/usr/share/doc/postfix/html/postconf.5.html is in postfix-doc 2.11.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379 3380 3381 3382 3383 3384 3385 3386 3387 3388 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465 3466 3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519 3520 3521 3522 3523 3524 3525 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537 3538 3539 3540 3541 3542 3543 3544 3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709 3710 3711 3712 3713 3714 3715 3716 3717 3718 3719 3720 3721 3722 3723 3724 3725 3726 3727 3728 3729 3730 3731 3732 3733 3734 3735 3736 3737 3738 3739 3740 3741 3742 3743 3744 3745 3746 3747 3748 3749 3750 3751 3752 3753 3754 3755 3756 3757 3758 3759 3760 3761 3762 3763 3764 3765 3766 3767 3768 3769 3770 3771 3772 3773 3774 3775 3776 3777 3778 3779 3780 3781 3782 3783 3784 3785 3786 3787 3788 3789 3790 3791 3792 3793 3794 3795 3796 3797 3798 3799 3800 3801 3802 3803 3804 3805 3806 3807 3808 3809 3810 3811 3812 3813 3814 3815 3816 3817 3818 3819 3820 3821 3822 3823 3824 3825 3826 3827 3828 3829 3830 3831 3832 3833 3834 3835 3836 3837 3838 3839 3840 3841 3842 3843 3844 3845 3846 3847 3848 3849 3850 3851 3852 3853 3854 3855 3856 3857 3858 3859 3860 3861 3862 3863 3864 3865 3866 3867 3868 3869 3870 3871 3872 3873 3874 3875 3876 3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 3901 3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 3919 3920 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936 3937 3938 3939 3940 3941 3942 3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988 3989 3990 3991 3992 3993 3994 3995 3996 3997 3998 3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 4011 4012 4013 4014 4015 4016 4017 4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 4031 4032 4033 4034 4035 4036 4037 4038 4039 4040 4041 4042 4043 4044 4045 4046 4047 4048 4049 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618 4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 4647 4648 4649 4650 4651 4652 4653 4654 4655 4656 4657 4658 4659 4660 4661 4662 4663 4664 4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 4760 4761 4762 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818 4819 4820 4821 4822 4823 4824 4825 4826 4827 4828 4829 4830 4831 4832 4833 4834 4835 4836 4837 4838 4839 4840 4841 4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 4855 4856 4857 4858 4859 4860 4861 4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873 4874 4875 4876 4877 4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888 4889 4890 4891 4892 4893 4894 4895 4896 4897 4898 4899 4900 4901 4902 4903 4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923 4924 4925 4926 4927 4928 4929 4930 4931 4932 4933 4934 4935 4936 4937 4938 4939 4940 4941 4942 4943 4944 4945 4946 4947 4948 4949 4950 4951 4952 4953 4954 4955 4956 4957 4958 4959 4960 4961 4962 4963 4964 4965 4966 4967 4968 4969 4970 4971 4972 4973 4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984 4985 4986 4987 4988 4989 4990 4991 4992 4993 4994 4995 4996 4997 4998 4999 5000 5001 5002 5003 5004 5005 5006 5007 5008 5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5026 5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 5037 5038 5039 5040 5041 5042 5043 5044 5045 5046 5047 5048 5049 5050 5051 5052 5053 5054 5055 5056 5057 5058 5059 5060 5061 5062 5063 5064 5065 5066 5067 5068 5069 5070 5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 5082 5083 5084 5085 5086 5087 5088 5089 5090 5091 5092 5093 5094 5095 5096 5097 5098 5099 5100 5101 5102 5103 5104 5105 5106 5107 5108 5109 5110 5111 5112 5113 5114 5115 5116 5117 5118 5119 5120 5121 5122 5123 5124 5125 5126 5127 5128 5129 5130 5131 5132 5133 5134 5135 5136 5137 5138 5139 5140 5141 5142 5143 5144 5145 5146 5147 5148 5149 5150 5151 5152 5153 5154 5155 5156 5157 5158 5159 5160 5161 5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 5202 5203 5204 5205 5206 5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227 5228 5229 5230 5231 5232 5233 5234 5235 5236 5237 5238 5239 5240 5241 5242 5243 5244 5245 5246 5247 5248 5249 5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264 5265 5266 5267 5268 5269 5270 5271 5272 5273 5274 5275 5276 5277 5278 5279 5280 5281 5282 5283 5284 5285 5286 5287 5288 5289 5290 5291 5292 5293 5294 5295 5296 5297 5298 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308 5309 5310 5311 5312 5313 5314 5315 5316 5317 5318 5319 5320 5321 5322 5323 5324 5325 5326 5327 5328 5329 5330 5331 5332 5333 5334 5335 5336 5337 5338 5339 5340 5341 5342 5343 5344 5345 5346 5347 5348 5349 5350 5351 5352 5353 5354 5355 5356 5357 5358 5359 5360 5361 5362 5363 5364 5365 5366 5367 5368 5369 5370 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395 5396 5397 5398 5399 5400 5401 5402 5403 5404 5405 5406 5407 5408 5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419 5420 5421 5422 5423 5424 5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 5444 5445 5446 5447 5448 5449 5450 5451 5452 5453 5454 5455 5456 5457 5458 5459 5460 5461 5462 5463 5464 5465 5466 5467 5468 5469 5470 5471 5472 5473 5474 5475 5476 5477 5478 5479 5480 5481 5482 5483 5484 5485 5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511 5512 5513 5514 5515 5516 5517 5518 5519 5520 5521 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 5532 5533 5534 5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 5554 5555 5556 5557 5558 5559 5560 5561 5562 5563 5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576 5577 5578 5579 5580 5581 5582 5583 5584 5585 5586 5587 5588 5589 5590 5591 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 5603 5604 5605 5606 5607 5608 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 5620 5621 5622 5623 5624 5625 5626 5627 5628 5629 5630 5631 5632 5633 5634 5635 5636 5637 5638 5639 5640 5641 5642 5643 5644 5645 5646 5647 5648 5649 5650 5651 5652 5653 5654 5655 5656 5657 5658 5659 5660 5661 5662 5663 5664 5665 5666 5667 5668 5669 5670 5671 5672 5673 5674 5675 5676 5677 5678 5679 5680 5681 5682 5683 5684 5685 5686 5687 5688 5689 5690 5691 5692 5693 5694 5695 5696 5697 5698 5699 5700 5701 5702 5703 5704 5705 5706 5707 5708 5709 5710 5711 5712 5713 5714 5715 5716 5717 5718 5719 5720 5721 5722 5723 5724 5725 5726 5727 5728 5729 5730 5731 5732 5733 5734 5735 5736 5737 5738 5739 5740 5741 5742 5743 5744 5745 5746 5747 5748 5749 5750 5751 5752 5753 5754 5755 5756 5757 5758 5759 5760 5761 5762 5763 5764 5765 5766 5767 5768 5769 5770 5771 5772 5773 5774 5775 5776 5777 5778 5779 5780 5781 5782 5783 5784 5785 5786 5787 5788 5789 5790 5791 5792 5793 5794 5795 5796 5797 5798 5799 5800 5801 5802 5803 5804 5805 5806 5807 5808 5809 5810 5811 5812 5813 5814 5815 5816 5817 5818 5819 5820 5821 5822 5823 5824 5825 5826 5827 5828 5829 5830 5831 5832 5833 5834 5835 5836 5837 5838 5839 5840 5841 5842 5843 5844 5845 5846 5847 5848 5849 5850 5851 5852 5853 5854 5855 5856 5857 5858 5859 5860 5861 5862 5863 5864 5865 5866 5867 5868 5869 5870 5871 5872 5873 5874 5875 5876 5877 5878 5879 5880 5881 5882 5883 5884 5885 5886 5887 5888 5889 5890 5891 5892 5893 5894 5895 5896 5897 5898 5899 5900 5901 5902 5903 5904 5905 5906 5907 5908 5909 5910 5911 5912 5913 5914 5915 5916 5917 5918 5919 5920 5921 5922 5923 5924 5925 5926 5927 5928 5929 5930 5931 5932 5933 5934 5935 5936 5937 5938 5939 5940 5941 5942 5943 5944 5945 5946 5947 5948 5949 5950 5951 5952 5953 5954 5955 5956 5957 5958 5959 5960 5961 5962 5963 5964 5965 5966 5967 5968 5969 5970 5971 5972 5973 5974 5975 5976 5977 5978 5979 5980 5981 5982 5983 5984 5985 5986 5987 5988 5989 5990 5991 5992 5993 5994 5995 5996 5997 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6008 6009 6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 6034 6035 6036 6037 6038 6039 6040 6041 6042 6043 6044 6045 6046 6047 6048 6049 6050 6051 6052 6053 6054 6055 6056 6057 6058 6059 6060 6061 6062 6063 6064 6065 6066 6067 6068 6069 6070 6071 6072 6073 6074 6075 6076 6077 6078 6079 6080 6081 6082 6083 6084 6085 6086 6087 6088 6089 6090 6091 6092 6093 6094 6095 6096 6097 6098 6099 6100 6101 6102 6103 6104 6105 6106 6107 6108 6109 6110 6111 6112 6113 6114 6115 6116 6117 6118 6119 6120 6121 6122 6123 6124 6125 6126 6127 6128 6129 6130 6131 6132 6133 6134 6135 6136 6137 6138 6139 6140 6141 6142 6143 6144 6145 6146 6147 6148 6149 6150 6151 6152 6153 6154 6155 6156 6157 6158 6159 6160 6161 6162 6163 6164 6165 6166 6167 6168 6169 6170 6171 6172 6173 6174 6175 6176 6177 6178 6179 6180 6181 6182 6183 6184 6185 6186 6187 6188 6189 6190 6191 6192 6193 6194 6195 6196 6197 6198 6199 6200 6201 6202 6203 6204 6205 6206 6207 6208 6209 6210 6211 6212 6213 6214 6215 6216 6217 6218 6219 6220 6221 6222 6223 6224 6225 6226 6227 6228 6229 6230 6231 6232 6233 6234 6235 6236 6237 6238 6239 6240 6241 6242 6243 6244 6245 6246 6247 6248 6249 6250 6251 6252 6253 6254 6255 6256 6257 6258 6259 6260 6261 6262 6263 6264 6265 6266 6267 6268 6269 6270 6271 6272 6273 6274 6275 6276 6277 6278 6279 6280 6281 6282 6283 6284 6285 6286 6287 6288 6289 6290 6291 6292 6293 6294 6295 6296 6297 6298 6299 6300 6301 6302 6303 6304 6305 6306 6307 6308 6309 6310 6311 6312 6313 6314 6315 6316 6317 6318 6319 6320 6321 6322 6323 6324 6325 6326 6327 6328 6329 6330 6331 6332 6333 6334 6335 6336 6337 6338 6339 6340 6341 6342 6343 6344 6345 6346 6347 6348 6349 6350 6351 6352 6353 6354 6355 6356 6357 6358 6359 6360 6361 6362 6363 6364 6365 6366 6367 6368 6369 6370 6371 6372 6373 6374 6375 6376 6377 6378 6379 6380 6381 6382 6383 6384 6385 6386 6387 6388 6389 6390 6391 6392 6393 6394 6395 6396 6397 6398 6399 6400 6401 6402 6403 6404 6405 6406 6407 6408 6409 6410 6411 6412 6413 6414 6415 6416 6417 6418 6419 6420 6421 6422 6423 6424 6425 6426 6427 6428 6429 6430 6431 6432 6433 6434 6435 6436 6437 6438 6439 6440 6441 6442 6443 6444 6445 6446 6447 6448 6449 6450 6451 6452 6453 6454 6455 6456 6457 6458 6459 6460 6461 6462 6463 6464 6465 6466 6467 6468 6469 6470 6471 6472 6473 6474 6475 6476 6477 6478 6479 6480 6481 6482 6483 6484 6485 6486 6487 6488 6489 6490 6491 6492 6493 6494 6495 6496 6497 6498 6499 6500 6501 6502 6503 6504 6505 6506 6507 6508 6509 6510 6511 6512 6513 6514 6515 6516 6517 6518 6519 6520 6521 6522 6523 6524 6525 6526 6527 6528 6529 6530 6531 6532 6533 6534 6535 6536 6537 6538 6539 6540 6541 6542 6543 6544 6545 6546 6547 6548 6549 6550 6551 6552 6553 6554 6555 6556 6557 6558 6559 6560 6561 6562 6563 6564 6565 6566 6567 6568 6569 6570 6571 6572 6573 6574 6575 6576 6577 6578 6579 6580 6581 6582 6583 6584 6585 6586 6587 6588 6589 6590 6591 6592 6593 6594 6595 6596 6597 6598 6599 6600 6601 6602 6603 6604 6605 6606 6607 6608 6609 6610 6611 6612 6613 6614 6615 6616 6617 6618 6619 6620 6621 6622 6623 6624 6625 6626 6627 6628 6629 6630 6631 6632 6633 6634 6635 6636 6637 6638 6639 6640 6641 6642 6643 6644 6645 6646 6647 6648 6649 6650 6651 6652 6653 6654 6655 6656 6657 6658 6659 6660 6661 6662 6663 6664 6665 6666 6667 6668 6669 6670 6671 6672 6673 6674 6675 6676 6677 6678 6679 6680 6681 6682 6683 6684 6685 6686 6687 6688 6689 6690 6691 6692 6693 6694 6695 6696 6697 6698 6699 6700 6701 6702 6703 6704 6705 6706 6707 6708 6709 6710 6711 6712 6713 6714 6715 6716 6717 6718 6719 6720 6721 6722 6723 6724 6725 6726 6727 6728 6729 6730 6731 6732 6733 6734 6735 6736 6737 6738 6739 6740 6741 6742 6743 6744 6745 6746 6747 6748 6749 6750 6751 6752 6753 6754 6755 6756 6757 6758 6759 6760 6761 6762 6763 6764 6765 6766 6767 6768 6769 6770 6771 6772 6773 6774 6775 6776 6777 6778 6779 6780 6781 6782 6783 6784 6785 6786 6787 6788 6789 6790 6791 6792 6793 6794 6795 6796 6797 6798 6799 6800 6801 6802 6803 6804 6805 6806 6807 6808 6809 6810 6811 6812 6813 6814 6815 6816 6817 6818 6819 6820 6821 6822 6823 6824 6825 6826 6827 6828 6829 6830 6831 6832 6833 6834 6835 6836 6837 6838 6839 6840 6841 6842 6843 6844 6845 6846 6847 6848 6849 6850 6851 6852 6853 6854 6855 6856 6857 6858 6859 6860 6861 6862 6863 6864 6865 6866 6867 6868 6869 6870 6871 6872 6873 6874 6875 6876 6877 6878 6879 6880 6881 6882 6883 6884 6885 6886 6887 6888 6889 6890 6891 6892 6893 6894 6895 6896 6897 6898 6899 6900 6901 6902 6903 6904 6905 6906 6907 6908 6909 6910 6911 6912 6913 6914 6915 6916 6917 6918 6919 6920 6921 6922 6923 6924 6925 6926 6927 6928 6929 6930 6931 6932 6933 6934 6935 6936 6937 6938 6939 6940 6941 6942 6943 6944 6945 6946 6947 6948 6949 6950 6951 6952 6953 6954 6955 6956 6957 6958 6959 6960 6961 6962 6963 6964 6965 6966 6967 6968 6969 6970 6971 6972 6973 6974 6975 6976 6977 6978 6979 6980 6981 6982 6983 6984 6985 6986 6987 6988 6989 6990 6991 6992 6993 6994 6995 6996 6997 6998 6999 7000 7001 7002 7003 7004 7005 7006 7007 7008 7009 7010 7011 7012 7013 7014 7015 7016 7017 7018 7019 7020 7021 7022 7023 7024 7025 7026 7027 7028 7029 7030 7031 7032 7033 7034 7035 7036 7037 7038 7039 7040 7041 7042 7043 7044 7045 7046 7047 7048 7049 7050 7051 7052 7053 7054 7055 7056 7057 7058 7059 7060 7061 7062 7063 7064 7065 7066 7067 7068 7069 7070 7071 7072 7073 7074 7075 7076 7077 7078 7079 7080 7081 7082 7083 7084 7085 7086 7087 7088 7089 7090 7091 7092 7093 7094 7095 7096 7097 7098 7099 7100 7101 7102 7103 7104 7105 7106 7107 7108 7109 7110 7111 7112 7113 7114 7115 7116 7117 7118 7119 7120 7121 7122 7123 7124 7125 7126 7127 7128 7129 7130 7131 7132 7133 7134 7135 7136 7137 7138 7139 7140 7141 7142 7143 7144 7145 7146 7147 7148 7149 7150 7151 7152 7153 7154 7155 7156 7157 7158 7159 7160 7161 7162 7163 7164 7165 7166 7167 7168 7169 7170 7171 7172 7173 7174 7175 7176 7177 7178 7179 7180 7181 7182 7183 7184 7185 7186 7187 7188 7189 7190 7191 7192 7193 7194 7195 7196 7197 7198 7199 7200 7201 7202 7203 7204 7205 7206 7207 7208 7209 7210 7211 7212 7213 7214 7215 7216 7217 7218 7219 7220 7221 7222 7223 7224 7225 7226 7227 7228 7229 7230 7231 7232 7233 7234 7235 7236 7237 7238 7239 7240 7241 7242 7243 7244 7245 7246 7247 7248 7249 7250 7251 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 7262 7263 7264 7265 7266 7267 7268 7269 7270 7271 7272 7273 7274 7275 7276 7277 7278 7279 7280 7281 7282 7283 7284 7285 7286 7287 7288 7289 7290 7291 7292 7293 7294 7295 7296 7297 7298 7299 7300 7301 7302 7303 7304 7305 7306 7307 7308 7309 7310 7311 7312 7313 7314 7315 7316 7317 7318 7319 7320 7321 7322 7323 7324 7325 7326 7327 7328 7329 7330 7331 7332 7333 7334 7335 7336 7337 7338 7339 7340 7341 7342 7343 7344 7345 7346 7347 7348 7349 7350 7351 7352 7353 7354 7355 7356 7357 7358 7359 7360 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 7383 7384 7385 7386 7387 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 7436 7437 7438 7439 7440 7441 7442 7443 7444 7445 7446 7447 7448 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 7463 7464 7465 7466 7467 7468 7469 7470 7471 7472 7473 7474 7475 7476 7477 7478 7479 7480 7481 7482 7483 7484 7485 7486 7487 7488 7489 7490 7491 7492 7493 7494 7495 7496 7497 7498 7499 7500 7501 7502 7503 7504 7505 7506 7507 7508 7509 7510 7511 7512 7513 7514 7515 7516 7517 7518 7519 7520 7521 7522 7523 7524 7525 7526 7527 7528 7529 7530 7531 7532 7533 7534 7535 7536 7537 7538 7539 7540 7541 7542 7543 7544 7545 7546 7547 7548 7549 7550 7551 7552 7553 7554 7555 7556 7557 7558 7559 7560 7561 7562 7563 7564 7565 7566 7567 7568 7569 7570 7571 7572 7573 7574 7575 7576 7577 7578 7579 7580 7581 7582 7583 7584 7585 7586 7587 7588 7589 7590 7591 7592 7593 7594 7595 7596 7597 7598 7599 7600 7601 7602 7603 7604 7605 7606 7607 7608 7609 7610 7611 7612 7613 7614 7615 7616 7617 7618 7619 7620 7621 7622 7623 7624 7625 7626 7627 7628 7629 7630 7631 7632 7633 7634 7635 7636 7637 7638 7639 7640 7641 7642 7643 7644 7645 7646 7647 7648 7649 7650 7651 7652 7653 7654 7655 7656 7657 7658 7659 7660 7661 7662 7663 7664 7665 7666 7667 7668 7669 7670 7671 7672 7673 7674 7675 7676 7677 7678 7679 7680 7681 7682 7683 7684 7685 7686 7687 7688 7689 7690 7691 7692 7693 7694 7695 7696 7697 7698 7699 7700 7701 7702 7703 7704 7705 7706 7707 7708 7709 7710 7711 7712 7713 7714 7715 7716 7717 7718 7719 7720 7721 7722 7723 7724 7725 7726 7727 7728 7729 7730 7731 7732 7733 7734 7735 7736 7737 7738 7739 7740 7741 7742 7743 7744 7745 7746 7747 7748 7749 7750 7751 7752 7753 7754 7755 7756 7757 7758 7759 7760 7761 7762 7763 7764 7765 7766 7767 7768 7769 7770 7771 7772 7773 7774 7775 7776 7777 7778 7779 7780 7781 7782 7783 7784 7785 7786 7787 7788 7789 7790 7791 7792 7793 7794 7795 7796 7797 7798 7799 7800 7801 7802 7803 7804 7805 7806 7807 7808 7809 7810 7811 7812 7813 7814 7815 7816 7817 7818 7819 7820 7821 7822 7823 7824 7825 7826 7827 7828 7829 7830 7831 7832 7833 7834 7835 7836 7837 7838 7839 7840 7841 7842 7843 7844 7845 7846 7847 7848 7849 7850 7851 7852 7853 7854 7855 7856 7857 7858 7859 7860 7861 7862 7863 7864 7865 7866 7867 7868 7869 7870 7871 7872 7873 7874 7875 7876 7877 7878 7879 7880 7881 7882 7883 7884 7885 7886 7887 7888 7889 7890 7891 7892 7893 7894 7895 7896 7897 7898 7899 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 7921 7922 7923 7924 7925 7926 7927 7928 7929 7930 7931 7932 7933 7934 7935 7936 7937 7938 7939 7940 7941 7942 7943 7944 7945 7946 7947 7948 7949 7950 7951 7952 7953 7954 7955 7956 7957 7958 7959 7960 7961 7962 7963 7964 7965 7966 7967 7968 7969 7970 7971 7972 7973 7974 7975 7976 7977 7978 7979 7980 7981 7982 7983 7984 7985 7986 7987 7988 7989 7990 7991 7992 7993 7994 7995 7996 7997 7998 7999 8000 8001 8002 8003 8004 8005 8006 8007 8008 8009 8010 8011 8012 8013 8014 8015 8016 8017 8018 8019 8020 8021 8022 8023 8024 8025 8026 8027 8028 8029 8030 8031 8032 8033 8034 8035 8036 8037 8038 8039 8040 8041 8042 8043 8044 8045 8046 8047 8048 8049 8050 8051 8052 8053 8054 8055 8056 8057 8058 8059 8060 8061 8062 8063 8064 8065 8066 8067 8068 8069 8070 8071 8072 8073 8074 8075 8076 8077 8078 8079 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089 8090 8091 8092 8093 8094 8095 8096 8097 8098 8099 8100 8101 8102 8103 8104 8105 8106 8107 8108 8109 8110 8111 8112 8113 8114 8115 8116 8117 8118 8119 8120 8121 8122 8123 8124 8125 8126 8127 8128 8129 8130 8131 8132 8133 8134 8135 8136 8137 8138 8139 8140 8141 8142 8143 8144 8145 8146 8147 8148 8149 8150 8151 8152 8153 8154 8155 8156 8157 8158 8159 8160 8161 8162 8163 8164 8165 8166 8167 8168 8169 8170 8171 8172 8173 8174 8175 8176 8177 8178 8179 8180 8181 8182 8183 8184 8185 8186 8187 8188 8189 8190 8191 8192 8193 8194 8195 8196 8197 8198 8199 8200 8201 8202 8203 8204 8205 8206 8207 8208 8209 8210 8211 8212 8213 8214 8215 8216 8217 8218 8219 8220 8221 8222 8223 8224 8225 8226 8227 8228 8229 8230 8231 8232 8233 8234 8235 8236 8237 8238 8239 8240 8241 8242 8243 8244 8245 8246 8247 8248 8249 8250 8251 8252 8253 8254 8255 8256 8257 8258 8259 8260 8261 8262 8263 8264 8265 8266 8267 8268 8269 8270 8271 8272 8273 8274 8275 8276 8277 8278 8279 8280 8281 8282 8283 8284 8285 8286 8287 8288 8289 8290 8291 8292 8293 8294 8295 8296 8297 8298 8299 8300 8301 8302 8303 8304 8305 8306 8307 8308 8309 8310 8311 8312 8313 8314 8315 8316 8317 8318 8319 8320 8321 8322 8323 8324 8325 8326 8327 8328 8329 8330 8331 8332 8333 8334 8335 8336 8337 8338 8339 8340 8341 8342 8343 8344 8345 8346 8347 8348 8349 8350 8351 8352 8353 8354 8355 8356 8357 8358 8359 8360 8361 8362 8363 8364 8365 8366 8367 8368 8369 8370 8371 8372 8373 8374 8375 8376 8377 8378 8379 8380 8381 8382 8383 8384 8385 8386 8387 8388 8389 8390 8391 8392 8393 8394 8395 8396 8397 8398 8399 8400 8401 8402 8403 8404 8405 8406 8407 8408 8409 8410 8411 8412 8413 8414 8415 8416 8417 8418 8419 8420 8421 8422 8423 8424 8425 8426 8427 8428 8429 8430 8431 8432 8433 8434 8435 8436 8437 8438 8439 8440 8441 8442 8443 8444 8445 8446 8447 8448 8449 8450 8451 8452 8453 8454 8455 8456 8457 8458 8459 8460 8461 8462 8463 8464 8465 8466 8467 8468 8469 8470 8471 8472 8473 8474 8475 8476 8477 8478 8479 8480 8481 8482 8483 8484 8485 8486 8487 8488 8489 8490 8491 8492 8493 8494 8495 8496 8497 8498 8499 8500 8501 8502 8503 8504 8505 8506 8507 8508 8509 8510 8511 8512 8513 8514 8515 8516 8517 8518 8519 8520 8521 8522 8523 8524 8525 8526 8527 8528 8529 8530 8531 8532 8533 8534 8535 8536 8537 8538 8539 8540 8541 8542 8543 8544 8545 8546 8547 8548 8549 8550 8551 8552 8553 8554 8555 8556 8557 8558 8559 8560 8561 8562 8563 8564 8565 8566 8567 8568 8569 8570 8571 8572 8573 8574 8575 8576 8577 8578 8579 8580 8581 8582 8583 8584 8585 8586 8587 8588 8589 8590 8591 8592 8593 8594 8595 8596 8597 8598 8599 8600 8601 8602 8603 8604 8605 8606 8607 8608 8609 8610 8611 8612 8613 8614 8615 8616 8617 8618 8619 8620 8621 8622 8623 8624 8625 8626 8627 8628 8629 8630 8631 8632 8633 8634 8635 8636 8637 8638 8639 8640 8641 8642 8643 8644 8645 8646 8647 8648 8649 8650 8651 8652 8653 8654 8655 8656 8657 8658 8659 8660 8661 8662 8663 8664 8665 8666 8667 8668 8669 8670 8671 8672 8673 8674 8675 8676 8677 8678 8679 8680 8681 8682 8683 8684 8685 8686 8687 8688 8689 8690 8691 8692 8693 8694 8695 8696 8697 8698 8699 8700 8701 8702 8703 8704 8705 8706 8707 8708 8709 8710 8711 8712 8713 8714 8715 8716 8717 8718 8719 8720 8721 8722 8723 8724 8725 8726 8727 8728 8729 8730 8731 8732 8733 8734 8735 8736 8737 8738 8739 8740 8741 8742 8743 8744 8745 8746 8747 8748 8749 8750 8751 8752 8753 8754 8755 8756 8757 8758 8759 8760 8761 8762 8763 8764 8765 8766 8767 8768 8769 8770 8771 8772 8773 8774 8775 8776 8777 8778 8779 8780 8781 8782 8783 8784 8785 8786 8787 8788 8789 8790 8791 8792 8793 8794 8795 8796 8797 8798 8799 8800 8801 8802 8803 8804 8805 8806 8807 8808 8809 8810 8811 8812 8813 8814 8815 8816 8817 8818 8819 8820 8821 8822 8823 8824 8825 8826 8827 8828 8829 8830 8831 8832 8833 8834 8835 8836 8837 8838 8839 8840 8841 8842 8843 8844 8845 8846 8847 8848 8849 8850 8851 8852 8853 8854 8855 8856 8857 8858 8859 8860 8861 8862 8863 8864 8865 8866 8867 8868 8869 8870 8871 8872 8873 8874 8875 8876 8877 8878 8879 8880 8881 8882 8883 8884 8885 8886 8887 8888 8889 8890 8891 8892 8893 8894 8895 8896 8897 8898 8899 8900 8901 8902 8903 8904 8905 8906 8907 8908 8909 8910 8911 8912 8913 8914 8915 8916 8917 8918 8919 8920 8921 8922 8923 8924 8925 8926 8927 8928 8929 8930 8931 8932 8933 8934 8935 8936 8937 8938 8939 8940 8941 8942 8943 8944 8945 8946 8947 8948 8949 8950 8951 8952 8953 8954 8955 8956 8957 8958 8959 8960 8961 8962 8963 8964 8965 8966 8967 8968 8969 8970 8971 8972 8973 8974 8975 8976 8977 8978 8979 8980 8981 8982 8983 8984 8985 8986 8987 8988 8989 8990 8991 8992 8993 8994 8995 8996 8997 8998 8999 9000 9001 9002 9003 9004 9005 9006 9007 9008 9009 9010 9011 9012 9013 9014 9015 9016 9017 9018 9019 9020 9021 9022 9023 9024 9025 9026 9027 9028 9029 9030 9031 9032 9033 9034 9035 9036 9037 9038 9039 9040 9041 9042 9043 9044 9045 9046 9047 9048 9049 9050 9051 9052 9053 9054 9055 9056 9057 9058 9059 9060 9061 9062 9063 9064 9065 9066 9067 9068 9069 9070 9071 9072 9073 9074 9075 9076 9077 9078 9079 9080 9081 9082 9083 9084 9085 9086 9087 9088 9089 9090 9091 9092 9093 9094 9095 9096 9097 9098 9099 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109 9110 9111 9112 9113 9114 9115 9116 9117 9118 9119 9120 9121 9122 9123 9124 9125 9126 9127 9128 9129 9130 9131 9132 9133 9134 9135 9136 9137 9138 9139 9140 9141 9142 9143 9144 9145 9146 9147 9148 9149 9150 9151 9152 9153 9154 9155 9156 9157 9158 9159 9160 9161 9162 9163 9164 9165 9166 9167 9168 9169 9170 9171 9172 9173 9174 9175 9176 9177 9178 9179 9180 9181 9182 9183 9184 9185 9186 9187 9188 9189 9190 9191 9192 9193 9194 9195 9196 9197 9198 9199 9200 9201 9202 9203 9204 9205 9206 9207 9208 9209 9210 9211 9212 9213 9214 9215 9216 9217 9218 9219 9220 9221 9222 9223 9224 9225 9226 9227 9228 9229 9230 9231 9232 9233 9234 9235 9236 9237 9238 9239 9240 9241 9242 9243 9244 9245 9246 9247 9248 9249 9250 9251 9252 9253 9254 9255 9256 9257 9258 9259 9260 9261 9262 9263 9264 9265 9266 9267 9268 9269 9270 9271 9272 9273 9274 9275 9276 9277 9278 9279 9280 9281 9282 9283 9284 9285 9286 9287 9288 9289 9290 9291 9292 9293 9294 9295 9296 9297 9298 9299 9300 9301 9302 9303 9304 9305 9306 9307 9308 9309 9310 9311 9312 9313 9314 9315 9316 9317 9318 9319 9320 9321 9322 9323 9324 9325 9326 9327 9328 9329 9330 9331 9332 9333 9334 9335 9336 9337 9338 9339 9340 9341 9342 9343 9344 9345 9346 9347 9348 9349 9350 9351 9352 9353 9354 9355 9356 9357 9358 9359 9360 9361 9362 9363 9364 9365 9366 9367 9368 9369 9370 9371 9372 9373 9374 9375 9376 9377 9378 9379 9380 9381 9382 9383 9384 9385 9386 9387 9388 9389 9390 9391 9392 9393 9394 9395 9396 9397 9398 9399 9400 9401 9402 9403 9404 9405 9406 9407 9408 9409 9410 9411 9412 9413 9414 9415 9416 9417 9418 9419 9420 9421 9422 9423 9424 9425 9426 9427 9428 9429 9430 9431 9432 9433 9434 9435 9436 9437 9438 9439 9440 9441 9442 9443 9444 9445 9446 9447 9448 9449 9450 9451 9452 9453 9454 9455 9456 9457 9458 9459 9460 9461 9462 9463 9464 9465 9466 9467 9468 9469 9470 9471 9472 9473 9474 9475 9476 9477 9478 9479 9480 9481 9482 9483 9484 9485 9486 9487 9488 9489 9490 9491 9492 9493 9494 9495 9496 9497 9498 9499 9500 9501 9502 9503 9504 9505 9506 9507 9508 9509 9510 9511 9512 9513 9514 9515 9516 9517 9518 9519 9520 9521 9522 9523 9524 9525 9526 9527 9528 9529 9530 9531 9532 9533 9534 9535 9536 9537 9538 9539 9540 9541 9542 9543 9544 9545 9546 9547 9548 9549 9550 9551 9552 9553 9554 9555 9556 9557 9558 9559 9560 9561 9562 9563 9564 9565 9566 9567 9568 9569 9570 9571 9572 9573 9574 9575 9576 9577 9578 9579 9580 9581 9582 9583 9584 9585 9586 9587 9588 9589 9590 9591 9592 9593 9594 9595 9596 9597 9598 9599 9600 9601 9602 9603 9604 9605 9606 9607 9608 9609 9610 9611 9612 9613 9614 9615 9616 9617 9618 9619 9620 9621 9622 9623 9624 9625 9626 9627 9628 9629 9630 9631 9632 9633 9634 9635 9636 9637 9638 9639 9640 9641 9642 9643 9644 9645 9646 9647 9648 9649 9650 9651 9652 9653 9654 9655 9656 9657 9658 9659 9660 9661 9662 9663 9664 9665 9666 9667 9668 9669 9670 9671 9672 9673 9674 9675 9676 9677 9678 9679 9680 9681 9682 9683 9684 9685 9686 9687 9688 9689 9690 9691 9692 9693 9694 9695 9696 9697 9698 9699 9700 9701 9702 9703 9704 9705 9706 9707 9708 9709 9710 9711 9712 9713 9714 9715 9716 9717 9718 9719 9720 9721 9722 9723 9724 9725 9726 9727 9728 9729 9730 9731 9732 9733 9734 9735 9736 9737 9738 9739 9740 9741 9742 9743 9744 9745 9746 9747 9748 9749 9750 9751 9752 9753 9754 9755 9756 9757 9758 9759 9760 9761 9762 9763 9764 9765 9766 9767 9768 9769 9770 9771 9772 9773 9774 9775 9776 9777 9778 9779 9780 9781 9782 9783 9784 9785 9786 9787 9788 9789 9790 9791 9792 9793 9794 9795 9796 9797 9798 9799 9800 9801 9802 9803 9804 9805 9806 9807 9808 9809 9810 9811 9812 9813 9814 9815 9816 9817 9818 9819 9820 9821 9822 9823 