Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:mail_c7:postfix3_1 [26.01.2019 19:38. ] – [main.cf] django
+++ centos:mail_c7:postfix3_1 [18.11.2024 19:12. ] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 16: / Zeile 16: @@
 ===== Installation =====
-Seit CentOS 6.0 wird als **MTA** Postfix installiert - aktuell ist dies der 2.10er Release. Im vorliegenden Konfigurationsbeispiel wollen wir uns aber im Detail mit der __aktuellen__ Version **V3** beschäftigen. Als Installationsquelle nutzen wie hierzu das [[centos:mailserver.guru|Repository mailserver.guru]].
+Seit CentOS 6.0 wird als **MTA** Postfix installiert - aktuell ist dies der 2.10er Release. Im vorliegenden Konfigurationsbeispiel wollen wir uns aber im Detail mit der __aktuellen__ Version **V3** beschäftigen. Als Installationsquelle nutzen wie hierzu das [[centos:nausch.org|Repository nausch.org]].
-==== Repository mailserver.guru ====
+==== Repository nausch.org ====
-Damit nun bei der Installation und den späteren Updates nicht mehr den von CentOS 7 bereoitgestellen Postfix in der Version 2.10 sondern die aktuellere Version 3.x aus dem Repository mailserver.guru verwendet wird, passen wir die zugehörigen Konfigurationsdateien an. Als erstes exkludieren wir dei Postfix-Pakete aus dem CenbtOS-Base-Repository. Hierzu tragen wir die Option ''**exclude=postfix* **'' in der Datei //**/etc/yum.repos.d/CentOS-Base.repo**// nach.
+Damit nun bei der Installation und den späteren Updates nicht mehr den von CentOS 7 bereoitgestellen Postfix in der Version 2.10 sondern die aktuellere Version 3.x aus dem Repository nausch.org verwendet wird, passen wir die zugehörigen Konfigurationsdateien an. Als erstes exkludieren wir dei Postfix-Pakete aus dem CenbtOS-Base-Repository. Hierzu tragen wir die Option ''**exclude=postfix* **'' in der Datei //**/etc/yum.repos.d/CentOS-Base.repo**// nach.
    # vim /etc/yum.repos.d/CentOS-Base.repo
 <file bash /etc/yum.repos.d/CentOS-Base.repo># CentOS-LOCAL.repo
@@ Zeile 71: / Zeile 71: @@
 </file>
-Als nächstes konfigurieren wir dann die Verwendung des Postfix 3.x-Relase aus dem Zweig **testing** des verwendeten Repositories **mailserver.guru**. Dazu passen wir die zugehörige Konfigurationsdatei wie folgt an:
+Als nächstes konfigurieren wir dann die Verwendung des Postfix 3.x-Relase aus dem Zweig **testing** des verwendeten Repositories **nausch.org**. Dazu passen wir die zugehörige Konfigurationsdatei wie folgt an:
-   # vim /etc/yum.repos.d/mailserver.guru.repo
+   # vim /etc/yum.repos.d/nausch.org.repo
-<file bash /etc/yum.repos.d/mailserver.guru.repo>[mailserver.guru-os]
+<file bash /etc/yum.repos.d/nausch.org.repo>[nausch.org-os]
 name=Extra (Mailserver-)Packages for Enterprise Linux 7 -
-baseurl=http://repo.mailserver.guru/7/os/$basearch
+baseurl=http://repo.nausch.org/7/os/$basearch
 priority=5
 enabled=1
@@ Zeile 86: / Zeile 86: @@
-[mailserver.guru-testing]
+[nausch.org-testing]
 name=Testing (Mailserver-)Packages for Enterprise Linux 7 -
-baseurl=http://repo.mailserver.guru/7/testing/$basearch/
+baseurl=http://repo.nausch.org/7/testing/$basearch/
 priority=5
 # Django : 2019-01-26
@@ Zeile 117: / Zeile 117: @@
 Build Host  : vml000137.dmz.nausch.org
 Relocations : (not relocatable)
-Packager    : Django <django@mailserver.guru>
+Packager    : Django <django@nausch.org>
 URL         : http://www.postfix.org
 Summary     : Postfix Mail Transport Agent
@@ Zeile 601: / Zeile 601: @@
 ==== main.cf ====
-\\ \\ \\
-<WRAP center round todo 30%>
-FIXME FIXME FIXME
-  * //**do geds weida!**//
-FIXME FIXME FIXME
-</WRAP>
-\\ \\ \\
 Die eigentliche Konfiguration unseres Postfix MTAs erfolgt mit Hilfe der Hauptkonfigurationsdatei **main.cf**. Diese Konfigurationsdatei ist durch die vielen sehr guten Dokumentationshinweise doch sehr angewachsen, aber im Grunde beschränkt sich diese auf ein paar wenige "aktive" Zeilen.
-In der Standardkonfiguration sind alle wichtigen Parameter bereits mit einem Default-wert vorbelegt.
+In der Standardkonfiguration sind alle wichtigen Parameter bereits mit einem Default-Wert vorbelegt.
 So hat //Postfix **2.10**// __**816**__ Defaultparameter.
    # postconf -d | grep mail_version
    mail_version = 2.10.1
    milter_macro_v = $mail_name $mail_version
    # postconf -d | wc -l
 //Postfix **2.11**// bringt uns __**832**__ Defaultparameter mit.
    # postconf -d | grep mail_version
    mail_version = 2.11.6
    milter_macro_v = $mail_name $mail_version
    # postconf -d | wc -l
+Bei der neuen aktuellen Version **//3.x//** von Postfix erhöhte sich bedingt durch die zusätzlichen Features abermals die Anzahl der Defaultparameter auf __**885**__.
+   # postconf -d | grep mail_version
+   mail_version = 3.3.2
+   milter_macro_v = $mail_name $mail_version
+   # postconf -d | wc -l
 Werfen wir einfach einen Blick in diese Hauptkonfigurationmsdatei //**/etc/postfix/main.cf**//.
    # less /etc/postfix/main.cf
 <file bash /etc/postfix/main.cf># Global Postfix configuration file. This file lists only a subset
 # of all parameters. For the syntax, and for a complete parameter
 # list, see the postconf(5) manual page (command: "man 5 postconf").
 #
 # For common configuration examples, see BASIC_CONFIGURATION_README
 # and STANDARD_CONFIGURATION_README. To find these documents, use
 # the command "postconf html_directory readme_directory", or go to
 # http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
 #
 # For best results, change no more than 2-3 parameters at a time,
 # and test if Postfix still works after every change.
+# COMPATIBILITY
+#
+# The compatibility_level determines what default settings Postfix
+# will use for main.cf and master.cf settings. These defaults will
+# change over time.
+#
+# To avoid breaking things, Postfix will use backwards-compatible
+# default settings and log where it uses those old backwards-compatible
+# default settings, until the system administrator has determined
+# if any backwards-compatible default settings need to be made
+# permanent in main.cf or master.cf.
+#
+# When this review is complete, update the compatibility_level setting
+# below as recommended in the RELEASE_NOTES file.
+#
+# The level below is what should be used with new (not upgrade) installs.
+#
+compatibility_level = 2
 # SOFT BOUNCE
 #
 # The soft_bounce parameter provides a limited safety net for
 # testing.  When soft_bounce is enabled, mail will remain queued that
 # would otherwise bounce. This parameter disables locally-generated
 # bounces, and prevents the SMTP server from rejecting mail permanently
 # (by changing 5xx replies into 4xx replies). However, soft_bounce
 # is no cure for address rewriting mistakes or mail routing mistakes.
 #
 #soft_bounce = no
 # LOCAL PATHNAME INFORMATION
 #
 # The queue_directory specifies the location of the Postfix queue.
 # This is also the root directory of Postfix daemons that run chrooted.
 # See the files in examples/chroot-setup for setting up Postfix chroot
 # environments on different UNIX systems.
 #
 queue_directory = /var/spool/postfix
 # The command_directory parameter specifies the location of all
 # postXXX commands.
 #
 command_directory = /usr/sbin
 # The daemon_directory parameter specifies the location of all Postfix
 # daemon programs (i.e. programs listed in the master.cf file). This
 # directory must be owned by root.
 #
 daemon_directory = /usr/libexec/postfix
 # The data_directory parameter specifies the location of Postfix-writable
 # data files (caches, random numbers). This directory must be owned
 # by the mail_owner account (see below).
 #
 data_directory = /var/lib/postfix
 # QUEUE AND PROCESS OWNERSHIP
 #
 # The mail_owner parameter specifies the owner of the Postfix queue
 # and of most Postfix daemon processes.  Specify the name of a user
 # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
 # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
 # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
 # USER.
 #
 mail_owner = postfix
 # The default_privs parameter specifies the default rights used by
 # the local delivery agent for delivery to external file or command.
 # These rights are used in the absence of a recipient user context.
 # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
 #
 #default_privs = nobody
 # INTERNET HOST AND DOMAIN NAMES
 #
 # The myhostname parameter specifies the internet hostname of this
 # mail system. The default is to use the fully-qualified domain name
 # from gethostname(). $myhostname is used as a default value for many
 # other configuration parameters.
 #
 #myhostname = host.domain.tld
 #myhostname = virtual.domain.tld
 # The mydomain parameter specifies the local internet domain name.
 # The default is to use $myhostname minus the first component.
 # $mydomain is used as a default value for many other configuration
 # parameters.
 #
 #mydomain = domain.tld
 # SENDING MAIL
 #
 # The myorigin parameter specifies the domain that locally-posted
 # mail appears to come from. The default is to append $myhostname,
 # which is fine for small sites.  If you run a domain with multiple
 # machines, you should (1) change this to $mydomain and (2) set up
 # a domain-wide alias database that aliases each user to
 # user@that.users.mailhost.
 #
 # For the sake of consistency between sender and recipient addresses,
 # myorigin also specifies the default domain name that is appended
 # to recipient addresses that have no @domain part.
 #
 #myorigin = $myhostname
 #myorigin = $mydomain
 # RECEIVING MAIL
@@ Zeile 734: / Zeile 761: @@
 # The inet_interfaces parameter specifies the network interface
 # addresses that this mail system receives mail on.  By default,
 # the software claims all active interfaces on the machine. The
 # parameter also controls delivery of mail to user@[ip.address].
 #
 # See also the proxy_interfaces parameter, for network addresses that
 # are forwarded to us via a proxy or network address translator.
 #
 # Note: you need to stop/start Postfix when this parameter changes.
 #
 #inet_interfaces = all
 #inet_interfaces = $myhostname
 #inet_interfaces = $myhostname, localhost
 inet_interfaces = localhost
 # Enable IPv4, and IPv6 if supported
-inet_protocols = all
+#inet_protocols = ipv4
 # The proxy_interfaces parameter specifies the network interface
 # addresses that this mail system receives mail on by way of a
 # proxy or network address translation unit. This setting extends
 # the address list specified with the inet_interfaces parameter.
 #
 # You must specify your proxy/NAT addresses when your system is a
 # backup MX host for other domains, otherwise mail delivery loops
 # will happen when the primary MX host is down.
 #
 #proxy_interfaces =
 #proxy_interfaces = 1.2.3.4
 # The mydestination parameter specifies the list of domains that this
 # machine considers itself the final destination for.
 #
 # These domains are routed to the delivery agent specified with the
 # local_transport parameter setting. By default, that is the UNIX
 # compatible delivery agent that lookups all recipients in /etc/passwd
 # and /etc/aliases or their equivalent.
 #
-# The default is $myhostname + localhost.$mydomain.  On a mail domain
+# The default is $myhostname + localhost.$mydomain + localhost.  On
-# gateway, you should also include $mydomain.
+# a mail domain gateway, you should also include $mydomain.
