfalls dem trace-Daemon.

Weitere Hinweise entnimmt man bei Bedarf der manpage des discard-Daemon.

 # man 8 discard
DISCARD(8)                       System Manager's Manual                       DISCARD(8)

NAME
       discard - Postfix discard mail delivery agent

SYNOPSIS
       discard [generic Postfix daemon options]

DESCRIPTION
       The  Postfix  discard(8) delivery agent processes delivery requests from the queue
       manager. Each request specifies a queue file, a sender address, a next-hop  desti‐
       nation that is treated as the reason for discarding the mail, and recipient infor‐
       mation.  The reason may be prefixed with an RFC 3463-compatible detail code.  This
       program expects to be run from the master(8) process manager.

       The  discard(8)  delivery agent pretends to deliver all recipients in the delivery
       request, logs the "next-hop" destination as the reason for  discarding  the  mail,
       updates  the  queue  file,  and either marks recipients as finished or informs the
       queue manager that delivery should be tried again at a later time.

       Delivery status reports are sent to the trace(8) daemon as appropriate.

SECURITY
       The discard(8) mailer is not security-sensitive. It does not talk to the  network,
       and can be run chrooted at fixed low privilege.

STANDARDS
       RFC 3463 (Enhanced Status Codes)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

       Depending  on the setting of the notify_classes parameter, the postmaster is noti‐
       fied of bounces and of other trouble.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically as  discard(8)  processes  run  for
       only  a  limited  amount  of  time. Use the command "postfix reload" to speed up a
       change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

       config_directory (see 'postconf -d' output)
              The  default  location  of  the Postfix main.cf and master.cf configuration
              files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process may take to handle a request  before
              it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The  maximal number of digits after the decimal point when logging sub-sec‐
              ond delay values.

       double_bounce_sender (double-bounce)
              The sender address of postmaster notifications that are  generated  by  the
              mail system.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The  maximal  number  of incoming connections that a Postfix daemon process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is  prepended  to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       qmgr(8), queue manager
       bounce(8), delivery status reports
       error(8), Postfix error delivery agent
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 2.2.

AUTHOR(S)
       Victor Duchovni
       Morgan Stanley

       Based on code by:
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                               DISCARD(8)

local

Der local-Daemon, genauer gesagt der local-Agent, übernimmt die Nachrichten vom qmgr-Daemon und stellt diese an lokale Empfänger zu. Da der Agent auf die alias- und .forward-Tabellen zugreifen und auswerten kann, ist er im Gegensatz zum virtual-delivery agent in der Lage, Lieferstatus Berichte an den bounce-, defer- bzw. trace-Daemon zu senden.

Weitere Hinweise findet man in der ausführlichen manpage vom local-agent.

 # man 8 local
LOCAL(8)                        System Manager's Manual                        LOCAL(8)

NAME
       local - Postfix local mail delivery

SYNOPSIS
       local [generic Postfix daemon options]

DESCRIPTION
       The  local(8)  daemon processes delivery requests from the Postfix queue manager
       to deliver mail to local recipients.  Each delivery request  specifies  a  queue
       file,  a sender address, a domain or host to deliver to, and one or more recipi‐
       ents.  This program expects to be run from the master(8) process manager.

       The local(8) daemon updates queue files and marks recipients as finished, or  it
       informs  the  queue manager that delivery should be tried again at a later time.
       Delivery status reports are sent to the bounce(8), defer(8) or  trace(8)  daemon
       as appropriate.

CASE FOLDING
       All  delivery decisions are made using the bare recipient name (i.e. the address
       localpart), folded to lower case.  See also under ADDRESS EXTENSION below for  a
       few exceptions.

SYSTEM-WIDE AND USER-LEVEL ALIASING
       The system administrator can set up one or more system-wide sendmail-style alias
       databases.  Users can have sendmail-style ~/.forward files.  Mail  for  name  is
       delivered  to  the alias name, to destinations in ~name/.forward, to the mailbox
       owned by the user name, or it is sent back as undeliverable.

       The system administrator can specify a comma/space separated list of  ~/.forward
       like  files through the forward_path configuration parameter. Upon delivery, the
       local delivery agent tries each pathname in the list until a file is found.

       Delivery via ~/.forward files is done with  the  privileges  of  the  recipient.
       Thus,  ~/.forward like files must be readable by the recipient, and their parent
       directory needs to have "execute" permission for the recipient.

       The forward_path parameter is subject to interpolation of $user (recipient user‐
       name),  $home  (recipient  home directory), $shell (recipient shell), $recipient
       (complete recipient address), $extension (recipient address extension),  $domain
       (recipient  domain),  $local  (entire  recipient address localpart) and $recipi‐
       ent_delimiter. The forms ${name?value} and ${name:value} expand conditionally to
       value  when $name is (is not) defined.  Characters that may have special meaning
       to the shell or file system are replaced by underscores.  The list of acceptable
       characters  is specified with the forward_expansion_filter configuration parame‐
       ter.

       An alias or ~/.forward file may list any combination of external commands,  des‐
       tination  file  names,  :include: directives, or mail addresses.  See aliases(5)
       for a precise description. Each line in a user's .forward file has the same syn‐
       tax as the right-hand part of an alias.

       When  an  address  is  found in its own alias expansion, delivery is made to the
       user instead. When a user is listed in the user's own ~/.forward file,  delivery
       is  made  to  the user's mailbox instead.  An empty ~/.forward file means do not
       forward mail.

       In order to prevent the mail system from using up unreasonable amounts  of  mem‐
       ory,  input  records  read from :include: or from ~/.forward files are broken up
       into chunks of length line_length_limit.

       While expanding aliases, ~/.forward files, and so on, the  program  attempts  to
       avoid  duplicate  deliveries. The duplicate_filter_limit configuration parameter
       limits the number of remembered recipients.