9824 9825 9826 9827 9828 9829 9830 9831 9832 9833 9834 9835 9836 9837 9838 9839 9840 9841 9842 9843 9844 9845 9846 9847 9848 9849 9850 9851 9852 9853 9854 9855 9856 9857 9858 9859 9860 9861 9862 9863 9864 9865 9866 9867 9868 9869 9870 9871 9872 9873 9874 9875 9876 9877 9878 9879 9880 9881 9882 9883 9884 9885 9886 9887 9888 9889 9890 9891 9892 9893 9894 9895 9896 9897 9898 9899 9900 9901 9902 9903 9904 9905 9906 9907 9908 9909 9910 9911 9912 9913 9914 9915 9916 9917 9918 9919 9920 9921 9922 9923 9924 9925 9926 9927 9928 9929 9930 9931 9932 9933 9934 9935 9936 9937 9938 9939 9940 9941 9942 9943 9944 9945 9946 9947 9948 9949 9950 9951 9952 9953 9954 9955 9956 9957 9958 9959 9960 9961 9962 9963 9964 9965 9966 9967 9968 9969 9970 9971 9972 9973 9974 9975 9976 9977 9978 9979 9980 9981 9982 9983 9984 9985 9986 9987 9988 9989 9990 9991 9992 9993 9994 9995 9996 9997 9998 9999 10000 10001 10002 10003 10004 10005 10006 10007 10008 10009 10010 10011 10012 10013 10014 10015 10016 10017 10018 10019 10020 10021 10022 10023 10024 10025 10026 10027 10028 10029 10030 10031 10032 10033 10034 10035 10036 10037 10038 10039 10040 10041 10042 10043 10044 10045 10046 10047 10048 10049 10050 10051 10052 10053 10054 10055 10056 10057 10058 10059 10060 10061 10062 10063 10064 10065 10066 10067 10068 10069 10070 10071 10072 10073 10074 10075 10076 10077 10078 10079 10080 10081 10082 10083 10084 10085 10086 10087 10088 10089 10090 10091 10092 10093 10094 10095 10096 10097 10098 10099 10100 10101 10102 10103 10104 10105 10106 10107 10108 10109 10110 10111 10112 10113 10114 10115 10116 10117 10118 10119 10120 10121 10122 10123 10124 10125 10126 10127 10128 10129 10130 10131 10132 10133 10134 10135 10136 10137 10138 10139 10140 10141 10142 10143 10144 10145 10146 10147 10148 10149 10150 10151 10152 10153 10154 10155 10156 10157 10158 10159 10160 10161 10162 10163 10164 10165 10166 10167 10168 10169 10170 10171 10172 10173 10174 10175 10176 10177 10178 10179 10180 10181 10182 10183 10184 10185 10186 10187 10188 10189 10190 10191 10192 10193 10194 10195 10196 10197 10198 10199 10200 10201 10202 10203 10204 10205 10206 10207 10208 10209 10210 10211 10212 10213 10214 10215 10216 10217 10218 10219 10220 10221 10222 10223 10224 10225 10226 10227 10228 10229 10230 10231 10232 10233 10234 10235 10236 10237 10238 10239 10240 10241 10242 10243 10244 10245 10246 10247 10248 10249 10250 10251 10252 10253 10254 10255 10256 10257 10258 10259 10260 10261 10262 10263 10264 10265 10266 10267 10268 10269 10270 10271 10272 10273 10274 10275 10276 10277 10278 10279 10280 10281 10282 10283 10284 10285 10286 10287 10288 10289 10290 10291 10292 10293 10294 10295 10296 10297 10298 10299 10300 10301 10302 10303 10304 10305 10306 10307 10308 10309 10310 10311 10312 10313 10314 10315 10316 10317 10318 10319 10320 10321 10322 10323 10324 10325 10326 10327 10328 10329 10330 10331 10332 10333 10334 10335 10336 10337 10338 10339 10340 10341 10342 10343 10344 10345 10346 10347 10348 10349 10350 10351 10352 10353 10354 10355 10356 10357 10358 10359 10360 10361 10362 10363 10364 10365 10366 10367 10368 10369 10370 10371 10372 10373 10374 10375 10376 10377 10378 10379 10380 10381 10382 10383 10384 10385 10386 10387 10388 10389 10390 10391 10392 10393 10394 10395 10396 10397 10398 10399 10400 10401 10402 10403 10404 10405 10406 10407 10408 10409 10410 10411 10412 10413 10414 10415 10416 10417 10418 10419 10420 10421 10422 10423 10424 10425 10426 10427 10428 10429 10430 10431 10432 10433 10434 10435 10436 10437 10438 10439 10440 10441 10442 10443 10444 10445 10446 10447 10448 10449 10450 10451 10452 10453 10454 10455 10456 10457 10458 10459 10460 10461 10462 10463 10464 10465 10466 10467 10468 10469 10470 10471 10472 10473 10474 10475 10476 10477 10478 10479 10480 10481 10482 10483 10484 10485 10486 10487 10488 10489 10490 10491 10492 10493 10494 10495 10496 10497 10498 10499 10500 10501 10502 10503 10504 10505 10506 10507 10508 10509 10510 10511 10512 10513 10514 10515 10516 10517 10518 10519 10520 10521 10522 10523 10524 10525 10526 10527 10528 10529 10530 10531 10532 10533 10534 10535 10536 10537 10538 10539 10540 10541 10542 10543 10544 10545 10546 10547 10548 10549 10550 10551 10552 10553 10554 10555 10556 10557 10558 10559 10560 10561 10562 10563 10564 10565 10566 10567 10568 10569 10570 10571 10572 10573 10574 10575 10576 10577 10578 10579 10580 10581 10582 10583 10584 10585 10586 10587 10588 10589 10590 10591 10592 10593 10594 10595 10596 10597 10598 10599 10600 10601 10602 10603 10604 10605 10606 10607 10608 10609 10610 10611 10612 10613 10614 10615 10616 10617 10618 10619 10620 10621 10622 10623 10624 10625 10626 10627 10628 10629 10630 10631 10632 10633 10634 10635 10636 10637 10638 10639 10640 10641 10642 10643 10644 10645 10646 10647 10648 10649 10650 10651 10652 10653 10654 10655 10656 10657 10658 10659 10660 10661 10662 10663 10664 10665 10666 10667 10668 10669 10670 10671 10672 10673 10674 10675 10676 10677 10678 10679 10680 10681 10682 10683 10684 10685 10686 10687 10688 10689 10690 10691 10692 10693 10694 10695 10696 10697 10698 10699 10700 10701 10702 10703 10704 10705 10706 10707 10708 10709 10710 10711 10712 10713 10714 10715 10716 10717 10718 10719 10720 10721 10722 10723 10724 10725 10726 10727 10728 10729 10730 10731 10732 10733 10734 10735 10736 10737 10738 10739 10740 10741 10742 10743 10744 10745 10746 10747 10748 10749 10750 10751 10752 10753 10754 10755 10756 10757 10758 10759 10760 10761 10762 10763 10764 10765 10766 10767 10768 10769 10770 10771 10772 10773 10774 10775 10776 10777 10778 10779 10780 10781 10782 10783 10784 10785 10786 10787 10788 10789 10790 10791 10792 10793 10794 10795 10796 10797 10798 10799 10800 10801 10802 10803 10804 10805 10806 10807 10808 10809 10810 10811 10812 10813 10814 10815 10816 10817 10818 10819 10820 10821 10822 10823 10824 10825 10826 10827 10828 10829 10830 10831 10832 10833 10834 10835 10836 10837 10838 10839 10840 10841 10842 10843 10844 10845 10846 10847 10848 10849 10850 10851 10852 10853 10854 10855 10856 10857 10858 10859 10860 10861 10862 10863 10864 10865 10866 10867 10868 10869 10870 10871 10872 10873 10874 10875 10876 10877 10878 10879 10880 10881 10882 10883 10884 10885 10886 10887 10888 10889 10890 10891 10892 10893 10894 10895 10896 10897 10898 10899 10900 10901 10902 10903 10904 10905 10906 10907 10908 10909 10910 10911 10912 10913 10914 10915 10916 10917 10918 10919 10920 10921 10922 10923 10924 10925 10926 10927 10928 10929 10930 10931 10932 10933 10934 10935 10936 10937 10938 10939 10940 10941 10942 10943 10944 10945 10946 10947 10948 10949 10950 10951 10952 10953 10954 10955 10956 10957 10958 10959 10960 10961 10962 10963 10964 10965 10966 10967 10968 10969 10970 10971 10972 10973 10974 10975 10976 10977 10978 10979 10980 10981 10982 10983 10984 10985 10986 10987 10988 10989 10990 10991 10992 10993 10994 10995 10996 10997 10998 10999 11000 11001 11002 11003 11004 11005 11006 11007 11008 11009 11010 11011 11012 11013 11014 11015 11016 11017 11018 11019 11020 11021 11022 11023 11024 11025 11026 11027 11028 11029 11030 11031 11032 11033 11034 11035 11036 11037 11038 11039 11040 11041 11042 11043 11044 11045 11046 11047 11048 11049 11050 11051 11052 11053 11054 11055 11056 11057 11058 11059 11060 11061 11062 11063 11064 11065 11066 11067 11068 11069 11070 11071 11072 11073 11074 11075 11076 11077 11078 11079 11080 11081 11082 11083 11084 11085 11086 11087 11088 11089 11090 11091 11092 11093 11094 11095 11096 11097 11098 11099 11100 11101 11102 11103 11104 11105 11106 11107 11108 11109 11110 11111 11112 11113 11114 11115 11116 11117 11118 11119 11120 11121 11122 11123 11124 11125 11126 11127 11128 11129 11130 11131 11132 11133 11134 11135 11136 11137 11138 11139 11140 11141 11142 11143 11144 11145 11146 11147 11148 11149 11150 11151 11152 11153 11154 11155 11156 11157 11158 11159 11160 11161 11162 11163 11164 11165 11166 11167 11168 11169 11170 11171 11172 11173 11174 11175 11176 11177 11178 11179 11180 11181 11182 11183 11184 11185 11186 11187 11188 11189 11190 11191 11192 11193 11194 11195 11196 11197 11198 11199 11200 11201 11202 11203 11204 11205 11206 11207 11208 11209 11210 11211 11212 11213 11214 11215 11216 11217 11218 11219 11220 11221 11222 11223 11224 11225 11226 11227 11228 11229 11230 11231 11232 11233 11234 11235 11236 11237 11238 11239 11240 11241 11242 11243 11244 11245 11246 11247 11248 11249 11250 11251 11252 11253 11254 11255 11256 11257 11258 11259 11260 11261 11262 11263 11264 11265 11266 11267 11268 11269 11270 11271 11272 11273 11274 11275 11276 11277 11278 11279 11280 11281 11282 11283 11284 11285 11286 11287 11288 11289 11290 11291 11292 11293 11294 11295 11296 11297 11298 11299 11300 11301 11302 11303 11304 11305 11306 11307 11308 11309 11310 11311 11312 11313 11314 11315 11316 11317 11318 11319 11320 11321 11322 11323 11324 11325 11326 11327 11328 11329 11330 11331 11332 11333 11334 11335 11336 11337 11338 11339 11340 11341 11342 11343 11344 11345 11346 11347 11348 11349 11350 11351 11352 11353 11354 11355 11356 11357 11358 11359 11360 11361 11362 11363 11364 11365 11366 11367 11368 11369 11370 11371 11372 11373 11374 11375 11376 11377 11378 11379 11380 11381 11382 11383 11384 11385 11386 11387 11388 11389 11390 11391 11392 11393 11394 11395 11396 11397 11398 11399 11400 11401 11402 11403 11404 11405 11406 11407 11408 11409 11410 11411 11412 11413 11414 11415 11416 11417 11418 11419 11420 11421 11422 11423 11424 11425 11426 11427 11428 11429 11430 11431 11432 11433 11434 11435 11436 11437 11438 11439 11440 11441 11442 11443 11444 11445 11446 11447 11448 11449 11450 11451 11452 11453 11454 11455 11456 11457 11458 11459 11460 11461 11462 11463 11464 11465 11466 11467 11468 11469 11470 11471 11472 11473 11474 11475 11476 11477 11478 11479 11480 11481 11482 11483 11484 11485 11486 11487 11488 11489 11490 11491 11492 11493 11494 11495 11496 11497 11498 11499 11500 11501 11502 11503 11504 11505 11506 11507 11508 11509 11510 11511 11512 11513 11514 11515 11516 11517 11518 11519 11520 11521 11522 11523 11524 11525 11526 11527 11528 11529 11530 11531 11532 11533 11534 11535 11536 11537 11538 11539 11540 11541 11542 11543 11544 11545 11546 11547 11548 11549 11550 11551 11552 11553 11554 11555 11556 11557 11558 11559 11560 11561 11562 11563 11564 11565 11566 11567 11568 11569 11570 11571 11572 11573 11574 11575 11576 11577 11578 11579 11580 11581 11582 11583 11584 11585 11586 11587 11588 11589 11590 11591 11592 11593 11594 11595 11596 11597 11598 11599 11600 11601 11602 11603 11604 11605 11606 11607 11608 11609 11610 11611 11612 11613 11614 11615 11616 11617 11618 11619 11620 11621 11622 11623 11624 11625 11626 11627 11628 11629 11630 11631 11632 11633 11634 11635 11636 11637 11638 11639 11640 11641 11642 11643 11644 11645 11646 11647 11648 11649 11650 11651 11652 11653 11654 11655 11656 11657 11658 11659 11660 11661 11662 11663 11664 11665 11666 11667 11668 11669 11670 11671 11672 11673 11674 11675 11676 11677 11678 11679 11680 11681 11682 11683 11684 11685 11686 11687 11688 11689 11690 11691 11692 11693 11694 11695 11696 11697 11698 11699 11700 11701 11702 11703 11704 11705 11706 11707 11708 11709 11710 11711 11712 11713 11714 11715 11716 11717 11718 11719 11720 11721 11722 11723 11724 11725 11726 11727 11728 11729 11730 11731 11732 11733 11734 11735 11736 11737 11738 11739 11740 11741 11742 11743 11744 11745 11746 11747 11748 11749 11750 11751 11752 11753 11754 11755 11756 11757 11758 11759 11760 11761 11762 11763 11764 11765 11766 11767 11768 11769 11770 11771 11772 11773 11774 11775 11776 11777 11778 11779 11780 11781 11782 11783 11784 11785 11786 11787 11788 11789 11790 11791 11792 11793 11794 11795 11796 11797 11798 11799 11800 11801 11802 11803 11804 11805 11806 11807 11808 11809 11810 11811 11812 11813 11814 11815 11816 11817 11818 11819 11820 11821 11822 11823 11824 11825 11826 11827 11828 11829 11830 11831 11832 11833 11834 11835 11836 11837 11838 11839 11840 11841 11842 11843 11844 11845 11846 11847 11848 11849 11850 11851 11852 11853 11854 11855 11856 11857 11858 11859 11860 11861 11862 11863 11864 11865 11866 11867 11868 11869 11870 11871 11872 11873 11874 11875 11876 11877 11878 11879 11880 11881 11882 11883 11884 11885 11886 11887 11888 11889 11890 11891 11892 11893 11894 11895 11896 11897 11898 11899 11900 11901 11902 11903 11904 11905 11906 11907 11908 11909 11910 11911 11912 11913 11914 11915 11916 11917 11918 11919 11920 11921 11922 11923 11924 11925 11926 11927 11928 11929 11930 11931 11932 11933 11934 11935 11936 11937 11938 11939 11940 11941 11942 11943 11944 11945 11946 11947 11948 11949 11950 11951 11952 11953 11954 11955 11956 11957 11958 11959 11960 11961 11962 11963 11964 11965 11966 11967 11968 11969 11970 11971 11972 11973 11974 11975 11976 11977 11978 11979 11980 11981 11982 11983 11984 11985 11986 11987 11988 11989 11990 11991 11992 11993 11994 11995 11996 11997 11998 11999 12000 12001 12002 12003 12004 12005 12006 12007 12008 12009 12010 12011 12012 12013 12014 12015 12016 12017 12018 12019 12020 12021 12022 12023 12024 12025 12026 12027 12028 12029 12030 12031 12032 12033 12034 12035 12036 12037 12038 12039 12040 12041 12042 12043 12044 12045 12046 12047 12048 12049 12050 12051 12052 12053 12054 12055 12056 12057 12058 12059 12060 12061 12062 12063 12064 12065 12066 12067 12068 12069 12070 12071 12072 12073 12074 12075 12076 12077 12078 12079 12080 12081 12082 12083 12084 12085 12086 12087 12088 12089 12090 12091 12092 12093 12094 12095 12096 12097 12098 12099 12100 12101 12102 12103 12104 12105 12106 12107 12108 12109 12110 12111 12112 12113 12114 12115 12116 12117 12118 12119 12120 12121 12122 12123 12124 12125 12126 12127 12128 12129 12130 12131 12132 12133 12134 12135 12136 12137 12138 12139 12140 12141 12142 12143 12144 12145 12146 12147 12148 12149 12150 12151 12152 12153 12154 12155 12156 12157 12158 12159 12160 12161 12162 12163 12164 12165 12166 12167 12168 12169 12170 12171 12172 12173 12174 12175 12176 12177 12178 12179 12180 12181 12182 12183 12184 12185 12186 12187 12188 12189 12190 12191 12192 12193 12194 12195 12196 12197 12198 12199 12200 12201 12202 12203 12204 12205 12206 12207 12208 12209 12210 12211 12212 12213 12214 12215 12216 12217 12218 12219 12220 12221 12222 12223 12224 12225 12226 12227 12228 12229 12230 12231 12232 12233 12234 12235 12236 12237 12238 12239 12240 12241 12242 12243 12244 12245 12246 12247 12248 12249 12250 12251 12252 12253 12254 12255 12256 12257 12258 12259 12260 12261 12262 12263 12264 12265 12266 12267 12268 12269 12270 12271 12272 12273 12274 12275 12276 12277 12278 12279 12280 12281 12282 12283 12284 12285 12286 12287 12288 12289 12290 12291 12292 12293 12294 12295 12296 12297 12298 12299 12300 12301 12302 12303 12304 12305 12306 12307 12308 12309 12310 12311 12312 12313 12314 12315 12316 12317 12318 12319 12320 12321 12322 12323 12324 12325 12326 12327 12328 12329 12330 12331 12332 12333 12334 12335 12336 12337 12338 12339 12340 12341 12342 12343 12344 12345 12346 12347 12348 12349 12350 12351 12352 12353 12354 12355 12356 12357 12358 12359 12360 12361 12362 12363 12364 12365 12366 12367 12368 12369 12370 12371 12372 12373 12374 12375 12376 12377 12378 12379 12380 12381 12382 12383 12384 12385 12386 12387 12388 12389 12390 12391 12392 12393 12394 12395 12396 12397 12398 12399 12400 12401 12402 12403 12404 12405 12406 12407 12408 12409 12410 12411 12412 12413 12414 12415 12416 12417 12418 12419 12420 12421 12422 12423 12424 12425 12426 12427 12428 12429 12430 12431 12432 12433 12434 12435 12436 12437 12438 12439 12440 12441 12442 12443 12444 12445 12446 12447 12448 12449 12450 12451 12452 12453 12454 12455 12456 12457 12458 12459 12460 12461 12462 12463 12464 12465 12466 12467 12468 12469 12470 12471 12472 12473 12474 12475 12476 12477 12478 12479 12480 12481 12482 12483 12484 12485 12486 12487 12488 12489 12490 12491 12492 12493 12494 12495 12496 12497 12498 12499 12500 12501 12502 12503 12504 12505 12506 12507 12508 12509 12510 12511 12512 12513 12514 12515 12516 12517 12518 12519 12520 12521 12522 12523 12524 12525 12526 12527 12528 12529 12530 12531 12532 12533 12534 12535 12536 12537 12538 12539 12540 12541 12542 12543 12544 12545 12546 12547 12548 12549 12550 12551 12552 12553 12554 12555 12556 12557 12558 12559 12560 12561 12562 12563 12564 12565 12566 12567 12568 12569 12570 12571 12572 12573 12574 12575 12576 12577 12578 12579 12580 12581 12582 12583 12584 12585 12586 12587 12588 12589 12590 12591 12592 12593 12594 12595 12596 12597 12598 12599 12600 12601 12602 12603 12604 12605 12606 12607 12608 12609 12610 12611 12612 12613 12614 12615 12616 12617 12618 12619 12620 12621 12622 12623 12624 12625 12626 12627 12628 12629 12630 12631 12632 12633 12634 12635 12636 12637 12638 12639 12640 12641 12642 12643 12644 12645 12646 12647 12648 12649 12650 12651 12652 12653 12654 12655 12656 12657 12658 12659 12660 12661 12662 12663 12664 12665 12666 12667 12668 12669 12670 12671 12672 12673 12674 12675 12676 12677 12678 12679 12680 12681 12682 12683 12684 12685 12686 12687 12688 12689 12690 12691 12692 12693 12694 12695 12696 12697 12698 12699 12700 12701 12702 12703 12704 12705 12706 12707 12708 12709 12710 12711 12712 12713 12714 12715 12716 12717 12718 12719 12720 12721 12722 12723 12724 12725 12726 12727 12728 12729 12730 12731 12732 12733 12734 12735 12736 12737 12738 12739 12740 12741 12742 12743 12744 12745 12746 12747 12748 12749 12750 12751 12752 12753 12754 12755 12756 12757 12758 12759 12760 12761 12762 12763 12764 12765 12766 12767 12768 12769 12770 12771 12772 12773 12774 12775 12776 12777 12778 12779 12780 12781 12782 12783 12784 12785 12786 12787 12788 12789 12790 12791 12792 12793 12794 12795 12796 12797 12798 12799 12800 12801 12802 12803 12804 12805 12806 12807 12808 12809 12810 12811 12812 12813 12814 12815 12816 12817 12818 12819 12820 12821 12822 12823 12824 12825 12826 12827 12828 12829 12830 12831 12832 12833 12834 12835 12836 12837 12838 12839 12840 12841 12842 12843 12844 12845 12846 12847 12848 12849 12850 12851 12852 12853 12854 12855 12856 12857 12858 12859 12860 12861 12862 12863 12864 12865 12866 12867 12868 12869 12870 12871 12872 12873 12874 12875 12876 12877 12878 12879 12880 12881 12882 12883 12884 12885 12886 12887 12888 12889 12890 12891 12892 12893 12894 12895 12896 12897 12898 12899 12900 12901 12902 12903 12904 12905 12906 12907 12908 12909 12910 12911 12912 12913 12914 12915 12916 12917 12918 12919 12920 12921 12922 12923 12924 12925 12926 12927 12928 12929 12930 12931 12932 12933 12934 12935 12936 12937 12938 12939 12940 12941 12942 12943 12944 12945 12946 12947 12948 12949 12950 12951 12952 12953 12954 12955 12956 12957 12958 12959 12960 12961 12962 12963 12964 12965 12966 12967 12968 12969 12970 12971 12972 12973 12974 12975 12976 12977 12978 12979 12980 12981 12982 12983 12984 12985 12986 12987 12988 12989 12990 12991 12992 12993 12994 12995 12996 12997 12998 12999 13000 13001 13002 13003 13004 13005 13006 13007 13008 13009 13010 13011 13012 13013 13014 13015 13016 13017 13018 13019 13020 13021 13022 13023 13024 13025 13026 13027 13028 13029 13030 13031 13032 13033 13034 13035 13036 13037 13038 13039 13040 13041 13042 13043 13044 13045 13046 13047 13048 13049 13050 13051 13052 13053 13054 13055 13056 13057 13058 13059 13060 13061 13062 13063 13064 13065 13066 13067 13068 13069 13070 13071 13072 13073 13074 13075 13076 13077 13078 13079 13080 13081 13082 13083 13084 13085 13086 13087 13088 13089 13090 13091 13092 13093 13094 13095 13096 13097 13098 13099 13100 13101 13102 13103 13104 13105 13106 13107 13108 13109 13110 13111 13112 13113 13114 13115 13116 13117 13118 13119 13120 13121 13122 13123 13124 13125 13126 13127 13128 13129 13130 13131 13132 13133 13134 13135 13136 13137 13138 13139 13140 13141 13142 13143 13144 13145 13146 13147 13148 13149 13150 13151 13152 13153 13154 13155 13156 13157 13158 13159 13160 13161 13162 13163 13164 13165 13166 13167 13168 13169 13170 13171 13172 13173 13174 13175 13176 13177 13178 13179 13180 13181 13182 13183 13184 13185 13186 13187 13188 13189 13190 13191 13192 13193 13194 13195 13196 13197 13198 13199 13200 13201 13202 13203 13204 13205 13206 13207 13208 13209 13210 13211 13212 13213 13214 13215 13216 13217 13218 13219 13220 13221 13222 13223 13224 13225 13226 13227 13228 13229 13230 13231 13232 13233 13234 13235 13236 13237 13238 13239 13240 13241 13242 13243 13244 13245 13246 13247 13248 13249 13250 13251 13252 13253 13254 13255 13256 13257 13258 13259 13260 13261 13262 13263 13264 13265 13266 13267 13268 13269 13270 13271 13272 13273 13274 13275 13276 13277 13278 13279 13280 13281 13282 13283 13284 13285 13286 13287 13288 13289 13290 13291 13292 13293 13294 13295 13296 13297 13298 13299 13300 13301 13302 13303 13304 13305 13306 13307 13308 13309 13310 13311 13312 13313 13314 13315 13316 13317 13318 13319 13320 13321 13322 13323 13324 13325 13326 13327 13328 13329 13330 13331 13332 13333 13334 13335 13336 13337 13338 13339 13340 13341 13342 13343 13344 13345 13346 13347 13348 13349 13350 13351 13352 13353 13354 13355 13356 13357 13358 13359 13360 13361 13362 13363 13364 13365 13366 13367 13368 13369 13370 13371 13372 13373 13374 13375 13376 13377 13378 13379 13380 13381 13382 13383 13384 13385 13386 13387 13388 13389 13390 13391 13392 13393 13394 13395 13396 13397 13398 13399 13400 13401 13402 13403 13404 13405 13406 13407 13408 13409 13410 13411 13412 13413 13414 13415 13416 13417 13418 13419 13420 13421 13422 13423 13424 13425 13426 13427 13428 13429 13430 13431 13432 13433 13434 13435 13436 13437 13438 13439 13440 13441 13442 13443 13444 13445 13446 13447 13448 13449 13450 13451 13452 13453 13454 13455 13456 13457 13458 13459 13460 13461 13462 13463 13464 13465 13466 13467 13468 13469 13470 13471 13472 13473 13474 13475 13476 13477 13478 13479 13480 13481 13482 13483 13484 13485 13486 13487 13488 13489 13490 13491 13492 13493 13494 13495 13496 13497 13498 13499 13500 13501 13502 13503 13504 13505 13506 13507 13508 13509 13510 13511 13512 13513 13514 13515 13516 13517 13518 13519 13520 13521 13522 13523 13524 13525 13526 13527 13528 13529 13530 13531 13532 13533 13534 13535 13536 13537 13538 13539 13540 13541 13542 13543 13544 13545 13546 13547 13548 13549 13550 13551 13552 13553 13554 13555 13556 13557 13558 13559 13560 13561 13562 13563 13564 13565 13566 13567 13568 13569 13570 13571 13572 13573 13574 13575 13576 13577 13578 13579 13580 13581 13582 13583 13584 13585 13586 13587 13588 13589 13590 13591 13592 13593 13594 13595 13596 13597 13598 13599 13600 13601 13602 13603 13604 13605 13606 13607 13608 13609 13610 13611 13612 13613 13614 13615 13616 13617 13618 13619 13620 13621 13622 13623 13624 13625 13626 13627 13628 13629 13630 13631 13632 13633 13634 13635 13636 13637 13638 13639 13640 13641 13642 13643 13644 13645 13646 13647 13648 13649 13650 13651 13652 13653 13654 13655 13656 13657 13658 13659 13660 13661 13662 13663 13664 13665 13666 13667 13668 13669 13670 13671 13672 13673 13674 13675 13676 13677 13678 13679 13680 13681 13682 13683 13684 13685 13686 13687 13688 13689 13690 13691 13692 13693 13694 13695 13696 13697 13698 13699 13700 13701 13702 13703 13704 13705 13706 13707 13708 13709 13710 13711 13712 13713 13714 13715 13716 13717 13718 13719 13720 13721 13722 13723 13724 13725 13726 13727 13728 13729 13730 13731 13732 13733 13734 13735 13736 13737 13738 13739 13740 13741 13742 13743 13744 13745 13746 13747 13748 13749 13750 13751 13752 13753 13754 13755 13756 13757 13758 13759 13760 13761 13762 13763 13764 13765 13766 13767 13768 13769 13770 13771 13772 13773 13774 13775 13776 13777 13778 13779 13780 13781 13782 13783 13784 13785 13786 13787 13788 13789 13790 13791 13792 13793 13794 13795 13796 13797 13798 13799 13800 13801 13802 13803 13804 13805 13806 13807 13808 13809 13810 13811 13812 13813 13814 13815 13816 13817 13818 13819 13820 13821 13822 13823 13824 13825 13826 13827 13828 13829 13830 13831 13832 13833 13834 13835 13836 13837 13838 13839 13840 13841 13842 13843 13844 13845 13846 13847 13848 13849 13850 13851 13852 13853 13854 13855 13856 13857 13858 13859 13860 13861 13862 13863 13864 13865 13866 13867 13868 13869 13870 13871 13872 13873 13874 13875 13876 13877 13878 13879 13880 13881 13882 13883 13884 13885 13886 13887 13888 13889 13890 13891 13892 13893 13894 13895 13896 13897 13898 13899 13900 13901 13902 13903 13904 13905 13906 13907 13908 13909 13910 13911 13912 13913 13914 13915 13916 13917 13918 13919 13920 13921 13922 13923 13924 13925 13926 13927 13928 13929 13930 13931 13932 13933 13934 13935 13936 13937 13938 13939 13940 13941 13942 13943 13944 13945 13946 13947 13948 13949 13950 13951 13952 13953 13954 13955 13956 13957 13958 13959 13960 13961 13962 13963 13964 13965 13966 13967 13968 13969 13970 13971 13972 13973 13974 13975 13976 13977 13978 13979 13980 13981 13982 13983 13984 13985 13986 13987 13988 13989 13990 13991 13992 13993 13994 13995 13996 13997 13998 13999 14000 14001 14002 14003 14004 14005 14006 14007 14008 14009 14010 14011 14012 14013 14014 14015 14016 14017 14018 14019 14020 14021 14022 14023 14024 14025 14026 14027 14028 14029 14030 14031 14032 14033 14034 14035 14036 14037 14038 14039 14040 14041 14042 14043 14044 14045 14046 14047 14048 14049 14050 14051 14052 14053 14054 14055 14056 14057 14058 14059 14060 14061 14062 14063 14064 14065 14066 14067 14068 14069 14070 14071 14072 14073 14074 14075 14076 14077 14078 14079 14080 14081 14082 14083 14084 14085 14086 14087 14088 14089 14090 14091 14092 14093 14094 14095 14096 14097 14098 14099 14100 14101 14102 14103 14104 14105 14106 14107 14108 14109 14110 14111 14112 14113 14114 14115 14116 14117 14118 14119 14120 14121 14122 14123 14124 14125 14126 14127 14128 14129 14130 14131 14132 14133 14134 14135 14136 14137 14138 14139 14140 14141 14142 14143 14144 14145 14146 14147 14148 14149 14150 14151 14152 14153 14154 14155 14156 14157 14158 14159 14160 14161 14162 14163 14164 14165 14166 14167 14168 14169 14170 14171 14172 14173 14174 14175 14176 14177 14178 14179 14180 14181 14182 14183 14184 14185 14186 14187 14188 14189 14190 14191 14192 14193 14194 14195 14196 14197 14198 14199 14200 14201 14202 14203 14204 14205 14206 14207 14208 14209 14210 14211 14212 14213 14214 14215 14216 14217 14218 14219 14220 14221 14222 14223 14224 14225 14226 14227 14228 14229 14230 14231 14232 14233 14234 14235 14236 14237 14238 14239 14240 14241 14242 14243 14244 14245 14246 