 #
 # Do not specify the names of virtual domains - those domains are
 # specified elsewhere (see VIRTUAL_README).
 #
 # Do not specify the names of domains that this machine is backup MX
 # host for. Specify those names via the relay_domains settings for
 # the SMTP server, or use permit_mx_backup if you are lazy (see
 # STANDARD_CONFIGURATION_README).
 #
 # The local machine is always the final destination for mail addressed
 # to user@[the.net.work.address] of an interface that the mail system
 # receives mail on (see the inet_interfaces parameter).
 #
 # Specify a list of host or domain names, /file/name or type:table
 # patterns, separated by commas and/or whitespace. A /file/name
 # pattern is replaced by its contents; a type:table is matched when
 # a name matches a lookup key (the right-hand side is ignored).
 # Continue long lines by starting the next line with whitespace.
 #
 # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
 #
 mydestination = $myhostname, localhost.$mydomain, localhost
 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
-#       mail.$mydomain, www.$mydomain, ftp.$mydomain
+#	mail.$mydomain, www.$mydomain, ftp.$mydomain
 # REJECTING MAIL FOR UNKNOWN LOCAL USERS
 #
 # The local_recipient_maps parameter specifies optional lookup tables
 # with all names or addresses of users that are local with respect
 # to $mydestination, $inet_interfaces or $proxy_interfaces.
 #
 # If this parameter is defined, then the SMTP server will reject
 # mail for unknown local users. This parameter is defined by default.
 #
 # To turn off local recipient checking in the SMTP server, specify
 # local_recipient_maps = (i.e. empty).
 #
 # The default setting assumes that you use the default Postfix local
 # delivery agent for local delivery. You need to update the
 # local_recipient_maps setting if:
 #
 # - You define $mydestination domain recipients in files other than
 #   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
 #   For example, you define $mydestination domain recipients in
 #   the $virtual_mailbox_maps files.
 #
 # - You redefine the local delivery agent in master.cf.
 #
 # - You redefine the "local_transport" setting in main.cf.
 #
 # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
 #   feature of the Postfix local delivery agent (see local(8)).
 #
 # Details are described in the LOCAL_RECIPIENT_README file.
 #
 # Beware: if the Postfix SMTP server runs chrooted, you probably have
 # to access the passwd file via the proxymap service, in order to
 # overcome chroot restrictions. The alternative, having a copy of
 # the system passwd file in the chroot jail is just not practical.
 #
 # The right-hand side of the lookup tables is conveniently ignored.
 # In the left-hand side, specify a bare username, an @domain.tld
 # wild-card, or specify a user@domain.tld address.
 #
 #local_recipient_maps = unix:passwd.byname $alias_maps
 #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
 #local_recipient_maps =
 # The unknown_local_recipient_reject_code specifies the SMTP server
 # response code when a recipient domain matches $mydestination or
 # ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
 # and the recipient address or address local-part is not found.
 #
 # The default setting is 550 (reject mail) but it is safer to start
 # with 450 (try again later) until you are certain that your
 # local_recipient_maps settings are OK.
 #
 unknown_local_recipient_reject_code = 550
 # TRUST AND RELAY CONTROL
 # The mynetworks parameter specifies the list of "trusted" SMTP
 # clients that have more privileges than "strangers".
 #
 # In particular, "trusted" SMTP clients are allowed to relay mail
 # through Postfix.  See the smtpd_recipient_restrictions parameter
 # in postconf(5).
 #
 # You can specify the list of "trusted" network addresses by hand
 # or you can let Postfix do it for you (which is the default).
 #
 # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
 # clients in the same IP subnetworks as the local machine.
 # On Linux, this does works correctly only with interfaces specified
 # with the "ifconfig" command.
 #
 # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
 # clients in the same IP class A/B/C networks as the local machine.
 # Don't do this with a dialup site - it would cause Postfix to "trust"
 # your entire provider's network.  Instead, specify an explicit
 # mynetworks list by hand, as described below.
 #
 # Specify "mynetworks_style = host" when Postfix should "trust"
 # only the local machine.
 #
 #mynetworks_style = class
 #mynetworks_style = subnet
 #mynetworks_style = host
 # Alternatively, you can specify the mynetworks list by hand, in
 # which case Postfix ignores the mynetworks_style setting.
 #
 # Specify an explicit list of network/netmask patterns, where the
 # mask specifies the number of bits in the network part of a host
 # address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here. Specify type:table for table-based lookups
 # (the value on the table right-hand side is not used).
 #
 #mynetworks = 168.100.189.0/28, 127.0.0.0/8
 #mynetworks = $config_directory/mynetworks
 #mynetworks = hash:/etc/postfix/network_table
 # The relay_domains parameter restricts what destinations this system will
 # relay mail to.  See the smtpd_recipient_restrictions description in
 # postconf(5) for detailed information.
 #
 # By default, Postfix relays mail
 # - from "trusted" clients (IP address matches $mynetworks) to any destination,
 # - from "untrusted" clients to destinations that match $relay_domains or
 #   subdomains thereof, except addresses with sender-specified routing.
 # The default relay_domains value is $mydestination.
 #
 # In addition to the above, the Postfix SMTP server by default accepts mail
 # that Postfix is final destination for:
 # - destinations that match $inet_interfaces or $proxy_interfaces,
 # - destinations that match $mydestination
 # - destinations that match $virtual_alias_domains,
 # - destinations that match $virtual_mailbox_domains.
 # These destinations do not need to be listed in $relay_domains.
 #
 # Specify a list of hosts or domains, /file/name patterns or type:name
 # lookup tables, separated by commas and/or whitespace.  Continue
 # long lines by starting the next line with whitespace. A file name
 # is replaced by its contents; a type:name table is matched when a
 # (parent) domain appears as lookup key.
 #
 # NOTE: Postfix will not automatically forward mail for domains that
 # list this system as their primary or backup MX host. See the
 # permit_mx_backup restriction description in postconf(5).
 #
 #relay_domains = $mydestination
 # INTERNET OR INTRANET
 # The relayhost parameter specifies the default host to send mail to
 # when no entry is matched in the optional transport(5) table. When
 # no relayhost is given, mail is routed directly to the destination.
 #
 # On an intranet, specify the organizational domain name. If your
 # internal DNS uses no MX records, specify the name of the intranet
 # gateway host instead.
 #
 # In the case of SMTP, specify a domain, host, host:port, [host]:port,
 # [address] or [address]:port; the form [host] turns off MX lookups.
 #
 # If you're connected via UUCP, see also the default_transport parameter.
 #
 #relayhost = $mydomain
 #relayhost = [gateway.my.domain]
 #relayhost = [mailserver.isp.tld]
 #relayhost = uucphost
 #relayhost = [an.ip.add.ress]
 # REJECTING UNKNOWN RELAY USERS
 #
 # The relay_recipient_maps parameter specifies optional lookup tables
 # with all addresses in the domains that match $relay_domains.
 #
 # If this parameter is defined, then the SMTP server will reject
 # mail for unknown relay users. This feature is off by default.
 #
 # The right-hand side of the lookup tables is conveniently ignored.
 # In the left-hand side, specify an @domain.tld wild-card, or specify
 # a user@domain.tld address.
 #
 #relay_recipient_maps = hash:/etc/postfix/relay_recipients
 # INPUT RATE CONTROL
 #
 # The in_flow_delay configuration parameter implements mail input
 # flow control. This feature is turned on by default, although it
 # still needs further development (it's disabled on SCO UNIX due
 # to an SCO bug).
 #
 # A Postfix process will pause for $in_flow_delay seconds before
 # accepting a new message, when the message arrival rate exceeds the
 # message delivery rate. With the default 100 SMTP server process
 # limit, this limits the mail inflow to 100 messages a second more
 # than the number of messages delivered per second.
 #
 # Specify 0 to disable the feature. Valid delays are 0..10.
 #
 #in_flow_delay = 1s
 # ADDRESS REWRITING
 #
 # The ADDRESS_REWRITING_README document gives information about
 # address masquerading or other forms of address rewriting including
 # username->Firstname.Lastname mapping.
 # ADDRESS REDIRECTION (VIRTUAL DOMAIN)
 #
 # The VIRTUAL_README document gives information about the many forms
 # of domain hosting that Postfix supports.
 # "USER HAS MOVED" BOUNCE MESSAGES
 #
 # See the discussion in the ADDRESS_REWRITING_README document.
 # TRANSPORT MAP
 #
 # See the discussion in the ADDRESS_REWRITING_README document.
 # ALIAS DATABASE
 #
 # The alias_maps parameter specifies the list of alias databases used
 # by the local delivery agent. The default list is system dependent.
 #
 # On systems with NIS, the default is to search the local alias
 # database, then the NIS alias database. See aliases(5) for syntax
 # details.
 #
 # If you change the alias database, run "postalias /etc/aliases" (or
 # wherever your system stores the mail alias file), or simply run
 # "newaliases" to build the necessary DBM or DB file.
 #
 # It will take a minute or so before changes become visible.  Use
 # "postfix reload" to eliminate the delay.
 #
 #alias_maps = dbm:/etc/aliases
 alias_maps = hash:/etc/aliases
 #alias_maps = hash:/etc/aliases, nis:mail.aliases
 #alias_maps = netinfo:/aliases
 # The alias_database parameter specifies the alias database(s) that
 # are built with "newaliases" or "sendmail -bi".  This is a separate
 # configuration parameter, because alias_maps (see above) may specify
 # tables that are not necessarily all under control by Postfix.
 #
 #alias_database = dbm:/etc/aliases
 #alias_database = dbm:/etc/mail/aliases
 alias_database = hash:/etc/aliases
 #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
 # ADDRESS EXTENSIONS (e.g., user+foo)
 #
 # The recipient_delimiter parameter specifies the separator between
 # user names and address extensions (user+foo). See canonical(5),
 # local(8), relocated(5) and virtual(5) for the effects this has on
 # aliases, canonical, virtual, relocated and .forward file lookups.
 # Basically, the software tries user+foo and .forward+foo before
 # trying user and .forward.
 #
 #recipient_delimiter = +
 # DELIVERY TO MAILBOX
 #
 # The home_mailbox parameter specifies the optional pathname of a
 # mailbox file relative to a user's home directory. The default
 # mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
 # "Maildir/" for qmail-style delivery (the / is required).
 #
 #home_mailbox = Mailbox
 #home_mailbox = Maildir/
 # The mail_spool_directory parameter specifies the directory where
 # UNIX-style mailboxes are kept. The default setting depends on the
 # system type.
 #
 #mail_spool_directory = /var/mail
 #mail_spool_directory = /var/spool/mail
 # The mailbox_command parameter specifies the optional external
 # command to use instead of mailbox delivery. The command is run as
 # the recipient with proper HOME, SHELL and LOGNAME environment settings.
 # Exception:  delivery for root is done as $default_user.
 #
 # Other environment variables of interest: USER (recipient username),
 # EXTENSION (address extension), DOMAIN (domain part of address),
 # and LOCAL (the address localpart).
 #
 # Unlike other Postfix configuration parameters, the mailbox_command
 # parameter is not subjected to $parameter substitutions. This is to
 # make it easier to specify shell syntax (see example below).
 #
 # Avoid shell meta characters because they will force Postfix to run
 # an expensive shell process. Procmail alone is expensive enough.
 #
 # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
 # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
 #
 #mailbox_command = /some/where/procmail
 #mailbox_command = /some/where/procmail -a "$EXTENSION"