MAIL FORWARDING
       For the sake of reliability, forwarded mail is re-submitted as a new message, so
       that each recipient has a separate on-file delivery status record.

       In  order  to  stop  mail  forwarding loops early, the software adds an optional
       Delivered-To: header with the final envelope recipient address. If mail  arrives
       for a recipient that is already listed in a Delivered-To: header, the message is
       bounced.

MAILBOX DELIVERY
       The default per-user mailbox  is  a  file  in  the  UNIX  mail  spool  directory
       (/var/mail/user or /var/spool/mail/user); the location can be specified with the
       mail_spool_directory configuration parameter. Specify a name  ending  in  /  for
       qmail-compatible maildir delivery.

       Alternatively,  the  per-user mailbox can be a file in the user's home directory
       with a name specified via the home_mailbox configuration  parameter.  Specify  a
       relative  path  name.  Specify  a  name ending in / for qmail-compatible maildir
       delivery.

       Mailbox delivery can be delegated to an  external  command  specified  with  the
       mailbox_command_maps  and  mailbox_command configuration parameters. The command
       executes with the privileges of the recipient user (exceptions: secondary groups
       are  not  enabled;  in  case  of delivery as root, the command executes with the
       privileges of default_privs).

       Mailbox delivery can be delegated to alternative message transports specified in
       the master.cf file.  The mailbox_transport_maps and mailbox_transport configura‐
       tion parameters specify an optional message transport that is to be used for all
       local  recipients, regardless of whether they are found in the UNIX passwd data‐
       base.  The fallback_transport_maps and fallback_transport parameters specify  an
       optional  message  transport for recipients that are not found in the aliases(5)
       or UNIX passwd database.

       In the case of UNIX-style mailbox delivery, the local(8) daemon prepends a "From
       sender  time_stamp"  envelope header to each message, prepends an X-Original-To:
       header with the recipient address as given  to  Postfix,  prepends  an  optional
       Delivered-To:  header  with  the  final  envelope  recipient address, prepends a
       Return-Path: header with the envelope sender address, prepends a > character  to
       lines  beginning with "From ", and appends an empty line.  The mailbox is locked
       for exclusive access while delivery is in progress.  In  case  of  problems,  an
       attempt is made to truncate the mailbox to its original length.

       In  the  case  of maildir delivery, the local daemon prepends an optional Deliv‐
       ered-To: header with the final envelope recipient address, prepends an  X-Origi‐
       nal-To:  header  with  the recipient address as given to Postfix, and prepends a
       Return-Path: header with the envelope sender address.

EXTERNAL COMMAND DELIVERY
       The allow_mail_to_commands configuration parameter restricts delivery to  exter‐
       nal  commands. The default setting (alias, forward) forbids command destinations
       in :include: files.

       Optionally, the process working directory is changed to the path specified  with
       command_execution_directory (Postfix 2.2 and later). Failure to change directory
       causes mail to be deferred.

       The command_execution_directory parameter value is subject to  interpolation  of
       $user  (recipient username), $home (recipient home directory), $shell (recipient
       shell), $recipient (complete recipient address), $extension  (recipient  address
       extension),  $domain (recipient domain), $local (entire recipient address local‐
       part) and  $recipient_delimiter.   The  forms  ${name?value}  and  ${name:value}
       expand  conditionally  to value when $name is (is not) defined.  Characters that
       may have special meaning to the shell or file  system  are  replaced  by  under‐
       scores.   The  list  of  acceptable  characters  is  specified  with  the execu‐
       tion_directory_expansion_filter configuration parameter.

       The command is  executed  directly  where  possible.  Assistance  by  the  shell
       (/bin/sh  on  UNIX  systems)  is used only when the command contains shell magic
       characters, or when the command invokes a shell built-in command.

       A limited amount of command output (standard output and standard error) is  cap‐
       tured  for  inclusion  with  non-delivery status reports.  A command is forcibly
       terminated if it does not complete within command_time_limit  seconds.   Command
       exit  status  codes  are  expected  to follow the conventions defined in <sysex‐
       its.h>.  Exit status 0 means normal successful completion.

       Postfix version 2.3 and later support RFC 3463-style enhanced status codes.   If
       a  command terminates with a non-zero exit status, and the command output begins
       with an enhanced status code, this status code takes precedence  over  the  non-
       zero exit status.

       A limited amount of message context is exported via environment variables. Char‐
       acters that may have special meaning to the shell are replaced  by  underscores.
       The list of acceptable characters is specified with the command_expansion_filter
       configuration parameter.

       SHELL  The recipient user's login shell.

       HOME   The recipient user's home directory.

       USER   The bare recipient name.

       EXTENSION
              The optional recipient address extension.

       DOMAIN The recipient address domain part.

       LOGNAME
              The bare recipient name.

       LOCAL  The entire recipient address localpart (text to the left of the rightmost
              @ character).

       ORIGINAL_RECIPIENT
              The  entire  recipient  address, before any address rewriting or aliasing
              (Postfix 2.5 and later).

       RECIPIENT
              The entire recipient address.

       SENDER The entire sender address.

       Additional remote client information is made available via the  following  envi‐
       ronment variables:

       CLIENT_ADDRESS
              Remote client network address. Available as of Postfix 2.2.

       CLIENT_HELO
              Remote client EHLO command parameter. Available as of Postfix 2.2.

       CLIENT_HOSTNAME
              Remote client hostname. Available as of Postfix 2.2.

       CLIENT_PROTOCOL
              Remote client protocol. Available as of Postfix 2.2.

       SASL_METHOD
              SASL  authentication  method specified in the remote client AUTH command.
              Available as of Postfix 2.2.