14247 14248 14249 14250 14251 14252 14253 14254 14255 14256 14257 14258 14259 14260 14261 14262 14263 14264 14265 14266 14267 14268 14269 14270 14271 14272 14273 14274 14275 14276 14277 14278 14279 14280 14281 14282 14283 14284 14285 14286 14287 14288 14289 14290 14291 14292 14293 14294 14295 14296 14297 14298 14299 14300 14301 14302 14303 14304 14305 14306 14307 14308 14309 14310 14311 14312 14313 14314 14315 14316 14317 14318 14319 14320 14321 14322 14323 14324 14325 14326 14327 14328 14329 14330 14331 14332 14333 14334 14335 14336 14337 14338 14339 14340 14341 14342 14343 14344 14345 14346 14347 14348 14349 14350 14351 14352 14353 14354 14355 14356 14357 14358 14359 14360 14361 14362 14363 14364 14365 14366 14367 14368 14369 14370 14371 14372 14373 14374 14375 14376 14377 14378 14379 14380 14381 14382 14383 14384 14385 14386 14387 14388 14389 14390 14391 14392 14393 14394 14395 14396 14397 14398 14399 14400 14401 14402 14403 14404 14405 14406 14407 14408 14409 14410 14411 14412 14413 14414 14415 14416 14417 14418 14419 14420 14421 14422 14423 14424 14425 14426 14427 14428 14429 14430 14431 14432 14433 14434 14435 14436 14437 14438 14439 14440 14441 14442 14443 14444 14445 14446 14447 14448 14449 14450 14451 14452 14453 14454 14455 14456 14457 14458 14459 14460 14461 14462 14463 14464 14465 14466 14467 14468 14469 14470 14471 14472 14473 14474 14475 14476 14477 14478 14479 14480 14481 14482 14483 14484 14485 14486 14487 14488 14489 14490 14491 14492 14493 14494 14495 14496 14497 14498 14499 14500 14501 14502 14503 14504 14505 14506 14507 14508 14509 14510 14511 14512 14513 14514 14515 14516 14517 14518 14519 14520 14521 14522 14523 14524 14525 14526 14527 14528 14529 14530 14531 14532 14533 14534 14535 14536 14537 14538 14539 14540 14541 14542 14543 14544 14545 14546 14547 14548 14549 14550 14551 14552 14553 14554 14555 14556 14557 14558 14559 14560 14561 14562 14563 14564 14565 14566 14567 14568 14569 14570 14571 14572 14573 14574 14575 14576 14577 14578 14579 14580 14581 14582 14583 14584 14585 14586 14587 14588 14589 14590 14591 14592 14593 14594 14595 14596 14597 14598 14599 14600 14601 14602 14603 14604 14605 14606 14607 14608 14609 14610 14611 14612 14613 14614 14615 14616 14617 14618 14619 14620 14621 14622 14623 14624 14625 14626 14627 14628 14629 14630 14631 14632 14633 14634 14635 14636 14637 14638 14639 14640 14641 14642 14643 14644 14645 14646 14647 14648 14649 14650 14651 14652 14653 14654 14655 14656 14657 14658 14659 14660 14661 14662 14663 14664 14665 14666 14667 14668 14669 14670 14671 14672 14673 14674 14675 14676 14677 14678 14679 14680 14681 14682 14683 14684 14685 14686 14687 14688 14689 14690 14691 14692 14693 14694 14695 14696 14697 14698 14699 14700 14701 14702 14703 14704 14705 14706 14707 14708 14709 14710 14711 14712 14713 14714 14715 14716 14717 14718 14719 14720 14721 14722 14723 14724 14725 14726 14727 14728 14729 14730 14731 14732 14733 14734 14735 14736 14737 14738 14739 14740 14741 14742 14743 14744 14745 14746 14747 14748 14749 14750 14751 14752 14753 14754 14755 14756 14757 14758 14759 14760 14761 14762 14763 14764 14765 14766 14767 14768 14769 14770 14771 14772 14773 14774 14775 14776 14777 14778 14779 14780 14781 14782 14783 14784 14785 14786 14787 14788 14789 14790 14791 14792 14793 14794 14795 14796 14797 14798 14799 14800 14801 14802 14803 14804 14805 14806 14807 14808 14809 14810 14811 14812 14813 14814 14815 14816 14817 14818 14819 14820 14821 14822 14823 14824 14825 14826 14827 14828 14829 14830 14831 14832 14833 14834 14835 14836 14837 14838 14839 14840 14841 14842 14843 14844 14845 14846 14847 14848 14849 14850 14851 14852 14853 14854 14855 14856 14857 14858 14859 14860 14861 14862 14863 14864 14865 14866 14867 14868 14869 14870 14871 14872 14873 14874 14875 14876 14877 14878 14879 14880 14881 14882 14883 14884 14885 14886 14887 14888 14889 14890 14891 14892 14893 14894 14895 14896 14897 14898 14899 14900 14901 14902 14903 14904 14905 14906 14907 14908 14909 14910 14911 14912 14913 14914 14915 14916 14917 14918 14919 14920 14921 14922 14923 14924 14925 14926 14927 14928 14929 14930 14931 14932 14933 14934 14935 14936 14937 14938 14939 14940 14941 14942 14943 14944 14945 14946 14947 14948 14949 14950 14951 14952 14953 14954 14955 14956 14957 14958 14959 14960 14961 14962 14963 14964 14965 14966 14967 14968 14969 14970 14971 14972 14973 14974 14975 14976 14977 14978 14979 14980 14981 14982 14983 14984 14985 14986 14987 14988 14989 14990 14991 14992 14993 14994 14995 14996 14997 14998 14999 15000 15001 15002 15003 15004 15005 15006 15007 15008 15009 15010 15011 15012 15013 15014 15015 15016 15017 15018 15019 15020 15021 15022 15023 15024 15025 15026 15027 15028 15029 15030 15031 15032 15033 15034 15035 15036 15037 15038 15039 15040 15041 15042 15043 15044 15045 15046 15047 15048 15049 15050 15051 15052 15053 15054 15055 15056 15057 15058 15059 15060 15061 15062 15063 15064 15065 15066 15067 15068 15069 15070 15071 15072 15073 15074 15075 15076 15077 15078 15079 15080 15081 15082 15083 15084 15085 15086 15087 15088 15089 15090 15091 15092 15093 15094 15095 15096 15097 15098 15099 15100 15101 15102 15103 15104 15105 15106 15107 15108 15109 15110 15111 15112 15113 15114 15115 15116 15117 15118 15119 15120 15121 15122 15123 15124 15125 15126 15127 15128 15129 15130 15131 15132 15133 15134 15135 15136 15137 15138 15139 15140 15141 15142 15143 15144 15145 15146 15147 15148 15149 15150 15151 15152 15153 15154 15155 15156 15157 15158 15159 15160 15161 15162 15163 15164 15165 15166 15167 15168 15169 15170 15171 15172 15173 15174 15175 15176 15177 15178 15179 15180 15181 15182 15183 15184 15185 15186 15187 15188 15189 15190 15191 15192 15193 15194 15195 15196 15197 15198 15199 15200 15201 15202 15203 15204 15205 15206 15207 15208 15209 15210 15211 15212 15213 15214 15215 15216 15217 15218 15219 15220 15221 15222 15223 15224 15225 15226 15227 15228 15229 15230 15231 15232 15233 15234 15235 15236 15237 15238 15239 15240 15241 15242 15243 15244 15245 15246 15247 15248 15249 15250 15251 15252 15253 15254 15255 15256 15257 15258 15259 15260 15261 15262 15263 15264 15265 15266 15267 15268 15269 15270 15271 15272 15273 15274 15275 15276 15277 15278 15279 15280 15281 15282 15283 15284 15285 15286 15287 15288 15289 15290 15291 15292 15293 15294 15295 15296 15297 15298 15299 15300 15301 15302 15303 15304 15305 15306 15307 15308 15309 15310 15311 15312 15313 15314 15315 15316 15317 15318 15319 15320 15321 15322 15323 15324 15325 15326 15327 15328 15329 15330 15331 15332 15333 15334 15335 15336 15337 15338 15339 15340 15341 15342 15343 15344 15345 15346 15347 15348 15349 15350 15351 15352 15353 15354 15355 15356 15357 15358 15359 15360 15361 15362 15363 15364 15365 15366 15367 15368 15369 15370 15371 15372 15373 15374 15375 15376 15377 15378 15379 15380 15381 15382 15383 15384 15385 15386 15387 15388 15389 15390 15391 15392 15393 15394 15395 15396 15397 15398 15399 15400 15401 15402 15403 15404 15405 15406 15407 15408 15409 15410 15411 15412 15413 15414 15415 15416 15417 15418 15419 15420 15421 15422 15423 15424 15425 15426 15427 15428 15429 15430 15431 15432 15433 15434 15435 15436 15437 15438 15439 15440 15441 15442 15443 15444 15445 15446 15447 15448 15449 15450 15451 15452 15453 15454 15455 15456 15457 15458 15459 15460 15461 15462 15463 15464 15465 15466 15467 15468 15469 15470 15471 15472 15473 15474 15475 15476 15477 15478 15479 15480 15481 15482 15483 15484 15485 15486 15487 15488 15489 15490 15491 15492 15493 15494 15495 15496 15497 15498 15499 15500 15501 15502 15503 15504 15505 15506 15507 15508 15509 15510 15511 15512 15513 15514 15515 15516 15517 15518 15519 15520 15521 15522 15523 15524 15525 15526 15527 15528 15529 15530 15531 15532 15533 15534 15535 15536 15537 15538 15539 15540 15541 15542 15543 15544 15545 15546 15547 15548 15549 15550 15551 15552 15553 15554 15555 15556 15557 15558 15559 15560 15561 15562 15563 15564 15565 15566 15567 15568 15569 15570 15571 15572 15573 15574 15575 15576 15577 15578 15579 15580 15581 15582 15583 15584 15585 15586 15587 15588 15589 15590 15591 15592 15593 15594 15595 15596 15597 15598 15599 15600 15601 15602 15603 15604 15605 15606 15607 15608 15609 15610 15611 15612 15613 15614 15615 15616 15617 15618 15619 15620 15621 15622 15623 15624 15625 15626 15627 15628 15629 15630 15631 15632 15633 15634 15635 15636 15637 15638 15639 15640 15641 15642 15643 15644 15645 15646 15647 15648 15649 15650 15651 15652 15653 15654 15655 15656 15657 15658 15659 15660 15661 15662 15663 15664 15665 15666 15667 15668 15669 15670 15671 15672 15673 15674 15675 15676 15677 15678 15679 15680 15681 15682 15683 15684 15685 15686 15687 15688 15689 15690 15691 15692 15693 15694 15695 15696 15697 15698 15699 15700 15701 15702 15703 15704 15705 15706 15707 15708 15709 15710 15711 15712 15713 15714 15715 15716 15717 15718 15719 15720 15721 15722 15723 15724 15725 15726 15727 15728 15729 15730 15731 15732 15733 15734 15735 15736 15737 15738 15739 15740 15741 15742 15743 15744 15745 15746 15747 15748 15749 15750 15751 15752 15753 15754 15755 15756 15757 15758 15759 15760 15761 15762 15763 15764 15765 15766 15767 15768 15769 15770 15771 15772 15773 15774 15775 15776 15777 15778 15779 15780 15781 15782 15783 15784 15785 15786 15787 15788 15789 15790 15791 15792 15793 15794 15795 15796 15797 15798 15799 15800 15801 15802 15803 15804 15805 15806 15807 15808 15809 15810 15811 15812 15813 15814 15815 15816 15817 15818 15819 15820 15821 15822 15823 15824 15825 15826 15827 15828 15829 15830 15831 15832 15833 15834 15835 15836 15837 15838 15839 15840 15841 15842 15843 15844 15845 15846 15847 15848 15849 15850 15851 15852 15853 15854 15855 15856 15857 15858 15859 15860 15861 15862 15863 15864 15865 15866 15867 15868 15869 15870 15871 15872 15873 15874 15875 15876 15877 15878 15879 15880 15881 15882 15883 15884 15885 15886 15887 15888 15889 15890 15891 15892 15893 15894 15895 15896 15897 15898 15899 15900 15901 15902 15903 15904 15905 15906 15907 15908 15909 15910 15911 15912 15913 15914 15915 15916 15917 15918 15919 15920 15921 15922 15923 15924 15925 15926 15927 15928 15929 15930 15931 15932 15933 15934 15935 15936 15937 15938 15939 15940 15941 15942 15943 15944 15945 15946 15947 15948 15949 15950 15951 15952 15953 15954 15955 15956 15957 15958 15959 15960 15961 15962 15963 15964 15965 15966 15967 15968 15969 15970 15971 15972 15973 15974 15975 15976 15977 15978 15979 15980 15981 15982 15983 15984 15985 15986 15987 15988 15989 15990 15991 15992 15993 15994 15995 15996 15997 15998 15999 16000 16001 16002 16003 16004 16005 16006 16007 16008 16009 16010 16011 16012 16013 16014 16015 16016 16017 16018 16019 16020 16021 16022 16023 16024 16025 16026 16027 16028 16029 16030 16031 16032 16033 16034 16035 16036 16037 16038 16039 16040 16041 16042 16043 16044 16045 16046 16047 16048 16049 16050 16051 16052 16053 16054 16055 16056 16057 16058 16059 16060 16061 16062 16063 16064 16065 16066 16067 16068 16069 16070 16071 16072 16073 16074 16075 16076 16077 16078 16079 16080 16081 16082 16083 16084 16085 16086 16087 16088 16089 16090 16091 16092 16093 16094 16095 16096 16097 16098 16099 16100 16101 16102 16103 16104 16105 16106 16107 16108 16109 16110 16111 16112 16113 16114 16115 16116 16117 16118 16119 16120 16121 16122 16123 16124 16125 16126 16127 16128 16129 16130 16131 16132 16133 16134 16135 16136 16137 16138 16139 16140 16141 16142 16143 16144 16145 16146 16147 16148 16149 16150 16151 16152 16153 16154 16155 16156 16157 16158 16159 16160 16161 16162 16163 16164 16165 16166 16167 16168 16169 16170 16171 16172 16173 16174 16175 16176 16177 16178 16179 16180 16181 16182 16183 16184 16185 16186 16187 16188 16189 16190 16191 16192 16193 16194 16195 16196 16197 16198 16199 16200 16201 16202 16203 16204 16205 16206 16207 16208 16209 16210 16211 16212 16213 16214 16215 16216 16217 16218 16219 16220 16221 16222 16223 16224 16225 16226 16227 16228 16229 16230 16231 16232 16233 16234 16235 16236 16237 16238 16239 16240 16241 16242 16243 16244 16245 16246 16247 16248 16249 16250 16251 16252 16253 16254 16255 16256 16257 16258 16259 16260 16261 16262 16263 16264 16265 16266 16267 16268 16269 16270 16271 16272 16273 16274 16275 16276 16277 16278 16279 16280 16281 16282 16283 16284 16285 16286 16287 16288 16289 16290 16291 16292 16293 16294 16295 16296 16297 16298 16299 16300 16301 16302 16303 16304 16305 16306 16307 16308 16309 16310 16311 16312 16313 16314 16315 16316 16317 16318 16319 16320 16321 16322 16323 16324 16325 16326 16327 16328 16329 16330 16331 16332 16333 16334 16335 16336 16337 16338 16339 16340 16341 16342 16343 16344 16345 16346 16347 16348 16349 16350 16351 16352 16353 16354 16355 16356 16357 16358 16359 16360 16361 16362 16363 16364 16365 16366 16367 16368 16369 16370 16371 16372 16373 16374 16375 16376 16377 16378 16379 16380 16381 16382 16383 16384 16385 16386 16387 16388 16389 16390 16391 16392 16393 16394 16395 16396 16397 16398 16399 16400 16401 16402 16403 16404 16405 16406 16407 16408 16409 16410 16411 16412 16413 16414 16415 16416 16417 16418 16419 16420 16421 16422 16423 16424 16425 16426 16427 16428 16429 16430 16431 16432 16433 16434 16435 16436 16437 16438 16439 16440 16441 16442 16443 16444 16445 16446 16447 16448 16449 16450 16451 16452 16453 16454 16455 16456 16457 16458 16459 16460 16461 16462 16463 16464 16465 16466 16467 16468 16469 16470 16471 16472 16473 16474 16475 16476 16477 16478 16479 16480 16481 16482 16483 16484 16485 16486 16487 16488 16489 16490 16491 16492 16493 16494 16495 16496 16497 16498 16499 16500 16501 16502 16503 16504 16505 16506 16507 16508 16509 16510 16511 16512 16513 16514 16515 16516 16517 16518 16519 16520 16521 16522 16523 16524 16525 16526 16527 16528 16529 16530 16531 16532 16533 16534 16535 16536 16537 16538 16539 16540 16541 16542 16543 16544 16545 16546 16547 16548 16549 16550 16551 16552 16553 16554 16555 16556 16557 16558 16559 16560 16561 16562 16563 16564 16565 16566 16567 16568 16569 16570 16571 16572 16573 16574 16575 16576 16577 16578 16579 16580 16581 16582 16583 16584 16585 16586 16587 16588 16589 16590 16591 16592 16593 16594 16595 16596 16597 16598 16599 16600 16601 16602 16603 16604 16605 16606 16607 16608 16609 16610 16611 16612 16613 16614 16615 16616 16617 16618 16619 16620 16621 16622 16623 16624 16625 16626 16627 16628 16629 16630 16631 16632 16633 16634 16635 16636 16637 16638 16639 16640 16641 16642 16643 16644 16645 16646 16647 16648 16649 16650 16651 16652 16653 16654 16655 16656 16657 16658 16659 16660 16661 16662 16663 16664 16665 16666 16667 16668 16669 16670 16671 16672 16673 16674 16675 16676 16677 16678 16679 16680 16681 16682 16683 16684 16685 16686 16687 16688 16689 16690 16691 16692 16693 16694 16695 16696 16697 16698 16699 16700 16701 16702 16703 16704 16705 16706 16707 16708 16709 16710 16711 16712 16713 16714 16715 16716 16717 16718 16719 16720 16721 16722 16723 16724 16725 16726 16727 16728 16729 16730 16731 16732 16733 16734 16735 16736 16737 16738 16739 16740 16741 16742 16743 16744 16745 16746 16747 16748 16749 16750 16751 16752 16753 16754 16755 16756 16757 16758 16759 16760 16761 16762 16763 16764 16765 16766 16767 16768 16769 16770 16771 16772 16773 16774 16775 16776 16777 16778 16779 16780 16781 16782 16783 16784 16785 16786 16787 16788 16789 16790 16791 16792 16793 16794 16795 16796 16797 16798 16799 16800 16801 16802 16803 16804 16805 16806 16807 16808 16809 16810 16811 16812 16813 16814 16815 16816 16817 16818 16819 16820 16821 16822 16823 16824 16825 16826 16827 16828 16829 16830 16831 16832 16833 16834 16835 16836 16837 16838 16839 16840 16841 16842 16843 16844 16845 16846 16847 16848 16849 16850 16851 16852 16853 16854 16855 16856 16857 16858 16859 16860 16861 16862 16863 16864 16865 16866 16867 16868 16869 16870 16871 16872 16873 16874 16875 16876 16877 16878 16879 16880 16881 16882 16883 16884 16885 16886 16887 16888 16889 16890 16891 16892 16893 16894 16895 16896 16897 16898 16899 16900 16901 16902 16903 16904 16905 16906 16907 16908 16909 16910 16911 16912 16913 16914 16915 16916 16917 16918 16919 16920 16921 16922 16923 16924 16925 16926 16927 16928 16929 16930 16931 16932 16933 16934 16935 16936 16937 16938 16939 16940 16941 16942 16943 16944 16945 16946 16947 16948 16949 16950 16951 16952 16953 16954 16955 16956 16957 16958 16959 16960 16961 16962 16963 16964 16965 16966 16967 16968 16969 16970 16971 16972 16973 16974 16975 16976 16977 16978 16979 16980 16981 16982 16983 16984 16985 16986 16987 16988 16989 16990 16991 16992 16993 16994 16995 16996 16997 16998 16999 17000 17001 17002 17003 17004 17005 17006 17007 17008 17009 17010 17011 17012 17013 17014 17015 17016 17017 17018 17019 17020 17021 17022 17023 17024 17025 17026 17027 17028 17029 17030 17031 17032 17033 17034 17035 17036 17037 17038 17039 17040 17041 17042 17043 17044 17045 17046 17047 17048 17049 17050 17051 17052 17053 17054 17055 17056 17057 17058 17059 17060 17061 17062 17063 17064 17065 17066 17067 17068 17069 17070 17071 17072 17073 17074 17075 17076 17077 17078 17079 17080 17081 17082 17083 17084 17085 17086 17087 17088 17089 17090 17091 17092 17093 17094 17095 17096 17097 17098 17099 17100 17101 17102 17103 17104 17105 17106 17107 17108 17109 17110 17111 17112 17113 17114 17115 17116 17117 17118 17119 17120 17121 17122 17123 17124 17125 17126 17127 17128 17129 17130 17131 17132 17133 17134 17135 17136 17137 17138 17139 17140 17141 17142 17143 17144 17145 17146 17147 17148 17149 17150 17151 17152 17153 17154 17155 17156 17157 17158 17159 17160 17161 17162 17163 17164 17165 17166 17167 17168 17169 17170 17171 17172 17173 17174 17175 17176 17177 17178 17179 17180 17181 17182 17183 17184 17185 17186 17187 17188 17189 17190 17191 17192 17193 17194 17195 17196 17197 17198 17199 17200 17201 17202 17203 17204 17205 17206 17207 17208 17209 17210 17211 17212 17213 17214 17215 17216 17217 17218 17219 17220 17221 17222 17223 17224 17225 17226 17227 17228 17229 17230 17231 17232 17233 17234 17235 17236 17237 17238 17239 17240 17241 17242 17243 17244 17245 17246 17247 17248 17249 17250 17251 17252 17253 17254 17255 17256 17257 17258 17259 17260 17261 17262 17263 17264 17265 17266 17267 17268 17269 17270 17271 17272 17273 17274 17275 17276 17277 17278 17279 17280 17281 17282 17283 17284 17285 17286 17287 17288 17289 17290 17291 17292 17293 17294 17295 17296 17297 17298 17299 17300 17301 17302 17303 17304 17305 17306 17307 17308 17309 17310 17311 17312 17313 17314 17315 17316 17317 17318 17319 17320 17321 17322 17323 17324 17325 17326 17327 17328 17329 17330 17331 17332 17333 17334 17335 17336 17337 17338 17339 17340 17341 17342 17343 17344 17345 17346 17347 17348 17349 17350 17351 17352 17353 17354 17355 17356 17357 17358 17359 17360 17361 17362 17363 17364 17365 17366 17367 17368 17369 17370 17371 17372 17373 17374 17375 17376 17377 17378 17379 17380 17381 17382 17383 17384 17385 17386 17387 17388 17389 17390 17391 17392 17393 17394 17395 17396 17397 17398 17399 17400 17401 17402 17403 17404 17405 17406 17407 17408 17409 17410 17411 17412 17413 17414 17415 17416 17417 17418 17419 17420 17421 17422 17423 17424 17425 17426 17427 17428 17429 17430 17431 17432 17433 17434 17435 17436 17437 17438 17439 17440 17441 17442 17443 17444 17445 17446 17447 17448 17449 17450 17451 17452 17453 17454 17455 17456 17457 17458 17459 17460 17461 17462 17463 17464 17465 17466 17467 17468 17469 17470 17471 17472 17473 17474 17475 17476 17477 17478 17479 17480 17481 17482 17483 17484 17485 17486 17487 17488 17489 17490 17491 17492 17493 17494 17495 17496 17497 17498 17499 17500 17501 17502 17503 17504 17505 17506 17507 17508 17509 17510 17511 17512 17513 17514 17515 17516 17517 17518 17519 17520 17521 17522 17523 17524 17525 17526 17527 17528 17529 17530 17531 17532 17533 17534 17535 17536 17537 17538 17539 17540 17541 17542 17543 17544 17545 17546 17547 17548 17549 17550 17551 17552 17553 17554 17555 17556 17557 17558 17559 17560 17561 17562 17563 17564 17565 17566 17567 17568 17569 17570 17571 17572 17573 17574 17575 17576 17577 17578 17579 17580 17581 17582 17583 17584 17585 17586 17587 17588 17589 17590 17591 17592 17593 17594 17595 17596 17597 17598 17599 17600 17601 17602 17603 17604 17605 17606 17607 17608 17609 17610 17611 17612 17613 17614 17615 17616 17617 17618 17619 17620 17621 17622 17623 17624 17625 17626 17627 17628 17629 17630 17631 17632 17633 17634 17635 17636 17637 17638 17639 17640 17641 17642 17643 17644 17645 17646 17647 17648 17649 17650 17651 17652 17653 17654 17655 17656 17657 17658 17659 17660 17661 17662 17663 17664 17665 17666 17667 17668 17669 17670 17671 17672 17673 17674 17675 17676 17677 17678 17679 17680 17681 17682 17683 17684 17685 17686 17687 17688 17689 17690 17691 17692 17693 17694 17695 17696 17697 17698 17699 17700 17701 17702 17703 17704 17705 17706 17707 17708 17709 17710 17711 17712 17713 17714 17715 17716 17717 17718 17719 17720 17721 17722 17723 17724 17725 17726 17727 17728 17729 17730 17731 17732 17733 17734 17735 17736 17737 17738 17739 17740 17741 17742 17743 17744 17745 17746 17747 17748 17749 17750 17751 17752 17753 17754 17755 17756 17757 17758 17759 17760 17761 17762 17763 17764 17765 17766 17767 17768 17769 17770 17771 17772 17773 17774 17775 17776 17777 17778 17779 17780 17781 17782 17783 17784 17785 17786 17787 17788 17789 17790 17791 17792 17793 17794 17795 17796 17797 17798 17799 17800 17801 17802 17803 17804 17805 17806 17807 17808 17809 17810 17811 17812 17813 17814 17815 17816 17817 17818 17819 17820 17821 17822 17823 17824 17825 17826 17827 17828 17829 17830 17831 17832 17833 17834 17835 17836 17837 17838 17839 17840 17841 17842 17843 17844 17845 17846 17847 17848 17849 17850 17851 17852 17853 17854 17855 17856 17857 17858 17859 17860 17861 17862 17863 17864 17865 17866 17867 17868 17869 17870 17871 17872 17873 17874 17875 17876 17877 17878 17879 17880 17881 17882 17883 17884 17885 17886 17887 17888 17889 17890 17891 17892 17893 17894 17895 17896 17897 17898 17899 17900 17901 17902 17903 17904 17905 17906 17907 17908 17909 17910 17911 17912 17913 17914 17915 17916 17917 17918 17919 17920 17921 17922 17923 17924 17925 17926 17927 17928 17929 17930 17931 17932 17933 17934 17935 17936 17937 17938 17939 17940 17941 17942 17943 17944 17945 17946 17947 17948 17949 17950 17951 17952 17953 17954 17955 17956 17957 17958 17959 17960 17961 17962 17963 17964 17965 17966 17967 17968 17969 17970 17971 17972 17973 17974 17975 17976 17977 17978 17979 17980 17981 17982 17983 17984 17985 17986 17987 17988 17989 17990 17991 17992 17993 17994 17995 17996 17997 17998 17999 18000 18001 18002 18003 18004 18005 18006 18007 18008 18009 18010 18011 18012 18013 18014 18015 18016 18017 18018 18019 18020 18021 18022 18023 18024 18025 18026 18027 18028 18029 18030 18031 18032 18033 18034 18035 18036 18037 18038 18039 18040 18041 18042 18043 18044 18045 18046 18047 18048 18049 18050 18051 18052 18053 18054 18055 18056 18057 18058 18059 18060 18061 18062 18063 18064 18065 18066 18067 18068 18069 18070 18071 18072 18073 18074 18075 18076 18077 18078 18079 18080 18081 18082 18083 18084 18085 18086 18087 18088 18089 18090 18091 18092 18093 18094 18095 18096 18097 18098 18099 18100 18101 18102 18103 18104 18105 18106 18107 18108 18109 18110 18111 18112 18113 18114 18115 18116 18117 18118 18119 18120 18121 18122 18123 18124 18125 18126 18127 18128 18129 18130 18131 18132 18133 18134 18135 18136 18137 18138 18139 18140 18141 18142 18143 18144 18145 18146 18147 18148 18149 18150 18151 18152 18153 18154 18155 18156 18157 18158 18159 18160 18161 18162 18163 18164 18165 18166 18167 18168 18169 18170 18171 18172 18173 18174 18175 18176 18177 18178 18179 18180 18181 18182 18183 18184 18185 18186 18187 18188 18189 18190 18191 18192 18193 18194 18195 18196 18197 18198 18199 18200 18201 18202 18203 18204 18205 18206 18207 18208 18209 18210 18211 18212 18213 18214 18215 18216 18217 18218 18219 18220 18221 18222 18223 18224 18225 18226 18227 18228 18229 18230 18231 18232 18233 18234 18235 18236 18237 18238 18239 18240 18241 18242 18243 18244 18245 18246 18247 18248 18249 18250 18251 18252 18253 18254 18255 18256 18257 18258 18259 18260 18261 18262 18263 18264 18265 18266 18267 18268 18269 18270 18271 18272 18273 18274 18275 18276 18277 18278 18279 18280 18281 18282 18283 18284 18285 18286 18287 18288 18289 18290 18291 18292 18293 18294 18295 18296 18297 18298 18299 18300 18301 18302 18303 18304 18305 18306 18307 18308 18309 18310 18311 18312 18313 18314 18315 18316 18317 18318 18319 18320 18321 18322 18323 18324 18325 18326 18327 18328 18329 18330 18331 18332 18333 18334 18335 18336 18337 18338 18339 18340 18341 18342 18343 18344 18345 18346 18347 18348 18349 18350 18351 18352 18353 18354 18355 18356 18357 18358 18359 18360 18361 18362 18363 18364 18365 18366 18367 18368 18369 18370 18371 18372 18373 18374 18375 18376 18377 18378 18379 18380 18381 18382 18383 18384 18385 18386 18387 18388 18389 18390 18391 18392 18393 18394 18395 18396 18397 18398 18399 18400 18401 18402 18403 18404 18405 18406 18407 18408 | <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix Configuration Parameters </title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">Postfix Configuration Parameters </h1>
<hr>
<h2> Postfix main.cf file format </h2>
<p> The Postfix main.cf configuration file specifies a very small
subset of all the parameters that control the operation of the
Postfix mail system. Parameters not explicitly specified are left
at their default values. </p>
<p> The general format of the main.cf file is as follows: </p>
<ul>
<li> <p> Each logical line is in the form "parameter = value".
Whitespace around the "=" is ignored, as is whitespace at the end
of a logical line. </p>
<li> <p> Empty lines and whitespace-only lines are ignored, as are
lines whose first non-whitespace character is a `#'. </p>
<li> <p> A logical line starts with non-whitespace text. A line
that starts with whitespace continues a logical line. </p>
<li> <p> A parameter value may refer to other parameters. </p>
<ul>
<li> <p> The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter. </p>
<li> <p> The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix version
2.2 and later. </p>
<li> <p> The expression "${name:value}" expands to "value" when
"$name" is empty. This form is supported with Postfix version 2.2
and later. </p>
<li> <p> Specify "$$" to produce a single "$" character. </p>
</ul>