 # The mailbox_transport specifies the optional transport in master.cf
 # to use after processing aliases and .forward files. This parameter
 # has precedence over the mailbox_command, fallback_transport and
 # luser_relay parameters.
 #
 # Specify a string of the form transport:nexthop, where transport is
 # the name of a mail delivery transport defined in master.cf.  The
 # :nexthop part is optional. For more details see the sample transport
 # configuration file.
 #
 # NOTE: if you use this feature for accounts not in the UNIX password
 # file, then you must update the "local_recipient_maps" setting in
 # the main.cf file, otherwise the SMTP server will reject mail for
 # non-UNIX accounts with "User unknown in local recipient table".
 #
 # Cyrus IMAP over LMTP. Specify ``lmtpunix      cmd="lmtpd"
 # listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
 #mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
 # If using the cyrus-imapd IMAP server deliver local mail to the IMAP
 # server using LMTP (Local Mail Transport Protocol), this is prefered
 # over the older cyrus deliver program by setting the
 # mailbox_transport as below:
 #
 # mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
 #
 # The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
 # these settings.
 #
 # local_destination_recipient_limit = 300
 # local_destination_concurrency_limit = 5
 #
 # Of course you should adjust these settings as appropriate for the
 # capacity of the hardware you are using. The recipient limit setting
 # can be used to take advantage of the single instance message store
 # capability of Cyrus. The concurrency limit can be used to control
 # how many simultaneous LMTP sessions will be permitted to the Cyrus
 # message store.
 #
 # Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
 # subsequent line in master.cf.
 #mailbox_transport = cyrus
 # The fallback_transport specifies the optional transport in master.cf
 # to use for recipients that are not found in the UNIX passwd database.
 # This parameter has precedence over the luser_relay parameter.
 #
 # Specify a string of the form transport:nexthop, where transport is
 # the name of a mail delivery transport defined in master.cf.  The
 # :nexthop part is optional. For more details see the sample transport
 # configuration file.
 #
 # NOTE: if you use this feature for accounts not in the UNIX password
 # file, then you must update the "local_recipient_maps" setting in
 # the main.cf file, otherwise the SMTP server will reject mail for
 # non-UNIX accounts with "User unknown in local recipient table".
 #
 #fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
 #fallback_transport =
 # The luser_relay parameter specifies an optional destination address
 # for unknown recipients.  By default, mail for unknown@$mydestination,
 # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
 # as undeliverable.
 #
 # The following expansions are done on luser_relay: $user (recipient
 # username), $shell (recipient shell), $home (recipient home directory),
 # $recipient (full recipient address), $extension (recipient address
 # extension), $domain (recipient domain), $local (entire recipient
 # localpart), $recipient_delimiter. Specify ${name?value} or
 # ${name:value} to expand value only when $name does (does not) exist.
 #
 # luser_relay works only for the default Postfix local delivery agent.
 #
 # NOTE: if you use this feature for accounts not in the UNIX password
 # file, then you must specify "local_recipient_maps =" (i.e. empty) in
 # the main.cf file, otherwise the SMTP server will reject mail for
 # non-UNIX accounts with "User unknown in local recipient table".
 #
 #luser_relay = $user@other.host
 #luser_relay = $local@other.host
 #luser_relay = admin+$local
 # JUNK MAIL CONTROLS
 #
 # The controls listed here are only a very small subset. The file
 # SMTPD_ACCESS_README provides an overview.
 # The header_checks parameter specifies an optional table with patterns
 # that each logical message header is matched against, including
 # headers that span multiple physical lines.
 #
 # By default, these patterns also apply to MIME headers and to the
 # headers of attached messages. With older Postfix versions, MIME and
 # attached message headers were treated as body text.
 #
 # For details, see "man header_checks".
 #
 #header_checks = regexp:/etc/postfix/header_checks
 # FAST ETRN SERVICE
 #
 # Postfix maintains per-destination logfiles with information about
 # deferred mail, so that mail can be flushed quickly with the SMTP
 # "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
 # See the ETRN_README document for a detailed description.
 #
 # The fast_flush_domains parameter controls what destinations are
 # eligible for this service. By default, they are all domains that
 # this server is willing to relay mail to.
 #
 #fast_flush_domains = $relay_domains
 # SHOW SOFTWARE VERSION OR NOT
 #
 # The smtpd_banner parameter specifies the text that follows the 220
 # code in the SMTP server's greeting banner. Some people like to see
 # the mail version advertised. By default, Postfix shows no version.
 #
 # You MUST specify $myhostname at the start of the text. That is an
 # RFC requirement. Postfix itself does not care.
 #
 #smtpd_banner = $myhostname ESMTP $mail_name
 #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
 # PARALLEL DELIVERY TO THE SAME DESTINATION
 #
 # How many parallel deliveries to the same user or domain? With local
 # delivery, it does not make sense to do massively parallel delivery
 # to the same user, because mailbox updates must happen sequentially,
 # and expensive pipelines in .forward files can cause disasters when
 # too many are run at the same time. With SMTP deliveries, 10
 # simultaneous connections to the same domain could be sufficient to
 # raise eyebrows.
 #
 # Each message delivery transport has its XXX_destination_concurrency_limit
 # parameter.  The default is $default_destination_concurrency_limit for
 # most delivery transports. For the local delivery agent the default is 2.
 #local_destination_concurrency_limit = 2
@@ Zeile 1222: / Zeile 1249: @@
 # DEBUGGING CONTROL
 #
 # The debug_peer_level parameter specifies the increment in verbose
 # logging level when an SMTP client or server host name or address
 # matches a pattern in the debug_peer_list parameter.
 #
 debug_peer_level = 2
 # The debug_peer_list parameter specifies an optional list of domain
 # or network patterns, /file/name patterns or type:name tables. When
 # an SMTP client or server host name or address matches a pattern,
 # increase the verbose logging level by the amount specified in the
 # debug_peer_level parameter.
 #
 #debug_peer_list = 127.0.0.1
 #debug_peer_list = some.domain
 # The debugger_command specifies the external command that is executed
 # when a Postfix daemon program is run with the -D option.
 #
 # Use "command .. & sleep 5" so that the debugger can attach before
 # the process marches on. If you use an X-based debugger, be sure to
 # set up your XAUTHORITY environment variable before starting Postfix.
 #
 debugger_command =
-         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
-         ddd $daemon_directory/$process_name $process_id & sleep 5
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
 # If you can't use X, use this to capture the call stack when a
 # daemon crashes. The result is in a file in the configuration
 # directory, and is named after the process name and the process ID.
 #
 # debugger_command =
-#       PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
+#	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
-#       echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
+#	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
-#       >$config_directory/$process_name.$process_id.log & sleep 5
+#	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
 # debugger_command =
-#       PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
+#	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
-#       -dmS $process_name gdb $daemon_directory/$process_name
+#	-dmS $process_name gdb $daemon_directory/$process_name
-#       $process_id & sleep 1
+#	$process_id & sleep 1
 # INSTALL-TIME CONFIGURATION INFORMATION
 #
 # The following parameters are used when installing a new Postfix version.
 #
 # sendmail_path: The full pathname of the Postfix sendmail command.
 # This is the Sendmail-compatible mail posting interface.
 #
 sendmail_path = /usr/sbin/sendmail.postfix
@@ Zeile 1284: / Zeile 1311: @@
 # mailq_path: The full pathname of the Postfix mailq command.  This
 # is the Sendmail-compatible mail queue listing command.
 #
 mailq_path = /usr/bin/mailq.postfix
@@ Zeile 1304: / Zeile 1331: @@
 # This parameter is obsolete as of Postfix 2.1.
 #
-sample_directory = /usr/share/doc/postfix-2.11.1/samples
+sample_directory = /usr/share/doc/postfix-3.3.2/samples
 # readme_directory: The location of the Postfix README files.
 #
-readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES
+readme_directory = /usr/share/doc/postfix-3.3.2/README_FILES
-</file>
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib/postfix</file>
 Mit Hilfe des Programms **postconf** können wir während des laufenden Betriebes einzelnen Parameter, abfragen und auch ändern. Wollen wir uns alle Definitionen ansehen, die von den Standardvorgaben abweichen, verwenden wir den folgenden Aufruf:
@@ Zeile 1316: / Zeile 1344: @@
 alias_maps = hash:/etc/aliases
 command_directory = /usr/sbin
-config_directory = /etc/postfix
+compatibility_level = 2
 daemon_directory = /usr/libexec/postfix
 data_directory = /var/lib/postfix
@@ Zeile 1323: / Zeile 1351: @@
 html_directory = no
 inet_interfaces = localhost
-inet_protocols = all
 mail_owner = postfix
 mailq_path = /usr/bin/mailq.postfix
 manpage_directory = /usr/share/man
+meta_directory = /etc/postfix
 mydestination = $myhostname, localhost.$mydomain, localhost
 newaliases_path = /usr/bin/newaliases.postfix
 queue_directory = /var/spool/postfix
-readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES
+readme_directory = /usr/share/doc/postfix-3.3.2/README_FILES
-sample_directory = /usr/share/doc/postfix-2.11.1/samples
+sample_directory = /usr/share/doc/postfix-3.3.2/samples
 sendmail_path = /usr/sbin/sendmail.postfix
 setgid_group = postdrop
+shlib_directory = /usr/lib/postfix
 unknown_local_recipient_reject_code = 550
 </code>
 Wollen wir uns alle Standard-Definitionen ansehen verwenden wir den folgenden Aufruf:
-  # postconf -d
+   # postconf -d
-<code>2bounce_notice_recipient = postmaster
-access_map_defer_code = 450
+<code>2bounce_notice_recipient = postmaster
-access_map_reject_code = 554
+access_map_defer_code = 450
-address_verify_cache_cleanup_interval = 12h
+access_map_reject_code = 554
-address_verify_default_transport = $default_transport
+address_verify_cache_cleanup_interval = 12h
-address_verify_local_transport = $local_transport
+address_verify_default_transport = $default_transport
-address_verify_map = btree:$data_directory/verify_cache
+address_verify_local_transport = $local_transport
-address_verify_negative_cache = yes
+address_verify_map = btree:$data_directory/verify_cache
-address_verify_negative_expire_time = 3d
+address_verify_negative_cache = yes
-address_verify_negative_refresh_time = 3h
+address_verify_negative_expire_time = 3d
-address_verify_poll_count = ${stress?1}${stress:3}
+address_verify_negative_refresh_time = 3h
-address_verify_poll_delay = 3s
+address_verify_pending_request_limit = 5000
-address_verify_positive_expire_time = 31d
+address_verify_poll_count = ${stress?{1}:{3}}
-address_verify_positive_refresh_time = 7d
+address_verify_poll_delay = 3s
-address_verify_relay_transport = $relay_transport
+address_verify_positive_expire_time = 31d
-address_verify_relayhost = $relayhost
+address_verify_positive_refresh_time = 7d
-address_verify_sender = $double_bounce_sender
+address_verify_relay_transport = $relay_transport
-address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
+address_verify_relayhost = $relayhost
-address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
+address_verify_sender = $double_bounce_sender
-address_verify_sender_ttl = 0s
+address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
-address_verify_service_name = verify
+address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
-address_verify_transport_maps = $transport_maps
+address_verify_sender_ttl = 0s
-address_verify_virtual_transport = $virtual_transport
+address_verify_service_name = verify
-alias_database = hash:/etc/aliases
+address_verify_transport_maps = $transport_maps
-alias_maps = hash:/etc/aliases, nis:mail.aliases
+address_verify_virtual_transport = $virtual_transport
-allow_mail_to_commands = alias, forward
+alias_database = hash:/etc/aliases
-allow_mail_to_files = alias, forward
+alias_maps = hash:/etc/aliases, nis:mail.aliases
-allow_min_user = no
+allow_mail_to_commands = alias, forward
-allow_percent_hack = yes
+allow_mail_to_files = alias, forward
-allow_untrusted_routing = no
+allow_min_user = no
-alternate_config_directories =
+allow_percent_hack = yes
-always_add_missing_headers = no
+allow_untrusted_routing = no
-always_bcc =
+alternate_config_directories =
-anvil_rate_time_unit = 60s
+always_add_missing_headers = no
-anvil_status_update_time = 600s
+always_bcc =
-append_at_myorigin = yes
+anvil_rate_time_unit = 60s
-append_dot_mydomain = yes
+anvil_status_update_time = 600s
-application_event_drain_time = 100s
+append_at_myorigin = yes
-authorized_flush_users = static:anyone
+append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}}
-authorized_mailq_users = static:anyone
+application_event_drain_time = 100s
-authorized_submit_users = static:anyone
+authorized_flush_users = static:anyone
-backwards_bounce_logfile_compatibility = yes
+authorized_mailq_users = static:anyone
-berkeley_db_create_buffer_size = 16777216
+authorized_submit_users = static:anyone
-berkeley_db_read_buffer_size = 131072
+backwards_bounce_logfile_compatibility = yes
-best_mx_transport =
+berkeley_db_create_buffer_size = 16777216
-biff = yes
+berkeley_db_read_buffer_size = 131072
-body_checks =
+best_mx_transport =
-body_checks_size_limit = 51200
+biff = yes
-bounce_notice_recipient = postmaster
+body_checks =
-bounce_queue_lifetime = 5d
+body_checks_size_limit = 51200
-bounce_service_name = bounce
+bounce_notice_recipient = postmaster
-bounce_size_limit = 50000
+bounce_queue_lifetime = 5d
-bounce_template_file =
+bounce_service_name = bounce
-broken_sasl_auth_clients = no
+bounce_size_limit = 50000
-canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
+bounce_template_file =
-canonical_maps =
+broken_sasl_auth_clients = no
-cleanup_service_name = cleanup
+canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
-command_directory = /usr/sbin
+canonical_maps =
-command_execution_directory =
+cleanup_service_name = cleanup
-command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+command_directory = /usr/sbin
-command_time_limit = 1000s
+command_execution_directory =
-config_directory = /etc/postfix
+command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
-connection_cache_protocol_timeout = 5s
+command_time_limit = 1000s
-connection_cache_service_name = scache
+compatibility_level = 0
-connection_cache_status_update_time = 600s
+config_directory = /etc/postfix
-connection_cache_ttl_limit = 2s
+confirm_delay_cleared = no
-content_filter =
+connection_cache_protocol_timeout = 5s
-cyrus_sasl_config_path =
+connection_cache_service_name = scache
-daemon_directory = /usr/libexec/postfix
+connection_cache_status_update_time = 600s
-daemon_table_open_error_is_fatal = no
+connection_cache_ttl_limit = 2s
-daemon_timeout = 18000s
+content_filter =
-data_directory = /var/lib/postfix
+cyrus_sasl_config_path =
-debug_peer_level = 2
+daemon_directory = /usr/libexec/postfix
-debug_peer_list =
+daemon_table_open_error_is_fatal = no
-debugger_command =
+daemon_timeout = 18000s
-default_database_type = hash
+data_directory = /var/lib/postfix
-default_delivery_slot_cost = 5
+debug_peer_level = 2
-default_delivery_slot_discount = 50
+debug_peer_list =
-default_delivery_slot_loan = 3
+debugger_command =
-default_destination_concurrency_failed_cohort_limit = 1
+default_database_type = hash
-default_destination_concurrency_limit = 20
+default_delivery_slot_cost = 5
-default_destination_concurrency_negative_feedback = 1
+default_delivery_slot_discount = 50
-default_destination_concurrency_positive_feedback = 1
+default_delivery_slot_loan = 3
-default_destination_rate_delay = 0s
+default_delivery_status_filter =
-default_destination_recipient_limit = 50
+default_destination_concurrency_failed_cohort_limit = 1
-default_extra_recipient_limit = 1000
+default_destination_concurrency_limit = 20
-default_filter_nexthop =
+default_destination_concurrency_negative_feedback = 1