       SASL_SENDER
              SASL sender address specified in the remote  client  MAIL  FROM  command.
              Available as of Postfix 2.2.

       SASL_USERNAME
              SASL  username specified in the remote client AUTH command.  Available as
              of Postfix 2.2.

       The PATH environment variable is always  reset  to  a  system-dependent  default
       path,  and  environment variables whose names are blessed by the export_environ‐
       ment configuration parameter are exported unchanged.

       The current working directory is the mail queue directory.

       The local(8) daemon prepends a "From sender time_stamp" envelope header to  each
       message,  prepends  an X-Original-To: header with the recipient address as given
       to Postfix, prepends an optional Delivered-To: header with the  final  recipient
       envelope  address,  prepends  a  Return-Path:  header  with  the sender envelope
       address, and appends no empty line.

EXTERNAL FILE DELIVERY
       The delivery format depends on the destination filename syntax.  The default  is
       to use UNIX-style mailbox format.  Specify a name ending in / for qmail-compati‐
       ble maildir delivery.

       The allow_mail_to_files configuration parameter restricts delivery  to  external
       files.  The  default  setting  (alias,  forward)  forbids  file  destinations in
       :include: files.

       In the case of UNIX-style mailbox delivery, the local(8) daemon prepends a "From
       sender  time_stamp"  envelope header to each message, prepends an X-Original-To:
       header with the recipient address as given  to  Postfix,  prepends  an  optional
       Delivered-To:  header  with  the  final recipient envelope address, prepends a >
       character to lines beginning with "From ", and appends an empty line.  The enve‐
       lope  sender address is available in the Return-Path: header.  When the destina‐
       tion is a regular file, it is locked for exclusive access while delivery  is  in
       progress.  In case of problems, an attempt is made to truncate a regular file to
       its original length.

       In the case of maildir delivery, the local daemon prepends  an  optional  Deliv‐
       ered-To:  header  with  the final envelope recipient address, and prepends an X-
       Original-To: header with the recipient address as given to Postfix.   The  enve‐
       lope sender address is available in the Return-Path: header.

ADDRESS EXTENSION
       The  optional recipient_delimiter configuration parameter specifies how to sepa‐
       rate address extensions from local recipient names.

       For example, with "recipient_delimiter = +", mail for name+foo is  delivered  to
       the  alias  name+foo  or  to  the  alias  name,  to  the  destinations listed in
       ~name/.forward+foo or in ~name/.forward, to the mailbox owned by the user  name,
       or it is sent back as undeliverable.

DELIVERY RIGHTS
       Deliveries  to  external files and external commands are made with the rights of
       the receiving user on whose behalf the delivery is made.  In the  absence  of  a
       user context, the local(8) daemon uses the owner rights of the :include: file or
       alias database.  When those files are owned by the superuser, delivery  is  made
       with the rights specified with the default_privs configuration parameter.

STANDARDS
       RFC 822 (ARPA Internet Text Messages)
       RFC 3463 (Enhanced status codes)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).  Corrupted message files are
       marked so that the queue manager can move them to the corrupt queue afterwards.

       Depending on the setting of the  notify_classes  parameter,  the  postmaster  is
       notified of bounces and of other trouble.

SECURITY
       The  local(8)  delivery  agent needs a dual personality 1) to access the private
       Postfix queue and IPC mechanisms, 2) to impersonate the recipient and deliver to
       recipient-specified files or commands. It is therefore security sensitive.

       The local(8) delivery agent disallows regular expression substitution of $1 etc.
       in alias_maps, because that would open a security hole.

       The local(8) delivery agent will silently ignore requests to use the proxymap(8)
       server within alias_maps. Instead it will open the table directly.  Before Post‐
       fix version 2.2, the local(8) delivery agent will terminate with a fatal error.

BUGS
       For security reasons, the message delivery status of  external  commands  or  of
       external files is never checkpointed to file. As a result, the program may occa‐
       sionally deliver more than once to a command or external file. Better safe  than
       sorry.

       Mutually-recursive  aliases  or  ~/.forward  files  are not detected early.  The
       resulting mail forwarding loop is broken by the use of the Delivered-To: message
       header.

CONFIGURATION PARAMETERS
       Changes  to  main.cf  are picked up automatically, as local(8) processes run for
       only a limited amount of time. Use the command "postfix reload" to  speed  up  a
       change.

       The  text  below  provides  only  a  parameter summary. See postconf(5) for more
       details including examples.

COMPATIBILITY CONTROLS
       biff (yes)
              Whether or not to use the local biff service.

       expand_owner_alias (no)
              When delivering to an alias "aliasname"  that  has  an  "owner-aliasname"
              companion  alias, set the envelope sender address to the expansion of the
              "owner-aliasname" alias.

       owner_request_special (yes)
              Give special treatment to  owner-listname  and  listname-request  address
              localparts:  don't  split  such addresses when the recipient_delimiter is
              set to "-".

       sun_mailtool_compatibility (no)
              Obsolete SUN mailtool compatibility feature.

       Available in Postfix version 2.3 and later:

       frozen_delivered_to (yes)
              Update the local(8) delivery agent's idea of  the  Delivered-To:  address
              (see  prepend_delivered_header)  only  once,  at  the start of a delivery
              attempt; do not update the Delivered-To: address while expanding  aliases
              or .forward files.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership (yes)
              Defer delivery when a mailbox file is not owned by its recipient.

       reset_owner_alias (no)
              Reset  the  local(8)  delivery agent's idea of the owner-alias attribute,
              when delivering mail to a child alias that does not have  its  own  owner
              alias.