<li> <p> When the same parameter is defined multiple times, only
the last instance is remembered. </p>
<li> <p> Otherwise, the order of main.cf parameter definitions does
not matter. </p>
</ul>
<p> The remainder of this document is a description of all Postfix
configuration parameters. Default values are shown after the
parameter name in parentheses, and can be looked up with the
"<b>postconf -d</b>" command. </p>
<p> Note: this is not an invitation to make changes to Postfix
configuration parameters. Unnecessary changes are likely to impair
the operation of the mail system. </p>
<dl>
<DT><b><a name="2bounce_notice_recipient">2bounce_notice_recipient</a>
(default: postmaster)</b></DT><DD>
<p> The recipient of undeliverable mail that cannot be returned to
the sender. This feature is enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a>
parameter. </p>
</DD>
<DT><b><a name="access_map_defer_code">access_map_defer_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code for
an <a href="access.5.html">access(5)</a> map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>"
or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". Prior to Postfix 2.6, the response
is hard-coded as "450".
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
This feature is available in Postfix 2.6 and later.
</p>
</DD>
<DT><b><a name="access_map_reject_code">access_map_reject_code</a>
(default: 554)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code for
an <a href="access.5.html">access(5)</a> map "reject" action.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a>
(default: 12h)</b></DT><DD>
<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification
database cleanup runs. This feature requires that the database
supports the "delete" and "sequence" operators. Specify a zero
interval to disable database cleanup. </p>
<p> After each database cleanup run, the <a href="verify.8.html">verify(8)</a> daemon logs the
number of entries that were retained and dropped. A cleanup run is
logged as "partial" when the daemon terminates early after "<b>postfix
reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a>
seconds. </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). </p>
<p> This feature is available in Postfix 2.7. </p>
</DD>
<DT><b><a name="address_verify_default_transport">address_verify_default_transport</a>
(default: $<a href="postconf.5.html#default_transport">default_transport</a>)</b></DT><DD>
<p>
Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address
verification probes.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_local_transport">address_verify_local_transport</a>
(default: $<a href="postconf.5.html#local_transport">local_transport</a>)</b></DT><DD>
<p>
Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address
verification probes.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_map">address_verify_map</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Lookup table for persistent address verification status
storage. The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and
is opened before the process releases privileges.
</p>
<p>
The lookup table is persistent by default (Postfix 2.7 and later).
Specify an empty table name to keep the information in volatile
memory which is lost after "<b>postfix reload</b>" or "<b>postfix
stop</b>". This is the default with Postfix version 2.6 and earlier.
</p>
<p>
Specify a location in a file system that will not fill up. If the
database becomes corrupted, the world comes to an end. To recover
delete (NOT: truncate) the file and do "<b>postfix reload</b>".
</p>
<p> Postfix daemon processes do not use root privileges when opening
this file (Postfix 2.5 and later). The file must therefore be
stored under a Postfix-owned directory such as the <a href="postconf.5.html#data_directory">data_directory</a>.
As a migration aid, an attempt to open the file under a non-Postfix
directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a
warning is logged. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">hash</a>:/var/lib/postfix/verify
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/verify
</pre>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_negative_cache">address_verify_negative_cache</a>
(default: yes)</b></DT><DD>
<p>
Enable caching of failed address verification probe results. When
this feature is enabled, the cache may pollute quickly with garbage.
When this feature is disabled, Postfix will generate an address
probe for every lookup.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_negative_expire_time">address_verify_negative_expire_time</a>
(default: 3d)</b></DT><DD>
<p>
The time after which a failed probe expires from the address
verification cache.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_negative_refresh_time">address_verify_negative_refresh_time</a>
(default: 3h)</b></DT><DD>
<p>
The time after which a failed address verification probe needs to
be refreshed.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_poll_count">address_verify_poll_count</a>
(default: normal: 3, overload: 1)</b></DT><DD>
<p>
How many times to query the <a href="verify.8.html">verify(8)</a> service for the completion
of an address verification request in progress.
</p>
<p> By default, the Postfix SMTP server polls the <a href="verify.8.html">verify(8)</a> service
up to three times under non-overload conditions, and only once when
under overload. With Postfix version 2.5 and earlier, the SMTP
server always polls the <a href="verify.8.html">verify(8)</a> service up to three times by
default. </p>
<p>
Specify 1 to implement a crude form of greylisting, that is, always
defer the first delivery request for a new address.
</p>
<p>
Examples:
</p>
<pre>
# Postfix ≤ 2.6 default
<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 3
# Poor man's greylisting
<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 1
</pre>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_poll_delay">address_verify_poll_delay</a>
(default: 3s)</b></DT><DD>
<p>
The delay between queries for the completion of an address
verification request in progress.
</p>
<p>
The default polling delay is 3 seconds.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_positive_expire_time">address_verify_positive_expire_time</a>
(default: 31d)</b></DT><DD>
<p>
The time after which a successful probe expires from the address
verification cache.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_positive_refresh_time">address_verify_positive_refresh_time</a>
(default: 7d)</b></DT><DD>
<p>
The time after which a successful address verification probe needs
to be refreshed. The address verification status is not updated
when the probe fails (optimistic caching).
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_relay_transport">address_verify_relay_transport</a>
(default: $<a href="postconf.5.html#relay_transport">relay_transport</a>)</b></DT><DD>
<p>
Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address
verification probes.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_relayhost">address_verify_relayhost</a>
(default: $<a href="postconf.5.html#relayhost">relayhost</a>)</b></DT><DD>
<p>
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification
probes. This information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_sender">address_verify_sender</a>
(default: $<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b></DT><DD>
<p> The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster". To
avoid problems with address probes that are sent in response to
address probes, the Postfix SMTP server excludes the probe sender
address from all SMTPD access blocks. </p>
<p>
Specify an empty value (<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> =) or <> if you want
to use the null sender address. Beware, some sites reject mail from
<>, even though RFCs require that such addresses be accepted.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = <>
<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = postmaster@my.domain
</pre>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a>
(default: $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b></DT><DD>
<p> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
setting for address verification probes. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
</DD>
<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a>
(default: $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b></DT><DD>
<p>
Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address
verification probes.
</p>
<p>
This feature is available in Postfix 2.3 and later.
</p>
</DD>
<DT><b><a name="address_verify_sender_ttl">address_verify_sender_ttl</a>
(default: 0s)</b></DT><DD>
<p> The time between changes in the time-dependent portion of address
verification probe sender addresses. The time-dependent portion is
appended to the localpart of the address specified with the
<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> parameter. This feature is ignored when the
probe sender addresses is the null sender, i.e. the <a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
value is empty or <>. </p>
<p> Historically, the probe sender address was fixed. This has
caused such addresses to end up on spammer mailing lists, and has
resulted in wasted network and processing resources. </p>
<p> To enable time-dependent probe sender addresses, specify a
non-zero time value (an integral value plus an optional one-letter
suffix that specifies the time unit). Specify a value of at least
several hours, to avoid problems with senders that use greylisting.
Avoid nice TTL values, to make the result less predictable. Time
units are: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="address_verify_service_name">address_verify_service_name</a>
(default: verify)</b></DT><DD>
<p>
The name of the <a href="verify.8.html">verify(8)</a> address verification service. This service
maintains the status of sender and/or recipient address verification
probes, and generates probes on request by other Postfix processes.
</p>
</DD>
<DT><b><a name="address_verify_transport_maps">address_verify_transport_maps</a>
(default: $<a href="postconf.5.html#transport_maps">transport_maps</a>)</b></DT><DD>
<p>
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address verification
probes.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="address_verify_virtual_transport">address_verify_virtual_transport</a>
(default: $<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b></DT><DD>
<p>
Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address
verification probes.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="alias_database">alias_database</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The alias databases for <a href="local.8.html">local(8)</a> delivery that are updated with
"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
</p>
<p>
This is a separate configuration parameter because not all the
tables specified with $<a href="postconf.5.html#alias_maps">alias_maps</a> have to be local files.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases
<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/mail/aliases
</pre>
</DD>
<DT><b><a name="alias_maps">alias_maps</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The alias databases that are used for <a href="local.8.html">local(8)</a> delivery. See
<a href="aliases.5.html">aliases(5)</a> for syntax details.
</p>
<p>
The default list is system dependent. On systems with NIS, the
default is to search the local alias database, then the NIS alias
database.
</p>
<p>
If you change the alias database, run "<b>postalias /etc/aliases</b>"
(or wherever your system stores the mail alias file), or simply
run "<b>newaliases</b>" to build the necessary DBM or DB file.
</p>
<p>
The <a href="local.8.html">local(8)</a> delivery agent disallows regular expression substitution
of $1 etc. in <a href="postconf.5.html#alias_maps">alias_maps</a>, because that would open a security hole.
</p>
<p>
The <a href="local.8.html">local(8)</a> delivery agent will silently ignore requests to use
the <a href="proxymap.8.html">proxymap(8)</a> server within <a href="postconf.5.html#alias_maps">alias_maps</a>. Instead it will open the
table directly. Before Postfix version 2.2, the <a href="local.8.html">local(8)</a> delivery
agent will terminate with a fatal error.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases, nis:mail.aliases
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases
</pre>
</DD>
<DT><b><a name="allow_mail_to_commands">allow_mail_to_commands</a>
(default: alias, forward)</b></DT><DD>
<p>
Restrict <a href="local.8.html">local(8)</a> mail delivery to external commands. The default
is to disallow delivery to "|command" in :include: files (see
<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology).
</p>
<p>
Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
in order to allow commands in <a href="aliases.5.html">aliases(5)</a>, .forward files or in
:include: files, respectively.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> = alias,forward,include
</pre>
</DD>
<DT><b><a name="allow_mail_to_files">allow_mail_to_files</a>
(default: alias, forward)</b></DT><DD>
<p>
Restrict <a href="local.8.html">local(8)</a> mail delivery to external files. The default is
to disallow "/file/name" destinations in :include: files (see
<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology).
</p>
<p>
Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
in order to allow "/file/name" destinations in <a href="aliases.5.html">aliases(5)</a>, .forward
files and in :include: files, respectively.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> = alias,forward,include
</pre>
</DD>
<DT><b><a name="allow_min_user">allow_min_user</a>
(default: no)</b></DT><DD>
<p>
Allow a sender or recipient address to have `-' as the first
character. By
default, this is not allowed, to avoid accidents with software that
passes email addresses via the command line. Such software
would not be able to distinguish a malicious address from a
bona fide command-line option. Although this can be prevented by
inserting a "--" option terminator into the command line, this is
difficult to enforce consistently and globally. </p>
<p> As of Postfix version 2.5, this feature is implemented by
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>. With earlier versions this feature was implemented
by <a href="qmgr.8.html">qmgr(8)</a> and was limited to recipient addresses only. </p>
</DD>
<DT><b><a name="allow_percent_hack">allow_percent_hack</a>
(default: yes)</b></DT><DD>
<p>
Enable the rewriting of the form "user%domain" to "user@domain".
This is enabled by default.
</p>
<p> Note: as of Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
<ul>
<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
<li> The message is received from a network client that matches
$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
<li> The message is received from the network, and the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
</ul>
<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> = no
</pre>
</DD>
<DT><b><a name="allow_untrusted_routing">allow_untrusted_routing</a>
(default: no)</b></DT><DD>
<p>
Forward mail with sender-specified routing (user[@%!]remote[@%!]site)
from untrusted clients to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
</p>
<p>
By default, this feature is turned off. This closes a nasty open
relay loophole where a backup MX host can be tricked into forwarding
junk mail to a primary MX host which then spams it out to the world.
</p>
<p>
This parameter also controls if non-local addresses with sender-specified
routing can match Postfix access tables. By default, such addresses
cannot match Postfix access tables, because the address is ambiguous.
</p>
</DD>
<DT><b><a name="alternate_config_directories">alternate_config_directories</a>
(default: empty)</b></DT><DD>
<p>
A list of non-default Postfix configuration directories that may
be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line, or
via the MAIL_CONFIG environment parameter.
</p>
<p>
This list must be specified in the default Postfix configuration
directory, and is used by set-gid Postfix commands such as <a href="postqueue.1.html">postqueue(1)</a>
and <a href="postdrop.1.html">postdrop(1)</a>.
</p>
</DD>
<DT><b><a name="always_add_missing_headers">always_add_missing_headers</a>
(default: no)</b></DT><DD>
<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers
when not present. Postfix 2.6 and later add these headers only
when clients match the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter
setting. Earlier Postfix versions always add these headers; this
may break DKIM signatures that cover non-existent headers. </p>
</DD>
<DT><b><a name="always_bcc">always_bcc</a>
(default: empty)</b></DT><DD>
<p>
Optional address that receives a "blind carbon copy" of each message
that is received by the Postfix mail system.
</p>
<p>
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
</p>
<p>
Note: with Postfix 2.2 and earlier the sender will be notified
when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>
</DD>
<DT><b><a name="anvil_rate_time_unit">anvil_rate_time_unit</a>
(default: 60s)</b></DT><DD>
<p>
The time unit over which client connection rates and other rates
are calculated.
</p>
<p>
This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available
in Postfix version 2.2 and later.
</p>
<p>
The default interval is relatively short. Because of the high
frequency of updates, the <a href="anvil.8.html">anvil(8)</a> server uses volatile memory
only. Thus, information is lost whenever the process terminates.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="anvil_status_update_time">anvil_status_update_time</a>
(default: 600s)</b></DT><DD>
<p>
How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate limiting server
logs peak usage information.
</p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="append_at_myorigin">append_at_myorigin</a>
(default: yes)</b></DT><DD>
<p>
With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail
addresses without domain information. With remotely submitted mail,
append the string "@$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" instead.
</p>
<p>
Note 1: this feature is enabled by default and must not be turned off.
Postfix does not support domain-less addresses.
</p>
<p> Note 2: with Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
<ul>
<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
<li> The message is received from a network client that matches
$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
<li> The message is received from the network, and the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
</ul>
<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
</DD>
<DT><b><a name="append_dot_mydomain">append_dot_mydomain</a>
(default: yes)</b></DT><DD>
<p>
With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to
addresses that have no ".domain" information. With remotely submitted
mail, append the string ".$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>"
instead.
</p>
<p>
Note 1: this feature is enabled by default. If disabled, users will not be
able to send mail to "user@partialdomainname" but will have to
specify full domain names instead.
</p>
<p> Note 2: with Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
<ul>
<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
<li> The message is received from a network client that matches
$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
<li> The message is received from the network, and the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
</ul>
<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
</DD>
<DT><b><a name="application_event_drain_time">application_event_drain_time</a>
(default: 100s)</b></DT><DD>
<p>
How long the <a href="postkick.1.html">postkick(1)</a> command waits for a request to enter the
Postfix daemon process input buffer before giving up.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="authorized_flush_users">authorized_flush_users</a>
(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD>
<p>
List of users who are authorized to flush the queue.
</p>
<p>
By default, all users are allowed to flush the queue. Access is
always granted if the invoking user is the super-user or the
$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked
up in the system password file, and access is granted only if the
corresponding login name is on the access list. The username
"unknown" is used for processes whose real UID is not found in the
password file. </p>
<p>
Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. A "/file/name"
pattern is replaced
by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name
matches a lookup key (the lookup result is ignored). Continue long
lines by starting the next line with whitespace. Specify "!pattern"
to exclude a name from the list. The form "!/file/name" is supported
only in Postfix version 2.4 and later. </p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
</DD>
<DT><b><a name="authorized_mailq_users">authorized_mailq_users</a>
(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD>
<p>
List of users who are authorized to view the queue.
</p>
<p>
By default, all users are allowed to view the queue. Access is
always granted if the invoking user is the super-user or the
$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked
up in the system password file, and access is granted only if the
corresponding login name is on the access list. The username
"unknown" is used for processes whose real UID is not found in the
password file. </p>
<p>
Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. A "/file/name"
pattern is replaced
by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name
matches a lookup key (the lookup result is ignored). Continue long
lines by starting the next line with whitespace. Specify "!pattern"
to exclude a user name from the list. The form "!/file/name" is
supported only in Postfix version 2.4 and later. </p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
</DD>
<DT><b><a name="authorized_submit_users">authorized_submit_users</a>
(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD>
<p>
List of users who are authorized to submit mail with the <a href="sendmail.1.html">sendmail(1)</a>
command (and with the privileged <a href="postdrop.1.html">postdrop(1)</a> helper command).
</p>
<p>
By default, all users are allowed to submit mail. Otherwise, the
real UID of the process is looked up in the system password file,
and access is granted only if the corresponding login name is on
the access list. The username "unknown" is used for processes
whose real UID is not found in the password file. To deny mail
submission access to all users specify an empty list. </p>
<p>
Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
separated by commas and/or whitespace. The list is matched left to right,
and the search stops on the first match. A "/file/name" pattern is
replaced by its contents;
a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup key
(the lookup result is ignored). Continue long lines by starting the
next line with whitespace. Specify "!pattern" to exclude a user
name from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = !www, <a href="DATABASE_README.html#types">static</a>:all
</pre>
<p>
This feature is available in Postfix 2.2 and later.
</p>
</DD>
<DT><b><a name="authorized_verp_clients">authorized_verp_clients</a>
(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD>
<p> What remote SMTP clients are allowed to specify the XVERP command.
This command requests that mail be delivered one recipient at a
time with a per recipient return address. </p>
<p> By default, only trusted clients are allowed to specify XVERP.
</p>
<p> This parameter was introduced with Postfix version 1.1. Postfix
version 2.1 renamed this parameter to <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a>
and changed the default to none. </p>
<p> Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> value, and in files
specified with "/file/name". IP version 6 addresses contain the
":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
<DT><b><a name="backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a>
(default: yes)</b></DT><DD>
<p>
Produce additional <a href="bounce.8.html">bounce(8)</a> logfile records that can be read by
Postfix versions before 2.0. The current and more extensible "name =
value" format is needed in order to implement more sophisticated
functionality.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a>
(default: 16777216)</b></DT><DD>
<p>
The per-table I/O buffer size for programs that create Berkeley DB
hash or btree tables. Specify a byte count.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a>
(default: 131072)</b></DT><DD>
<p>
The per-table I/O buffer size for programs that read Berkeley DB
hash or btree tables. Specify a byte count.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="best_mx_transport">best_mx_transport</a>
(default: empty)</b></DT><DD>
<p>
Where the Postfix SMTP client should deliver mail when it detects
a "mail loops back to myself" error condition. This happens when
the local MTA is the best SMTP mail exchanger for a destination
not listed in $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. By default,
the Postfix SMTP client returns such mail as undeliverable.
</p>
<p>
Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail
from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You
can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page
for the syntax and meaning of "transport" or "transport:nexthop".
</p>
<p>
However, this feature is expensive because it ties up a Postfix
SMTP client process while the <a href="local.8.html">local(8)</a> delivery agent is doing its
work. It is more efficient (for Postfix) to list all <a href="VIRTUAL_README.html#canonical">hosted domains</a>
in a table or database.
</p>
</DD>
<DT><b><a name="biff">biff</a>
(default: yes)</b></DT><DD>
<p>
Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service. This service sends
"new mail" notifications to users who have requested new mail
notification with the UNIX command "<a href="postconf.5.html#biff">biff</a> y".