-default_minimum_delivery_slots = 3
+default_destination_concurrency_positive_feedback = 1
-default_privs = nobody
+default_destination_rate_delay = 0s
-default_process_limit = 100
+default_destination_recipient_limit = 50
-default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
+default_extra_recipient_limit = 1000
-default_recipient_limit = 20000
+default_filter_nexthop =
-default_recipient_refill_delay = 5s
+default_minimum_delivery_slots = 3
-default_recipient_refill_limit = 100
+default_privs = nobody
-default_transport = smtp
+default_process_limit = 100
-default_verp_delimiters = +=
+default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
-defer_code = 450
+default_recipient_limit = 20000
-defer_service_name = defer
+default_recipient_refill_delay = 5s
-defer_transports =
+default_recipient_refill_limit = 100
-delay_logging_resolution_limit = 2
+default_transport = smtp
-delay_notice_recipient = postmaster
+default_transport_rate_delay = 0s
-delay_warning_time = 0h
+default_verp_delimiters = +=
-deliver_lock_attempts = 20
+defer_code = 450
-deliver_lock_delay = 1s
+defer_service_name = defer
-destination_concurrency_feedback_debug = no
+defer_transports =
-detect_8bit_encoding_header = yes
+delay_logging_resolution_limit = 2
-disable_dns_lookups = no
+delay_notice_recipient = postmaster
-disable_mime_input_processing = no
+delay_warning_time = 0h
-disable_mime_output_conversion = no
+deliver_lock_attempts = 20
-disable_verp_bounces = no
+deliver_lock_delay = 1s
-disable_vrfy_command = no
+destination_concurrency_feedback_debug = no
-dnsblog_reply_delay = 0s
+detect_8bit_encoding_header = yes
-dnsblog_service_name = dnsblog
+disable_dns_lookups = no
-dont_remove = 0
+disable_mime_input_processing = no
-double_bounce_sender = double-bounce
+disable_mime_output_conversion = no
-duplicate_filter_limit = 1000
+disable_verp_bounces = no
-empty_address_default_transport_maps_lookup_key = <>
+disable_vrfy_command = no
-empty_address_recipient = MAILER-DAEMON
+dns_ncache_ttl_fix_enable = no
-empty_address_relayhost_maps_lookup_key = <>
+dnsblog_reply_delay = 0s
-enable_long_queue_ids = no
+dnsblog_service_name = dnsblog
-enable_original_recipient = yes
+dont_remove = 0
-error_delivery_slot_cost = $default_delivery_slot_cost
+double_bounce_sender = double-bounce
-error_delivery_slot_discount = $default_delivery_slot_discount
+duplicate_filter_limit = 1000
-error_delivery_slot_loan = $default_delivery_slot_loan
+empty_address_default_transport_maps_lookup_key = <>
-error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+empty_address_recipient = MAILER-DAEMON
-error_destination_concurrency_limit = $default_destination_concurrency_limit
+empty_address_relayhost_maps_lookup_key = <>
-error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+enable_idna2003_compatibility = no
-error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+enable_long_queue_ids = no
-error_destination_rate_delay = $default_destination_rate_delay
+enable_original_recipient = yes
-error_destination_recipient_limit = $default_destination_recipient_limit
+error_delivery_slot_cost = $default_delivery_slot_cost
-error_extra_recipient_limit = $default_extra_recipient_limit
+error_delivery_slot_discount = $default_delivery_slot_discount
-error_initial_destination_concurrency = $initial_destination_concurrency
+error_delivery_slot_loan = $default_delivery_slot_loan
-error_minimum_delivery_slots = $default_minimum_delivery_slots
+error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-error_notice_recipient = postmaster
+error_destination_concurrency_limit = $default_destination_concurrency_limit
-error_recipient_limit = $default_recipient_limit
+error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-error_recipient_refill_delay = $default_recipient_refill_delay
+error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-error_recipient_refill_limit = $default_recipient_refill_limit
+error_destination_rate_delay = $default_destination_rate_delay
-error_service_name = error
+error_destination_recipient_limit = $default_destination_recipient_limit
-execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+error_extra_recipient_limit = $default_extra_recipient_limit
-expand_owner_alias = no
+error_initial_destination_concurrency = $initial_destination_concurrency
-export_environment = TZ MAIL_CONFIG LANG
+error_minimum_delivery_slots = $default_minimum_delivery_slots
-fallback_transport =
+error_notice_recipient = postmaster
-fallback_transport_maps =
+error_recipient_limit = $default_recipient_limit
-fast_flush_domains = $relay_domains
+error_recipient_refill_delay = $default_recipient_refill_delay
-fast_flush_purge_time = 7d
+error_recipient_refill_limit = $default_recipient_refill_limit
-fast_flush_refresh_time = 12h
+error_service_name = error
-fault_injection_code = 0
+error_transport_rate_delay = $default_transport_rate_delay
-flush_service_name = flush
+execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
-fork_attempts = 5
+expand_owner_alias = no
-fork_delay = 1s
+export_environment = TZ MAIL_CONFIG LANG
-forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+fallback_transport =
-forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
+fallback_transport_maps =
-frozen_delivered_to = yes
+fast_flush_domains = $relay_domains
-hash_queue_depth = 1
+fast_flush_purge_time = 7d
-hash_queue_names = deferred, defer
+fast_flush_refresh_time = 12h
-header_address_token_limit = 10240
+fault_injection_code = 0
-header_checks =
+flush_service_name = flush
-header_size_limit = 102400
+fork_attempts = 5
-helpful_warnings = yes
+fork_delay = 1s
-home_mailbox =
+forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
-hopcount_limit = 50
+forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
-html_directory = no
+frozen_delivered_to = yes
-ignore_mx_lookup_error = no
+hash_queue_depth = 1
-import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
+hash_queue_names = deferred, defer
-in_flow_delay = 1s
+header_address_token_limit = 10240
-inet_interfaces = all
+header_checks =
-inet_protocols = all
+header_from_format = standard
-initial_destination_concurrency = 5
+header_size_limit = 102400
-internal_mail_filter_classes =
+helpful_warnings = yes
-invalid_hostname_reject_code = 501
+home_mailbox =
-ipc_idle = 5s
+hopcount_limit = 50
-ipc_timeout = 3600s
+html_directory = no
-ipc_ttl = 1000s
+ignore_mx_lookup_error = no
-line_length_limit = 2048
+import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
-lmdb_map_size = 16777216
+in_flow_delay = 1s
-lmtp_address_preference = any
+inet_interfaces = all
-lmtp_assume_final = no
+inet_protocols = all
-lmtp_bind_address =
+initial_destination_concurrency = 5
-lmtp_bind_address6 =
+internal_mail_filter_classes =
-lmtp_body_checks =
+invalid_hostname_reject_code = 501
-lmtp_cname_overrides_servername = no
+ipc_idle = 5s
-lmtp_connect_timeout = 0s
+ipc_timeout = 3600s
-lmtp_connection_cache_destinations =
+ipc_ttl = 1000s
-lmtp_connection_cache_on_demand = yes
+line_length_limit = 2048
-lmtp_connection_cache_time_limit = 2s
+lmdb_map_size = 16777216
-lmtp_connection_reuse_count_limit = 0
+lmtp_address_preference = any
-lmtp_connection_reuse_time_limit = 300s
+lmtp_address_verify_target = rcpt
-lmtp_data_done_timeout = 600s
+lmtp_assume_final = no
-lmtp_data_init_timeout = 120s
+lmtp_balance_inet_protocols = yes
-lmtp_data_xfer_timeout = 180s
+lmtp_bind_address =
-lmtp_defer_if_no_mx_address_found = no
+lmtp_bind_address6 =
-lmtp_delivery_slot_cost = $default_delivery_slot_cost
+lmtp_body_checks =
-lmtp_delivery_slot_discount = $default_delivery_slot_discount
+lmtp_cname_overrides_servername = no
-lmtp_delivery_slot_loan = $default_delivery_slot_loan
+lmtp_connect_timeout = 0s
-lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+lmtp_connection_cache_destinations =
-lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
+lmtp_connection_cache_on_demand = yes
-lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+lmtp_connection_cache_time_limit = 2s
-lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+lmtp_connection_reuse_count_limit = 0
-lmtp_destination_rate_delay = $default_destination_rate_delay
+lmtp_connection_reuse_time_limit = 300s
-lmtp_destination_recipient_limit = $default_destination_recipient_limit
+lmtp_data_done_timeout = 600s
-lmtp_discard_lhlo_keyword_address_maps =
+lmtp_data_init_timeout = 120s
-lmtp_discard_lhlo_keywords =
+lmtp_data_xfer_timeout = 180s
-lmtp_dns_resolver_options =
+lmtp_defer_if_no_mx_address_found = no
-lmtp_dns_support_level =
+lmtp_delivery_slot_cost = $default_delivery_slot_cost
-lmtp_enforce_tls = no
+lmtp_delivery_slot_discount = $default_delivery_slot_discount
-lmtp_extra_recipient_limit = $default_extra_recipient_limit
+lmtp_delivery_slot_loan = $default_delivery_slot_loan
-lmtp_generic_maps =
+lmtp_delivery_status_filter = $default_delivery_status_filter
-lmtp_header_checks =
+lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-lmtp_host_lookup = dns
+lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
-lmtp_initial_destination_concurrency = $initial_destination_concurrency
+lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-lmtp_lhlo_name = $myhostname
+lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-lmtp_lhlo_timeout = 300s
+lmtp_destination_rate_delay = $default_destination_rate_delay
-lmtp_line_length_limit = 998
+lmtp_destination_recipient_limit = $default_destination_recipient_limit
-lmtp_mail_timeout = 300s
+lmtp_discard_lhlo_keyword_address_maps =
-lmtp_mime_header_checks =
+lmtp_discard_lhlo_keywords =
-lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
+lmtp_dns_reply_filter =
-lmtp_mx_address_limit = 5
+lmtp_dns_resolver_options =
-lmtp_mx_session_limit = 2
+lmtp_dns_support_level =
-lmtp_nested_header_checks =
+lmtp_enforce_tls = no
-lmtp_per_record_deadline = no
+lmtp_extra_recipient_limit = $default_extra_recipient_limit
-lmtp_pix_workaround_delay_time = 10s
+lmtp_fallback_relay =
-lmtp_pix_workaround_maps =
+lmtp_generic_maps =
-lmtp_pix_workaround_threshold_time = 500s
+lmtp_header_checks =
-lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
+lmtp_host_lookup = dns
-lmtp_quit_timeout = 300s
+lmtp_initial_destination_concurrency = $initial_destination_concurrency
-lmtp_quote_rfc821_envelope = yes
+lmtp_lhlo_name = $myhostname
-lmtp_randomize_addresses = yes
+lmtp_lhlo_timeout = 300s
-lmtp_rcpt_timeout = 300s
+lmtp_line_length_limit = 998
-lmtp_recipient_limit = $default_recipient_limit
+lmtp_mail_timeout = 300s
-lmtp_recipient_refill_delay = $default_recipient_refill_delay
+lmtp_mime_header_checks =
-lmtp_recipient_refill_limit = $default_recipient_refill_limit
+lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
-lmtp_reply_filter =
+lmtp_mx_address_limit = 5
-lmtp_rset_timeout = 20s
+lmtp_mx_session_limit = 2
-lmtp_sasl_auth_cache_name =
+lmtp_nested_header_checks =
-lmtp_sasl_auth_cache_time = 90d
+lmtp_per_record_deadline = no
-lmtp_sasl_auth_enable = no
+lmtp_pix_workaround_delay_time = 10s
-lmtp_sasl_auth_soft_bounce = yes
+lmtp_pix_workaround_maps =
-lmtp_sasl_mechanism_filter =
+lmtp_pix_workaround_threshold_time = 500s
-lmtp_sasl_password_maps =
+lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
-lmtp_sasl_path =
+lmtp_quit_timeout = 300s
-lmtp_sasl_security_options = noplaintext, noanonymous
+lmtp_quote_rfc821_envelope = yes
-lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
+lmtp_randomize_addresses = yes
-lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
+lmtp_rcpt_timeout = 300s
-lmtp_sasl_type = cyrus
+lmtp_recipient_limit = $default_recipient_limit
-lmtp_send_dummy_mail_auth = no
+lmtp_recipient_refill_delay = $default_recipient_refill_delay
-lmtp_send_xforward_command = no
+lmtp_recipient_refill_limit = $default_recipient_refill_limit
-lmtp_sender_dependent_authentication = no
+lmtp_reply_filter =
-lmtp_skip_5xx_greeting = yes
+lmtp_rset_timeout = 20s
-lmtp_skip_quit_response = no
+lmtp_sasl_auth_cache_name =
-lmtp_starttls_timeout = 300s
+lmtp_sasl_auth_cache_time = 90d
-lmtp_tcp_port = 24
+lmtp_sasl_auth_enable = no
-lmtp_tls_CAfile =
+lmtp_sasl_auth_soft_bounce = yes
-lmtp_tls_CApath =
+lmtp_sasl_mechanism_filter =
-lmtp_tls_block_early_mail_reply = no
+lmtp_sasl_password_maps =
-lmtp_tls_cert_file =
+lmtp_sasl_path =
-lmtp_tls_ciphers = medium
+lmtp_sasl_security_options = noplaintext, noanonymous
-lmtp_tls_dcert_file =
+lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
-lmtp_tls_dkey_file = $lmtp_tls_dcert_file
+lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
-lmtp_tls_eccert_file =
+lmtp_sasl_type = cyrus
-lmtp_tls_eckey_file = $lmtp_tls_eccert_file
+lmtp_send_dummy_mail_auth = no
-lmtp_tls_enforce_peername = yes
+lmtp_send_xforward_command = no
-lmtp_tls_exclude_ciphers =
+lmtp_sender_dependent_authentication = no
-lmtp_tls_fingerprint_cert_match =
+lmtp_skip_5xx_greeting = yes
-lmtp_tls_fingerprint_digest = md5
+lmtp_skip_quit_response = no
-lmtp_tls_force_insecure_host_tlsa_lookup = no
+lmtp_starttls_timeout = 300s
-lmtp_tls_key_file = $lmtp_tls_cert_file
+lmtp_tcp_port = 24
-lmtp_tls_loglevel = 0
+lmtp_tls_CAfile =
-lmtp_tls_mandatory_ciphers = medium
+lmtp_tls_CApath =
-lmtp_tls_mandatory_exclude_ciphers =
+lmtp_tls_block_early_mail_reply = no
-lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+lmtp_tls_cert_file =
-lmtp_tls_note_starttls_offer = no
+lmtp_tls_ciphers = medium
-lmtp_tls_per_site =
+lmtp_tls_dcert_file =
-lmtp_tls_policy_maps =
+lmtp_tls_dkey_file = $lmtp_tls_dcert_file
-lmtp_tls_protocols = !SSLv2, !SSLv3
+lmtp_tls_eccert_file =
-lmtp_tls_scert_verifydepth = 9
+lmtp_tls_eckey_file = $lmtp_tls_eccert_file
-lmtp_tls_secure_cert_match = nexthop
+lmtp_tls_enforce_peername = yes
-lmtp_tls_security_level =
+lmtp_tls_exclude_ciphers =
-lmtp_tls_session_cache_database =
+lmtp_tls_fingerprint_cert_match =
-lmtp_tls_session_cache_timeout = 3600s
+lmtp_tls_fingerprint_digest = md5
-lmtp_tls_trust_anchor_file =
+lmtp_tls_force_insecure_host_tlsa_lookup = no
-lmtp_tls_verify_cert_match = hostname
+lmtp_tls_key_file = $lmtp_tls_cert_file
-lmtp_use_tls = no
+lmtp_tls_loglevel = 0
-lmtp_xforward_timeout = 300s
+lmtp_tls_mandatory_ciphers = medium
-lmtps_delivery_slot_cost = $default_delivery_slot_cost
+lmtp_tls_mandatory_exclude_ciphers =
-lmtps_delivery_slot_discount = $default_delivery_slot_discount
+lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
-lmtps_delivery_slot_loan = $default_delivery_slot_loan
+lmtp_tls_note_starttls_offer = no
-lmtps_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+lmtp_tls_per_site =
-lmtps_destination_concurrency_limit = $default_destination_concurrency_limit
+lmtp_tls_policy_maps =
-lmtps_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+lmtp_tls_protocols = !SSLv2, !SSLv3
-lmtps_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+lmtp_tls_scert_verifydepth = 9
-lmtps_destination_rate_delay = $default_destination_rate_delay
+lmtp_tls_secure_cert_match = nexthop
-lmtps_destination_recipient_limit = $default_destination_recipient_limit
+lmtp_tls_security_level =
-lmtps_extra_recipient_limit = $default_extra_recipient_limit
+lmtp_tls_session_cache_database =
-lmtps_initial_destination_concurrency = $initial_destination_concurrency
+lmtp_tls_session_cache_timeout = 3600s
-lmtps_minimum_delivery_slots = $default_minimum_delivery_slots
+lmtp_tls_trust_anchor_file =
-lmtps_recipient_limit = $default_recipient_limit
+lmtp_tls_verify_cert_match = hostname
-lmtps_recipient_refill_delay = $default_recipient_refill_delay
+lmtp_tls_wrappermode = no
-lmtps_recipient_refill_limit = $default_recipient_refill_limit
+lmtp_transport_rate_delay = $default_transport_rate_delay
-local_command_shell =
+lmtp_use_tls = no
-local_delivery_slot_cost = $default_delivery_slot_cost
+lmtp_xforward_timeout = 300s
-local_delivery_slot_discount = $default_delivery_slot_discount
+local_command_shell =
-local_delivery_slot_loan = $default_delivery_slot_loan
+local_delivery_slot_cost = $default_delivery_slot_cost
-local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+local_delivery_slot_discount = $default_delivery_slot_discount
-local_destination_concurrency_limit = 2
+local_delivery_slot_loan = $default_delivery_slot_loan
-local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+local_delivery_status_filter = $default_delivery_status_filter
-local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-local_destination_rate_delay = $default_destination_rate_delay
+local_destination_concurrency_limit = 2
-local_destination_recipient_limit = 1
+local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-local_extra_recipient_limit = $default_extra_recipient_limit
+local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-local_header_rewrite_clients = permit_inet_interfaces
+local_destination_rate_delay = $default_destination_rate_delay
-local_initial_destination_concurrency = $initial_destination_concurrency
+local_destination_recipient_limit = 1