DELIVERY METHOD CONTROLS
       The  precedence of local(8) delivery methods from high to low is: aliases, .for‐
       ward  files,  mailbox_transport_maps,  mailbox_transport,  mailbox_command_maps,
       mailbox_command,  home_mailbox,  mail_spool_directory,  fallback_transport_maps,
       fallback_transport, and luser_relay.

       alias_maps (see 'postconf -d' output)
              The alias databases that are used for local(8) delivery.

       forward_path (see 'postconf -d' output)
              The local(8) delivery agent search list for finding a .forward file  with
              user-specified delivery methods.

       mailbox_transport_maps (empty)
              Optional  lookup tables with per-recipient message delivery transports to
              use for local(8) mailbox delivery, whether  or  not  the  recipients  are
              found in the UNIX passwd database.

       mailbox_transport (empty)
              Optional  message  delivery  transport  that  the local(8) delivery agent
              should use for mailbox delivery to all local recipients, whether  or  not
              they are found in the UNIX passwd database.

       mailbox_command_maps (empty)
              Optional  lookup  tables  with per-recipient external commands to use for
              local(8) mailbox delivery.

       mailbox_command (empty)
              Optional external command that the local(8) delivery agent should use for
              mailbox delivery.

       home_mailbox (empty)
              Optional  pathname  of  a mailbox file relative to a local(8) user's home
              directory.

       mail_spool_directory (see 'postconf -d' output)
              The directory where local(8) UNIX-style mailboxes are kept.

       fallback_transport_maps (empty)
              Optional lookup tables with per-recipient message delivery transports for
              recipients  that  the  local(8)  delivery  agent  could  not  find in the
              aliases(5) or UNIX password database.

       fallback_transport (empty)
              Optional message delivery transport  that  the  local(8)  delivery  agent
              should  use  for names that are not found in the aliases(5) or UNIX pass‐
              word database.

       luser_relay (empty)
              Optional catch-all destination for unknown local(8) recipients.

       Available in Postfix version 2.2 and later:

       command_execution_directory (empty)
              The local(8) delivery agent working directory for  delivery  to  external
              command.

MAILBOX LOCKING CONTROLS
       deliver_lock_attempts (20)
              The  maximal number of attempts to acquire an exclusive lock on a mailbox
              file or bounce(8) logfile.

       deliver_lock_delay (1s)
              The time between attempts to acquire an exclusive lock on a mailbox  file
              or bounce(8) logfile.

       stale_lock_time (500s)
              The time after which a stale exclusive mailbox lockfile is removed.

       mailbox_delivery_lock (see 'postconf -d' output)
              How to lock a UNIX-style local(8) mailbox before attempting delivery.

RESOURCE AND RATE CONTROLS
       command_time_limit (1000s)
              Time limit for delivery to external commands.

       duplicate_filter_limit (1000)
              The  maximal number of addresses remembered by the address duplicate fil‐
              ter for aliases(5) or virtual(5) alias expansion, or for  showq(8)  queue
              displays.

       local_destination_concurrency_limit (2)
              The  maximal  number  of  parallel deliveries via the local mail delivery
              transport to the same recipient (when  "local_destination_recipient_limit
              =  1")  or  the  maximal  number of parallel deliveries to the same local
              domain (when "local_destination_recipient_limit > 1").

       local_destination_recipient_limit (1)
              The maximal number of recipients per message delivery via the local  mail
              delivery transport.

       mailbox_size_limit (51200000)
              The  maximal  size of any local(8) individual mailbox or maildir file, or
              zero (no limit).

SECURITY CONTROLS
       allow_mail_to_commands (alias, forward)
              Restrict local(8) mail delivery to external commands.

       allow_mail_to_files (alias, forward)
              Restrict local(8) mail delivery to external files.

       command_expansion_filter (see 'postconf -d' output)
              Restrict the characters that the local(8) delivery agent allows in  $name
              expansions of $mailbox_command and $command_execution_directory.

       default_privs (nobody)
              The  default  rights  used by the local(8) delivery agent for delivery to
              external file or command.

       forward_expansion_filter (see 'postconf -d' output)
              Restrict the characters that the local(8) delivery agent allows in  $name
              expansions of $forward_path.

       Available in Postfix version 2.2 and later:

       execution_directory_expansion_filter (see 'postconf -d' output)
              Restrict  the characters that the local(8) delivery agent allows in $name
              expansions of $command_execution_directory.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership (yes)
              Defer delivery when a mailbox file is not owned by its recipient.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much  time  a  Postfix  daemon  process may take to handle a request
              before it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The maximal number of digits after the decimal point  when  logging  sub-
              second delay values.

       export_environment (see 'postconf -d' output)
              The  list  of environment variables that a Postfix process will export to
              non-Postfix processes.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal com‐
              munication channel.

       local_command_shell (empty)
              Optional shell program for local(8) delivery to non-Postfix command.

       max_idle (100s)
              The  maximum amount of time that an idle Postfix daemon process waits for
              an incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a Postfix daemon  process
              will service before terminating voluntarily.

       prepend_delivered_header (command, file, forward)
              The  message  delivery contexts where the Postfix local(8) delivery agent
              prepends a Delivered-To:  message header with the address that  the  mail
              was delivered to.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       propagate_unmatched_extensions (canonical, virtual)
              What  address lookup tables copy an address extension from the lookup key
              to the lookup result.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       recipient_delimiter (empty)
              The set of characters that can separate a user name  from  its  extension
              (example: user+foo), or a .forward file name from its extension (example:
              .forward+foo).

       require_home_directory (no)
              Require that a local(8) recipient's home  directory  exists  before  mail
              delivery is attempted.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is prepended to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

FILES
       The following are examples; details differ between systems.
       $HOME/.forward, per-user aliasing
       /etc/aliases, system-wide alias database
       /var/spool/mail, system mailboxes

SEE ALSO
       qmgr(8), queue manager
       bounce(8), delivery status reports
       newaliases(1), create/update alias database
       postalias(1), create/update alias database
       aliases(5), format of alias database
       postconf(5), configuration parameters
       master(5), generic daemon options
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The Delivered-To: message header appears in the qmail  system  by  Daniel  Bern‐
       stein.