</p>
<p>
For compatibility reasons this feature is on by default. On systems
with lots of interactive users, the <a href="postconf.5.html#biff">biff</a> service can be a performance
drain. Specify "<a href="postconf.5.html#biff">biff</a> = no" in <a href="postconf.5.html">main.cf</a> to disable.
</p>
</DD>
<DT><b><a name="body_checks">body_checks</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables for content inspection as specified in
the <a href="header_checks.5.html">body_checks(5)</a> manual page. </p>
<p> Note: with Postfix versions before 2.0, these rules inspect
all content after the primary message headers. </p>
</DD>
<DT><b><a name="body_checks_size_limit">body_checks_size_limit</a>
(default: 51200)</b></DT><DD>
<p>
How much text in a message body segment (or attachment, if you
prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection.
The amount of text is limited to avoid scanning huge attachments.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="bounce_notice_recipient">bounce_notice_recipient</a>
(default: postmaster)</b></DT><DD>
<p>
The recipient of postmaster notifications with the message headers
of mail that Postfix did not deliver and of SMTP conversation
transcripts of mail that Postfix did not receive. This feature is
enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter. </p>
</DD>
<DT><b><a name="bounce_queue_lifetime">bounce_queue_lifetime</a>
(default: 5d)</b></DT><DD>
<p>
Consider a bounce message as undeliverable, when delivery fails
with a temporary error, and the time in the queue has reached the
<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit. By default, this limit is the same
as for regular mail.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
</p>
<p>
Specify 0 when mail delivery should be tried only once.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="bounce_service_name">bounce_service_name</a>
(default: bounce)</b></DT><DD>
<p>
The name of the <a href="bounce.8.html">bounce(8)</a> service. This service maintains a record
of failed delivery attempts and generates non-delivery notifications.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="bounce_size_limit">bounce_size_limit</a>
(default: 50000)</b></DT><DD>
<p> The maximal amount of original message text that is sent in a
non-delivery notification. Specify a byte count. A message is
returned as either message/rfc822 (the complete original) or as
text/rfc822-headers (the headers only). With Postfix version 2.4
and earlier, a message is always returned as message/rfc822 and is
truncated when it exceeds the size limit.
</p>
<p> Notes: </p>
<ul>
<li> <p> If you increase this limit, then you should increase the
<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p>
<li> <p> Be careful when making changes. Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
</p>
</ul>
</DD>
<DT><b><a name="bounce_template_file">bounce_template_file</a>
(default: empty)</b></DT><DD>
<p> Pathname of a configuration file with bounce message templates.
These override the built-in templates of delivery status notification
(DSN) messages for undeliverable mail, for delayed mail, successful
delivery, or delivery verification. The <a href="bounce.5.html">bounce(5)</a> manual page
describes how to edit and test template files. </p>
<p> Template message body text may contain $name references to
Postfix configuration parameters. The result of $name expansion can
be previewed with "<b>postconf -b <i>file_name</i></b>" before the file
is placed into the Postfix configuration directory. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="broken_sasl_auth_clients">broken_sasl_auth_clients</a>
(default: no)</b></DT><DD>
<p>
Enable inter-operability with remote SMTP clients that implement an obsolete
version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0.
</p>
<p>
Specify "<a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes" to have Postfix advertise
AUTH support in a non-standard way.
</p>
</DD>
<DT><b><a name="canonical_classes">canonical_classes</a>
(default: envelope_sender, envelope_recipient, header_sender, header_recipient)</b></DT><DD>
<p> What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping.
By default, <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping is applied to envelope
sender and recipient addresses, and to header sender and header
recipient addresses. </p>
<p> Specify one or more of: envelope_sender, envelope_recipient,
header_sender, header_recipient </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="canonical_maps">canonical_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional address mapping lookup tables for message headers and
envelopes. The mapping is applied to both sender and recipient
addresses, in both envelopes and in headers, as controlled
with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used
to clean up dirty addresses from legacy mail systems, or to replace
login names by Firstname.Lastname. The table format and lookups
are documented in <a href="canonical.5.html">canonical(5)</a>. For an overview of Postfix address
manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document.
</p>
<p>
If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to
build the necessary DBM or DB file after every change. The changes
will become visible after a minute or so. Use "<b>postfix reload</b>"
to eliminate the delay.
</p>
<p> Note: with Postfix version 2.2, message header address mapping
happens only when message header address rewriting is enabled: </p>
<ul>
<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
<li> The message is received from a network client that matches
$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
<li> The message is received from the network, and the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
</ul>
<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/canonical
<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical
</pre>
</DD>
<DT><b><a name="cleanup_service_name">cleanup_service_name</a>
(default: cleanup)</b></DT><DD>
<p>
The name of the <a href="cleanup.8.html">cleanup(8)</a> service. This service rewrites addresses
into the standard form, and performs <a href="canonical.5.html">canonical(5)</a> address mapping
and <a href="virtual.5.html">virtual(5)</a> aliasing.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="command_directory">command_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The location of all postfix administrative commands.
</p>
</DD>
<DT><b><a name="command_execution_directory">command_execution_directory</a>
(default: empty)</b></DT><DD>
<p> The <a href="local.8.html">local(8)</a> delivery agent working directory for delivery to
external command. Failure to change directory causes the delivery
to be deferred. </p>
<p> The following $name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a>
before the directory is changed. Expansion happens in the context
of the delivery request. The result of $name expansion is filtered
with the character set that is specified with the
<a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> parameter. </p>
<dl>
<dt><b>$user</b></dt>
<dd>The recipient's username. </dd>
<dt><b>$shell</b></dt>
<dd>The recipient's login shell pathname. </dd>
<dt><b>$home</b></dt>
<dd>The recipient's home directory. </dd>
<dt><b>$recipient</b></dt>
<dd>The full recipient address. </dd>
<dt><b>$extension</b></dt>
<dd>The optional recipient address extension. </dd>
<dt><b>$domain</b></dt>
<dd>The recipient domain. </dd>
<dt><b>$local</b></dt>
<dd>The entire recipient localpart. </dd>
<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt>
<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>
<dt><b>${name?value}</b></dt>
<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
<dt><b>${name:value}</b></dt>
<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
</dl>
<p>
Instead of $name you can also specify ${name} or $(name).
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="command_expansion_filter">command_expansion_filter</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in
$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
Characters outside the
allowed set are replaced by underscores.
</p>
</DD>
<DT><b><a name="command_time_limit">command_time_limit</a>
(default: 1000s)</b></DT><DD>
<p>
Time limit for delivery to external commands. This limit is used
by the <a href="local.8.html">local(8)</a> delivery agent, and is the default time limit for
delivery by the <a href="pipe.8.html">pipe(8)</a> delivery agent.
</p>
<p>
Note: if you set this time limit to a large value you must update the
global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter as well.
</p>
</DD>
<DT><b><a name="config_directory">config_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>
configuration files. This can be overruled via the following
mechanisms: </p>
<ul>
<li> <p> The MAIL_CONFIG environment variable (daemon processes
and commands). </p>
<li> <p> The "-c" command-line option (commands only). </p>
</ul>
<p> With Postfix command that run with set-gid privileges, a
<a href="postconf.5.html#config_directory">config_directory</a> override requires either root privileges, or it
requires that the directory is listed with the <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a>
parameter in the default <a href="postconf.5.html">main.cf</a> file. </p>
</DD>
<DT><b><a name="connection_cache_protocol_timeout">connection_cache_protocol_timeout</a>
(default: 5s)</b></DT><DD>
<p> Time limit for connection cache connect, send or receive
operations. The time limit is enforced in the client. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="connection_cache_service_name">connection_cache_service_name</a>
(default: scache)</b></DT><DD>
<p> The name of the <a href="scache.8.html">scache(8)</a> connection cache service. This service
maintains a limited pool of cached sessions. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="connection_cache_status_update_time">connection_cache_status_update_time</a>
(default: 600s)</b></DT><DD>
<p> How frequently the <a href="scache.8.html">scache(8)</a> server logs usage statistics with
connection cache hit and miss rates for logical destinations and for
physical endpoints. </p>
</DD>
<DT><b><a name="connection_cache_ttl_limit">connection_cache_ttl_limit</a>
(default: 2s)</b></DT><DD>
<p> The maximal time-to-live value that the <a href="scache.8.html">scache(8)</a> connection
cache server
allows. Requests that specify a larger TTL will be stored with the
maximum allowed TTL. The purpose of this additional control is to
protect the infrastructure against careless people. The cache TTL
is already bounded by $<a href="postconf.5.html#max_idle">max_idle</a>. </p>
</DD>
<DT><b><a name="content_filter">content_filter</a>
(default: empty)</b></DT><DD>
<p> After the message is queued, send the entire message to the
specified <i>transport:destination</i>. The <i>transport</i> name
specifies the first field of a mail delivery agent definition in
<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described
in the manual page of the corresponding delivery agent. More
information about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file. </p>
<p> Notes: </p>
<ul>
<li> <p> This setting has lower precedence than a FILTER action
that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a>
table. </p>
<li> <p> The meaning of an empty next-hop filter <i>destination</i>
is version dependent. Postfix 2.7 and later will use the recipient
domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify
"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix
2.6 or earlier, or specify a <a href="postconf.5.html#content_filter">content_filter</a> value with an explicit
next-hop <i>destination</i>. </p>
</ul>
</DD>
<DT><b><a name="cyrus_sasl_config_path">cyrus_sasl_config_path</a>
(default: empty)</b></DT><DD>
<p> Search path for Cyrus SASL application configuration files,
currently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
Specify zero or more directories separated by a colon character,
or an empty value to use Cyrus SASL's built-in search path. </p>
<p> This feature is available in Postfix 2.5 and later when compiled
with Cyrus SASL 2.1.22 or later. </p>
</DD>
<DT><b><a name="daemon_directory">daemon_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The directory with Postfix support programs and daemon programs.
These should not be invoked directly by humans. The directory must
be owned by root.
</p>
</DD>
<DT><b><a name="daemon_table_open_error_is_fatal">daemon_table_open_error_is_fatal</a>
(default: no)</b></DT><DD>
<p> How a Postfix daemon process handles errors while opening lookup
tables: gradual degradation or immediate termination. </p>
<dl>
<dt> <b> no </b> (default) </dt> <dd> <p> Gradual degradation: a
daemon process logs a message of type "error" and continues execution
with reduced functionality. Features that do not depend on the
unavailable table will work normally, while features that depend
on the table will result in a type "warning" message. <br> When
the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter value contains the "data" class, the
Postfix SMTP server and client will report transcripts of sessions
with an error because a table is unavailable. </p> </dd>
<dt> <b> yes </b> (historical behavior) </dt> <dd> <p> Immediate
termination: a daemon process logs a type "fatal" message and
terminates immediately. This option reduces the number of possible
code paths through Postfix, and may therefore be slightly more
secure than the default. </p> </dd>
</dl>
<p> For the sake of sanity, the number of type "error" messages is
limited to 13 over the lifetime of a daemon process. </p>
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="daemon_timeout">daemon_timeout</a>
(default: 18000s)</b></DT><DD>
<p> How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="data_directory">data_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The directory with Postfix-writable data files (for example:
caches, pseudo-random numbers). This directory must be owned by
the <a href="postconf.5.html#mail_owner">mail_owner</a> account, and must not be shared with non-Postfix
software. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="debug_peer_level">debug_peer_level</a>
(default: 2)</b></DT><DD>
<p> The increment in verbose logging level when a remote client or
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p>
</DD>
<DT><b><a name="debug_peer_list">debug_peer_list</a>
(default: empty)</b></DT><DD>
<p> Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to increase
by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. </p>
<p> Specify domain names, network/netmask patterns, "/file/name"
patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result
from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. </p>
<p> Pattern matching of domain names is controlled by the
<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = example.com
</pre>
</DD>
<DT><b><a name="debugger_command">debugger_command</a>
(default: empty)</b></DT><DD>
<p>
The external command to execute when a Postfix daemon program is
invoked with the -D option.
</p>
<p>
Use "command .. & sleep 5" so that the debugger can attach before
the process marches on. If you use an X-based debugger, be sure to
set up your XAUTHORITY environment variable before starting Postfix.
</p>
<p>
Note: the command is subject to $name expansion, before it is
passed to the default command interpreter. Specify "$$" to
produce a single "$" character.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#debugger_command">debugger_command</a> =
PATH=/usr/bin:/usr/X11R6/bin
ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> & sleep 5
</pre>
</DD>
<DT><b><a name="default_database_type">default_database_type</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The default database type for use in <a href="newaliases.1.html">newaliases(1)</a>, <a href="postalias.1.html">postalias(1)</a>
and <a href="postmap.1.html">postmap(1)</a> commands. On many UNIX systems the default type is
either <b>dbm</b> or <b>hash</b>. The default setting is frozen
when the Postfix system is built.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#default_database_type">default_database_type</a> = hash
<a href="postconf.5.html#default_database_type">default_database_type</a> = dbm
</pre>
</DD>
<DT><b><a name="default_delivery_slot_cost">default_delivery_slot_cost</a>
(default: 5)</b></DT><DD>
<p>
How often the Postfix queue manager's scheduler is allowed to
preempt delivery of one message with another.
</p>
<p>
Each transport maintains a so-called "available delivery slot counter"
for each message. One message can be preempted by another one when
the other message can be delivered using no more delivery slots
(i.e., invocations of delivery agents) than the current message
counter has accumulated (or will eventually accumulate - see about
slot loans below). This parameter controls how often is the counter
incremented - it happens after each <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>
recipients have been delivered.
</p>
<p>
The cost of 0 is used to disable the preempting scheduling completely.
The minimum value the scheduling algorithm can use is 2 - use it
if you want to maximize the message throughput rate. Although there
is no maximum, it doesn't make much sense to use values above say
50.
</p>
<p>
The only reason why the value of 2 is not the default is the way
this parameter affects the delivery of mailing-list mail. In the
worst case, their delivery can take somewhere between (cost+1/cost)
and (cost/cost-1) times more than if the preemptive scheduler was
disabled. The default value of 5 turns out to provide reasonable
message response times while making sure the mailing-list deliveries
are not extended by more than 20-25 percent even in the worst case.
</p>
<p> Use <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 0
<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 2
</pre>
</DD>
<DT><b><a name="default_delivery_slot_discount">default_delivery_slot_discount</a>
(default: 50)</b></DT><DD>
<p>
The default value for transport-specific _delivery_slot_discount
settings.
</p>
<p>
This parameter speeds up the moment when a message preemption can
happen. Instead of waiting until the full amount of delivery slots
required is available, the preemption can happen when
transport_delivery_slot_discount percent of the required amount
plus transport_delivery_slot_loan still remains to be accumulated.
Note that the full amount will still have to be accumulated before
another preemption can take place later.
</p>
<p> Use <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
</DD>
<DT><b><a name="default_delivery_slot_loan">default_delivery_slot_loan</a>
(default: 3)</b></DT><DD>
<p>
The default value for transport-specific _delivery_slot_loan
settings.
</p>
<p>
This parameter speeds up the moment when a message preemption can
happen. Instead of waiting until the full amount of delivery slots
required is available, the preemption can happen when
transport_delivery_slot_discount percent of the required amount
plus transport_delivery_slot_loan still remains to be accumulated.
Note that the full amount will still have to be accumulated before
another preemption can take place later.
</p>
<p> Use <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
</DD>
<DT><b><a name="default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>
(default: 1)</b></DT><DD>
<p> How many pseudo-cohorts must suffer connection or handshake
failure before a specific destination is considered unavailable
(and further delivery is suspended). Specify zero to disable this
feature. A destination's pseudo-cohort failure count is reset each
time a delivery completes without connection or handshake failure
for that specific destination. </p>
<p> A pseudo-cohort is the number of deliveries equal to a destination's
delivery concurrency. </p>
<p> Use <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> to specify
a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport. </p>
<p> This feature is available in Postfix 2.5. The default setting
is compatible with earlier Postfix versions. </p>
</DD>
<DT><b><a name="default_destination_concurrency_limit">default_destination_concurrency_limit</a>
(default: 20)</b></DT><DD>
<p>
The default maximal number of parallel deliveries to the same
destination. This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>,
<a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents.
With per-destination recipient limit > 1, a destination is a domain,
otherwise it is a recipient.
</p>
<p> Use <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
</DD>
<DT><b><a name="default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>
(default: 1)</b></DT><DD>
<p> The per-destination amount of delivery concurrency negative
feedback, after a delivery completes with a connection or handshake
failure. Feedback values are in the range 0..1 inclusive. With
negative feedback, concurrency is decremented at the beginning of
a sequence of length 1/feedback. This is unlike positive feedback,
where concurrency is incremented at the end of a sequence of length
1/feedback. </p>
<p> As of Postfix version 2.5, negative feedback cannot reduce
delivery concurrency to zero. Instead, a destination is marked
dead (further delivery suspended) after the failed pseudo-cohort
count reaches $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>
(or $<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>).
To make the scheduler completely immune to connection or handshake
failures, specify a zero feedback value and a zero failed pseudo-cohort
limit. </p>
<p> Specify one of the following forms: </p>
<dl>
<dt> <b><i>number</i> </b> </dt>
<dt> <b><i>number</i> / <i>number</i> </b> </dt>
<dd> Constant feedback. The value must be in the range 0..1 inclusive.
The default setting of "1" is compatible with Postfix versions
before 2.5, where a destination's delivery concurrency is throttled
down to zero (and further delivery suspended) after a single failed
pseudo-cohort. </dd>
<dt> <b><i>number</i> / concurrency </b> </dt>
<dd> Variable feedback of "<i>number</i> / (delivery concurrency)".
The <i>number</i> must be in the range 0..1 inclusive. With
<i>number</i> equal to "1", a destination's delivery concurrency
is decremented by 1 after each failed pseudo-cohort. </dd>
</dl>
<p> A pseudo-cohort is the number of deliveries equal to a destination's
delivery concurrency. </p>
<p> Use <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a>
to specify a transport-specific override, where <i>transport</i>
is the <a href="master.5.html">master.cf</a>
name of the message delivery transport. </p>
<p> This feature is available in Postfix 2.5. The default setting
is compatible with earlier Postfix versions. </p>
</DD>
<DT><b><a name="default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>
(default: 1)</b></DT><DD>
<p> The per-destination amount of delivery concurrency positive
feedback, after a delivery completes without connection or handshake
failure. Feedback values are in the range 0..1 inclusive. The
concurrency increases until it reaches the per-destination maximal
concurrency limit. With positive feedback, concurrency is incremented
at the end of a sequence with length 1/feedback. This is unlike
negative feedback, where concurrency is decremented at the start
of a sequence of length 1/feedback. </p>
<p> Specify one of the following forms: </p>
<dl>
<dt> <b><i>number</i> </b> </dt>
<dt> <b><i>number</i> / <i>number</i> </b> </dt>
<dd> Constant feedback. The value must be in the range 0..1
inclusive. The default setting of "1" is compatible with Postfix
versions before 2.5, where a destination's delivery concurrency
doubles after each successful pseudo-cohort. </dd>
<dt> <b><i>number</i> / concurrency </b> </dt>
<dd> Variable feedback of "<i>number</i> / (delivery concurrency)".
The <i>number</i> must be in the range 0..1 inclusive. With
<i>number</i> equal to "1", a destination's delivery concurrency
is incremented by 1 after each successful pseudo-cohort. </dd>
</dl>
<p> A pseudo-cohort is the number of deliveries equal to a destination's
delivery concurrency. </p>
<p> Use <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a>
to specify a transport-specific override, where <i>transport</i>
is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="default_destination_rate_delay">default_destination_rate_delay</a>
(default: 0s)</b></DT><DD>
<p> The default amount of delay that is inserted between individual
deliveries to the same destination; the resulting behavior depends
on the value of the corresponding per-destination recipient limit.
</p>
<ul>
<li> <p> With a corresponding per-destination recipient limit >
1, the rate delay specifies the time between deliveries to the
<i>same domain</i>. Different domains are delivered in parallel,
subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p>
<li> <p> With a corresponding per-destination recipient limit equal
to 1, the rate delay specifies the time between deliveries to the
<i>same recipient</i>. Different recipients are delivered in
parallel, subject to the process limits specified in <a href="master.5.html">master.cf</a>.
</p>
</ul>
<p> To enable the delay, specify a non-zero time value (an integral
value plus an optional one-letter suffix that specifies the time
unit). </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>
<p> NOTE: the delay is enforced by the queue manager. The delay
timer state does not survive "<b>postfix reload</b>" or "<b>postfix
stop</b>".
</p>
<p> Use <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
<p> NOTE: with a non-zero _destination_rate_delay, specify a
<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> of 10
or more to prevent Postfix from deferring all mail for the same
destination after only one connection or handshake error. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="default_destination_recipient_limit">default_destination_recipient_limit</a>
(default: 50)</b></DT><DD>
<p>
The default maximal number of recipients per message delivery.
This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, <a href="pipe.8.html">pipe(8)</a>,
<a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents.
</p>
<p> Setting this parameter to a value of 1 affects email deliveries
as follows:</p>
<ul>
<li> <p> It changes the meaning of the corresponding per-destination
concurrency limit, from concurrency of deliveries to the <i>same
domain</i> into concurrency of deliveries to the <i>same recipient</i>.
Different recipients are delivered in parallel, subject to the
process limits specified in <a href="master.5.html">master.cf</a>. </p>
<li> <p> It changes the meaning of the corresponding per-destination
rate delay, from the delay between deliveries to the <i>same
domain</i> into the delay between deliveries to the <i>same
recipient</i>. Again, different recipients are delivered in parallel,
subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p>
<li> <p> It changes the meaning of other corresponding per-destination
settings in a similar manner, from settings for delivery to the
<i>same domain</i> into settings for delivery to the <i>same
recipient</i>.
</ul>
<p> Use <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
</DD>
<DT><b><a name="default_extra_recipient_limit">default_extra_recipient_limit</a>
(default: 1000)</b></DT><DD>
<p>
The default value for the extra per-transport limit imposed on the
number of in-memory recipients. This extra recipient space is
reserved for the cases when the Postfix queue manager's scheduler
preempts one message with another and suddenly needs some extra
recipients slots for the chosen message in order to avoid performance
degradation.
</p>
<p> Use <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
</DD>
<DT><b><a name="default_filter_nexthop">default_filter_nexthop</a>
(default: empty)</b></DT><DD>
<p> When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
that value is empty, use the domain in the recipient address.
Specify "<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility
with Postfix version 2.6 and earlier, or specify an explicit next-hop
destination with each <a href="postconf.5.html#content_filter">content_filter</a> value or FILTER action. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
</DD>
<DT><b><a name="default_minimum_delivery_slots">default_minimum_delivery_slots</a>
(default: 3)</b></DT><DD>
<p>
How many recipients a message must have in order to invoke the
Postfix queue manager's scheduling algorithm at all. Messages
which would never accumulate at least this many delivery slots
(subject to slot cost parameter as well) are never preempted.
</p>
<p> Use <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
</DD>
<DT><b><a name="default_privs">default_privs</a>
(default: nobody)</b></DT><DD>
<p>
The default rights used by the <a href="local.8.html">local(8)</a> delivery agent for delivery
to external file or command. These rights are used when delivery
is requested from an <a href="aliases.5.html">aliases(5)</a> file that is owned by <b>root</b>, or
when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A
PRIVILEGED USER OR THE POSTFIX OWNER</b>.
</p>
</DD>
<DT><b><a name="default_process_limit">default_process_limit</a>
(default: 100)</b></DT><DD>
<p>
The default maximal number of Postfix child processes that provide
a given service. This limit can be overruled for specific services
in the <a href="master.5.html">master.cf</a> file.
</p>
</DD>
<DT><b><a name="default_rbl_reply">default_rbl_reply</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The default Postfix SMTP server response template for a request that is
rejected by an RBL-based restriction. This template can be overruled
by specific entries in the optional <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> lookup table.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
<p>
The template is subject to exactly one level of $name substitution:
</p>
<dl>
<dt><b>$client</b></dt>
<dd>The client hostname and IP address, formatted as name[address]. </dd>
<dt><b>$client_address</b></dt>
<dd>The client IP address. </dd>
<dt><b>$client_name</b></dt>
<dd>The client hostname or "unknown". See <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a>
for more details. </dd>
<dt><b>$reverse_client_name</b></dt>
<dd>The client hostname from address->name lookup, or "unknown".
See <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> for more details. </dd>
<dt><b>$helo_name</b></dt>
<dd>The hostname given in HELO or EHLO command or empty string. </dd>
<dt><b>$rbl_class</b></dt>
<dd>The blacklisted entity type: Client host, Helo command, Sender
address, or Recipient address. </dd>
<dt><b>$rbl_code</b></dt>
<dd>The numerical SMTP response code, as specified with the
<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical
SMTP response code is required, and must appear at the start of the
reply. With Postfix version 2.3 and later this information may be followed
by an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd>
<dt><b>$rbl_domain</b></dt>
<dd>The RBL domain where $rbl_what is blacklisted. </dd>
<dt><b>$rbl_reason</b></dt>
<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd>
<dt><b>$rbl_what</b></dt>
<dd>The entity that is blacklisted (an IP address, a hostname, a domain
name, or an email address whose domain was blacklisted). </dd>
<dt><b>$recipient</b></dt>
<dd>The recipient address or <> in case of the null address. </dd>
<dt><b>$recipient_domain</b></dt>
<dd>The recipient domain or empty string. </dd>
<dt><b>$recipient_name</b></dt>
<dd>The recipient address localpart or <> in case of null address. </dd>
<dt><b>$sender</b></dt>
<dd>The sender address or <> in case of the null address. </dd>
<dt><b>$sender_domain</b></dt>
<dd>The sender domain or empty string. </dd>
<dt><b>$sender_name</b></dt>
<dd>The sender address localpart or <> in case of the null address. </dd>
<dt><b>${name?text}</b></dt>
<dd>Expands to `text' if $name is not empty. </dd>
<dt><b>${name:text}</b></dt>
<dd>Expands to `text' if $name is empty. </dd>
</dl>
<p>
Instead of $name you can also specify ${name} or $(name).
</p>
<p> Note: when an enhanced status code is specified in an RBL reply
template, it is subject to modification. The following transformations
are needed when the same RBL reply template is used for client,
helo, sender, or recipient access restrictions. </p>
<ul>
<li> <p> When rejecting a sender address, the Postfix SMTP server
will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the
corresponding sender DSN status, and vice versa. </p>
<li> <p> When rejecting non-address information (such as the HELO
command argument or the client hostname/address), the Postfix SMTP
server will transform a sender or recipient DSN status into a generic
non-address DSN status (e.g., 4.0.0). </p>
</ul>
</DD>
<DT><b><a name="default_recipient_limit">default_recipient_limit</a>
(default: 20000)</b></DT><DD>
<p>
The default per-transport upper limit on the number of in-memory
recipients. These limits take priority over the global
<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> after the message has been assigned
to the respective transports. See also <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>
and <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>.
</p>
<p> Use <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
</DD>
<DT><b><a name="default_recipient_refill_delay">default_recipient_refill_delay</a>
(default: 5s)</b></DT><DD>
<p>
The default per-transport maximum delay between recipients refills.
When not all message recipients fit into the memory at once, keep loading
more of them at least once every this many seconds. This is used to
make sure the recipients are refilled in timely manner even when
$<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> is too high for too slow deliveries.
</p>
<p> Use <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
<p> This feature is available in Postfix 2.4 and later. </p>
</DD>
<DT><b><a name="default_recipient_refill_limit">default_recipient_refill_limit</a>
(default: 100)</b></DT><DD>
<p>
The default per-transport limit on the number of recipients refilled at
once. When not all message recipients fit into the memory at once, keep
loading more of them in batches of at least this many at a time. See also
$<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>, which may result in recipient batches
lower than this when this limit is too high for too slow deliveries.
</p>
<p> Use <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> to specify a
transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
</p>
<p> This feature is available in Postfix 2.4 and later. </p>
</DD>
<DT><b><a name="default_transport">default_transport</a>
(default: smtp)</b></DT><DD>
<p>
The default mail delivery transport and next-hop destination for
destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information can be overruled with the
<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter and with the
<a href="transport.5.html">transport(5)</a> table. </p>
<p>
In order of decreasing precedence, the nexthop destination is taken
from $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, $<a href="postconf.5.html#default_transport">default_transport</a>,
$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient
domain.
</p>
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#default_transport">default_transport</a> = uucp:relayhostname
</pre>
</DD>
<DT><b><a name="default_verp_delimiters">default_verp_delimiters</a>
(default: +=)</b></DT><DD>
<p> The two default VERP delimiter characters. These are used when
no explicit delimiters are specified with the SMTP XVERP command
or with the "<b>sendmail -V</b>" command-line option. Specify
characters that are allowed by the <a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> setting.
</p>
<p>
This feature is available in Postfix 1.1 and later.