-local_minimum_delivery_slots = $default_minimum_delivery_slots
+local_extra_recipient_limit = $default_extra_recipient_limit
-local_recipient_limit = $default_recipient_limit
+local_header_rewrite_clients = permit_inet_interfaces
-local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+local_initial_destination_concurrency = $initial_destination_concurrency
-local_recipient_refill_delay = $default_recipient_refill_delay
+local_minimum_delivery_slots = $default_minimum_delivery_slots
-local_recipient_refill_limit = $default_recipient_refill_limit
+local_recipient_limit = $default_recipient_limit
-local_transport = local:$myhostname
+local_recipient_maps = proxy:unix:passwd.byname $alias_maps
-luser_relay =
+local_recipient_refill_delay = $default_recipient_refill_delay
-mail_name = Postfix
+local_recipient_refill_limit = $default_recipient_refill_limit
-mail_owner = postfix
+local_transport = local:$myhostname
-mail_release_date = 20150720
+local_transport_rate_delay = $default_transport_rate_delay
-mail_spool_directory = /var/mail
+luser_relay =
-mail_version = 2.11.6
+mail_name = Postfix
-mailbox_command =
+mail_owner = postfix
-mailbox_command_maps =
+mail_release_date = 20181124
-mailbox_delivery_lock = fcntl, dotlock
+mail_spool_directory = /var/mail
-mailbox_size_limit = 51200000
+mail_version = 3.3.2
-mailbox_transport =
+mailbox_command =
-mailbox_transport_maps =
+mailbox_command_maps =
-mailq_path = /usr/bin/mailq
+mailbox_delivery_lock = fcntl, dotlock
-manpage_directory = /usr/local/man
+mailbox_size_limit = 51200000
-maps_rbl_domains =
+mailbox_transport =
-maps_rbl_reject_code = 554
+mailbox_transport_maps =
-masquerade_classes = envelope_sender, header_sender, header_recipient
+mailq_path = /usr/bin/mailq
-masquerade_domains =
+manpage_directory = /usr/local/man
-masquerade_exceptions =
+maps_rbl_domains =
-master_service_disable =
+maps_rbl_reject_code = 554
-max_idle = 100s
+masquerade_classes = envelope_sender, header_sender, header_recipient
-max_use = 100
+masquerade_domains =
-maximal_backoff_time = 4000s
+masquerade_exceptions =
-maximal_queue_lifetime = 5d
+master_service_disable =
-message_reject_characters =
+max_idle = 100s
-message_size_limit = 10240000
+max_use = 100
-message_strip_characters =
+maximal_backoff_time = 4000s
-milter_command_timeout = 30s
+maximal_queue_lifetime = 5d
-milter_connect_macros = j {daemon_name} v
+message_drop_headers = bcc, content-length, resent-bcc, return-path
-milter_connect_timeout = 30s
+message_reject_characters =
-milter_content_timeout = 300s
+message_size_limit = 10240000
-milter_data_macros = i
+message_strip_characters =
-milter_default_action = tempfail
+meta_directory = /etc/postfix
-milter_end_of_data_macros = i
+milter_command_timeout = 30s
-milter_end_of_header_macros = i
+milter_connect_macros = j {daemon_name} {daemon_addr} v
-milter_header_checks =
+milter_connect_timeout = 30s
-milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
+milter_content_timeout = 300s
-milter_macro_daemon_name = $myhostname
+milter_data_macros = i
-milter_macro_v = $mail_name $mail_version
+milter_default_action = tempfail
-milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
+milter_end_of_data_macros = i
-milter_protocol = 6
+milter_end_of_header_macros = i
-milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
+milter_header_checks =
-milter_unknown_command_macros =
+milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
-mime_boundary_length_limit = 2048
+milter_macro_daemon_name = $myhostname
-mime_header_checks = $header_checks
+milter_macro_defaults =
-mime_nesting_limit = 100
+milter_macro_v = $mail_name $mail_version
-minimal_backoff_time = 300s
+milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
-multi_instance_directories =
+milter_protocol = 6
-multi_instance_enable = no
+milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
-multi_instance_group =
+milter_unknown_command_macros =
-multi_instance_name =
+mime_boundary_length_limit = 2048
-multi_instance_wrapper =
+mime_header_checks = $header_checks
-multi_recipient_bounce_reject_code = 550
+mime_nesting_limit = 100
-mydestination = $myhostname, localhost.$mydomain, localhost
+minimal_backoff_time = 300s
-mydomain = dmz.nausch.org
+multi_instance_directories =
-myhostname = vml000087.dmz.nausch.org
+multi_instance_enable = no
-mynetworks = 127.0.0.0/8 10.0.0.0/24 [::1]/128 [fe80::]/64
+multi_instance_group =
-mynetworks_style = subnet
+multi_instance_name =
-myorigin = $myhostname
+multi_instance_wrapper =
-nested_header_checks = $header_checks
+multi_recipient_bounce_reject_code = 550
-newaliases_path = /usr/bin/newaliases
+mydestination = $myhostname, localhost.$mydomain, localhost
-non_fqdn_reject_code = 504
+mydomain = dmz.nausch.org
-non_smtpd_milters =
+myhostname = vml000080.dmz.nausch.org
-notify_classes = resource, software
+mynetworks = 127.0.0.0/8 10.0.0.0/24 [::1]/128 [fe80::]/64
-owner_request_special = yes
+mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}}
-parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
+myorigin = $myhostname
-permit_mx_backup_networks =
+nested_header_checks = $header_checks
-pickup_service_name = pickup
+newaliases_path = /usr/bin/newaliases
-plaintext_reject_code = 450
+non_fqdn_reject_code = 504
-postmulti_control_commands = reload flush
+non_smtpd_milters =
-postmulti_start_commands = start
+notify_classes = resource, software
-postmulti_stop_commands = stop abort drain quick-stop
+openssl_path = openssl
-postscreen_access_list = permit_mynetworks
+owner_request_special = yes
-postscreen_bare_newline_action = ignore
+parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
-postscreen_bare_newline_enable = no
+permit_mx_backup_networks =
-postscreen_bare_newline_ttl = 30d
+pickup_service_name = pickup
-postscreen_blacklist_action = ignore
+pipe_delivery_status_filter = $default_delivery_status_filter
-postscreen_cache_cleanup_interval = 12h
+plaintext_reject_code = 450
-postscreen_cache_map = btree:$data_directory/postscreen_cache
+postmulti_control_commands = reload flush
-postscreen_cache_retention_time = 7d
+postmulti_start_commands = start
-postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
+postmulti_stop_commands = stop abort drain quick-stop
-postscreen_command_count_limit = 20
+postscreen_access_list = permit_mynetworks
-postscreen_command_filter =
+postscreen_bare_newline_action = ignore
-postscreen_command_time_limit = ${stress?10}${stress:300}s
+postscreen_bare_newline_enable = no
-postscreen_disable_vrfy_command = $disable_vrfy_command
+postscreen_bare_newline_ttl = 30d
-postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
+postscreen_blacklist_action = ignore
-postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
+postscreen_cache_cleanup_interval = 12h
-postscreen_dnsbl_action = ignore
+postscreen_cache_map = btree:$data_directory/postscreen_cache
-postscreen_dnsbl_reply_map =
+postscreen_cache_retention_time = 7d
-postscreen_dnsbl_sites =
+postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
-postscreen_dnsbl_threshold = 1
+postscreen_command_count_limit = 20
-postscreen_dnsbl_ttl = 1h
+postscreen_command_filter =
-postscreen_dnsbl_whitelist_threshold = 0
+postscreen_command_time_limit = ${stress?{10}:{300}}s
-postscreen_enforce_tls = $smtpd_enforce_tls
+postscreen_disable_vrfy_command = $disable_vrfy_command
-postscreen_expansion_filter = $smtpd_expansion_filter
+postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
-postscreen_forbidden_commands = $smtpd_forbidden_commands
+postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
-postscreen_greet_action = ignore
+postscreen_dnsbl_action = ignore
-postscreen_greet_banner = $smtpd_banner
+postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
-postscreen_greet_ttl = 1d
+postscreen_dnsbl_min_ttl = 60s
-postscreen_greet_wait = ${stress?2}${stress:6}s
+postscreen_dnsbl_reply_map =
-postscreen_helo_required = $smtpd_helo_required
+postscreen_dnsbl_sites =
-postscreen_non_smtp_command_action = drop
+postscreen_dnsbl_threshold = 1
-postscreen_non_smtp_command_enable = no
+postscreen_dnsbl_timeout = 10s
-postscreen_non_smtp_command_ttl = 30d
+postscreen_dnsbl_whitelist_threshold = 0
-postscreen_pipelining_action = enforce
+postscreen_enforce_tls = $smtpd_enforce_tls
-postscreen_pipelining_enable = no
+postscreen_expansion_filter = $smtpd_expansion_filter
-postscreen_pipelining_ttl = 30d
+postscreen_forbidden_commands = $smtpd_forbidden_commands
-postscreen_post_queue_limit = $default_process_limit
+postscreen_greet_action = ignore
-postscreen_pre_queue_limit = $default_process_limit
+postscreen_greet_banner = $smtpd_banner
-postscreen_reject_footer = $smtpd_reject_footer
+postscreen_greet_ttl = 1d
-postscreen_tls_security_level = $smtpd_tls_security_level
+postscreen_greet_wait = ${stress?{2}:{6}}s
-postscreen_upstream_proxy_protocol =
+postscreen_helo_required = $smtpd_helo_required
-postscreen_upstream_proxy_timeout = 5s
+postscreen_non_smtp_command_action = drop
-postscreen_use_tls = $smtpd_use_tls
+postscreen_non_smtp_command_enable = no
-postscreen_watchdog_timeout = 10s
+postscreen_non_smtp_command_ttl = 30d
-postscreen_whitelist_interfaces = static:all
+postscreen_pipelining_action = enforce
-prepend_delivered_header = command, file, forward
+postscreen_pipelining_enable = no
-process_id = 10682
+postscreen_pipelining_ttl = 30d
-process_id_directory = pid
+postscreen_post_queue_limit = $default_process_limit
-process_name = postconf
+postscreen_pre_queue_limit = $default_process_limit
-propagate_unmatched_extensions = canonical, virtual
+postscreen_reject_footer = $smtpd_reject_footer
-proxy_interfaces =
+postscreen_tls_security_level = $smtpd_tls_security_level
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
+postscreen_upstream_proxy_protocol =
-proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
+postscreen_upstream_proxy_timeout = 5s
-proxymap_service_name = proxymap
+postscreen_use_tls = $smtpd_use_tls
-proxywrite_service_name = proxywrite
+postscreen_watchdog_timeout = 10s
-qmgr_clog_warn_time = 300s
+postscreen_whitelist_interfaces = static:all
-qmgr_daemon_timeout = 1000s
+prepend_delivered_header = command, file, forward
-qmgr_fudge_factor = 100
+process_id = 14166
-qmgr_ipc_timeout = 60s
+process_id_directory = pid
-qmgr_message_active_limit = 20000
+process_name = postconf
-qmgr_message_recipient_limit = 20000
+propagate_unmatched_extensions = canonical, virtual
-qmgr_message_recipient_minimum = 10
+proxy_interfaces =
-qmqpd_authorized_clients =
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps
-qmqpd_client_port_logging = no
+proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
-qmqpd_error_delay = 1s
+proxymap_service_name = proxymap
-qmqpd_timeout = 300s
+proxywrite_service_name = proxywrite
-queue_directory = /var/spool/postfix
+qmgr_clog_warn_time = 300s
-queue_file_attribute_count_limit = 100
+qmgr_daemon_timeout = 1000s
-queue_minfree = 0
+qmgr_fudge_factor = 100
-queue_run_delay = 300s
+qmgr_ipc_timeout = 60s
-queue_service_name = qmgr
+qmgr_message_active_limit = 20000
-rbl_reply_maps =
+qmgr_message_recipient_limit = 20000
-readme_directory = no
+qmgr_message_recipient_minimum = 10
-receive_override_options =
+qmqpd_authorized_clients =
-recipient_bcc_maps =
+qmqpd_client_port_logging = no
-recipient_canonical_classes = envelope_recipient, header_recipient
+qmqpd_error_delay = 1s
-recipient_canonical_maps =
+qmqpd_timeout = 300s
-recipient_delimiter =
+queue_directory = /var/spool/postfix
-reject_code = 554
+queue_file_attribute_count_limit = 100
-reject_tempfail_action = defer_if_permit
+queue_minfree = 0
-relay_clientcerts =
+queue_run_delay = 300s
-relay_delivery_slot_cost = $default_delivery_slot_cost
+queue_service_name = qmgr
-relay_delivery_slot_discount = $default_delivery_slot_discount
+rbl_reply_maps =
-relay_delivery_slot_loan = $default_delivery_slot_loan
+readme_directory = no
-relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+receive_override_options =
-relay_destination_concurrency_limit = $default_destination_concurrency_limit
+recipient_bcc_maps =
-relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+recipient_canonical_classes = envelope_recipient, header_recipient
-relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+recipient_canonical_maps =
-relay_destination_rate_delay = $default_destination_rate_delay
+recipient_delimiter =
-relay_destination_recipient_limit = $default_destination_recipient_limit
+reject_code = 554
-relay_domains = $mydestination
+reject_tempfail_action = defer_if_permit
-relay_domains_reject_code = 554
+relay_clientcerts =
-relay_extra_recipient_limit = $default_extra_recipient_limit
+relay_delivery_slot_cost = $default_delivery_slot_cost
-relay_initial_destination_concurrency = $initial_destination_concurrency
+relay_delivery_slot_discount = $default_delivery_slot_discount
-relay_minimum_delivery_slots = $default_minimum_delivery_slots
+relay_delivery_slot_loan = $default_delivery_slot_loan
-relay_recipient_limit = $default_recipient_limit
+relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-relay_recipient_maps =
+relay_destination_concurrency_limit = $default_destination_concurrency_limit
-relay_recipient_refill_delay = $default_recipient_refill_delay
+relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-relay_recipient_refill_limit = $default_recipient_refill_limit
+relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-relay_transport = relay
+relay_destination_rate_delay = $default_destination_rate_delay
-relayhost =
+relay_destination_recipient_limit = $default_destination_recipient_limit
-relocated_maps =
+relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}}
-remote_header_rewrite_domain =
+relay_domains_reject_code = 554
-require_home_directory = no
+relay_extra_recipient_limit = $default_extra_recipient_limit
-reset_owner_alias = no
+relay_initial_destination_concurrency = $initial_destination_concurrency
-resolve_dequoted_address = yes
+relay_minimum_delivery_slots = $default_minimum_delivery_slots
-resolve_null_domain = no
+relay_recipient_limit = $default_recipient_limit
-resolve_numeric_domain = no
+relay_recipient_maps =
-retry_delivery_slot_cost = $default_delivery_slot_cost
+relay_recipient_refill_delay = $default_recipient_refill_delay
-retry_delivery_slot_discount = $default_delivery_slot_discount
+relay_recipient_refill_limit = $default_recipient_refill_limit
-retry_delivery_slot_loan = $default_delivery_slot_loan
+relay_transport = relay
-retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+relay_transport_rate_delay = $default_transport_rate_delay
-retry_destination_concurrency_limit = $default_destination_concurrency_limit
+relayhost =
-retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+relocated_maps =
-retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+remote_header_rewrite_domain =
-retry_destination_rate_delay = $default_destination_rate_delay
+require_home_directory = no
-retry_destination_recipient_limit = $default_destination_recipient_limit
+reset_owner_alias = no
-retry_extra_recipient_limit = $default_extra_recipient_limit
+resolve_dequoted_address = yes
-retry_initial_destination_concurrency = $initial_destination_concurrency
+resolve_null_domain = no
-retry_minimum_delivery_slots = $default_minimum_delivery_slots
+resolve_numeric_domain = no
-retry_recipient_limit = $default_recipient_limit
+retry_delivery_slot_cost = $default_delivery_slot_cost
-retry_recipient_refill_delay = $default_recipient_refill_delay
+retry_delivery_slot_discount = $default_delivery_slot_discount
-retry_recipient_refill_limit = $default_recipient_refill_limit
+retry_delivery_slot_loan = $default_delivery_slot_loan
-rewrite_service_name = rewrite
+retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-sample_directory = /etc/postfix
+retry_destination_concurrency_limit = $default_destination_concurrency_limit
-send_cyrus_sasl_authzid = no
+retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-sender_bcc_maps =
+retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-sender_canonical_classes = envelope_sender, header_sender
+retry_destination_rate_delay = $default_destination_rate_delay
-sender_canonical_maps =
+retry_destination_recipient_limit = $default_destination_recipient_limit
-sender_dependent_default_transport_maps =
+retry_extra_recipient_limit = $default_extra_recipient_limit
-sender_dependent_relayhost_maps =
+retry_initial_destination_concurrency = $initial_destination_concurrency
-sendmail_fix_line_endings = always
+retry_minimum_delivery_slots = $default_minimum_delivery_slots
-sendmail_path = /usr/sbin/sendmail
+retry_recipient_limit = $default_recipient_limit
-service_throttle_time = 60s
+retry_recipient_refill_delay = $default_recipient_refill_delay
-setgid_group = postdrop
+retry_recipient_refill_limit = $default_recipient_refill_limit
-show_user_unknown_table_name = yes