       The maildir structure appears in the qmail system by Daniel Bernstein.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                               LOCAL(8)

virtual

Der virtual-delivery agent wurde von Wietse Venema für die virtuellen Maildomains entwickelt. Ursprünglich wurde dazu der local-delivery agent mit statischen hartcodierten Übersetzungstabellen benutzt. Im Gegensatz zum local-delivery agent wertet der virtual-delivery agent weder alias- noch .forward-Tabellen aus - Weiterleitungen oder Abwesenheitsnachrichten müssen daher über Mapping-Tabellen wie z.B. virtual_alias maps separat realisiert werden.

# man 8 virtual
VIRTUAL(8)                       System Manager's Manual                       VIRTUAL(8)

NAME
       virtual - Postfix virtual domain mail delivery agent

SYNOPSIS
       virtual [generic Postfix daemon options]

DESCRIPTION
       The virtual(8) delivery agent is designed for virtual mail hosting services. Orig‐
       inally based on the Postfix local(8) delivery agent, this agent looks  up  recipi‐
       ents with map lookups of their full recipient address, instead of using hard-coded
       unix password file lookups of the address local part only.

       This delivery agent only delivers mail.  Other features such as  mail  forwarding,
       out-of-office  notifications,  etc.,  must be configured via virtual_alias maps or
       via similar lookup mechanisms.

MAILBOX LOCATION
       The mailbox location is controlled by the virtual_mailbox_base  and  virtual_mail‐
       box_maps  configuration parameters (see below).  The virtual_mailbox_maps table is
       indexed by the recipient address as described under TABLE SEARCH ORDER below.

       The mailbox pathname is constructed as follows:

         $virtual_mailbox_base/$virtual_mailbox_maps(recipient)

       where recipient is the full recipient address.

UNIX MAILBOX FORMAT
       When the mailbox location does not end in /, the  message  is  delivered  in  UNIX
       mailbox format.   This format stores multiple messages in one textfile.

       The  virtual(8) delivery agent prepends a "From sender time_stamp" envelope header
       to each message, prepends a Delivered-To: message header with the envelope recipi‐
       ent address, prepends an X-Original-To: header with the recipient address as given
       to Postfix, prepends a  Return-Path:  message  header  with  the  envelope  sender
       address,  prepends  a  > character to lines beginning with "From ", and appends an
       empty line.

       The mailbox is locked for exclusive access while delivery is in progress. In  case
       of problems, an attempt is made to truncate the mailbox to its original length.

QMAIL MAILDIR FORMAT
       When  the  mailbox  location  ends in /, the message is delivered in qmail maildir
       format. This format stores one message per file.

       The virtual(8) delivery agent prepends a Delivered-To:  message  header  with  the
       final  envelope  recipient  address,  prepends  an  X-Original-To: header with the
       recipient address as given to Postfix, and prepends a Return-Path: message  header
       with the envelope sender address.

       By definition, maildir format does not require application-level file locking dur‐
       ing mail delivery or retrieval.

MAILBOX OWNERSHIP
       Mailbox ownership is  controlled  by  the  virtual_uid_maps  and  virtual_gid_maps
       lookup  tables, which are indexed with the full recipient address. Each table pro‐
       vides a string with the numerical user and group ID, respectively.

       The virtual_minimum_uid parameter imposes a lower bound on numerical user ID  val‐
       ues that may be specified in any virtual_uid_maps.

CASE FOLDING
       All  delivery decisions are made using the full recipient address, folded to lower
       case. See also the next section for a few exceptions with optional address  exten‐
       sions.

TABLE SEARCH ORDER
       Normally,  a  lookup table is specified as a text file that serves as input to the
       postmap(1) command. The result, an indexed file in dbm or db format, is  used  for
       fast searching by the mail system.

       The search order is as follows. The search stops upon the first successful lookup.

       ·      When  the  recipient  has  an  optional  address  extension the user+exten‐
              sion@domain.tld address is looked up first.

              With Postfix versions before 2.1, the optional address extension is  always
              ignored.

       ·      The user@domain.tld address, without address extension, is looked up next.

       ·      Finally, the recipient @domain is looked up.

       When  the  table  is  provided  via other means such as NIS, LDAP or SQL, the same
       lookups are done as for ordinary indexed files.

       Alternatively, a table can be provided as a regular-expression map where  patterns
       are given as regular expressions. In that case, only the full recipient address is
       given to the regular-expression map.

SECURITY
       The virtual(8) delivery agent is not security sensitive, provided that the  lookup
       tables  with  recipient  user/group  ID information are adequately protected. This
       program is not designed to run chrooted.

       The virtual(8) delivery agent disallows regular expression substitution of $1 etc.
       in regular expression lookup tables, because that would open a security hole.

       The virtual(8) delivery agent will silently ignore requests to use the proxymap(8)
       server. Instead it will open the table directly. Before Postfix version  2.2,  the
       virtual delivery agent will terminate with a fatal error.

STANDARDS
       RFC 822 (ARPA Internet Text Messages)

DIAGNOSTICS
       Mail  bounces when the recipient has no mailbox or when the recipient is over disk
       quota. In all other cases, mail for an existing recipient is deferred and a  warn‐
       ing is logged.

       Problems  and  transactions are logged to syslogd(8).  Corrupted message files are
       marked so that the queue manager can move them to the corrupt queue afterwards.

       Depending on the setting of the notify_classes parameter, the postmaster is  noti‐
       fied of bounces and of other trouble.