</p>
</DD>
<DT><b><a name="defer_code">defer_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "defer" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="defer_service_name">defer_service_name</a>
(default: defer)</b></DT><DD>
<p>
The name of the defer service. This service is implemented by the
<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record
of failed delivery attempts and generates non-delivery notifications.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="defer_transports">defer_transports</a>
(default: empty)</b></DT><DD>
<p>
The names of message delivery transports that should not deliver mail
unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero
or more names of mail delivery transports names that appear in the
first field of <a href="master.5.html">master.cf</a>.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#defer_transports">defer_transports</a> = smtp
</pre>
</DD>
<DT><b><a name="delay_logging_resolution_limit">delay_logging_resolution_limit</a>
(default: 2)</b></DT><DD>
<p> The maximal number of digits after the decimal point when logging
sub-second delay values. Specify a number in the range 0..6. </p>
<p> Large delay values are rounded off to an integral number seconds;
delay values below the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> are logged
as "0", and small delay values are logged with at most two-digit
precision. </p>
<p> The format of the "delays=a/b/c/d" logging is as follows: </p>
<ul>
<li> a = time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry
<li> b = time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to connection setup
<li> c = time in connection setup, including DNS, EHLO and STARTTLS
<li> d = time in message transmission
</ul>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="delay_notice_recipient">delay_notice_recipient</a>
(default: postmaster)</b></DT><DD>
<p>
The recipient of postmaster notifications with the message headers
of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time
units. </p>
<p>
See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>.
</p>
</DD>
<DT><b><a name="delay_warning_time">delay_warning_time</a>
(default: 0h)</b></DT><DD>
<p>
The time after which the sender receives a copy of the message
headers of mail that is still queued.
</p>
<p>
To enable this feature, specify a non-zero time value (an integral
value plus an optional one-letter suffix that specifies the time
unit).
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is h (hours).
</p>
<p>
See also: <a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>.
</p>
</DD>
<DT><b><a name="deliver_lock_attempts">deliver_lock_attempts</a>
(default: 20)</b></DT><DD>
<p>
The maximal number of attempts to acquire an exclusive lock on a
mailbox file or <a href="bounce.8.html">bounce(8)</a> logfile.
</p>
</DD>
<DT><b><a name="deliver_lock_delay">deliver_lock_delay</a>
(default: 1s)</b></DT><DD>
<p>
The time between attempts to acquire an exclusive lock on a mailbox
file or <a href="bounce.8.html">bounce(8)</a> logfile.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a>
(default: no)</b></DT><DD>
<p> Make the queue manager's feedback algorithm verbose for performance
analysis purposes. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="detect_8bit_encoding_header">detect_8bit_encoding_header</a>
(default: yes)</b></DT><DD>
<p> Automatically detect 8BITMIME body content by looking at
Content-Transfer-Encoding: message headers; historically, this
behavior was hard-coded to be "always on". </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="disable_dns_lookups">disable_dns_lookups</a>
(default: no)</b></DT><DD>
<p>
Disable DNS lookups in the Postfix SMTP and LMTP clients. When
disabled, hosts are looked up with the getaddrinfo() system
library routine which normally also looks in /etc/hosts. As of
Postfix 2.11, this parameter is deprecated; use <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
instead.
</p>
<p>
DNS lookups are enabled by default.
</p>
</DD>
<DT><b><a name="disable_mime_input_processing">disable_mime_input_processing</a>
(default: no)</b></DT><DD>
<p>
Turn off MIME processing while receiving mail. This means that no
special treatment is given to Content-Type: message headers, and
that all text after the initial message headers is considered to
be part of the message body.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
<p>
Mime input processing is enabled by default, and is needed in order
to recognize MIME headers in message content.
</p>
</DD>
<DT><b><a name="disable_mime_output_conversion">disable_mime_output_conversion</a>
(default: no)</b></DT><DD>
<p>
Disable the conversion of 8BITMIME format to 7BIT format. Mime
output conversion is needed when the destination does not advertise
8BITMIME support.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="disable_verp_bounces">disable_verp_bounces</a>
(default: no)</b></DT><DD>
<p>
Disable sending one bounce report per recipient.
</p>
<p>
The default, one per recipient, is what ezmlm needs.
</p>
<p>
This feature is available in Postfix 1.1 and later.
</p>
</DD>
<DT><b><a name="disable_vrfy_command">disable_vrfy_command</a>
(default: no)</b></DT><DD>
<p>
Disable the SMTP VRFY command. This stops some techniques used to
harvest email addresses.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> = no
</pre>
</DD>
<DT><b><a name="dnsblog_reply_delay">dnsblog_reply_delay</a>
(default: 0s)</b></DT><DD>
<p> A debugging aid to artificially delay DNS responses. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="dnsblog_service_name">dnsblog_service_name</a>
(default: dnsblog)</b></DT><DD>
<p> The name of the <a href="dnsblog.8.html">dnsblog(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
service performs DNS white/blacklist lookups. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="dont_remove">dont_remove</a>
(default: 0)</b></DT><DD>
<p>
Don't remove queue files and save them to the "saved" mail queue.
This is a debugging aid. To inspect the envelope information and
content of a Postfix queue file, use the <a href="postcat.1.html">postcat(1)</a> command.
</p>
</DD>
<DT><b><a name="double_bounce_sender">double_bounce_sender</a>
(default: double-bounce)</b></DT><DD>
<p> The sender address of postmaster notifications that are generated
by the mail system. All mail to this address is silently discarded,
in order to terminate mail bounce loops. </p>
</DD>
<DT><b><a name="duplicate_filter_limit">duplicate_filter_limit</a>
(default: 1000)</b></DT><DD>
<p> The maximal number of addresses remembered by the address
duplicate filter for <a href="aliases.5.html">aliases(5)</a> or <a href="virtual.5.html">virtual(5)</a> alias expansion, or
for <a href="showq.8.html">showq(8)</a> queue displays. </p>
</DD>
<DT><b><a name="empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a>
(default: <>)</b></DT><DD>
<p> The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that
will be used instead of the null sender address. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
</DD>
<DT><b><a name="empty_address_recipient">empty_address_recipient</a>
(default: MAILER-DAEMON)</b></DT><DD>
<p>
The recipient of mail addressed to the null address. Postfix does
not accept such addresses in SMTP commands, but they may still be
created locally as the result of configuration or software error.
</p>
</DD>
<DT><b><a name="empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a>
(default: <>)</b></DT><DD>
<p> The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be
used instead of the null sender address. </p>
<p> This feature is available in Postfix 2.5 and later. With
earlier versions, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> lookups were
skipped for the null sender address. </p>
</DD>
<DT><b><a name="enable_errors_to">enable_errors_to</a>
(default: no)</b></DT><DD>
<p> Report mail delivery errors to the address specified with the
non-standard Errors-To: message header, instead of the envelope
sender address (this feature is removed with Postfix version 2.2, is
turned off by default with Postfix version 2.1, and is always turned on
with older Postfix versions). </p>
</DD>
<DT><b><a name="enable_long_queue_ids">enable_long_queue_ids</a>
(default: no)</b></DT><DD>
<p> Enable long, non-repeating, queue IDs (queue file names). The
benefit of non-repeating names is simpler logfile analysis and
easier queue migration (there is no need to run "postsuper" to
change queue file names that don't match their message file inode
number). </p>
<p> Note: see below for how to convert long queue file names to
Postfix ≤ 2.8. </p>
<p> Changing the parameter value to "yes" has the following effects:
</p>
<ul>
<li> <p> Existing queue file names are not affected. </p>
<li> <p> New queue files are created with names such as 3Pt2mN2VXxznjll.
These are encoded in a 52-character alphabet that contains digits
(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For
safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet.
The name format is: 6 or more characters for the time in seconds,
4 characters for the time in microseconds, the 'z'; the remainder
is the file inode number encoded in the first 51 characters of the
52-character alphabet. </p>
<li> <p> New messages have a Message-ID header with
<i>queueID</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>. </p>
<li> <p> The mailq (postqueue -p) output has a wider Queue ID column.
The number of whitespace-separated fields is not changed. <p>
<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters
of the queue file creation time in microseconds, after conversion
into hexadecimal representation. This produces the same queue hashing
behavior as if the queue file name was created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>
= no". </p>
</ul>
<p> Changing the parameter value to "no" has the following effects:
</p>
<ul>
<li> <p> Existing long queue file names are renamed to the short
form (while running "postfix reload" or "postsuper"). </p>
<li> <p> New queue files are created with names such as C3CD21F3E90
from a hexadecimal alphabet that contains digits (0-9) and upper-case
letters (A-F). The name format is: 5 characters for the time in
microseconds; the remainder is the file inode number. </p>
<li> <p> New messages have a Message-ID header with
<i>YYYYMMDDHHMMSS.queueid</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>, where
<i>YYYYMMDDHHMMSS</i> are the year, month, day, hour, minute and
second.
<li> <p> The mailq (postqueue -p) output has the same format as
with Postfix ≤ 2.8. <p>
<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters
of the queue file name, with the hexadecimal representation of the
file creation time in microseconds. </p>
</ul>
<p> Before migration to Postfix ≤ 2.8, the following commands
are required to convert long queue file names into short names: </p>
<pre>
# postfix stop
# postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no
# postsuper
</pre>
<p> Repeat the postsuper command until it reports no more queue file
name changes. </p>
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="enable_original_recipient">enable_original_recipient</a>
(default: yes)</b></DT><DD>
<p> Enable support for the X-Original-To message header. This header
is needed for multi-recipient mailboxes. </p>
<p> When this parameter is set to yes, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs
duplicate elimination on distinct pairs of (original recipient,
rewritten recipient), and generates non-empty original recipient
queue file records. </p>
<p> When this parameter is set to no, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs
duplicate elimination on the rewritten recipient address only, and
generates empty original recipient queue file records. </p>
<p> This feature is available in Postfix 2.1 and later. With Postfix
version 2.0, support for the X-Original-To message header is always turned
on. Postfix versions before 2.0 have no support for the X-Original-To
message header. </p>
</DD>
<DT><b><a name="error_notice_recipient">error_notice_recipient</a>
(default: postmaster)</b></DT><DD>
<p> The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
errors. These notifications are enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a>
parameter. </p>
</DD>
<DT><b><a name="error_service_name">error_service_name</a>
(default: error)</b></DT><DD>
<p>
The name of the <a href="error.8.html">error(8)</a> pseudo delivery agent. This service always
returns mail as undeliverable.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="execution_directory_expansion_filter">execution_directory_expansion_filter</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows
in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. Characters
outside the allowed set are replaced by underscores. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="expand_owner_alias">expand_owner_alias</a>
(default: no)</b></DT><DD>
<p>
When delivering to an alias "aliasname" that has an "owner-aliasname"
companion alias, set the envelope sender address to the expansion
of the "owner-aliasname" alias. Normally, Postfix sets the envelope
sender address to the name of the "owner-aliasname" alias.
</p>
</DD>
<DT><b><a name="export_environment">export_environment</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The list of environment variables that a Postfix process will export
to non-Postfix processes. The TZ variable is needed for sane
time keeping on System-V-ish systems.
</p>
<p>
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
Postfix version 2.1 and later.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#export_environment">export_environment</a> = TZ PATH=/bin:/usr/bin
</pre>
</DD>
<DT><b><a name="extract_recipient_limit">extract_recipient_limit</a>
(default: 10240)</b></DT><DD>
<p>
The maximal number of recipient addresses that Postfix will extract
from message headers when mail is submitted with "<b>sendmail -t</b>".
</p>
<p>
This feature was removed in Postfix version 2.1.
</p>
</DD>
<DT><b><a name="fallback_relay">fallback_relay</a>
(default: empty)</b></DT><DD>
<p>
Optional list of relay hosts for SMTP destinations that can't be
found or that are unreachable. With Postfix 2.3 this parameter
is renamed to <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a>. </p>
<p>
By default, mail is returned to the sender when a destination is
not found, and delivery is deferred when a destination is unreachable.
</p>
<p> The fallback relays must be SMTP destinations. Specify a domain,
host, host:port, [host]:port, [address] or [address]:port; the form
[host] turns off MX lookups. If you specify multiple SMTP
destinations, Postfix will try them in the specified order. </p>
<p> Note: before Postfix 2.2, do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature
when relaying mail
for a backup or primary MX domain. Mail would loop between the
Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination
is unavailable. </p>
<ul>
<li> In <a href="postconf.5.html">main.cf</a> specify "<a href="postconf.5.html#relay_transport">relay_transport</a> = relay",
<li> In <a href="master.5.html">master.cf</a> specify "-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =" (i.e., empty) at
the end of the <tt>relay</tt> entry.
<li> In transport maps, specify "relay:<i>nexthop...</i>"
as the right-hand side for backup or primary MX domain entries.
</ul>
<p> Postfix version 2.2 and later will not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature
for destinations that it is MX host for.
</p>
</DD>
<DT><b><a name="fallback_transport">fallback_transport</a>
(default: empty)</b></DT><DD>
<p>
Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery
agent should use for names that are not found in the <a href="aliases.5.html">aliases(5)</a>
or UNIX password database.
</p>
<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
</DD>
<DT><b><a name="fallback_transport_maps">fallback_transport_maps</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables with per-recipient message delivery
transports for recipients that the <a href="local.8.html">local(8)</a> delivery agent could
not find in the <a href="aliases.5.html">aliases(5)</a> or UNIX password database. </p>
<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="fast_flush_domains">fast_flush_domains</a>
(default: $<a href="postconf.5.html#relay_domains">relay_domains</a>)</b></DT><DD>
<p>
Optional list of destinations that are eligible for per-destination
logfiles with mail that is queued to those destinations.
</p>
<p>
By default, Postfix maintains "fast flush" logfiles only for
destinations that the Postfix SMTP server is willing to relay to
(i.e. the default is: "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>"; see
the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter in the <a href="postconf.5.html">postconf(5)</a> manual).
</p>
<p> Specify a list of hosts or domains, "/file/name" patterns or
"<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
lookup table is matched when the domain or its parent domain appears
as lookup key. </p>
<p>
Specify "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =" (i.e., empty) to disable the feature
altogether.
</p>
</DD>
<DT><b><a name="fast_flush_purge_time">fast_flush_purge_time</a>
(default: 7d)</b></DT><DD>
<p>
The time after which an empty per-destination "fast flush" logfile
is deleted.
</p>
<p>
You can specify the time as a number, or as a number followed by
a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
d=days, w=weeks. The default time unit is days.
</p>
</DD>
<DT><b><a name="fast_flush_refresh_time">fast_flush_refresh_time</a>
(default: 12h)</b></DT><DD>
<p>
The time after which a non-empty but unread per-destination "fast
flush" logfile needs to be refreshed. The contents of a logfile
are refreshed by requesting delivery of all messages listed in the
logfile.
</p>
<p>
You can specify the time as a number, or as a number followed by
a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
d=days, w=weeks. The default time unit is hours.
</p>
</DD>
<DT><b><a name="fault_injection_code">fault_injection_code</a>
(default: 0)</b></DT><DD>
<p>
Force specific internal tests to fail, to test the handling of
errors that are difficult to reproduce otherwise.
</p>
</DD>
<DT><b><a name="flush_service_name">flush_service_name</a>
(default: flush)</b></DT><DD>
<p>
The name of the <a href="flush.8.html">flush(8)</a> service. This service maintains per-destination
logfiles with the queue file names of mail that is queued for those
destinations.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="fork_attempts">fork_attempts</a>
(default: 5)</b></DT><DD>
<p> The maximal number of attempts to fork() a child process. </p>
</DD>
<DT><b><a name="fork_delay">fork_delay</a>
(default: 1s)</b></DT><DD>
<p> The delay between attempts to fork() a child process. </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>
</DD>
<DT><b><a name="forward_expansion_filter">forward_expansion_filter</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in
$name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>. Characters outside the
allowed set are replaced by underscores.
</p>
</DD>
<DT><b><a name="forward_path">forward_path</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The <a href="local.8.html">local(8)</a> delivery agent search list for finding a .forward
file with user-specified delivery methods. The first file that is
found is used. </p>
<p> The following $name expansions are done on <a href="postconf.5.html#forward_path">forward_path</a> before
the search actually happens. The result of $name expansion is
filtered with the character set that is specified with the
<a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> parameter. </p>
<dl>
<dt><b>$user</b></dt>
<dd>The recipient's username. </dd>
<dt><b>$shell</b></dt>
<dd>The recipient's login shell pathname. </dd>
<dt><b>$home</b></dt>
<dd>The recipient's home directory. </dd>
<dt><b>$recipient</b></dt>
<dd>The full recipient address. </dd>
<dt><b>$extension</b></dt>
<dd>The optional recipient address extension. </dd>
<dt><b>$domain</b></dt>
<dd>The recipient domain. </dd>
<dt><b>$local</b></dt>
<dd>The entire recipient localpart. </dd>
<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt>
<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>
<dt><b>${name?value}</b></dt>
<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
<dt><b>${name:value}</b></dt>
<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
</dl>
<p>
Instead of $name you can also specify ${name} or $(name).
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#forward_path">forward_path</a> = /var/forward/$user
<a href="postconf.5.html#forward_path">forward_path</a> =
/var/forward/$user/.forward$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>$extension,
/var/forward/$user/.forward
</pre>
</DD>
<DT><b><a name="frozen_delivered_to">frozen_delivered_to</a>
(default: yes)</b></DT><DD>
<p> Update the <a href="local.8.html">local(8)</a> delivery agent's idea of the Delivered-To:
address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files. </p>
<p> This feature is available in Postfix 2.3 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"no". The old setting can be expensive with deeply nested aliases
or .forward files. When an alias or .forward file changes the
Delivered-To: address, it ties up one queue file and one cleanup
process instance while mail is being forwarded. </p>
</DD>
<DT><b><a name="hash_queue_depth">hash_queue_depth</a>
(default: 1)</b></DT><DD>
<p>
The number of subdirectory levels for queue directories listed with
the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter. Queue hashing is implemented by
creating one or more levels of directories with one-character names.
Originally, these directory names were equal to the first characters
of the queue file name, with the hexadecimal representation of the
file creation time in microseconds. </p>
<p> With long queue file names, queue hashing produces the same
results as with short names. The file creation time in microseconds
is converted into hexadecimal form before the result is used for
queue hashing. The base 16 encoding gives finer control over the
number of subdirectories than is possible with the base 52 encoding
of long queue file names. </p>
<p>
After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter,
execute the command "<b>postfix reload</b>".
</p>
</DD>
<DT><b><a name="hash_queue_names">hash_queue_names</a>
(default: deferred, defer)</b></DT><DD>
<p>
The names of queue directories that are split across multiple
subdirectory levels.
</p>
<p> Before Postfix version 2.2, the default list of hashed queues
was significantly larger. Claims about improvements in file system
technology suggest that hashing of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a>
is no longer needed. Fewer hashed directories speed up the time
needed to restart Postfix. </p>
<p>
After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter,
execute the command "<b>postfix reload</b>".
</p>
</DD>
<DT><b><a name="header_address_token_limit">header_address_token_limit</a>
(default: 10240)</b></DT><DD>
<p>
The maximal number of address tokens are allowed in an address
message header. Information that exceeds the limit is discarded.
The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> server.
</p>
</DD>
<DT><b><a name="header_checks">header_checks</a>
(default: empty)</b></DT><DD>
<p>
Optional lookup tables for content inspection of primary non-MIME
message headers, as specified in the <a href="header_checks.5.html">header_checks(5)</a> manual page.
</p>
</DD>
<DT><b><a name="header_size_limit">header_size_limit</a>
(default: 102400)</b></DT><DD>
<p>
The maximal amount of memory in bytes for storing a message header.
If a header is larger, the excess is discarded. The limit is
enforced by the <a href="cleanup.8.html">cleanup(8)</a> server.
</p>
</DD>
<DT><b><a name="helpful_warnings">helpful_warnings</a>
(default: yes)</b></DT><DD>
<p>
Log warnings about problematic configuration settings, and provide
helpful suggestions.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="home_mailbox">home_mailbox</a>
(default: empty)</b></DT><DD>
<p>
Optional pathname of a mailbox file relative to a <a href="local.8.html">local(8)</a> user's
home directory.
</p>
<p>
Specify a pathname ending in "/" for qmail-style delivery.
</p>
<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Mailbox
<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Maildir/
</pre>
</DD>
<DT><b><a name="hopcount_limit">hopcount_limit</a>
(default: 50)</b></DT><DD>
<p>
The maximal number of Received: message headers that is allowed
in the primary message headers. A message that exceeds the limit
is bounced, in order to stop a mailer loop.
</p>
</DD>
<DT><b><a name="html_directory">html_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The location of Postfix HTML files that describe how to build,
configure or operate a specific Postfix subsystem or feature.
</p>
</DD>
<DT><b><a name="ignore_mx_lookup_error">ignore_mx_lookup_error</a>
(default: no)</b></DT><DD>
<p> Ignore DNS MX lookups that produce no response. By default,
the Postfix SMTP client defers delivery and tries again after some
delay. This behavior is required by the SMTP standard. </p>
<p>
Specify "<a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> = yes" to force a DNS A record
lookup instead. This violates the SMTP standard and can result in
mis-delivery of mail.
</p>
</DD>
<DT><b><a name="import_environment">import_environment</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The list of environment parameters that a Postfix process will
import from a non-Postfix parent process. Examples of relevant
parameters:
</p>
<dl>
<dt><b>TZ</b></dt>
<dd>Needed for sane time keeping on most System-V-ish systems. </dd>
<dt><b>DISPLAY</b></dt>
<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>
<dt><b>XAUTHORITY</b></dt>
<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>
<dt><b>MAIL_CONFIG</b></dt>
<dd>Needed to make "<b>postfix -c</b>" work. </dd>
</dl>
<p> Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
Postfix version 2.1 and later. </p>
</DD>
<DT><b><a name="in_flow_delay">in_flow_delay</a>
(default: 1s)</b></DT><DD>
<p> Time to pause before accepting a new message, when the message
arrival rate exceeds the message delivery rate. This feature is
turned on by default (it's disabled on SCO UNIX due to an SCO bug).
</p>
<p>
With the default 100 Postfix SMTP server process limit, "<a href="postconf.5.html#in_flow_delay">in_flow_delay</a>
= 1s" limits the mail inflow to 100 messages per second above the
number of messages delivered per second.
</p>
<p>
Specify 0 to disable the feature. Valid delays are 0..10.
</p>
</DD>
<DT><b><a name="inet_interfaces">inet_interfaces</a>
(default: all)</b></DT><DD>
<p> The network interface addresses that this mail system receives
mail on. Specify "all" to receive mail on all network
interfaces (default), and "loopback-only" to receive mail
on loopback network interfaces only (Postfix version 2.2 and later). The
parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
</p>
<p>
Note 1: you need to stop and start Postfix when this parameter changes.
</p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not required here. </p>
<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
this address as the IP source address for outbound mail. Support
for IPv6 is available in Postfix version 2.2 and later. </p>
<p>
On a multi-homed firewall with separate Postfix instances listening on the
"inside" and "outside" interfaces, this can prevent each instance from
being able to reach remote SMTP servers on the "other side" of the
firewall. Setting
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for
IPv4, and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem
for IPv6. </p>
<p>
A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
at the default value and instead use explicit IP addresses in
the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix
SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a
single IPv4 and/or IPV6 address is primarily useful with virtual
hosting of domains on
secondary IP addresses, when each IP address serves a different domain
(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p>
<p>
See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that
are forwarded to Postfix by way of a proxy or address translator.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT)
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix version 2.2 and later)
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix version 2.2 and later)
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1
</pre>
</DD>
<DT><b><a name="inet_protocols">inet_protocols</a>
(default: all)</b></DT><DD>
<p> The Internet protocols Postfix will attempt to use when making
or accepting connections. Specify one or more of "ipv4"
or "ipv6", separated by whitespace or commas. The form
"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
on whether the operating system implements IPv6. </p>
<p> With Postfix 2.8 and earlier the default is "ipv4". For backwards
compatibility with these releases, the Postfix 2.9 and later upgrade
procedure appends an explicit "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" setting to
<a href="postconf.5.html">main.cf</a> when no explicit setting is present. This compatibility
workaround will be phased out as IPv6 deployment becomes more common.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>
<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>), an
IPv6 server will also accept IPv4 connections, even when IPv4 is
turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with
IPV6_V6ONLY support, Postfix will use separate server sockets for
IPv6 and IPv4, and each will accept only connections for the
corresponding protocol. </p>
<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
Postfix will look up DNS type A records, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p>
<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
Postfix will do DNS type AAAA record lookups. </p>
<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP
client will choose the protocol as specified with the
<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. Postfix versions before 2.8
attempt to connect via IPv6 before attempting to use IPv4. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (DEFAULT)
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6
</pre>
</DD>
<DT><b><a name="initial_destination_concurrency">initial_destination_concurrency</a>
(default: 5)</b></DT><DD>
<p>
The initial per-destination concurrency level for parallel delivery
to the same destination.
With per-destination recipient limit > 1, a destination is a domain,
otherwise it is a recipient.
</p>
<p> Use <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> to specify
a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport (Postfix 2.5 and later). </p>
<p>
Warning: with concurrency of 1, one bad message can be enough to
block all mail to a site.
</p>
</DD>
<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a>
(default: empty)</b></DT><DD>
<p> What categories of Postfix-generated mail are subject to
before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a>
and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated
by whitespace or comma. </p>
<dl>
<dt><b>bounce</b></dt> <dd> Inspect the content of delivery
status notifications. </dd>
<dt><b>notify</b></dt> <dd> Inspect the content of postmaster
notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd>
</dl>
<p> NOTE: It's generally not safe to enable content inspection of
Postfix-generated email messages. The user is warned. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a>
(default: 501)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when the client
HELO or EHLO command parameter is rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="ipc_idle">ipc_idle</a>
(default: version dependent)</b></DT><DD>
<p>
The time after which a client closes an idle internal communication
channel. The purpose is to allow Postfix daemon processes to
terminate voluntarily after they become idle. This is used, for
example, by the Postfix address resolving and rewriting clients.
</p>
<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="ipc_timeout">ipc_timeout</a>
(default: 3600s)</b></DT><DD>
<p>
The time limit for sending or receiving information over an internal
communication channel. The purpose is to break out of deadlock
situations. If the time limit is exceeded the software aborts with a
fatal error.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="ipc_ttl">ipc_ttl</a>
(default: 1000s)</b></DT><DD>
<p>
The time after which a client closes an active internal communication
channel. The purpose is to allow Postfix daemon processes to
terminate voluntarily
after reaching their client limit. This is used, for example, by
the Postfix address resolving and rewriting clients.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="line_length_limit">line_length_limit</a>
(default: 2048)</b></DT><DD>
<p> Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed. </p>
</DD>
<DT><b><a name="lmdb_map_size">lmdb_map_size</a>
(default: 16777216)</b></DT><DD>
<p>
The initial OpenLDAP LMDB database size limit in bytes. Each time
a database becomes full, its size limit is doubled.
</p>
<p>
This feature is available in Postfix 2.11 and later.
</p>
</DD>
<DT><b><a name="lmtp_address_preference">lmtp_address_preference</a>
(default: ipv6)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="lmtp_assume_final">lmtp_assume_final</a>
(default: no)</b></DT><DD>
<p> When a remote LMTP server announces no DSN support, assume that
the
server performs final delivery, and send "delivered" delivery status
notifications instead of "relayed". The default setting is backwards
compatible to avoid the infinitesimal possibility of breaking
existing LMTP-based content filters. </p>
</DD>
<DT><b><a name="lmtp_bind_address">lmtp_bind_address</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_bind_address6">lmtp_bind_address6</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_body_checks">lmtp_body_checks</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_cache_connection">lmtp_cache_connection</a>
(default: yes)</b></DT><DD>
<p>
Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds. When the LMTP client receives a request for the same
connection the connection is reused.
</p>
<p> This parameter is available in Postfix version 2.2 and earlier.
With Postfix version 2.3 and later, see <a href="postconf.5.html#lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>,
<a href="postconf.5.html#lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>, or <a href="postconf.5.html#lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>.
</p>
<p>
The effectiveness of cached connections will be determined by the
number of remote LMTP servers in use, and the concurrency limit specified
for the Postfix LMTP client. Cached connections are closed under any of
the following conditions:
</p>
<ul>
<li> The Postfix LMTP client idle time limit is reached. This limit is
specified with the Postfix <a href="postconf.5.html#max_idle">max_idle</a> configuration parameter.
<li> A delivery request specifies a different destination than the
one currently cached.
<li> The per-process limit on the number of delivery requests is
reached. This limit is specified with the Postfix <a href="postconf.5.html#max_use">max_use</a>
configuration parameter.
<li> Upon the onset of another delivery request, the remote LMTP server
associated with the current session does not respond to the RSET
command.
</ul>
<p>
Most of these limitations have been with the Postfix
a connection cache that is shared among multiple LMTP client
programs.
</p>
</DD>
<DT><b><a name="lmtp_cname_overrides_servername">lmtp_cname_overrides_servername</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_connect_timeout">lmtp_connect_timeout</a>
(default: 0s)</b></DT><DD>
<p> The Postfix LMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit). When no
connection can be made within the deadline, the LMTP client tries
the next address on the mail exchanger list. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#lmtp_connect_timeout">lmtp_connect_timeout</a> = 30s
</pre>
</DD>
<DT><b><a name="lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_connection_cache_time_limit">lmtp_connection_cache_time_limit</a>
(default: 2s)</b></DT><DD>
<p> The LMTP-specific version of the
<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> configuration parameter.