+retry_transport_rate_delay = $default_transport_rate_delay
-showq_service_name = showq
+rewrite_service_name = rewrite
-smtp_address_preference = any
+sample_directory = /etc/postfix
-smtp_always_send_ehlo = yes
+send_cyrus_sasl_authzid = no
-smtp_bind_address =
+sender_bcc_maps =
-smtp_bind_address6 =
+sender_canonical_classes = envelope_sender, header_sender
-smtp_body_checks =
+sender_canonical_maps =
-smtp_cname_overrides_servername = no
+sender_dependent_default_transport_maps =
-smtp_connect_timeout = 30s
+sender_dependent_relayhost_maps =
-smtp_connection_cache_destinations =
+sendmail_fix_line_endings = always
-smtp_connection_cache_on_demand = yes
+sendmail_path = /usr/sbin/sendmail
-smtp_connection_cache_time_limit = 2s
+service_name =
-smtp_connection_reuse_count_limit = 0
+service_throttle_time = 60s
-smtp_connection_reuse_time_limit = 300s
+setgid_group = postdrop
-smtp_data_done_timeout = 600s
+shlib_directory = /usr/lib/postfix
-smtp_data_init_timeout = 120s
+show_user_unknown_table_name = yes
-smtp_data_xfer_timeout = 180s
+showq_service_name = showq
-smtp_defer_if_no_mx_address_found = no
+smtp_address_preference = any
-smtp_delivery_slot_cost = $default_delivery_slot_cost
+smtp_address_verify_target = rcpt
-smtp_delivery_slot_discount = $default_delivery_slot_discount
+smtp_always_send_ehlo = yes
-smtp_delivery_slot_loan = $default_delivery_slot_loan
+smtp_balance_inet_protocols = yes
-smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+smtp_bind_address =
-smtp_destination_concurrency_limit = $default_destination_concurrency_limit
+smtp_bind_address6 =
-smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+smtp_body_checks =
-smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+smtp_cname_overrides_servername = no
-smtp_destination_rate_delay = $default_destination_rate_delay
+smtp_connect_timeout = 30s
-smtp_destination_recipient_limit = $default_destination_recipient_limit
+smtp_connection_cache_destinations =
-smtp_discard_ehlo_keyword_address_maps =
+smtp_connection_cache_on_demand = yes
-smtp_discard_ehlo_keywords =
+smtp_connection_cache_time_limit = 2s
-smtp_dns_resolver_options =
+smtp_connection_reuse_count_limit = 0
-smtp_dns_support_level =
+smtp_connection_reuse_time_limit = 300s
-smtp_enforce_tls = no
+smtp_data_done_timeout = 600s
-smtp_extra_recipient_limit = $default_extra_recipient_limit
+smtp_data_init_timeout = 120s
-smtp_fallback_relay = $fallback_relay
+smtp_data_xfer_timeout = 180s
-smtp_generic_maps =
+smtp_defer_if_no_mx_address_found = no
-smtp_header_checks =
+smtp_delivery_slot_cost = $default_delivery_slot_cost
-smtp_helo_name = $myhostname
+smtp_delivery_slot_discount = $default_delivery_slot_discount
-smtp_helo_timeout = 300s
+smtp_delivery_slot_loan = $default_delivery_slot_loan
-smtp_host_lookup = dns
+smtp_delivery_status_filter = $default_delivery_status_filter
-smtp_initial_destination_concurrency = $initial_destination_concurrency
+smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-smtp_line_length_limit = 998
+smtp_destination_concurrency_limit = $default_destination_concurrency_limit
-smtp_mail_timeout = 300s
+smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-smtp_mime_header_checks =
+smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-smtp_minimum_delivery_slots = $default_minimum_delivery_slots
+smtp_destination_rate_delay = $default_destination_rate_delay
-smtp_mx_address_limit = 5
+smtp_destination_recipient_limit = $default_destination_recipient_limit
-smtp_mx_session_limit = 2
+smtp_discard_ehlo_keyword_address_maps =
-smtp_nested_header_checks =
+smtp_discard_ehlo_keywords =
-smtp_never_send_ehlo = no
+smtp_dns_reply_filter =
-smtp_per_record_deadline = no
+smtp_dns_resolver_options =
-smtp_pix_workaround_delay_time = 10s
+smtp_dns_support_level =
-smtp_pix_workaround_maps =
+smtp_enforce_tls = no
-smtp_pix_workaround_threshold_time = 500s
+smtp_extra_recipient_limit = $default_extra_recipient_limit
-smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
+smtp_fallback_relay = $fallback_relay
-smtp_quit_timeout = 300s
+smtp_generic_maps =
-smtp_quote_rfc821_envelope = yes
+smtp_header_checks =
-smtp_randomize_addresses = yes
+smtp_helo_name = $myhostname
-smtp_rcpt_timeout = 300s
+smtp_helo_timeout = 300s
-smtp_recipient_limit = $default_recipient_limit
+smtp_host_lookup = dns
-smtp_recipient_refill_delay = $default_recipient_refill_delay
+smtp_initial_destination_concurrency = $initial_destination_concurrency
-smtp_recipient_refill_limit = $default_recipient_refill_limit
+smtp_line_length_limit = 998
-smtp_reply_filter =
+smtp_mail_timeout = 300s
-smtp_rset_timeout = 20s
+smtp_mime_header_checks =
-smtp_sasl_auth_cache_name =
+smtp_minimum_delivery_slots = $default_minimum_delivery_slots
-smtp_sasl_auth_cache_time = 90d
+smtp_mx_address_limit = 5
-smtp_sasl_auth_enable = no
+smtp_mx_session_limit = 2
-smtp_sasl_auth_soft_bounce = yes
+smtp_nested_header_checks =
-smtp_sasl_mechanism_filter =
+smtp_never_send_ehlo = no
-smtp_sasl_password_maps =
+smtp_per_record_deadline = no
-smtp_sasl_path =
+smtp_pix_workaround_delay_time = 10s
-smtp_sasl_security_options = noplaintext, noanonymous
+smtp_pix_workaround_maps =
-smtp_sasl_tls_security_options = $smtp_sasl_security_options
+smtp_pix_workaround_threshold_time = 500s
-smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
+smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
-smtp_sasl_type = cyrus
+smtp_quit_timeout = 300s
-smtp_send_dummy_mail_auth = no
+smtp_quote_rfc821_envelope = yes
-smtp_send_xforward_command = no
+smtp_randomize_addresses = yes
-smtp_sender_dependent_authentication = no
+smtp_rcpt_timeout = 300s
-smtp_skip_5xx_greeting = yes
+smtp_recipient_limit = $default_recipient_limit
-smtp_skip_quit_response = yes
+smtp_recipient_refill_delay = $default_recipient_refill_delay
-smtp_starttls_timeout = 300s
+smtp_recipient_refill_limit = $default_recipient_refill_limit
-smtp_tls_CAfile =
+smtp_reply_filter =
-smtp_tls_CApath =
+smtp_rset_timeout = 20s
-smtp_tls_block_early_mail_reply = no
+smtp_sasl_auth_cache_name =
-smtp_tls_cert_file =
+smtp_sasl_auth_cache_time = 90d
-smtp_tls_ciphers = medium
+smtp_sasl_auth_enable = no
-smtp_tls_dcert_file =
+smtp_sasl_auth_soft_bounce = yes
-smtp_tls_dkey_file = $smtp_tls_dcert_file
+smtp_sasl_mechanism_filter =
-smtp_tls_eccert_file =
+smtp_sasl_password_maps =
-smtp_tls_eckey_file = $smtp_tls_eccert_file
+smtp_sasl_path =
-smtp_tls_enforce_peername = yes
+smtp_sasl_security_options = noplaintext, noanonymous
-smtp_tls_exclude_ciphers =
+smtp_sasl_tls_security_options = $smtp_sasl_security_options
-smtp_tls_fingerprint_cert_match =
+smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
-smtp_tls_fingerprint_digest = md5
+smtp_sasl_type = cyrus
-smtp_tls_force_insecure_host_tlsa_lookup = no
+smtp_send_dummy_mail_auth = no
-smtp_tls_key_file = $smtp_tls_cert_file
+smtp_send_xforward_command = no
-smtp_tls_loglevel = 0
+smtp_sender_dependent_authentication = no
-smtp_tls_mandatory_ciphers = medium
+smtp_skip_5xx_greeting = yes
-smtp_tls_mandatory_exclude_ciphers =
+smtp_skip_quit_response = yes
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtp_starttls_timeout = 300s
-smtp_tls_note_starttls_offer = no
+smtp_tcp_port = smtp
-smtp_tls_per_site =
+smtp_tls_CAfile =
-smtp_tls_policy_maps =
+smtp_tls_CApath =
-smtp_tls_protocols = !SSLv2, !SSLv3
+smtp_tls_block_early_mail_reply = no
-smtp_tls_scert_verifydepth = 9
+smtp_tls_cert_file =
-smtp_tls_secure_cert_match = nexthop, dot-nexthop
+smtp_tls_ciphers = medium
-smtp_tls_security_level =
+smtp_tls_dane_insecure_mx_policy = dane
-smtp_tls_session_cache_database =
+smtp_tls_dcert_file =
-smtp_tls_session_cache_timeout = 3600s
+smtp_tls_dkey_file = $smtp_tls_dcert_file
-smtp_tls_trust_anchor_file =
+smtp_tls_eccert_file =
-smtp_tls_verify_cert_match = hostname
+smtp_tls_eckey_file = $smtp_tls_eccert_file
-smtp_use_tls = no
+smtp_tls_enforce_peername = yes
-smtp_xforward_timeout = 300s
+smtp_tls_exclude_ciphers =
-smtpd_authorized_verp_clients = $authorized_verp_clients
+smtp_tls_fingerprint_cert_match =
-smtpd_authorized_xclient_hosts =
+smtp_tls_fingerprint_digest = md5
-smtpd_authorized_xforward_hosts =
+smtp_tls_force_insecure_host_tlsa_lookup = no
-smtpd_banner = $myhostname ESMTP $mail_name
+smtp_tls_key_file = $smtp_tls_cert_file
-smtpd_client_connection_count_limit = 50
+smtp_tls_loglevel = 0
-smtpd_client_connection_rate_limit = 0
+smtp_tls_mandatory_ciphers = medium
-smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
+smtp_tls_mandatory_exclude_ciphers =
-smtpd_client_message_rate_limit = 0
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
-smtpd_client_new_tls_session_rate_limit = 0
+smtp_tls_note_starttls_offer = no
-smtpd_client_port_logging = no
+smtp_tls_per_site =
-smtpd_client_recipient_rate_limit = 0
+smtp_tls_policy_maps =
-smtpd_client_restrictions =
+smtp_tls_protocols = !SSLv2, !SSLv3
-smtpd_command_filter =
+smtp_tls_scert_verifydepth = 9
-smtpd_data_restrictions =
+smtp_tls_secure_cert_match = nexthop, dot-nexthop
-smtpd_delay_open_until_valid_rcpt = yes
+smtp_tls_security_level =
-smtpd_delay_reject = yes
+smtp_tls_session_cache_database =
-smtpd_discard_ehlo_keyword_address_maps =
+smtp_tls_session_cache_timeout = 3600s
-smtpd_discard_ehlo_keywords =
+smtp_tls_trust_anchor_file =
-smtpd_end_of_data_restrictions =
+smtp_tls_verify_cert_match = hostname
-smtpd_enforce_tls = no
+smtp_tls_wrappermode = no
-smtpd_error_sleep_time = 1s
+smtp_transport_rate_delay = $default_transport_rate_delay
-smtpd_etrn_restrictions =
+smtp_use_tls = no
-smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
+smtp_xforward_timeout = 300s
-smtpd_forbidden_commands = CONNECT GET POST
+smtpd_authorized_verp_clients = $authorized_verp_clients
-smtpd_hard_error_limit = ${stress?1}${stress:20}
+smtpd_authorized_xclient_hosts =
-smtpd_helo_required = no
+smtpd_authorized_xforward_hosts =
-smtpd_helo_restrictions =
+smtpd_banner = $myhostname ESMTP $mail_name
-smtpd_history_flush_threshold = 100
+smtpd_client_auth_rate_limit = 0
-smtpd_junk_command_limit = ${stress?1}${stress:100}
+smtpd_client_connection_count_limit = 50
-smtpd_log_access_permit_actions =
+smtpd_client_connection_rate_limit = 0
-smtpd_milters =
+smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
-smtpd_noop_commands =
+smtpd_client_message_rate_limit = 0
-smtpd_null_access_lookup_key = <>
+smtpd_client_new_tls_session_rate_limit = 0
-smtpd_peername_lookup = yes
+smtpd_client_port_logging = no
-smtpd_per_record_deadline = ${stress?yes}${stress:no}
+smtpd_client_recipient_rate_limit = 0
-smtpd_policy_service_max_idle = 300s
+smtpd_client_restrictions =
-smtpd_policy_service_max_ttl = 1000s
+smtpd_command_filter =
-smtpd_policy_service_timeout = 100s
+smtpd_data_restrictions =
-smtpd_proxy_ehlo = $myhostname
+smtpd_delay_open_until_valid_rcpt = yes
-smtpd_proxy_filter =
+smtpd_delay_reject = yes
-smtpd_proxy_options =
+smtpd_discard_ehlo_keyword_address_maps =
-smtpd_proxy_timeout = 100s
+smtpd_discard_ehlo_keywords =
-smtpd_recipient_limit = 1000
+smtpd_dns_reply_filter =
-smtpd_recipient_overshoot_limit = 1000
+smtpd_end_of_data_restrictions =
-smtpd_recipient_restrictions =
+smtpd_enforce_tls = no
-smtpd_reject_footer =
+smtpd_error_sleep_time = 1s
-smtpd_reject_unlisted_recipient = yes
+smtpd_etrn_restrictions =
-smtpd_reject_unlisted_sender = no
+smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
-smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
+smtpd_forbidden_commands = CONNECT GET POST
-smtpd_restriction_classes =
+smtpd_hard_error_limit = ${stress?{1}:{20}}
-smtpd_sasl_auth_enable = no
+smtpd_helo_required = no
-smtpd_sasl_authenticated_header = no
+smtpd_helo_restrictions =
-smtpd_sasl_exceptions_networks =
+smtpd_history_flush_threshold = 100
-smtpd_sasl_local_domain =
+smtpd_junk_command_limit = ${stress?{1}:{100}}
-smtpd_sasl_path = smtpd
+smtpd_log_access_permit_actions =
-smtpd_sasl_security_options = noanonymous
+smtpd_milter_maps =
-smtpd_sasl_service = smtp
+smtpd_milters =
-smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
+smtpd_noop_commands =
-smtpd_sasl_type = cyrus
+smtpd_null_access_lookup_key = <>
-smtpd_sender_login_maps =
+smtpd_peername_lookup = yes
-smtpd_sender_restrictions =
+smtpd_per_record_deadline = ${stress?{yes}:{no}}
-smtpd_service_name = smtpd
+smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem
-smtpd_soft_error_limit = 10
+smtpd_policy_service_max_idle = 300s
-smtpd_starttls_timeout = ${stress?10}${stress:300}s
+smtpd_policy_service_max_ttl = 1000s
-smtpd_timeout = ${stress?10}${stress:300}s
+smtpd_policy_service_policy_context =
-smtpd_tls_CAfile =
+smtpd_policy_service_request_limit = 0
-smtpd_tls_CApath =
+smtpd_policy_service_retry_delay = 1s
-smtpd_tls_always_issue_session_ids = yes
+smtpd_policy_service_timeout = 100s
-smtpd_tls_ask_ccert = no
+smtpd_policy_service_try_limit = 2
-smtpd_tls_auth_only = no
+smtpd_proxy_ehlo = $myhostname
-smtpd_tls_ccert_verifydepth = 9
+smtpd_proxy_filter =
-smtpd_tls_cert_file =
+smtpd_proxy_options =
-smtpd_tls_ciphers = medium
+smtpd_proxy_timeout = 100s
-smtpd_tls_dcert_file =
+smtpd_recipient_limit = 1000
-smtpd_tls_dh1024_param_file =
+smtpd_recipient_overshoot_limit = 1000
-smtpd_tls_dh512_param_file =
+smtpd_recipient_restrictions =
-smtpd_tls_dkey_file = $smtpd_tls_dcert_file
+smtpd_reject_footer =
-smtpd_tls_eccert_file =
+smtpd_reject_unlisted_recipient = yes
-smtpd_tls_eckey_file = $smtpd_tls_eccert_file
+smtpd_reject_unlisted_sender = no
-smtpd_tls_eecdh_grade = strong
+smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
-smtpd_tls_exclude_ciphers =
+smtpd_restriction_classes =
-smtpd_tls_fingerprint_digest = md5
+smtpd_sasl_auth_enable = no
-smtpd_tls_key_file = $smtpd_tls_cert_file
+smtpd_sasl_authenticated_header = no
-smtpd_tls_loglevel = 0
+smtpd_sasl_exceptions_networks =
-smtpd_tls_mandatory_ciphers = medium
+smtpd_sasl_local_domain =
-smtpd_tls_mandatory_exclude_ciphers =
+smtpd_sasl_path = smtpd
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtpd_sasl_security_options = noanonymous
-smtpd_tls_protocols = !SSLv2, !SSLv3
+smtpd_sasl_service = smtp
-smtpd_tls_received_header = no
+smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
-smtpd_tls_req_ccert = no
+smtpd_sasl_type = cyrus
-smtpd_tls_security_level =
+smtpd_sender_login_maps =
-smtpd_tls_session_cache_database =
+smtpd_sender_restrictions =
-smtpd_tls_session_cache_timeout = 3600s
+smtpd_service_name = smtpd
-smtpd_tls_wrappermode = no
+smtpd_soft_error_limit = 10
-smtpd_upstream_proxy_protocol =
+smtpd_starttls_timeout = ${stress?{10}:{300}}s
-smtpd_upstream_proxy_timeout = 5s
+smtpd_timeout = ${stress?{10}:{300}}s
-smtpd_use_tls = no
+smtpd_tls_CAfile =
-soft_bounce = no
+smtpd_tls_CApath =
-stale_lock_time = 500s
+smtpd_tls_always_issue_session_ids = yes
-stress =
+smtpd_tls_ask_ccert = no
-strict_7bit_headers = no
+smtpd_tls_auth_only = no
-strict_8bitmime = no
+smtpd_tls_ccert_verifydepth = 9
-strict_8bitmime_body = no
+smtpd_tls_cert_file =
-strict_mailbox_ownership = yes
+smtpd_tls_ciphers = medium
-strict_mime_encoding_domain = no
+smtpd_tls_dcert_file =
-strict_rfc821_envelopes = no
+smtpd_tls_dh1024_param_file =
-sun_mailtool_compatibility = no
+smtpd_tls_dh512_param_file =
-swap_bangpath = yes
+smtpd_tls_dkey_file = $smtpd_tls_dcert_file
-syslog_facility = mail
+smtpd_tls_eccert_file =
-syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
+smtpd_tls_eckey_file = $smtpd_tls_eccert_file
-tcp_windowsize = 0
+smtpd_tls_eecdh_grade = auto
-tls_append_default_CA = no
+smtpd_tls_exclude_ciphers =
-tls_daemon_random_bytes = 32
+smtpd_tls_fingerprint_digest = md5
-tls_dane_digest_agility = on
+smtpd_tls_key_file = $smtpd_tls_cert_file
-tls_dane_digests = sha512 sha256
+smtpd_tls_loglevel = 0
-tls_dane_trust_anchor_digest_enable = yes
+smtpd_tls_mandatory_ciphers = medium
-tls_disable_workarounds =
+smtpd_tls_mandatory_exclude_ciphers =
-tls_eecdh_strong_curve = prime256v1
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-tls_eecdh_ultra_curve = secp384r1
+smtpd_tls_protocols = !SSLv2, !SSLv3
-tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
+smtpd_tls_received_header = no
-tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
+smtpd_tls_req_ccert = no
-tls_legacy_public_key_fingerprints = no
+smtpd_tls_security_level =
-tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
+smtpd_tls_session_cache_database =
-tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
+smtpd_tls_session_cache_timeout = 3600s
-tls_null_cipherlist = eNULL:!aNULL
+smtpd_tls_wrappermode = no
-tls_preempt_cipherlist = no
+smtpd_upstream_proxy_protocol =
-tls_random_bytes = 32
+smtpd_upstream_proxy_timeout = 5s
-tls_random_exchange_name = ${data_directory}/prng_exch
+smtpd_use_tls = no
-tls_random_prng_update_period = 3600s
+smtputf8_autodetect_classes = sendmail, verify
-tls_random_reseed_period = 3600s