BUGS
       This  delivery  agent supports address extensions in email addresses and in lookup
       table keys, but does not propagate address extension information to the result  of
       table lookup.

       Postfix  should  have lookup tables that can return multiple result attributes. In
       order to avoid the inconvenience of maintaining three tables, use an LDAP or MYSQL
       database.

CONFIGURATION PARAMETERS
       Changes  to  main.cf  are picked up automatically, as virtual(8) processes run for
       only a limited amount of time. Use the command "postfix  reload"  to  speed  up  a
       change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

MAILBOX DELIVERY CONTROLS
       virtual_mailbox_base (empty)
              A prefix that the  virtual(8)  delivery  agent  prepends  to  all  pathname
              results from $virtual_mailbox_maps table lookups.

       virtual_mailbox_maps (empty)
              Optional  lookup  tables with all valid addresses in the domains that match
              $virtual_mailbox_domains.

       virtual_minimum_uid (100)
              The minimum user ID value that the virtual(8) delivery agent accepts  as  a
              result from $virtual_uid_maps table lookup.

       virtual_uid_maps (empty)
              Lookup  tables  with the per-recipient user ID that the virtual(8) delivery
              agent uses while writing to the recipient's mailbox.

       virtual_gid_maps (empty)
              Lookup tables with the per-recipient group ID for virtual(8) mailbox deliv‐
              ery.

       Available in Postfix version 2.0 and later:

       virtual_mailbox_domains ($virtual_mailbox_maps)
              Postfix  is  final  destination  for the specified list of domains; mail is
              delivered via the $virtual_transport mail delivery transport.

       virtual_transport (virtual)
              The default mail delivery transport  and  next-hop  destination  for  final
              delivery to domains listed with $virtual_mailbox_domains.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership (yes)
              Defer delivery when a mailbox file is not owned by its recipient.

LOCKING CONTROLS
       virtual_mailbox_lock (see 'postconf -d' output)
              How to lock a UNIX-style virtual(8) mailbox before attempting delivery.

       deliver_lock_attempts (20)
              The  maximal  number  of attempts to acquire an exclusive lock on a mailbox
              file or bounce(8) logfile.

       deliver_lock_delay (1s)
              The time between attempts to acquire an exclusive lock on a mailbox file or
              bounce(8) logfile.

       stale_lock_time (500s)
              The time after which a stale exclusive mailbox lockfile is removed.

RESOURCE AND RATE CONTROLS
       virtual_destination_concurrency_limit ($default_destination_concurrency_limit)
              The  maximal  number of parallel deliveries to the same destination via the
              virtual message delivery transport.

       virtual_destination_recipient_limit ($default_destination_recipient_limit)
              The maximal number of recipients per message for the virtual message deliv‐
              ery transport.

       virtual_mailbox_limit (51200000)
              The  maximal  size  in bytes of an individual virtual(8) mailbox or maildir
              file, or zero (no limit).

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of the Postfix  main.cf  and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to handle a request before
              it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The maximal number of digits after the decimal point when logging  sub-sec‐
              ond delay values.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The  maximal  number  of incoming connections that a Postfix daemon process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is  prepended  to  the  process  name  in  syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       qmgr(8), queue manager
       bounce(8), delivery status reports
       postconf(5), configuration parameters
       syslogd(8), system logging

README_FILES
       Use "postconf readme_directory" or
       "postconf html_directory" to locate this information.
       VIRTUAL_README, domain hosting howto

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This delivery agent was originally based on the Postfix local delivery agent. Mod‐
       ifications mainly consisted of removing code that either  was  not  applicable  or
       that  was  not  safe  in  this context: aliases, ~user/.forward files, delivery to
       "|command" or to /file/name.

       The Delivered-To: message header appears in the qmail system by Daniel Bernstein.

       The maildir structure appears in the qmail system by Daniel Bernstein.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       Andrew McNamara
       andrewm@connect.com.au
       connect.com.au Pty. Ltd.
       Level 3, 213 Miller St
       North Sydney 2060, NSW, Australia

                                                                               VIRTUAL(8)

anvil

Der anvil-Daemon sammelt mit Verbindungsdaten von Client-Verbindungen und Client-Anfragen. So können Client-Verbindungen und -Anfragen, entsprechend limitiert werden und die Ereichbarkeit des des MTA gesichert werden.

Konfigurationsdetails und weitere Informationen findet man in der manpage des anvil-Daemon.

 # man 8 anvil
ANVIL(8)                         System Manager's Manual                         ANVIL(8)

NAME
       anvil - Postfix session count and request rate control

SYNOPSIS
       anvil [generic Postfix daemon options]

DESCRIPTION
       The Postfix anvil(8) server maintains statistics about client connection counts or
       client request rates. This information can be used to defend against clients  that
       hammer  a server with either too many simultaneous sessions, or with too many suc‐
       cessive requests within a configurable time interval.  This server is designed  to
       run under control by the Postfix master(8) server.

       In  the following text, ident specifies a (service, client) combination. The exact
       syntax of that information is application-dependent; the anvil(8) server does  not
       care.

CONNECTION COUNT/RATE CONTROL
       To register a new connection send the following request to the anvil(8) server:

           request=connect
           ident=string

       The  anvil(8)  server  answers with the number of simultaneous connections and the
       number of connections per unit time for the (service, client)  combination  speci‐
       fied with ident:

           status=0
           count=number
           rate=number

       To register a disconnect event send the following request to the anvil(8) server:

           request=disconnect
           ident=string

       The anvil(8) server replies with:

           status=0

MESSAGE RATE CONTROL
       To  register a message delivery request send the following request to the anvil(8)
       server:

           request=message
           ident=string

       The anvil(8) server answers with the number of message delivery requests per  unit
       time for the (service, client) combination specified with ident:

           status=0
           rate=number

RECIPIENT RATE CONTROL
       To register a recipient request send the following request to the anvil(8) server:

           request=recipient
           ident=string

       The  anvil(8)  server answers with the number of recipient addresses per unit time
       for the (service, client) combination specified with ident:

           status=0
           rate=number

TLS SESSION NEGOTIATION RATE CONTROL
       The features described in this section are available with Postfix 2.3 and later.