See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_connection_reuse_count_limit">lmtp_connection_reuse_count_limit</a>
(default: 0)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>
(default: 300s)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_data_done_timeout">lmtp_data_done_timeout</a>
(default: 600s)</b></DT><DD>
<p> The Postfix LMTP client time limit for sending the LMTP ".",
and for receiving the remote LMTP server response. When no response
is received within the deadline, a warning is logged that the mail
may be delivered multiple times. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="lmtp_data_init_timeout">lmtp_data_init_timeout</a>
(default: 120s)</b></DT><DD>
<p>
The Postfix LMTP client time limit for sending the LMTP DATA command,
and
for receiving the remote LMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a>
(default: 180s)</b></DT><DD>
<p>
The Postfix LMTP client time limit for sending the LMTP message
content.
When the connection stalls for more than $<a href="postconf.5.html#lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a>
the LMTP client terminates the transfer.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="lmtp_defer_if_no_mx_address_found">lmtp_defer_if_no_mx_address_found</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
<p> The maximal number of parallel deliveries to the same destination
via the lmtp message delivery transport. This limit is enforced by
the queue manager. The message delivery transport name is the first
field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
</DD>
<DT><b><a name="lmtp_destination_recipient_limit">lmtp_destination_recipient_limit</a>
(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
<p> The maximal number of recipients per message for the lmtp
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the <a href="master.5.html">master.cf</a> file. </p>
<p> Setting this parameter to a value of 1 changes the meaning of
<a href="postconf.5.html#lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> from concurrency per domain into
concurrency per recipient. </p>
</DD>
<DT><b><a name="lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a>
(default: empty)</b></DT><DD>
<p> Lookup tables, indexed by the remote LMTP server address, with
case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response
from a remote LMTP server. See <a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> for
details. The table is not indexed by hostname for consistency with
<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a>
(default: empty)</b></DT><DD>
<p> A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response
from a remote LMTP server. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
<p> Notes: </p>
<ul>
<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
this action from being logged. </p>
<li> <p> Use the <a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> feature to
discard LHLO keywords selectively. </p>
</ul>
</DD>
<DT><b><a name="lmtp_dns_resolver_options">lmtp_dns_resolver_options</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="lmtp_dns_support_level">lmtp_dns_support_level</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_generic_maps">lmtp_generic_maps</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_header_checks">lmtp_header_checks</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_host_lookup">lmtp_host_lookup</a>
(default: dns)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_lhlo_name">lmtp_lhlo_name</a>
(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
<p>
The hostname to send in the LMTP LHLO command.
</p>
<p>
The default value is the machine hostname. Specify a hostname or
[ip.add.re.ss].
</p>
<p>
This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all LMTP
clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific
client, for example:
</p>
<blockquote>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a>=foo.bar.com
</pre>
</blockquote>
<p>
This feature is available in Postfix 2.3 and later.
</p>
</DD>
<DT><b><a name="lmtp_lhlo_timeout">lmtp_lhlo_timeout</a>
(default: 300s)</b></DT><DD>
<p> The Postfix LMTP client time limit for sending the LHLO command,
and for receiving the initial remote LMTP server response. </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>
</DD>
<DT><b><a name="lmtp_line_length_limit">lmtp_line_length_limit</a>
(default: 990)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_mail_timeout">lmtp_mail_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix LMTP client time limit for sending the MAIL FROM command,
and for receiving the remote LMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="lmtp_mime_header_checks">lmtp_mime_header_checks</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_mx_address_limit">lmtp_mx_address_limit</a>
(default: 5)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_mx_session_limit">lmtp_mx_session_limit</a>
(default: 2)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_nested_header_checks">lmtp_nested_header_checks</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a>
(default: 10s)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_pix_workaround_maps">lmtp_pix_workaround_maps</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.4 and later. </p>
</DD>
<DT><b><a name="lmtp_pix_workaround_threshold_time">lmtp_pix_workaround_threshold_time</a>
(default: 500s)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_pix_workarounds">lmtp_pix_workarounds</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the smtp_pix_workaround
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.4 and later. </p>
</DD>
<DT><b><a name="lmtp_quit_timeout">lmtp_quit_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix LMTP client time limit for sending the QUIT command,
and for receiving the remote LMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="lmtp_quote_rfc821_envelope">lmtp_quote_rfc821_envelope</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_randomize_addresses">lmtp_randomize_addresses</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_rcpt_timeout">lmtp_rcpt_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix LMTP client time limit for sending the RCPT TO command,
and for receiving the remote LMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="lmtp_reply_filter">lmtp_reply_filter</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
</DD>
<DT><b><a name="lmtp_rset_timeout">lmtp_rset_timeout</a>
(default: 20s)</b></DT><DD>
<p> The Postfix LMTP client time limit for sending the RSET command,
and for receiving the remote LMTP server response. The LMTP client
sends RSET in
order to finish a recipient address probe, or to verify that a
cached connection is still alive. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="lmtp_sasl_auth_cache_name">lmtp_sasl_auth_cache_name</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_auth_cache_time">lmtp_sasl_auth_cache_time</a>
(default: 90d)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_auth_enable">lmtp_sasl_auth_enable</a>
(default: no)</b></DT><DD>
<p>
Enable SASL authentication in the Postfix LMTP client.
</p>
</DD>
<DT><b><a name="lmtp_sasl_auth_soft_bounce">lmtp_sasl_auth_soft_bounce</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_password_maps">lmtp_sasl_password_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional Postfix LMTP client lookup tables with one username:password entry
per host or domain. If a remote host or domain has no username:password
entry, then the Postfix LMTP client will not attempt to authenticate
to the remote host.
</p>
</DD>
<DT><b><a name="lmtp_sasl_path">lmtp_sasl_path</a>
(default: empty)</b></DT><DD>
<p> Implementation-specific information that is passed through to
the SASL plug-in implementation that is selected with
<b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_security_options">lmtp_sasl_security_options</a>
(default: noplaintext, noanonymous)</b></DT><DD>
<p> SASL security options; as of Postfix 2.3 the list of available
features depends on the SASL client implementation that is selected
with <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. </p>
<p> The following security features are defined for the <b>cyrus</b>
client SASL implementation: </p>
<dl>
<dt><b>noplaintext</b></dt>
<dd>Disallow authentication methods that use plaintext passwords. </dd>
<dt><b>noactive</b></dt>
<dd>Disallow authentication methods that are vulnerable to non-dictionary
active attacks. </dd>
<dt><b>nodictionary</b></dt>
<dd>Disallow authentication methods that are vulnerable to passive
dictionary attack. </dd>
<dt><b>noanonymous</b></dt>
<dd>Disallow anonymous logins. </dd>
</dl>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a> = noplaintext
</pre>
</DD>
<DT><b><a name="lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>
(default: $<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a>)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_tls_verified_security_options">lmtp_sasl_tls_verified_security_options</a>
(default: $<a href="postconf.5.html#lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>)</b></DT><DD>
<p> The LMTP-specific version of the
<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> configuration parameter.
See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_type">lmtp_sasl_type</a>
(default: cyrus)</b></DT><DD>
<p> The SASL plug-in type that the Postfix LMTP client should use
for authentication. The available types are listed with the
"<b>postconf -A</b>" command. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_send_dummy_mail_auth">lmtp_send_dummy_mail_auth</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="lmtp_send_xforward_command">lmtp_send_xforward_command</a>
(default: no)</b></DT><DD>
<p>
Send an XFORWARD command to the remote LMTP server when the LMTP LHLO
server response announces XFORWARD support. This allows an <a href="lmtp.8.html">lmtp(8)</a>
delivery agent, used for content filter message injection, to
forward the name, address, protocol and HELO name of the original
client to the content filter and downstream queuing LMTP server.
Before you change the value to yes, it is best to make sure that
your content filter supports this command.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="lmtp_sender_dependent_authentication">lmtp_sender_dependent_authentication</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_skip_5xx_greeting">lmtp_skip_5xx_greeting</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_skip_quit_response">lmtp_skip_quit_response</a>
(default: no)</b></DT><DD>
<p>
Wait for the response to the LMTP QUIT command.
</p>
</DD>
<DT><b><a name="lmtp_starttls_timeout">lmtp_starttls_timeout</a>
(default: 300s)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tcp_port">lmtp_tcp_port</a>
(default: 24)</b></DT><DD>
<p>
The default TCP port that the Postfix LMTP client connects to.
</p>
</DD>
<DT><b><a name="lmtp_tls_CAfile">lmtp_tls_CAfile</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_CApath">lmtp_tls_CApath</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_block_early_mail_reply">lmtp_tls_block_early_mail_reply</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_cert_file">lmtp_tls_cert_file</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a>
(default: export)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_dkey_file">lmtp_tls_dkey_file</a>
(default: $<a href="postconf.5.html#lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_eccert_file">lmtp_tls_eccert_file</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
<DT><b><a name="lmtp_tls_eckey_file">lmtp_tls_eckey_file</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
<DT><b><a name="lmtp_tls_enforce_peername">lmtp_tls_enforce_peername</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_exclude_ciphers">lmtp_tls_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_fingerprint_cert_match">lmtp_tls_fingerprint_cert_match</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a>
(default: md5)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_force_insecure_host_tlsa_lookup">lmtp_tls_force_insecure_host_tlsa_lookup</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_key_file">lmtp_tls_key_file</a>
(default: $<a href="postconf.5.html#lmtp_tls_cert_file">lmtp_tls_cert_file</a>)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_loglevel">lmtp_tls_loglevel</a>
(default: 0)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_mandatory_exclude_ciphers">lmtp_tls_mandatory_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a>
(default: !SSLv2)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_note_starttls_offer">lmtp_tls_note_starttls_offer</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_per_site">lmtp_tls_per_site</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_policy_maps">lmtp_tls_policy_maps</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_scert_verifydepth">lmtp_tls_scert_verifydepth</a>
(default: 9)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_secure_cert_match">lmtp_tls_secure_cert_match</a>
(default: nexthop)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_security_level">lmtp_tls_security_level</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a>
(default: 3600s)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_trust_anchor_file">lmtp_tls_trust_anchor_file</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="lmtp_tls_verify_cert_match">lmtp_tls_verify_cert_match</a>
(default: hostname)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_use_tls">lmtp_use_tls</a>
(default: no)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_xforward_timeout">lmtp_xforward_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix LMTP client time limit for sending the XFORWARD command,
and for receiving the remote LMTP server response.
</p>
<p>
In case of problems the client does NOT try the next address on
the mail exchanger list.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="local_command_shell">local_command_shell</a>
(default: empty)</b></DT><DD>
<p>
Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands
are given to given to the default shell (typically, /bin/sh) only
when they contain shell meta characters or shell built-in commands.
</p>
<p> "sendmail's restricted shell" (smrsh) is what most people will
use in order to restrict what programs can be run from e.g. .forward
files (smrsh is part of the Sendmail distribution). </p>
<p> Note: when a shell program is specified, it is invoked even
when the command contains no shell built-in commands or meta
characters. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /some/where/smrsh -c
<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /bin/bash -c
</pre>
</DD>
<DT><b><a name="local_destination_concurrency_limit">local_destination_concurrency_limit</a>
(default: 2)</b></DT><DD>
<p> The maximal number of parallel deliveries via the local mail
delivery transport to the same recipient (when
"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or the maximal number of
parallel deliveries to the same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when
"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> > 1"). This limit is enforced by
the queue manager. The message delivery transport name is the first
field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
<p> A low limit of 2 is recommended, just in case someone has an
expensive shell command in a .forward file or in an alias (e.g.,
a mailing list manager). You don't want to run lots of those at
the same time. </p>
</DD>
<DT><b><a name="local_destination_recipient_limit">local_destination_recipient_limit</a>
(default: 1)</b></DT><DD>
<p> The maximal number of recipients per message delivery via the
local mail delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the <a href="master.5.html">master.cf</a> file. </p>
<p> Setting this parameter to a value > 1 changes the meaning of
<a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> from concurrency per recipient
into concurrency per domain. </p>
</DD>
<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a>
(default: <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b></DT><DD>
<p> Rewrite message header addresses in mail from these clients and
update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other clients
at all, or rewrite message headers and update incomplete addresses
with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
parameter. </p>
<p> See the <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> and <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameters
for details of how domain names are appended to incomplete addresses.
</p>
<p> Specify a list of zero or more of the following: </p>
<dl>
<dt><b><a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client IP address matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This is enabled by
default. </dd>
<dt><b><a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a></b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client IP address matches any network or network address listed in
$<a href="postconf.5.html#mynetworks">mynetworks</a>. This setting will not prevent remote mail header
address rewriting when mail from a remote client is forwarded by
a neighboring system. </dd>
<dt><b><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH)
protocol. </dd>
<dt><b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
remote SMTP client TLS certificate fingerprint or public key fingerprint
(Postfix 2.9 and later) is listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>.
The fingerprint digest algorithm is configurable via the
<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
Postfix version 2.5). </dd>
<dt><b><a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
remote SMTP client TLS certificate is successfully verified, regardless of
whether it is listed on the server, and regardless of the certifying
authority. </dd>
<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client IP address matches the specified lookup table.
The lookup result is ignored, and no subnet lookup is done. This
is suitable for, e.g., pop-before-smtp lookup tables. </dd>
</dl>
<p> Examples: </p>
<p> The Postfix < 2.2 backwards compatible setting: always rewrite
message headers, and always append my own domain to incomplete
header addresses. </p>
<blockquote>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all
</pre>
</blockquote>
<p> The purist (and default) setting: rewrite headers only in mail
from Postfix sendmail and in SMTP mail from this machine. </p>
<blockquote>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>
</pre>
</blockquote>
<p> The intermediate setting: rewrite header addresses and append
$<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> information only with mail from Postfix
sendmail, from local clients, or from authorized SMTP clients. </p>
<p> Note: this setting will not prevent remote mail header address
rewriting when mail from a remote client is forwarded by a neighboring
system. </p>
<blockquote>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
<a href="postconf.5.html#check_address_map">check_address_map</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/pop-before-smtp
</pre>
</blockquote>
</DD>
<DT><b><a name="local_recipient_maps">local_recipient_maps</a>
(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD>
<p> Lookup tables with all names or addresses of local recipients:
a recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>,
$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. Specify @domain as a
wild-card for domains that do not have a valid recipient list.
Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as
lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup. </p>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users.
</p>
<p>
To turn off local recipient checking in the Postfix SMTP server,
specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty).
</p>
<p>
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting if:
</p>
<ul>
<li>You redefine the local delivery agent in <a href="master.5.html">master.cf</a>.
<li>You redefine the "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>.
<li>You use the "<a href="postconf.5.html#luser_relay">luser_relay</a>", "<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>", or "<a href="postconf.5.html#fallback_transport">fallback_transport</a>"
feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent.
</ul>
<p>
Details are described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file.
</p>
<p>
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the <a href="proxymap.8.html">proxymap(8)</a> service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
</DD>
<DT><b><a name="local_transport">local_transport</a>
(default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
<p> The default mail delivery transport and next-hop destination
for final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for
[ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
<p>
By default, local mail is delivered to the transport called "local",
which is just the name of a service that is defined the <a href="master.5.html">master.cf</a> file.
</p>
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
Beware: if you override the default local delivery agent then you
need to review the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> document, otherwise the
SMTP server may reject mail for local recipients.
</p>
</DD>
<DT><b><a name="luser_relay">luser_relay</a>
(default: empty)</b></DT><DD>
<p>
Optional catch-all destination for unknown <a href="local.8.html">local(8)</a> recipients.
By default, mail for unknown recipients in domains that match
$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> is returned
as undeliverable.
</p>
<p>
The following $name expansions are done on <a href="postconf.5.html#luser_relay">luser_relay</a>:
</p>
<dl>
<dt><b>$domain</b></dt>
<dd>The recipient domain. </dd>
<dt><b>$extension</b></dt>
<dd>The recipient address extension. </dd>
<dt><b>$home</b></dt>
<dd>The recipient's home directory. </dd>
<dt><b>$local</b></dt>
<dd>The entire recipient address localpart. </dd>
<dt><b>$recipient</b></dt>
<dd>The full recipient address. </dd>
<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt>
<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>
<dt><b>$shell</b></dt>
<dd>The recipient's login shell. </dd>
<dt><b>$user</b></dt>
<dd>The recipient username. </dd>
<dt><b>${name?value}</b></dt>
<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd>
<dt><b>${name:value}</b></dt>
<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd>
</dl>
<p>
Instead of $name you can also specify ${name} or $(name).
</p>
<p>
Note: <a href="postconf.5.html#luser_relay">luser_relay</a> works only for the Postfix <a href="local.8.html">local(8)</a> delivery agent.
</p>
<p>
Note: if you use this feature for accounts not in the UNIX password
file, then you must specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty)
in the <a href="postconf.5.html">main.cf</a> file, otherwise the Postfix SMTP server will reject mail
for non-UNIX accounts with "User unknown in local recipient table".
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#luser_relay">luser_relay</a> = $user@other.host
<a href="postconf.5.html#luser_relay">luser_relay</a> = $local@other.host
<a href="postconf.5.html#luser_relay">luser_relay</a> = admin+$local
</pre>
</DD>
<DT><b><a name="mail_name">mail_name</a>
(default: Postfix)</b></DT><DD>
<p>
The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.
</p>
</DD>
<DT><b><a name="mail_owner">mail_owner</a>
(default: postfix)</b></DT><DD>
<p>
The UNIX system account that owns the Postfix queue and most Postfix
daemon processes. Specify the name of an unprivileged user account
that does not share a user or group ID with other accounts, and that
owns no other files
or processes on the system. In particular, don't specify nobody
or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
</p>
<p>
When this parameter value is changed you need to re-run "<b>postfix
set-permissions</b>" (with Postfix version 2.0 and earlier:
"<b>/etc/postfix/post-install set-permissions</b>".
</p>
</DD>
<DT><b><a name="mail_release_date">mail_release_date</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The Postfix release date, in "YYYYMMDD" format.
</p>
</DD>
<DT><b><a name="mail_spool_directory">mail_spool_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The directory where <a href="local.8.html">local(8)</a> UNIX-style mailboxes are kept. The
default setting depends on the system type. Specify a name ending
in / for maildir-style delivery.
</p>
<p>
Note: maildir delivery is done with the privileges of the recipient.
If you use the <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> setting for maildir style
delivery, then you must create the top-level maildir directory in
advance. Postfix will not create it.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/mail
<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/spool/mail
</pre>
</DD>
<DT><b><a name="mail_version">mail_version</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The version of the mail system. Stable releases are named
<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases
also include the release date. The version string can be used in,
for example, the SMTP greeting banner.
</p>
</DD>
<DT><b><a name="mailbox_command">mailbox_command</a>
(default: empty)</b></DT><DD>
<p>
Optional external command that the <a href="local.8.html">local(8)</a> delivery agent should
use for mailbox delivery. The command is run with the user ID and
the primary group ID privileges of the recipient. Exception:
command delivery for root executes with $<a href="postconf.5.html#default_privs">default_privs</a> privileges.
This is not a problem, because 1) mail for root should always be
aliased to a real user and 2) don't log in as root, use "su" instead.
</p>
<p>
The following environment variables are exported to the command:
</p>
<dl>
<dt><b>CLIENT_ADDRESS</b></dt>
<dd>Remote client network address. Available in Postfix version 2.2 and
later. </dd>
<dt><b>CLIENT_HELO</b></dt>
<dd>Remote client EHLO command parameter. Available in Postfix version 2.2
and later.</dd>
<dt><b>CLIENT_HOSTNAME</b></dt>
<dd>Remote client hostname. Available in Postfix version 2.2 and later.
</dd>
<dt><b>CLIENT_PROTOCOL</b></dt>
<dd>Remote client protocol. Available in Postfix version 2.2 and later.
</dd>
<dt><b>DOMAIN</b></dt>
<dd>The domain part of the recipient address. </dd>
<dt><b>EXTENSION</b></dt>
<dd>The optional address extension. </dd>
<dt><b>HOME</b></dt>
<dd>The recipient home directory. </dd>
<dt><b>LOCAL</b></dt>
<dd>The recipient address localpart. </dd>
<dt><b>LOGNAME</b></dt>
<dd>The recipient's username. </dd>
<dt><b>ORIGINAL_RECIPIENT</b></dt>
<dd>The entire recipient address, before any address rewriting or
aliasing. </dd>
<dt><b>RECIPIENT</b></dt>
<dd>The full recipient address. </dd>
<dt><b>SASL_METHOD</b></dt>
<dd>SASL authentication method specified in the remote client AUTH
command. Available in Postfix version 2.2 and later. </dd>
<dt><b>SASL_SENDER</b></dt>
<dd>SASL sender address specified in the remote client MAIL FROM
command. Available in Postfix version 2.2 and later. </dd>
<dt><b>SASL_USER</b></dt>
<dd>SASL username specified in the remote client AUTH command.
Available in Postfix version 2.2 and later. </dd>
<dt><b>SENDER</b></dt>
<dd>The full sender address. </dd>
<dt><b>SHELL</b></dt>
<dd>The recipient's login shell. </dd>
<dt><b>USER</b></dt>
<dd>The recipient username. </dd>
</dl>
<p>
Unlike other Postfix configuration parameters, the <a href="postconf.5.html#mailbox_command">mailbox_command</a>
parameter is not subjected to $name substitutions. This is to make
it easier to specify shell syntax (see example below).
</p>
<p>
If you can, avoid shell meta characters because they will force
Postfix to run an expensive shell process. If you're delivering
via Procmail then running a shell won't make a noticeable difference
in the total cost.
</p>
<p>
Note: if you use the <a href="postconf.5.html#mailbox_command">mailbox_command</a> feature to deliver mail
system-wide, you must set up an alias that forwards mail for root
to a real user.
</p>
<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail
<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail -a "$EXTENSION"
<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/maildrop -d "$USER"
-f "$SENDER" "$EXTENSION"
</pre>
</DD>
<DT><b><a name="mailbox_command_maps">mailbox_command_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional lookup tables with per-recipient external commands to use
for <a href="local.8.html">local(8)</a> mailbox delivery. Behavior is as with <a href="postconf.5.html#mailbox_command">mailbox_command</a>.
</p>
<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
</DD>
<DT><b><a name="mailbox_delivery_lock">mailbox_delivery_lock</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
How to lock a UNIX-style <a href="local.8.html">local(8)</a> mailbox before attempting delivery.
For a list of available file locking methods, use the "<b>postconf
-l</b>" command.
</p>
<p>
This setting is ignored with <b>maildir</b> style delivery,
because such deliveries are safe without explicit locks.
</p>
<p>
Note: The <b>dotlock</b> method requires that the recipient UID or
GID has write access to the parent directory of the mailbox file.
</p>
<p>
Note: the default setting of this parameter is system dependent.
</p>
</DD>
<DT><b><a name="mailbox_size_limit">mailbox_size_limit</a>
(default: 51200000)</b></DT><DD>
<p> The maximal size of any <a href="local.8.html">local(8)</a> individual mailbox or maildir
file, or zero (no limit). In fact, this limits the size of any
file that is written to upon local delivery, including files written
by external commands that are executed by the <a href="local.8.html">local(8)</a> delivery
agent. </p>
<p>
This limit must not be smaller than the message size limit.
</p>
</DD>
<DT><b><a name="mailbox_transport">mailbox_transport</a>
(default: empty)</b></DT><DD>
<p>
Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery
agent should use for mailbox delivery to all local recipients,
whether or not they are found in the UNIX passwd database.
</p>
<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
</DD>
<DT><b><a name="mailbox_transport_maps">mailbox_transport_maps</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables with per-recipient message delivery
transports to use for <a href="local.8.html">local(8)</a> mailbox delivery, whether or not the
recipients are found in the UNIX passwd database. </p>
<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="mailq_path">mailq_path</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Sendmail compatibility feature that specifies where the Postfix
<a href="mailq.1.html">mailq(1)</a> command is installed. This command can be used to
list the Postfix mail queue.
</p>
</DD>
<DT><b><a name="manpage_directory">manpage_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Where the Postfix manual pages are installed.
</p>
</DD>
<DT><b><a name="maps_rbl_domains">maps_rbl_domains</a>
(default: empty)</b></DT><DD>
<p>
Obsolete feature: use the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> feature instead.
</p>
</DD>
<DT><b><a name="maps_rbl_reject_code">maps_rbl_reject_code</a>
(default: 554)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or
<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="masquerade_classes">masquerade_classes</a>
(default: envelope_sender, header_sender, header_recipient)</b></DT><DD>
<p>
What addresses are subject to address masquerading.
</p>
<p>
By default, address masquerading is limited to envelope sender
addresses, and to header sender and header recipient addresses.
This allows you to use address masquerading on a mail gateway while
still being able to forward mail to users on individual machines.
</p>
<p>
Specify zero or more of: envelope_sender, envelope_recipient,
header_sender, header_recipient
</p>
</DD>
<DT><b><a name="masquerade_domains">masquerade_domains</a>
(default: empty)</b></DT><DD>
<p>
Optional list of domains whose subdomain structure will be stripped
off in email addresses.
</p>
<p>
The list is processed left to right, and processing stops at the
first match. Thus,
</p>
<blockquote>
<pre>
<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = foo.example.com example.com
</pre>
</blockquote>
<p>
strips "user@any.thing.foo.example.com" to "user@foo.example.com",
but strips "user@any.thing.else.example.com" to "user@example.com".
</p>
<p>
A domain name prefixed with ! means do not masquerade this domain
or its subdomains. Thus,
</p>
<blockquote>
<pre>
<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = !foo.example.com example.com
</pre>
</blockquote>
<p>
does not change "user@any.thing.foo.example.com" or "user@foo.example.com",
but strips "user@any.thing.else.example.com" to "user@example.com".
</p>
<p> Note: with Postfix version 2.2, message header address masquerading
happens only when message header address rewriting is enabled: </p>
<ul>
<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
<li> The message is received from a network client that matches
$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
<li> The message is received from the network, and the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
</ul>
<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
</pre>
</DD>
<DT><b><a name="masquerade_exceptions">masquerade_exceptions</a>
(default: empty)</b></DT><DD>
<p>
Optional list of user names that are not subjected to address
masquerading, even when their address matches $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>.
</p>
<p>
By default, address masquerading makes no exceptions.
</p>
<p>
Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. A "/file/name"
pattern is replaced
by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name
matches a lookup key (the lookup result is ignored). Continue long
lines by starting the next line with whitespace. Specify "!pattern"
to exclude a name from the list. The form "!/file/name" is supported
only in Postfix version 2.4 and later. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root, mailer-daemon
<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root
</pre>
</DD>
<DT><b><a name="master_service_disable">master_service_disable</a>
(default: empty)</b></DT><DD>
<p> Selectively disable <a href="master.8.html">master(8)</a> listener ports by service type
or by service name and type. Specify a list of service types
("inet", "unix", "fifo", or "pass") or "name/type" tuples, where
"name" is the first field of a <a href="master.5.html">master.cf</a> entry and "type" is a
service type. As with other Postfix matchlists, a search stops at
the first match. Specify "!pattern" to exclude a service from the
list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled. </p>
<p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
patterns, nor does it support wildcards such as "*" or "all". This
is intentional. </p>
<p> Examples: </p>
<pre>
# With Postfix 2.6..2.10 use '.' instead of '/'.
# Turn on all <a href="master.8.html">master(8)</a> listener ports (the default).
<a href="postconf.5.html#master_service_disable">master_service_disable</a> =
# Turn off only the main SMTP listener port.
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp/inet
# Turn off all TCP/IP listener ports.
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet
# Turn off all TCP/IP listener ports except "foo".
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo/inet, inet
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="max_idle">max_idle</a>
(default: 100s)</b></DT><DD>
<p>
The maximum amount of time that an idle Postfix daemon process waits
for an incoming connection before terminating voluntarily. This
parameter
is ignored by the Postfix queue manager and by other long-lived
Postfix daemon processes.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="max_use">max_use</a>
(default: 100)</b></DT><DD>
<p>
The maximal number of incoming connections that a Postfix daemon
process will service before terminating voluntarily. This parameter
is ignored by the Postfix queue
manager and by other long-lived Postfix daemon processes.
</p>
</DD>
<DT><b><a name="maximal_backoff_time">maximal_backoff_time</a>
(default: 4000s)</b></DT><DD>
<p>
The maximal time between attempts to deliver a deferred message.
</p>
<p> This parameter should be set to a value greater than or equal
to $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="maximal_queue_lifetime">maximal_queue_lifetime</a>
(default: 5d)</b></DT><DD>
<p>
Consider a message as undeliverable, when delivery fails with a
temporary error, and the time in the queue has reached the
<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> limit.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
</p>
<p>
Specify 0 when mail delivery should be tried only once.
</p>
</DD>
<DT><b><a name="message_reject_characters">message_reject_characters</a>
(default: empty)</b></DT><DD>
<p> The set of characters that Postfix will reject in message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Note 1: this feature does not recognize text that requires MIME
decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a>
and <a href="postconf.5.html#body_checks">body_checks</a>. </p>
<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a>
= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="message_size_limit">message_size_limit</a>
(default: 10240000)</b></DT><DD>
<p>
The maximal size in bytes of a message, including envelope information.
</p>
<p> Note: be careful when making changes. Excessively small values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds the local or remote MTA's message size limit.