+smtputf8_enable = ${{$compatibility_level} < {1} ? {no} : {yes}}
-tls_random_source = dev:/dev/urandom
+soft_bounce = no
-tls_ssl_options =
+stale_lock_time = 500s
-tls_wildcard_matches_multiple_labels = yes
+stress =
-tlsmgr_service_name = tlsmgr
+strict_7bit_headers = no
-tlsproxy_enforce_tls = $smtpd_enforce_tls
+strict_8bitmime = no
-tlsproxy_service_name = tlsproxy
+strict_8bitmime_body = no
-tlsproxy_tls_CAfile = $smtpd_tls_CAfile
+strict_mailbox_ownership = yes
-tlsproxy_tls_CApath = $smtpd_tls_CApath
+strict_mime_encoding_domain = no
-tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
+strict_rfc821_envelopes = no
-tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
+strict_smtputf8 = no
-tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
+sun_mailtool_compatibility = no
-tlsproxy_tls_cert_file = $smtpd_tls_cert_file
+swap_bangpath = yes
-tlsproxy_tls_ciphers = $smtpd_tls_ciphers
+syslog_facility = mail
-tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
+syslog_name = ${multi_instance_name?{$multi_instance_name}:{postfix}}
-tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
+tcp_windowsize = 0
-tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
+tls_append_default_CA = no
-tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
+tls_daemon_random_bytes = 32
-tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
+tls_dane_digest_agility = on
-tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
+tls_dane_digests = sha512 sha256
-tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
+tls_dane_trust_anchor_digest_enable = yes
-tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
+tls_disable_workarounds =
-tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
+tls_eecdh_auto_curves = prime256v1 secp521r1 secp384r1
-tlsproxy_tls_key_file = $smtpd_tls_key_file
+tls_eecdh_strong_curve = prime256v1
-tlsproxy_tls_loglevel = $smtpd_tls_loglevel
+tls_eecdh_ultra_curve = secp384r1
+tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH
+tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
+tls_legacy_public_key_fingerprints = no
+tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH
+tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH
+tls_null_cipherlist = eNULL:!aNULL
+tls_preempt_cipherlist = no
+tls_random_bytes = 32
+tls_random_exchange_name = ${data_directory}/prng_exch
+tls_random_prng_update_period = 3600s
+tls_random_reseed_period = 3600s
+tls_random_source = dev:/dev/urandom
+tls_session_ticket_cipher = aes-256-cbc
+tls_ssl_options =
+tls_wildcard_matches_multiple_labels = yes
+tlsmgr_service_name = tlsmgr
+tlsproxy_enforce_tls = $smtpd_enforce_tls
+tlsproxy_service_name = tlsproxy
+tlsproxy_tls_CAfile = $smtpd_tls_CAfile
+tlsproxy_tls_CApath = $smtpd_tls_CApath
+tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
+tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
+tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
+tlsproxy_tls_cert_file = $smtpd_tls_cert_file
+tlsproxy_tls_ciphers = $smtpd_tls_ciphers
+tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
+tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
+tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
+tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
+tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
+tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
+tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
+tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
+tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
+tlsproxy_tls_key_file = $smtpd_tls_key_file
+tlsproxy_tls_loglevel = $smtpd_tls_loglevel
 tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
 tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
@@ Zeile 2158: / Zeile 2223: @@
 unverified_sender_tempfail_action = $reject_tempfail_action
 verp_delimiter_filter = -=+
+virtual_alias_address_length_limit = 1000
 virtual_alias_domains = $virtual_alias_maps
 virtual_alias_expansion_limit = 1000
@@ Zeile 2165: / Zeile 2231: @@
 virtual_delivery_slot_discount = $default_delivery_slot_discount
 virtual_delivery_slot_loan = $default_delivery_slot_loan
+virtual_delivery_status_filter = $default_delivery_status_filter
 virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
 virtual_destination_concurrency_limit = $default_destination_concurrency_limit
@@ Zeile 2185: / Zeile 2252: @@
 virtual_recipient_refill_limit = $default_recipient_refill_limit
 virtual_transport = virtual
+virtual_transport_rate_delay = $default_transport_rate_delay
 virtual_uid_maps =
 </code>
 Möchten wir nun einen einzelne Variable abfragen, die nicht den Defaultvorgaben entspricht benutzen wir im Fall von **myorigin** den folgenden Aufruf.
    # postconf -d myorigin
-   myorigin = $myhostname
+  myorigin = $myhostname
 Wollen wir einen Parameter ändern, so benutzen wir die Option **-e**. Als erstes fragen wir den wert einer Variable, im folgenden Beispiel von **//smtpd_client_connection_count_limit//**.
@@ Zeile 2199: / Zeile 2266: @@
    smtpd_client_connection_count_limit = 50
 Den Defaulwert von **50** ändern wir nun ab auf den Wert **10**.
-   # postconf -e "smtpd_client_connection_count_limit = 25"
+   # postconf -e "smtpd_client_connection_count_limit = 10"
 Anschließend muss via **systemctl reload postfix** der laufende Daemon noch von der Änderung an der **main.cf** informiert werden.
@@ Zeile 2216: / Zeile 2283: @@
 ===== Lockup-Tables =====
 Neben den beiden vorgenannten Hauptkonfigurationsdateien **main.cf** und **master.cf** finden wir im Konfigurationsverzeichnis //**/etc/postfix**// noch ein paar Lockup-Tabellen, die bei der RPM-Installation automatisch angelegt wurden.
-   # ls -l --hide=*.cf --hide=header_checks /etc/postfix/
+   # # ls -l --hide=*.cf --hide=header_checks --hide=*proto /etc/postfix/
 <code>total 112
 -rw-r--r--. 1 root root 21006 Sep 24 19:22 access
@@ Zeile 2226: / Zeile 2293: @@
 </code>
+Ferner findet sich dort noch die Konfigurationsdatei **dynamicmaps.cf** und das zugehörige Verzeichnis **dynamicmaps.cf.d** für die dynamischen Mappingtabellen.
+<code>
+-rw-r--r--. 1 root root 164 Jan 17 17:09 dynamicmaps.cf
+drwxr-xr-x. 2 root root     6 Jan 17 17:09 dynamicmaps.cf.d
+</code>
 Den Umgang mit diesen access- und lookup-Tabellen ist im Kapitel [[centos:mail_c7:mta_4|Konfiguration unseres MTAs Postfix 2.11 unter CentOS7]] detailliert beschrieben.
   * **[[centos:mail_c7:mta_4?&#access|access]]**
@@ Zeile 2238: / Zeile 2310: @@
    # less /etc/postfix/header_checks
 <file bash /etc/postfix/header_checks># HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 #
 # NAME
 #        header_checks - Postfix built-in content inspection
 #
 # SYNOPSIS
 #        header_checks = pcre:/etc/postfix/header_checks
 #        mime_header_checks = pcre:/etc/postfix/mime_header_checks
 #        nested_header_checks = pcre:/etc/postfix/nested_header_checks
 #        body_checks = pcre:/etc/postfix/body_checks
 #
 #        milter_header_checks = pcre:/etc/postfix/milter_header_checks
@@ Zeile 2369: / Zeile 2441: @@
 #        if /pattern/flags
 #
-#        endif  Match the input string against the patterns between
+#        endif  If the input string matches /pattern/,  then  match
-#               if  and endif, if and only if the same input string
+#               that  input  string against the patterns between if
-#               also matches /pattern/. The if..endif can nest.
+#               and endif.  The if..endif can nest.
 #
 #               Note: do not prepend whitespace to patterns  inside
@@ Zeile 2378: / Zeile 2450: @@
 #        if !/pattern/flags
 #
-#        endif  Match the input string against the patterns between
+#        endif  If  the input string does not match /pattern/, then
-#               if and endif, if and only if the same input  string
+#               match  that  input  string  against  the   patterns
-#               does not match /pattern/. The if..endif can nest.
+#               between if and endif. The if..endif can nest.
 #
 #        blank lines and comments
@@ Zeile 2413: / Zeile 2485: @@
 #        Action names are case insensitive. They are shown in upper
 #        case for consistency with other Postfix documentation.
+#
+#        BCC user@domain
+#               Add the specified address as a BCC  recipient,  and
+#               inspect  the next input line. The address must have
+#               a local part and domain part.  The  number  of  BCC
+#               addresses  that can be added is limited only by the
+#               amount of available storage space.
+#
+#               Note 1: the BCC address is added as if it was spec-
+#               ified  with  NOTIFY=NONE.  The  sender  will not be
+#               notified when the BCC address is undeliverable,  as
+#               long  as  all  down-stream  software implements RFC
+#               3461.
+#
+#               Note 2: this ignores duplicate addresses (with  the
+#               same delivery status notification options).
+#
+#               This feature is available in Postfix 3.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
 #
 #        DISCARD optional text...
-#               Claim successful delivery and silently discard  the
+#               Claim  successful delivery and silently discard the
+#               message.  Do not inspect the remainder of the input
 #               message.   Log the optional text if specified, oth-
 #               erwise log a generic message.
@@ Zeile 2442: / Zeile 2536: @@
 #
 #        FILTER transport:destination
-#               After the message is queued, send the  entire  mes-
+#               Override the content_filter parameter setting,  and
-#               sage through the specified external content filter.
+#               inspect  the next input line.  After the message is
-#               The transport name specifies the first field  of  a
+#               queued, send the entire message through the  speci-
-#               mail  delivery  agent  definition in master.cf; the
+#               fied  external  content  filter. The transport name
-#               syntax of the next-hop destination is described  in
+#               specifies the first field of a mail delivery  agent
-#               the  manual  page  of  the  corresponding  delivery
+#               definition in master.cf; the syntax of the next-hop
-#               agent.  More  information  about  external  content
+#               destination is described in the manual page of  the
-#               filters is in the Postfix FILTER_README file.
+#               corresponding  delivery  agent.   More  information
+#               about external content filters is  in  the  Postfix
+#               FILTER_README file.
 #
 #               Note  1: do not use $number regular expression sub-
@@ Zeile 2502: / Zeile 2598: @@
 #
 #        IGNORE Delete the current line from the input, and inspect
-#               the next input line.
+#               the next input line. See STRIP for  an  alternative
+#               that logs the action.
 #
 #        INFO optional text...
 #               Log an "info:" record with the optional text... (or
-#               log  a  generic  text),  and inspect the next input
+#               log a generic text), and  inspect  the  next  input
-#               line. This action is useful for routine logging  or
+#               line.  This action is useful for routine logging or
 #               for debugging.
 #
 #               This feature is available in Postfix 2.8 and later.
+#
+#        PASS optional text...
+#               Log  a "pass:" record with the optional text... (or
+#               log a generic text), and turn off header, body, and
+#               Milter  inspection  for  the remainder of this mes-
+#               sage.
+#
+#               Note: this feature relies on trust  in  information
+#               that is easy to forge.
+#
+#               This feature is available in Postfix 3.2 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
 #
 #        PREPEND text...
-#               Prepend one  line  with  the  specified  text,  and
+#               Prepend  one  line  with  the  specified  text, and
 #               inspect the next input line.
 #
 #               Notes:
 #
-#               o      The  prepended  text is output on a separate
+#               o      The prepended text is output on  a  separate
 #                      line,  immediately  before  the  input  that
 #                      triggered the PREPEND action.
 #
 #               o      The prepended text is not considered part of
-#                      the input  stream:  it  is  not  subject  to
+#                      the  input  stream:  it  is  not  subject to
 #                      header/body checks or address rewriting, and
 #                      it does not affect the way that Postfix adds
@@ Zeile 2529: / Zeile 2640: @@
 #
 #               o      When prepending text before a message header
-#                      line, the prepended text must begin  with  a
+#                      line,  the  prepended text must begin with a
 #                      valid message header label.
 #
-#               o      This action cannot be used to prepend multi-
+#               o      This  action  cannot  be  used  to   prepend
-#                      line text.
+#                      multi-line text.
 #
 #               This feature is available in Postfix 2.1 and later.
@@ Zeile 2541: / Zeile 2652: @@
 #
 #        REDIRECT user@domain
-#               Write a message redirection request  to  the  queue
+#               Write  a  message  redirection request to the queue
-#               file,  and  inspect  the next input line. After the
+#               file, and inspect the next input  line.  After  the
 #               message is queued, it will be sent to the specified
 #               address instead of the intended recipient(s).
 #
-#               Note:  this action overrides the FILTER action, and
+#               Note: this action overrides the FILTER action,  and
-#               affects all recipients of the message. If  multiple
+#               affects  all recipients of the message. If multiple
-#               REDIRECT  actions  fire,  only the last one is exe-
+#               REDIRECT actions fire, only the last  one  is  exe-
 #               cuted.
 #
@@ Zeile 2557: / Zeile 2668: @@
 #
 #        REPLACE text...
-#               Replace the current line with the  specified  text,
+#               Replace  the  current line with the specified text,
 #               and inspect the next input line.
 #
 #               This feature is available in Postfix 2.2 and later.
-#               The description below applies to Postfix 2.2.2  and
+#               The  description below applies to Postfix 2.2.2 and
 #               later.
 #
 #               Notes:
 #
-#               o      When  replacing  a  message header line, the
+#               o      When replacing a message  header  line,  the
-#                      replacement text must  begin  with  a  valid
+#                      replacement  text  must  begin  with a valid
 #                      header label.
 #
-#               o      The  replaced text remains part of the input
+#               o      The replaced text remains part of the  input
-#                      stream. Unlike the result from  the  PREPEND
+#                      stream.  Unlike  the result from the PREPEND
-#                      action,  a  replaced  message  header may be
+#                      action, a replaced  message  header  may  be
-#                      subject to address rewriting and may  affect
+#                      subject  to address rewriting and may affect
-#                      the  way  that  Postfix adds missing message
+#                      the way that Postfix  adds  missing  message
 #                      headers.
 #
 #        REJECT optional text...
-#               Reject the  entire  message.  Reply  with  optional
+#               Reject  the  entire  message.  Do  not  inspect the
-#               text... when the optional text is specified, other-
+#               remainder  of  the  input  message.    Reply   with
-#               wise reply with a generic error message.
+#               optional  text...  when the optional text is speci-
+#               fied, otherwise reply with a generic error message.
 #
-#               Note:  this  action  disables  further  header   or
+#               Note:   this  action  disables  further  header  or
-#               body_checks  inspection  of the current message and
+#               body_checks inspection of the current  message  and
 #               affects all recipients.
 #
@@ Zeile 2593: / Zeile 2705: @@
 #               This feature is not supported with smtp header/body
 #               checks.
+#
+#        STRIP optional text...