       To register a request for a new (i.e. not cached) TLS session send  the  following
       request to the anvil(8) server:

           request=newtls
           ident=string

       The  anvil(8)  server answers with the number of new TLS session requests per unit
       time for the (service, client) combination specified with ident:

           status=0
           rate=number

       To retrieve new TLS session request rate information without updating the  counter
       information, send:

           request=newtls_report
           ident=string

       The  anvil(8)  server answers with the number of new TLS session requests per unit
       time for the (service, client) combination specified with ident:

           status=0
           rate=number

SECURITY
       The anvil(8) server does not talk to the network or to local users,  and  can  run
       chrooted at fixed low privilege.

       The  anvil(8)  server  maintains  an in-memory table with information about recent
       clients requests.  No persistent state is kept  because  standard  system  library
       routines are not sufficiently robust for update-intensive applications.

       Although  the  in-memory state is kept only temporarily, this may require a lot of
       memory on systems that handle connections from many  remote  clients.   To  reduce
       memory usage, reduce the time unit over which state is kept.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

       Upon exit, and every anvil_status_update_time seconds, the server logs the maximal
       count and rate values measured, together with (service,  client)  information  and
       the time of day associated with those events.  In order to avoid unnecessary over‐
       head, no measurements are done for activity that isn't concurrency limited or rate
       limited.

BUGS
       Systems  behind  network address translating routers or proxies appear to have the
       same client address and can run into connection count and/or rate limits falsely.

       In this preliminary implementation, a count (or rate) limited server  process  can
       have only one remote client at a time. If a server process reports multiple simul‐
       taneous clients, state is kept only for the last reported client.

       The anvil(8) server automatically discards client  request  information  after  it
       expires.   To  prevent  the  anvil(8)  server  from discarding client request rate
       information too early or too late, a rate limited service should  always  register
       connect/disconnect events even when it does not explicitly limit them.

CONFIGURATION PARAMETERS
       On  low-traffic  mail  systems,  changes to main.cf are picked up automatically as
       anvil(8) processes run for only a limited amount of time. On other  mail  systems,
       use the command "postfix reload" to speed up a change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

       anvil_rate_time_unit (60s)
              The time unit over which client connection rates and other rates are calcu‐
              lated.

       anvil_status_update_time (600s)
              How  frequently  the anvil(8) connection and rate limiting server logs peak
              usage information.

       config_directory (see 'postconf -d' output)
              The default location of the Postfix  main.cf  and  master.cf  configuration
              files.

       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to handle a request before
              it is terminated by a built-in watchdog timer.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a  Postfix  daemon  process
              will service before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is  prepended  to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       smtpd(8), Postfix SMTP server
       postconf(5), configuration parameters
       master(5), generic daemon options

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate this infor‐
       mation.
       TUNING_README, performance tuning

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The anvil service is available in Postfix 2.2 and later.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                 ANVIL(8)

scache

Der scache-Daemon verwaltet den Cache-Speicher für mehrfach genutzte Verbindungen zu einem Ziel. Somit können die delivery-agents diese Verbindungen mit- und weiterbenutzen. Somit fällt der Overhaed beim Verbindungsauf- und abbau weg und der Server kann wesentlich performanter arbeiten.

Weitere Hinweise zum scache-Daemon findet man in dessen manpage.

 # man 8 scache
SCACHE(8)                        System Manager's Manual                        SCACHE(8)

NAME
       scache - Postfix shared connection cache server

SYNOPSIS
       scache [generic Postfix daemon options]

DESCRIPTION
       The  scache(8)  server maintains a shared multi-connection cache. This information
       can be used by, for example,  Postfix  SMTP  clients  or  other  Postfix  delivery
       agents.

       The  connection  cache  is organized into logical destination names, physical end‐
       point names, and connections.

       As a specific example,  logical  SMTP  destinations  specify  (transport,  domain,
       port), and physical SMTP endpoints specify (transport, IP address, port).  An SMTP
       connection may be saved after a successful mail transaction.

       In the general case, one logical destination may refer to zero  or  more  physical
       endpoints,  one physical endpoint may be referenced by zero or more logical desti‐
       nations, and one endpoint may refer to zero or more connections.

       The exact syntax of a logical destination or endpoint name is  application  depen‐
       dent;  the  scache(8)  server  does  not  care.   A connection is stored as a file
       descriptor together with application-dependent information that is needed  to  re-
       activate a connection object. Again, the scache(8) server is completely unaware of
       the details of that information.

       All information is stored with a finite time to live (ttl).  The connection  cache
       daemon terminates when no client is connected for max_idle time units.

       This server implements the following requests:

       save_endp ttl endpoint endpoint_properties file_descriptor
              Save  the  specified file descriptor and connection property data under the
              specified endpoint name. The endpoint properties are used by the client  to
              re-activate a passivated connection object.

       find_endp endpoint
              Look  up  cached  properties and a cached file descriptor for the specified
              endpoint.

       save_dest ttl destination destination_properties endpoint
              Save the binding between a logical destination and an  endpoint  under  the
              destination name, together with destination specific connection properties.
              The destination properties are used by the client to re-activate  a  passi‐
              vated connection object.

       find_dest destination
              Look  up  cached  destination properties, cached endpoint properties, and a
              cached file descriptor for the specified logical destination.

SECURITY
       The scache(8) server is not security-sensitive. It does not talk to  the  network,
       and  it  does  not  talk to local users.  The scache(8) server can run chrooted at
       fixed low privilege.

       The scache(8) server is not a trusted process. It must not be used to store infor‐
       mation that is security sensitive.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       The session cache cannot be shared among multiple machines.

       When  a  connection  expires  from the cache, it is closed without the appropriate
       protocol specific handshake.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically as scache(8) processes run for only
       a limited amount of time. Use the command "postfix reload" to speed up a change.

       The text below provides only a parameter summary. See postconf(5) for more details
       including examples.

RESOURCE CONTROLS
       connection_cache_ttl_limit (2s)
              The maximal time-to-live value that the scache(8) connection  cache  server
              allows.

       connection_cache_status_update_time (600s)
              How  frequently  the scache(8) server logs usage statistics with connection
              cache hit and miss rates for logical destinations  and  for  physical  end‐
              points.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The  default  location  of  the Postfix main.cf and master.cf configuration
              files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process may take to handle a request  before
              it is terminated by a built-in watchdog timer.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an internal commu‐
              nication channel.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process waits for an
              incoming connection before terminating voluntarily.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name  that  is  prepended  to the process name in syslog
              records, so that "smtpd" becomes, for example, "postfix/smtpd".

SEE ALSO
       smtp(8), SMTP client
       postconf(5), configuration parameters
       master(8), process manager
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate this infor‐
       mation.
       CONNECTION_CACHE_README, Postfix connection cache

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was introduced with Postfix version 2.2.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                                SCACHE(8)

Die wohl wesentlichste und auch unstrittigste Anforderungen an unseren Mailserver ist schlichtweg die Tatsache, dass dieser die Kommunikation zwischen Absender und Empfänger ermöglichen und dienlich sein soll. Der eMailverkehr, in vielen Fällen eine geschäftskritische Anwendung, soll soweit möglich 24/7 zur Verfügung stehen, möglichst nicht beeinträchtigt/verzögert oder gar unterbunden werden!

Aus den gerade erwähnten Punkten haben wir nachfolgende Anforderungen an unsere eigene Mailinfrastruktur bzw. wir werden uns Techniken und Lösungen genauer ansehen, mit denen wir unsere

Die wesentlichen Anforderungen an unsere eigene Mailinfrastruktur sind:

  1. Es werden nur noch eMails angenommen, die auch zugestellt werden können; d.h. unerwünschte bzw. unerlaubte Nachrichten werden geblockt (mit einem Returncode von 5xx abgewiesen).
  2. der Transportweg zwischen den MTAs10) wird TLS-verschlüsselt, soweit möglich.
  3. der Transportweg zwischen MUA11) muss zwingend transportverschlüsselt werden.
  4. Nachrichten von MUAs werden ausschließlich auf dem Submissionport 587 angenommen.
  5. eMails die unser Netzwerk nach extern verlassen unterliegen der gleichen Qualitäts- (SPAM) und Sicherheitsüberprüfung (Viren und Schadcode) wie ankommende elektronische Post.
  6. abgehende eMails werden mit einer DKIM-Signatur versehen, mit der der Empfänger (MTA) prüfen kann, ob die eMail auch von unserem Mailserver versandt wurde. Somit wird zB. die Reputation gegenüber AOL gesteigert, da dieser ISP eine valide DKIM-Signatur positiv bewertet.
  7. Für den ersten Grob-Viren-/SPAM-Schutz betrachten wir die beiden Lösungskandidaten Greylisting und Postscreen genauer und wägen dann ab, welche Variante zum Einsatz kommen soll.
  8. Die zweite Prüfung erfolgt mit Unterstützung des Policy-Daemon policyd-weight, der die Mail bei der Einlieferung anhand des Envelope Sender, des Envelope To und der HELO-Daten, die während des SMTP-Handshakes übertragen werden, überprüft. auch hier stellen wir uns die Frage, ob polycd-weight oder postscreen eingesetzt werden soll.
  9. Eine weitere Prüfung auf erfolgt mit Hilfe von RBHL12) von SPAMHAUS.
  10. Die Möglichkeit, Nachrichten auf Grund von verdächtigen Header-Zeilen und/oder Inhalten zu bewerten und/oder zu filtern, soll grundsätzlich gegeben sein.
  11. Die SPAM-Bewertung der Nachrichten selbst erfolgt mit Hilfe von Spamassassin
  12. Den dritten Teil unserer mehrstufigen Antivirenschutzmaßnahmen (1. Stufe: postscreen. 2. Stufe: body-/header-checks) übernimmt der freie Virenscanner ClamAV.

FIXME die Punkte SRS, SPF, DKIM und DMARC noch bei der Ausgestaltung der „Anforderungen an unseren Mailserver“ noch mit aufnehmen!

Nachdem wir uns nun eingehend mit dem Grundlagen zum Thema Mailserver und den einzelnen Komponenten des Postfix MTA beschäftigt haben, können wir uns nun mit der Installation und Konfiguration von Postfix beschäftigen.

Die Installation und Konfiguration des aktuellen stable Release Postfix 3.x wird nachfolgend ab dieser Seite beschrieben.

Links


1)
Small Office Home Office
2) , 3)
Mail Transport Agent
4)
Domain Name System
5)
Local Mail Transfer Protokoll
6)
Mail Message Submission
7)
Mail User Agents
8)
Quick Mail Queueing Protocol
9)
Pseudo Random Number Generator
10)
Mail Transport Agent: z.B. Postfix, Exim oder Sendmail
11)
Mail User Agent: z.B. kMail, Thunderbird oder R2Mail2
12)
RealtimeBlackHoleLists
Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
  • centos/mail_c7/mta_1.txt
  • Zuletzt geändert: 27.01.2019 12:00.
  • von django