+#               Log a "strip:" record with the optional text... (or
+#               log a generic text), delete the input line from the
+#               input,  and inspect the next input line. See IGNORE
+#               for a silent alternative.
+#
+#               This feature is available in Postfix 3.2 and later.
 #
 #        WARN optional text...
-#               Log a "warning:" record with the  optional  text...
+#               Log  a  "warning:" record with the optional text...
 #               (or log a generic text), and inspect the next input
-#               line. This action is useful for debugging  and  for
+#               line.  This  action is useful for debugging and for
-#               testing  a  pattern  before  applying  more drastic
+#               testing a  pattern  before  applying  more  drastic
 #               actions.
 #
 # BUGS
 #        Empty lines never match, because some map types mis-behave
-#        when  given  a zero-length search string.  This limitation
+#        when given a zero-length search string.   This  limitation
-#        may be removed for regular expression tables in  a  future
+#        may  be  removed for regular expression tables in a future
 #        release.
 #
-#        Many  people  overlook  the main limitations of header and
+#        Many people overlook the main limitations  of  header  and
 #        body_checks rules.
 #
-#        o      These rules operate on one logical  message  header
+#        o      These  rules  operate on one logical message header
 #               or one body line at a time. A decision made for one
 #               line is not carried over to the next line.
 #
-#        o      If text in the message body is encoded  (RFC  2045)
+#        o      If  text  in the message body is encoded (RFC 2045)
 #               then the rules need to be specified for the encoded
 #               form.
 #
-#        o      Likewise, when message  headers  are  encoded  (RFC
+#        o      Likewise,  when  message  headers  are encoded (RFC
-#               2047)  then  the rules need to be specified for the
+#               2047) then the rules need to be specified  for  the
 #               encoded form.
 #
-#        Message headers added by the cleanup(8) daemon itself  are
+#        Message  headers added by the cleanup(8) daemon itself are
 #        excluded from inspection. Examples of such message headers
 #        are From:, To:, Message-ID:, Date:.
 #
-#        Message headers deleted by the cleanup(8) daemon  will  be
+#        Message  headers  deleted by the cleanup(8) daemon will be
 #        examined before they are deleted. Examples are: Bcc:, Con-
 #        tent-Length:, Return-Path:.
@@ Zeile 2634: / Zeile 2754: @@
 #               Lookup tables with content filter rules for message
 #               body lines.  These filters see one physical line at
-#               a time, in chunks  of  at  most  $line_length_limit
+#               a  time,  in  chunks  of at most $line_length_limit
 #               bytes.
 #
 #        body_checks_size_limit
-#               The  amount  of  content  per  message body segment
+#               The amount of  content  per  message  body  segment
 #               (attachment) that is subjected to $body_checks fil-
 #               tering.
@@ Zeile 2648: / Zeile 2768: @@
 #        nested_header_checks (default: $header_checks)
 #               Lookup tables with content filter rules for message
-#               header lines: respectively, these  are  applied  to
+#               header  lines:  respectively,  these are applied to
-#               the  initial  message  headers  (not including MIME
+#               the initial message  headers  (not  including  MIME
-#               headers), to the MIME headers anywhere in the  mes-
+#               headers),  to the MIME headers anywhere in the mes-
-#               sage,  and  to the initial headers of attached mes-
+#               sage, and to the initial headers of  attached  mes-
 #               sages.
 #
-#               Note: these filters see one logical message  header
+#               Note:  these filters see one logical message header
-#               at  a time, even when a message header spans multi-
+#               at a time, even when a message header spans  multi-
-#               ple lines. Message headers  that  are  longer  than
+#               ple  lines.  Message  headers  that are longer than
 #               $header_size_limit characters are truncated.
 #
 #        disable_mime_input_processing
-#               While  receiving mail, give no special treatment to
+#               While receiving mail, give no special treatment  to
-#               MIME related message headers; all  text  after  the
+#               MIME  related  message  headers; all text after the
 #               initial message headers is considered to be part of
-#               the message body. This means that header_checks  is
+#               the  message body. This means that header_checks is
-#               applied  to  all  the  initial message headers, and
+#               applied to all the  initial  message  headers,  and
 #               that body_checks is applied to the remainder of the
 #               message.
 #
-#               Note:  when  used  in this manner, body_checks will
+#               Note: when used in this  manner,  body_checks  will
-#               process a multi-line message header one line  at  a
+#               process  a  multi-line message header one line at a
 #               time.
 #
 # EXAMPLES
-#        Header  pattern  to  block  attachments with bad file name
+#        Header pattern to block attachments  with  bad  file  name
-#        extensions.  For convenience, the PCRE /x flag  is  speci-
+#        extensions.   For  convenience, the PCRE /x flag is speci-
-#        fied,  so  that  there  is no need to collapse the pattern
+#        fied, so that there is no need  to  collapse  the  pattern
-#        into  a  single  line  of  text.   The  purpose   of   the
+#        into   a   single  line  of  text.   The  purpose  of  the
 #        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
 #        strings.
@@ Zeile 2684: / Zeile 2804: @@
 #
 #        /etc/postfix/header_checks.pcre:
-#            /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
+#            /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
 #              ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
 #              hlp|ht[at]|
@@ Zeile 2715: / Zeile 2835: @@
 #
 # README FILES
-#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        Use "postconf readme_directory" or  "postconf  html_direc-
 #        tory" to locate this information.
 #        DATABASE_README, Postfix lookup table overview
@@ Zeile 2723: / Zeile 2843: @@
 #
 # LICENSE
-#        The Secure Mailer license must be  distributed  with  this
+#        The  Secure  Mailer  license must be distributed with this
 #        software.
 #
@@ Zeile 2732: / Zeile 2852: @@
 #        Yorktown Heights, NY 10598, USA
 #
-#
+#        Wietse Venema
-</file>
+#        Google, Inc.
+#        111 8th Avenue
-Wie dies im Detail von Statten geht werden wir uns in einem separaten Schritt [[centos:mail_c7:mta_3?&#inhaltliche_pruefungen|Grundabsicherung von Postfix]] noch genauer ansehen. FIXME
+#        New York, NY 10011, USA
+#
+#                                                               HEADER_CHECKS(5)</file>
+Wie dies im Detail von Statten geht werden wir uns in einem separaten Schritt [[centos:mail_c7:mta_3?&#inhaltliche_pruefungen|Grundabsicherung von Postfix]] noch genauer ansehen.
 ===== Paketfilter / Firewall =====
 Damit fremde **MTA**s((**M**ail **T**ransfer **A**gent)) auf **[[centos:mail_c7:mta_1#smtpd|SMTP]]**-Port **25** und unsere Kunden mit deren **MUA**s((**M**ail **U**ser **A**gent)) auf dem **[[centos:mail_c7:mta_1#submission|Submission]]**-Port **587** ihre Nachrichten bei unserem Postfix-Mailserver einliefern können, müssen wir für diese noch Änderungen am Paketfilter **firewalld** vornehmen.
@@ Zeile 2761: / Zeile 2884: @@
      0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 ctstate NEW
 </code>
 ===== Systemstart =====
 ==== erster manueller Start ====
    # systemctl start postfix.service
@@ Zeile 2776: / Zeile 2898: @@
    # systemctl status postfix.service
-<code>postfix.service - Postfix Mail Transport Agent
-   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
+<html><pre class="code">
-   Active: active (running) since Fri 2014-10-10 22:41:26 CEST; 1min 11s ago
+<font style="color: rgb(0, 255, 0)"><b>● </b></font>postfix.service - Postfix Mail Transport Agent
-  Process: 30501 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
+   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
-  Process: 30517 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
+   Active: <font style="color: rgb(0, 255, 0)"><b>active (running)</b></font> since Sat 2019-01-26 21:41:21 CET; 12s ago
-  Process: 30515 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
+  Process: 14349 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
-  Process: 30513 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
+  Process: 14346 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
- Main PID: 30590 (master)
+  Process: 14341 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
+ Main PID: 14423 (master)
    CGroup: /system.slice/postfix.service
-           ├─30590 /usr/libexec/postfix/master -w
+           ├─14423 /usr/libexec/postfix/master -w
-           ├─30591 pickup -l -t unix -u
+           ├─14424 pickup -l -t unix -u
-           └─30592 qmgr -l -t unix -u
+           └─14425 qmgr -l -t unix -u
+Jan 26 21:41:20 vml000080.dmz.nausch.org systemd[1]: Starting Postfix Mail Transport Agent...
+Jan 26 21:41:21 vml000080.dmz.nausch.org postfix/postfix-script[14421]: starting the Postfix mail system
+Jan 26 21:41:21 vml000080.dmz.nausch.org postfix/master[14423]: daemon started -- version 3.3.2, configuration /etc/postfix
+Jan 26 21:41:21 vml000080.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent.</font>
+</pre>
+</html>
+Fragen wir nun mit Hilfe des Befehls ''**netstat -tulpen**'' die offenen Ports ab, sehen wir, dass der Port **25** auf beiden zur Verfügung stehenden Netzwerkinterfaces geöffnet wurden.
+   # netstat -tulpen
+<code>Active Internet connections (only servers)
+Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
+tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          48472      14423/master
+tcp6       0      0 ::1:25                  :::*                    LISTEN      0          48473      14423/master</code>
+Alternativ dazu können wr auch den Befehl ''**lsof**'' verwenden.
+   # lsof -i :25
+  COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
+  master  14423 root   13u  IPv4  48472      0t0  TCP localhost:smtp (LISTEN)
+  master  14423 root   14u  IPv6  48473      0t0  TCP localhost:smtp (LISTEN)
-Oct 10 22:41:25 vml000087.dmz.nausch.org systemd[1]: Starting Postfix Mail Transport Agent...
-Oct 10 22:41:26 vml000087.dmz.nausch.org postfix/master[30590]: daemon started -- version 2.11.1, configuration /etc/postfix
-Oct 10 22:41:26 vml000087.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent.
-</code>
 ==== automatischer Start beim Systemstart ====
@@ Zeile 2806: / Zeile 2947: @@
 ===== Systemtest =====
-Mit der minimalen Konfiguration unseres Postfix haben wir bereits einen lauffähigen **MTA**. Zum Testen  verwenden wir das programm **telnet**.
+Mit der minimalen Konfiguration unseres Postfix haben wir bereits einen lauffähigen **MTA**. Zum Testen verwenden wir das Programm **telnet**.
 Die Eingaben am testenden Client sind in der Farbe <html><font style="color: rgb(0, 0, 255)"><b>blau</b></font></html> und die Rückmeldungen unseres Dovecot-Servers in der Farbe <html><font style="color: rgb(66, 66, 66)"><b>hellgrau</b></font></html> gekennzeichnet. Die Ausgaben des Befehls **telnet** sind in der Farbe <html><font style="color: rgb(0, 0, 0)"><b>schwarz</b></font></html> eingefärbt.
@@ Zeile 2819: / Zeile 2961: @@
 <font style="color: rgb(0, 0, 255)">mail from:&lt;&gt;</font>
 <font style="color: rgb(66, 66, 66)">250 2.1.0 OK</font>
-<font style="color: rgb(0, 0, 255)">rcpt to:&lt;django@vml000087.dmz.nausch.org>&gt;</font>
+<font style="color: rgb(0, 0, 255)">rcpt to:&lt;django@vml000080.dmz.nausch.org>&gt;</font>
 <font style="color: rgb(66, 66, 66)">250 2.1.0 OK</font>
 <font style="color: rgb(0, 0, 255)">DATA</font>
@@ Zeile 2830: / Zeile 2972: @@
 test
 .</font>
-<font style="color: rgb(66, 66, 66)">250 2.0.0 Ok: queued as 5F251C00088</font>
+<font style="color: rgb(66, 66, 66)">250 2.0.0 Ok: queued as 5FFA5600088</font>
 <font style="color: rgb(0, 0, 255)">quit</font>
 <font style="color: rgb(66, 66, 66)">221 2.0.0 Bye</font>
@@ Zeile 2836: / Zeile 2978: @@
 </pre></html>
-Die Message-ID **5F251C00088** finden wir dann auch im Maillog wieder.
+Die Message-ID **5FFA5600088** finden wir dann auch im Maillog wieder.
    # tail -n7 /var/log/maillog
-   Oct 13 22:15:55 vml000087 postfix/smtpd[4304]: connect from localhost[::1]
+<code>Jan 26 22:03:03 vml000080.dmz.nausch.org postfix/smtpd[14470]: connect from localhost[::1]
-   Oct 13 22:16:34 vml000087 postfix/smtpd[4304]: 5F251C00088: client=localhost[::1]
+Jan 26 22:03:46 vml000080.dmz.nausch.org postfix/smtpd[14470]: 5FFA5600088: client=localhost[::1]
-   Oct 13 22:17:13 vml000087 postfix/cleanup[4308]: 5F251C00088: message-id=<20141013201634.5F251C00088@vml000087.dmz.nausch.org>
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/cleanup[14474]: 5FFA5600088: message-id=<20190126210346.5FFA5600088@vml000080.dmz.nausch.org>
-   Oct 13 22:17:13 vml000087 postfix/qmgr[2202]: 5F251C00088: from=<>, size=364, nrcpt=1 (queue active)
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/qmgr[14425]: 5FFA5600088: from=<>, size=363, nrcpt=1 (queue active)
-   Oct 13 22:17:13 vml000087 postfix/local[4309]: 5F251C00088: to=<django@vml000087.dmz.nausch.org>, relay=local, delay=63, delays=63/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/local[14475]: 5FFA5600088: to=<django@vml000080.dmz.nausch.org>, relay=local, delay=61, delays=60/0.02/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
-   Oct 13 22:17:13 vml000087 postfix/qmgr[2202]: 5F251C00088: removed
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/qmgr[14425]: 5FFA5600088: removed
-   Oct 13 22:17:16 vml000087 postfix/smtpd[4304]: disconnect from localhost[::1]
+Jan 26 22:04:23 vml000080.dmz.nausch.org postfix/smtpd[14470]: disconnect from localhost[::1] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5</code>
 Auf unserem Festplatten wurde die eMail auch entsprechend abgespeichert.
@@ Zeile 2856: / Zeile 2998: @@
    # cat /var/spool/mail/django
-<code>From MAILER-DAEMON  Mon Oct 13 22:17:13 2014
+<code>From MAILER-DAEMON  Sat Jan 26 22:04:20 2019
 Return-Path: <>
-X-Original-To: django@vml000087.dmz.nausch.org
+X-Original-To: django@vml000080.dmz.nausch.org
-Delivered-To: django@vml000087.dmz.nausch.org
+Delivered-To: django@vml000080.dmz.nausch.org
 Received: from foo (localhost [IPv6:::1])
-        by vml000087.dmz.nausch.org (Postfix) with SMTP id 5F251C00088
+	by vml000080.dmz.nausch.org (Postfix) with SMTP id 5FFA5600088
-        for <django@vml000087.dmz.nausch.org>; Mon, 13 Oct 2014 22:16:10 +0200 (CEST)
+	for <django@vml000080.dmz.nausch.org>; Sat, 26 Jan 2019 22:03:19 +0100 (CET)
 From: michael@nausch.org
 To: django@vml000087.dmz.nausch.org
 Subject: erste testmail
 Date: heute
-Message-Id: <20141013201634.5F251C00088@vml000087.dmz.nausch.org>
+Message-Id: <20190126210346.5FFA5600088@vml000080.dmz.nausch.org>
 test
@@ Zeile 2880: / Zeile 3022: @@
   * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**
-/* ~~AUTOTWEET:~~ */