</p>
</DD>
<DT><b><a name="message_strip_characters">message_strip_characters</a>
(default: empty)</b></DT><DD>
<p> The set of characters that Postfix will remove from message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Note 1: this feature does not recognize text that requires MIME
decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a>
and <a href="postconf.5.html#body_checks">body_checks</a>. </p>
<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a>
= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_command_timeout">milter_command_timeout</a>
(default: 30s)</b></DT><DD>
<p> The time limit for sending an SMTP command to a Milter (mail
filter) application, and for receiving the response. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_connect_macros">milter_connect_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to Milter (mail filter) applications
after completion of an SMTP connection. See <a href="MILTER_README.html">MILTER_README</a>
for a list of available macro names and their meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_connect_timeout">milter_connect_timeout</a>
(default: 30s)</b></DT><DD>
<p> The time limit for connecting to a Milter (mail filter)
application, and for negotiating protocol options. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_content_timeout">milter_content_timeout</a>
(default: 300s)</b></DT><DD>
<p> The time limit for sending message content to a Milter (mail
filter) application, and for receiving the response. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_data_macros">milter_data_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to version 4 or higher Milter (mail
filter) applications after the SMTP DATA command. See <a href="MILTER_README.html">MILTER_README</a>
for a list of available macro names and their meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_default_action">milter_default_action</a>
(default: tempfail)</b></DT><DD>
<p> The default action when a Milter (mail filter) application is
unavailable or mis-configured. Specify one of the following: </p>
<dl compact>
<dt>accept</dt> <dd>Proceed as if the mail filter was not present.
</dd>
<dt>reject</dt> <dd>Reject all further commands in this session
with a permanent status code.</dd>
<dt>tempfail</dt> <dd>Reject all further commands in this session
with a temporary status code. </dd>
<dt>quarantine</dt> <dd>Like "accept", but freeze the message in
the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd>
</dl>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_end_of_data_macros">milter_end_of_data_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to Milter (mail filter) applications
after the message end-of-data. See <a href="MILTER_README.html">MILTER_README</a> for a list of
available macro names and their meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_end_of_header_macros">milter_end_of_header_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to Milter (mail filter) applications
after the end of the message header. See <a href="MILTER_README.html">MILTER_README</a> for a list
of available macro names and their meanings. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="milter_header_checks">milter_header_checks</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables for content inspection of message headers
that are produced by Milter applications. See the <a href="header_checks.5.html">header_checks(5)</a>
manual page available actions. Currently, PREPEND is not implemented.
</p>
<p> The following example sends all mail that is marked as SPAM to
a spam handling machine. Note that matches are case-insensitive
by default. </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>
</pre>
<pre>
/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>:
/^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25
</pre>
<p> The <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> mechanism could also be used for
whitelisting. For example it could be used to skip heavy content
inspection for DKIM-signed mail from known friendly domains. </p>
<p> This feature is available in Postfix 2.7, and as an optional
patch for Postfix 2.6. </p>
</DD>
<DT><b><a name="milter_helo_macros">milter_helo_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to Milter (mail filter) applications
after the SMTP HELO or EHLO command. See
<a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their meanings.
</p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_macro_daemon_name">milter_macro_daemon_name</a>
(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
<p> The {daemon_name} macro value for Milter (mail filter) applications.
See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their
meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_macro_v">milter_macro_v</a>
(default: $<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b></DT><DD>
<p> The {v} macro value for Milter (mail filter) applications.
See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their
meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_mail_macros">milter_mail_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to Milter (mail filter) applications
after the SMTP MAIL FROM command. See <a href="MILTER_README.html">MILTER_README</a>
for a list of available macro names and their meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_protocol">milter_protocol</a>
(default: 6)</b></DT><DD>
<p> The mail filter protocol version and optional protocol extensions
for communication with a Milter application; prior to Postfix 2.6
the default protocol is 2. Postfix
sends this version number during the initial protocol handshake.
It should match the version number that is expected by the mail
filter application (or by its Milter library). </p>
<p>Protocol versions: </p>
<dl compact>
<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default
with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 ..
2.5).</dd>
<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd>
<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd>
<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default
with Sendmail version 8.14 and Postfix version 2.6).</dd>
</dl>
<p>Protocol extensions: </p>
<dl compact>
<dt>no_header_reply</dt> <dd> Specify this when the Milter application
will not reply for each individual message header.</dd>
</dl>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_rcpt_macros">milter_rcpt_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to Milter (mail filter) applications
after the SMTP RCPT TO command. See <a href="MILTER_README.html">MILTER_README</a>
for a list of available macro names and their meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="milter_unknown_command_macros">milter_unknown_command_macros</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The macros that are sent to version 3 or higher Milter (mail
filter) applications after an unknown SMTP command. See <a href="MILTER_README.html">MILTER_README</a>
for a list of available macro names and their meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a>
(default: 2048)</b></DT><DD>
<p>
The maximal length of MIME multipart boundary strings. The MIME
processor is unable to distinguish between boundary strings that
do not differ in the first $<a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> characters.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="mime_header_checks">mime_header_checks</a>
(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD>
<p>
Optional lookup tables for content inspection of MIME related
message headers, as described in the <a href="header_checks.5.html">header_checks(5)</a> manual page.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="mime_nesting_limit">mime_nesting_limit</a>
(default: 100)</b></DT><DD>
<p>
The maximal recursion level that the MIME processor will handle.
Postfix refuses mail that is nested deeper than the specified limit.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a>
(default: 300s)</b></DT><DD>
<p>
The minimal time between attempts to deliver a deferred message;
prior to Postfix 2.4 the default value was 1000s.
</p>
<p>
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>
<p> This parameter should be set greater than or equal to
$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="multi_instance_directories">multi_instance_directories</a>
(default: empty)</b></DT><DD>
<p> An optional list of non-default Postfix configuration directories;
these directories belong to additional Postfix instances that share
the Postfix executable files and documentation with the default
Postfix instance, and that are started, stopped, etc., together
with the default Postfix instance. Specify a list of pathnames
separated by comma or whitespace. </p>
<p> When $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is empty, the <a href="postfix.1.html">postfix(1)</a> command
runs in single-instance mode and operates on a single Postfix
instance only. Otherwise, the <a href="postfix.1.html">postfix(1)</a> command runs in multi-instance
mode and invokes the multi-instance manager specified with the
<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter. The multi-instance manager in
turn executes <a href="postfix.1.html">postfix(1)</a> commands for the default instance and for
all Postfix instances in $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>. </p>
<p> Currently, this parameter setting is ignored except for the
default <a href="postconf.5.html">main.cf</a> file. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="multi_instance_enable">multi_instance_enable</a>
(default: no)</b></DT><DD>
<p> Allow this Postfix instance to be started, stopped, etc., by a
multi-instance manager. By default, new instances are created in
a safe state that prevents them from being started inadvertently.
This parameter is reserved for the multi-instance manager. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="multi_instance_group">multi_instance_group</a>
(default: empty)</b></DT><DD>
<p> The optional instance group name of this Postfix instance. A
group identifies closely-related Postfix instances that the
multi-instance manager can start, stop, etc., as a unit. This
parameter is reserved for the multi-instance manager. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="multi_instance_name">multi_instance_name</a>
(default: empty)</b></DT><DD>
<p> The optional instance name of this Postfix instance. This name
becomes also the default value for the <a href="postconf.5.html#syslog_name">syslog_name</a> parameter. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="multi_instance_wrapper">multi_instance_wrapper</a>
(default: empty)</b></DT><DD>
<p> The pathname of a multi-instance manager command that the
<a href="postfix.1.html">postfix(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
parameter value is non-empty. The pathname may be followed by
initial command arguments separated by whitespace; shell
metacharacters such as quotes are not supported in this context.
</p>
<p> The <a href="postfix.1.html">postfix(1)</a> command invokes the manager command with the
<a href="postfix.1.html">postfix(1)</a> non-option command arguments on the manager command line,
and with all installation configuration parameters exported into
the manager command process environment. The manager command in
turn invokes the <a href="postfix.1.html">postfix(1)</a> command for individual Postfix instances
as "postfix -c <i><a href="postconf.5.html#config_directory">config_directory</a></i> <i>command</i>". </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a>
(default: 550)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a>
restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="mydestination">mydestination</a>
(default: $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b></DT><DD>
<p> The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
mail delivery transport. By default this is the Postfix <a href="local.8.html">local(8)</a>
delivery agent which looks up all recipients in /etc/passwd and
/etc/aliases. The SMTP server validates recipient addresses with
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and rejects non-existent recipients. See also
the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file.
</p>
<p>
The default <a href="postconf.5.html#mydestination">mydestination</a> value specifies names for the local
machine only. On a mail domain gateway, you should also include
$<a href="postconf.5.html#mydomain">mydomain</a>.
</p>
<p>
The $<a href="postconf.5.html#local_transport">local_transport</a> delivery method is also selected for mail
addressed to user@[the.net.work.address] of the mail system (the
IP addresses specified with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> and <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>
parameters).
</p>
<p>
Warnings:
</p>
<ul>
<li><p>Do not specify the names of virtual domains - those domains
are specified elsewhere. See <a href="VIRTUAL_README.html">VIRTUAL_README</a> for more information. </p>
<li><p>Do not specify the names of domains that this machine is
backup MX host for. See <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> for how to
set up backup MX hosts. </p>
<li><p>By default, the Postfix SMTP server rejects mail for recipients
not listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter. See the
<a href="postconf.5.html">postconf(5)</a> manual for a description of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
and <a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> parameters. </p>
</ul>
<p>
Specify a list of host or domain names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
patterns, separated by commas and/or whitespace. A "/file/name"
pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
is matched when a name matches a lookup key (the lookup result is
ignored). Continue long lines by starting the next line with
whitespace. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> $<a href="postconf.5.html#mydomain">mydomain</a>
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> www.$<a href="postconf.5.html#mydomain">mydomain</a>, ftp.$<a href="postconf.5.html#mydomain">mydomain</a>
</pre>
</DD>
<DT><b><a name="mydomain">mydomain</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The internet domain name of this mail system. The default is to
use $<a href="postconf.5.html#myhostname">myhostname</a> minus the first component, or "localdomain" (Postfix
2.3 and later). $<a href="postconf.5.html#mydomain">mydomain</a> is used as
a default value for many other configuration parameters.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#mydomain">mydomain</a> = domain.tld
</pre>
</DD>
<DT><b><a name="myhostname">myhostname</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The internet hostname of this mail system. The default is to use
the fully-qualified domain name (FQDN) from gethostname(), or to
use the non-FQDN result from gethostname() and append ".$<a href="postconf.5.html#mydomain">mydomain</a>".
$<a href="postconf.5.html#myhostname">myhostname</a> is used as a default value for many other configuration
parameters. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#myhostname">myhostname</a> = host.example.com
</pre>
</DD>
<DT><b><a name="mynetworks">mynetworks</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The list of "trusted" remote SMTP clients that have more privileges than
"strangers".
</p>
<p>
In particular, "trusted" SMTP clients are allowed to relay mail
through Postfix. See the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter
description in the <a href="postconf.5.html">postconf(5)</a> manual.
</p>
<p>
You can specify the list of "trusted" network addresses by hand
or you can let Postfix do it for you (which is the default).
See the description of the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameter for more
information.
</p>
<p>
If you specify the <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand,
Postfix ignores the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> setting.
</p>
<p> Specify a list of network addresses or network/netmask patterns,
separated by commas and/or whitespace. Continue long lines by
starting the next line with whitespace. </p>
<p> The netmask specifies the number of bits in the network part
of a host address. You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
patterns. A "/file/name" pattern is replaced by its contents; a
"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry matches a
lookup string (the lookup result is ignored). </p>
<p> The list is matched left to right, and the search stops on the
first match. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only
in Postfix version 2.4 and later. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#mynetworks">mynetworks</a> value, and in files specified with
"/file/name". IP version 6 addresses contain the ":" character,
and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern. </p>
<p> Examples: </p>
<pre>
<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28
<a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28
<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
<a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks
<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/network_table
</pre>
</DD>
<DT><b><a name="mynetworks_style">mynetworks_style</a>
(default: subnet)</b></DT><DD>
<p>
The method to generate the default value for the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter.
This is the list of trusted networks for relay access control etc.
</p>
<ul>
<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host" when Postfix should
"trust" only the local machine. </p>
<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" when Postfix
should "trust" remote SMTP clients in the same IP subnetworks as the local
machine. On Linux, this works correctly only with interfaces
specified with the "ifconfig" command. </p>
<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" when Postfix should
"trust" remote SMTP clients in the same IP class A/B/C networks as the
local machine. Don't do this with a dialup site - it would cause
Postfix to "trust" your entire provider's network. Instead, specify
an explicit <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, as described with the <a href="postconf.5.html#mynetworks">mynetworks</a>
configuration parameter. </p>
</ul>
</DD>
<DT><b><a name="myorigin">myorigin</a>
(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
<p>
The domain name that locally-posted mail appears to come
from, and that locally posted mail is delivered to. The default,
$<a href="postconf.5.html#myhostname">myhostname</a>, is adequate for small sites. If you run a domain with
multiple machines, you should (1) change this to $<a href="postconf.5.html#mydomain">mydomain</a> and (2)
set up a domain-wide alias database that aliases each user to
user@that.users.mailhost.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
</pre>
</DD>
<DT><b><a name="nested_header_checks">nested_header_checks</a>
(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD>
<p>
Optional lookup tables for content inspection of non-MIME message
headers in attached messages, as described in the <a href="header_checks.5.html">header_checks(5)</a>
manual page.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="newaliases_path">newaliases_path</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Sendmail compatibility feature that specifies the location of the
<a href="newaliases.1.html">newaliases(1)</a> command. This command can be used to rebuild the
<a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> database.
</p>
</DD>
<DT><b><a name="non_fqdn_reject_code">non_fqdn_reject_code</a>
(default: 504)</b></DT><DD>
<p>
The numerical Postfix SMTP server reply code when a client request
is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a>
or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
</p>
</DD>
<DT><b><a name="non_smtpd_milters">non_smtpd_milters</a>
(default: empty)</b></DT><DD>
<p> A list of Milter (mail filter) applications for new mail that
does not arrive via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. This includes local
submission via the <a href="sendmail.1.html">sendmail(1)</a> command line, new mail that arrives
via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a> server, and old mail that is re-injected
into the queue with "postsuper -r". Specify space or comma as
separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="notify_classes">notify_classes</a>
(default: resource, software)</b></DT><DD>
<p>
The list of error classes that are reported to the postmaster. The
default is to report only the most serious problems. The paranoid
may wish to turn on the policy (UCE and mail relaying) and protocol
error (broken mail software) reports.
</p>
<p> NOTE: postmaster notifications may contain confidential information
such as SASL passwords or message content. It is the system
administrator's responsibility to treat such information with care.
</p>
<p>
The error classes are:
</p>
<dl>
<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt>
<dd>Send the postmaster copies of the headers of bounced mail, and
send transcripts of SMTP sessions when Postfix rejects mail. The
notification is sent to the address specified with the
<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster).
</dd>
<dt><b>2bounce</b></dt>
<dd>Send undeliverable bounced mail to the postmaster. The notification
is sent to the address specified with the <a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a>
configuration parameter (default: postmaster). </dd>
<dt><b>data</b></dt>
<dd>Send the postmaster a transcript of the SMTP session with an
error because a critical data file was unavailable. The notification
is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a>
configuration parameter (default: postmaster). <br> This feature
is available in Postfix 2.9 and later. </dd>
<dt><b>delay</b></dt>
<dd>Send the postmaster copies of the headers of delayed mail (see
<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>). The
notification is sent to the address specified with the
<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster).
</dd>
<dt><b>policy</b></dt>
<dd>Send the postmaster a transcript of the SMTP session when a
client request was rejected because of (UCE) policy. The notification
is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a>
configuration parameter (default: postmaster). </dd>
<dt><b>protocol</b></dt>
<dd>Send the postmaster a transcript of the SMTP session in case
of client or server protocol errors. The notification is sent to
the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration
parameter (default: postmaster). </dd>
<dt><b>resource</b></dt>
<dd>Inform the postmaster of mail not delivered due to resource
problems. The notification is sent to the address specified with
the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default:
postmaster). </dd>
<dt><b>software</b></dt>
<dd>Inform the postmaster of mail not delivered due to software
problems. The notification is sent to the address specified with
the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default:
postmaster). </dd>
</dl>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#notify_classes">notify_classes</a> = bounce, delay, policy, protocol, resource, software
<a href="postconf.5.html#notify_classes">notify_classes</a> = 2bounce, resource, software
</pre>
</DD>
<DT><b><a name="owner_request_special">owner_request_special</a>
(default: yes)</b></DT><DD>
<p>
Give special treatment to owner-listname and listname-request
address localparts: don't split such addresses when the
<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to "-". This feature is useful for
mailing lists.
</p>
</DD>
<DT><b><a name="parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
What Postfix features match subdomains of "domain.tld" automatically,
instead of requiring an explicit ".domain.tld" pattern. This is
planned backwards compatibility: eventually, all Postfix features
are expected to require explicit ".domain.tld" style patterns when
you really want to match subdomains.
</p>
</DD>
<DT><b><a name="permit_mx_backup_networks">permit_mx_backup_networks</a>
(default: empty)</b></DT><DD>
<p>
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
only domains whose primary MX hosts match the listed networks.
The parameter value syntax is the same as with the <a href="postconf.5.html#mynetworks">mynetworks</a>
parameter; note, however, that the default value is empty. </p>
</DD>
<DT><b><a name="pickup_service_name">pickup_service_name</a>
(default: pickup)</b></DT><DD>
<p>
The name of the <a href="pickup.8.html">pickup(8)</a> service. This service picks up local mail
submissions from the Postfix <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="plaintext_reject_code">plaintext_reject_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a request
is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
</p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="postmulti_control_commands">postmulti_control_commands</a>
(default: reload flush)</b></DT><DD>
<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager
treats as "control" commands, that operate on running instances. For
these commands, disabled instances are skipped. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="postmulti_start_commands">postmulti_start_commands</a>
(default: start)</b></DT><DD>
<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats
as "start" commands. For these commands, disabled instances are "checked"
rather than "started", and failure to "start" a member instance of an
instance group will abort the start-up of later instances. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="postmulti_stop_commands">postmulti_stop_commands</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats
as "stop" commands. For these commands, disabled instances are skipped,
and enabled instances are processed in reverse order. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="postscreen_access_list">postscreen_access_list</a>
(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b></DT><DD>
<p> Permanent white/blacklist for remote SMTP client IP addresses.
<a href="postscreen.8.html">postscreen(8)</a> searches this list immediately after a remote SMTP
client connects. Specify a comma- or whitespace-separated list of
commands (in upper or lower case) or lookup tables. The search stops
upon the first command that fires for the client IP address. </p>
<dl>
<dt> <b> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> </b> </dt> <dd> Whitelist the client and
terminate the search if the client IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>.
Do not subject the client to any before/after 220 greeting tests.
Pass the connection immediately to a Postfix SMTP server process.
</dd>
<dt> <b> <a href="DATABASE_README.html">type:table</a> </b> </dt> <dd> Query the specified lookup
table. Each table lookup result is an access list, except that
access lists inside a table cannot specify <a href="DATABASE_README.html">type:table</a> entries. <br>
To discourage the use of hash, btree, etc. tables, there is no
support for substring matching like <a href="smtpd.8.html">smtpd(8)</a>. Use CIDR tables
instead. </dd>
<dt> <b> permit </b> </dt> <dd> Whitelist the client and terminate
the search. Do not subject the client to any before/after 220
greeting tests. Pass the connection immediately to a Postfix SMTP
server process. </dd>
<dt> <b> reject </b> </dt> <dd> Blacklist the client and terminate
the search. Subject the client to the action configured with the
<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> configuration parameter. </dd>
<dt> <b> dunno </b> </dt> <dd> All <a href="postscreen.8.html">postscreen(8)</a> access lists
implicitly have this command at the end. <br> When <b> dunno </b>
is executed inside a lookup table, return from the lookup table and
evaluate the next command. <br> When <b> dunno </b> is executed
outside a lookup table, terminate the search, and subject the client
to the configured before/after 220 greeting tests. </dd>
</dl>
<p> Example: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce
</pre>
<pre>
/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
# Rules are evaluated in the order as specified.
# Blacklist 192.168.* except 192.168.0.1.
192.168.0.1 dunno
192.168.0.0/16 reject
</pre>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_bare_newline_action">postscreen_bare_newline_action</a>
(default: ignore)</b></DT><DD>
<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends
a bare newline character, that is, a newline not preceded by carriage
return. Specify one of the following: </p>
<dl>
<dt> <b>ignore</b> </dt>
<dd> Ignore the failure of this test. Allow other tests to complete.
Do <i>not</i> repeat this test before some the result from some
other test expires.
This option is useful for testing and collecting statistics
without blocking mail permanently. </dd>
<dt> <b>enforce</b> </dt>
<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>
<dt> <b>drop</b> </dt>
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>
</dl>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_bare_newline_enable">postscreen_bare_newline_enable</a>
(default: no)</b></DT><DD>
<p> Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a>
server. These tests are expensive: a remote SMTP client must
disconnect after
it passes the test, before it can talk to a real Postfix SMTP server.
</p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a>
(default: 30d)</b></DT><DD>
<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
a successful "bare newline" SMTP protocol test. During this
time, the client IP address is excluded from this test. The default
is long because a remote SMTP client must disconnect after it passes
the test,
before it can talk to a real Postfix SMTP server. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_blacklist_action">postscreen_blacklist_action</a>
(default: ignore)</b></DT><DD>
<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client is
permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.
Specify one of the following: </p>
<dl>
<dt> <b>ignore</b> (default) </dt>
<dd> Ignore this result. Allow other tests to complete. Repeat
this test the next time the client connects.
This option is useful for testing and collecting statistics
without blocking mail. </dd>
<dt> <b>enforce</b> </dt>
<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>
<dt> <b>drop</b> </dt>
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>
</dl>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a>
(default: 12h)</b></DT><DD>
<p> The amount of time between <a href="postscreen.8.html">postscreen(8)</a> cache cleanup runs.
Cache cleanup increases the load on the cache database and should
therefore not be run frequently. This feature requires that the
cache database supports the "delete" and "sequence" operators.
Specify a zero interval to disable cache cleanup. </p>
<p> After each cache cleanup run, the <a href="postscreen.8.html">postscreen(8)</a> daemon logs the
number of entries that were retained and dropped. A cleanup run is
logged as "partial" when the daemon terminates early after "<b>postfix
reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a>
seconds. </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_cache_map">postscreen_cache_map</a>
(default: <a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b></DT><DD>
<p> Persistent storage for the <a href="postscreen.8.html">postscreen(8)</a> server decisions. </p>
<p> To share a <a href="postscreen.8.html">postscreen(8)</a> cache between multiple <a href="postscreen.8.html">postscreen(8)</a>
instances, use "<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/path/to/file".
This requires Postfix version 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a>
implementations don't support cache cleanup. For an alternative
approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_cache_retention_time">postscreen_cache_retention_time</a>
(default: 7d)</b></DT><DD>
<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will cache an expired
temporary whitelist entry before it is removed. This prevents clients
from being logged as "NEW" just because their cache entry expired
an hour ago. It also prevents the cache from filling up with clients
that passed some deep protocol test once and never came back. </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a>
(default: $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b></DT><DD>
<p> How many simultaneous connections any remote SMTP client is
allowed to have
with the <a href="postscreen.8.html">postscreen(8)</a> daemon. By default, this limit is the same
as with the Postfix SMTP server. Note that the triage process can
take several seconds, with the time spent in <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a>
delay, and with the time spent talking to the <a href="postscreen.8.html">postscreen(8)</a> built-in
dummy SMTP protocol engine. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_command_count_limit">postscreen_command_count_limit</a>
(default: 20)</b></DT><DD>
<p> The limit on the total number of commands per SMTP session for
<a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP protocol engine. This SMTP engine
defers or rejects all attempts to deliver mail, therefore there is
no need to enforce separate limits on the number of junk commands
and error commands. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_command_filter">postscreen_command_filter</a>
(default: $<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b></DT><DD>
<p> A mechanism to transform commands from remote SMTP clients.
See <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="postscreen_command_time_limit">postscreen_command_time_limit</a>
(default: ${stress?10}${stress:300}s)</b></DT><DD>
<p> The time limit to read an entire command line with <a href="postscreen.8.html">postscreen(8)</a>'s
built-in SMTP protocol engine. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a>
(default: $<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b></DT><DD>
<p> Disable the SMTP VRFY command in the <a href="postscreen.8.html">postscreen(8)</a> daemon. See
<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> for details. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a>
(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>)</b></DT><DD>
<p> Lookup tables, indexed by the remote SMTP client address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO response
to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details.
The table is not searched by hostname for robustness reasons. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a>
(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b></DT><DD>
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO
response to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>
for details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="postscreen_dnsbl_action">postscreen_dnsbl_action</a>
(default: ignore)</b></DT><DD>
<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client's combined
DNSBL score is equal to or greater than a threshold (as defined
with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>
parameters). Specify one of the following: </p>
<dl>
<dt> <b>ignore</b> (default) </dt>
<dd> Ignore the failure of this test. Allow other tests to complete.
Repeat this test the next time the client connects.
This option is useful for testing and collecting statistics
without blocking mail. </dd>
<dt> <b>enforce</b> </dt>
<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>
<dt> <b>drop</b> </dt>
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>
</dl>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a>
(default: empty)</b></DT><DD>
<p> A mapping from actual DNSBL domain name which includes a secret
password, to the DNSBL domain name that postscreen will reply with
when it rejects mail. When no mapping is found, the actual DNSBL
domain will be used. </p>
<p> For maximal stability it is best to use a file that is read
into memory such as <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>: or <a href="DATABASE_README.html#types">texthash</a>: (<a href="DATABASE_README.html#types">texthash</a>: is similar
to <a href="DATABASE_README.html#types">hash</a>:, except a) there is no need to run <a href="postmap.1.html">postmap(1)</a> before the
file can be used, and b) <a href="DATABASE_README.html#types">texthash</a>: does not detect changes after
the file is read). </p>
<p> Example: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply
</pre>
<pre>
/etc/postfix/dnsbl_reply:
secret.zen.spamhaus.org zen.spamhaus.org
</pre>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_dnsbl_sites">postscreen_dnsbl_sites</a>
(default: empty)</b></DT><DD>
<p>Optional list of DNS white/blacklist domains, filters and weight
factors. When the list is non-empty, the <a href="dnsblog.8.html">dnsblog(8)</a> daemon will
query these domains with the IP addresses of remote SMTP clients,
and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL score with
each non-error reply. </p>
<p> Caution: when postscreen rejects mail, it replies with the DNSBL
domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to hide
"password" information in DNSBL domain names. </p>
<p> When a client's score is equal to or greater than the threshold
specified with <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>, <a href="postscreen.8.html">postscreen(8)</a> can drop
the connection with the remote SMTP client. </p>
<p> Specify a list of domain=filter*weight entries, separated by
comma or whitespace. </p>
<ul>
<li> <p> When no "=filter" is specified, <a href="postscreen.8.html">postscreen(8)</a> will use any
non-error DNSBL reply. Otherwise, <a href="postscreen.8.html">postscreen(8)</a> uses only DNSBL
replies that match the filter. The filter has the form d.d.d.d,
where each d is a number, or a pattern inside [] that contains one
or more ";"-separated numbers or number..number ranges. </p>
<li> <p> When no "*weight" is specified, <a href="postscreen.8.html">postscreen(8)</a> increments
the remote SMTP client's DNSBL score by 1. Otherwise, the weight must be
an integral number, and <a href="postscreen.8.html">postscreen(8)</a> adds the specified weight to
the remote SMTP client's DNSBL score. Specify a negative number for
whitelisting. </p>
<li> <p> When one <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> entry produces multiple
DNSBL responses, <a href="postscreen.8.html">postscreen(8)</a> applies the weight at most once.
</p>
</ul>
<p> Examples: </p>
<p> To use example.com as a high-confidence blocklist, and to
block mail with example.net and example.org only when both agree:
</p>
<pre>
<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2
<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com*2, example.net, example.org
</pre>
<p> To filter only DNSBL replies containing 127.0.0.4: </p>
<pre>
<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com=127.0.0.4
</pre>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>
(default: 1)</b></DT><DD>
<p> The inclusive lower bound for blocking a remote SMTP client, based on
its combined DNSBL score as defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a>
parameter. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>
(default: 1h)</b></DT><DD>
<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
a successful DNS blocklist test. During this time, the client IP address
is excluded from this test. The default is relatively short, because a
good client can immediately talk to a real Postfix SMTP server.
</p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a>
(default: 0)</b></DT><DD>
<p> Allow a remote SMTP client to skip "before" and "after 220
greeting" protocol tests, based on its combined DNSBL score as
defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter. </p>
<p> Specify a negative value to enable this feature. When a client
passes the <a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> without having
failed other tests, all pending or disabled tests are flagged as
completed with a time-to-live value equal to <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>.
When a test was already completed, its time-to-live value is updated
if it was less than <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>. </p>
<p> This feature is available in Postfix 2.11. </p>
</DD>
<DT><b><a name="postscreen_enforce_tls">postscreen_enforce_tls</a>
(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD>
<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
require that clients use TLS encryption. See smtpd_postscreen_enforce_tls
for details. </p>
<p> This feature is available in Postfix 2.8 and later.
Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p>
</DD>
<DT><b><a name="postscreen_expansion_filter">postscreen_expansion_filter</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> List of characters that are permitted in <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a>
attribute expansions. See <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> for further
details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="postscreen_forbidden_commands">postscreen_forbidden_commands</a>
(default: $<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b></DT><DD>
<p> List of commands that the <a href="postscreen.8.html">postscreen(8)</a> server considers in
violation of the SMTP protocol. See <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> for
syntax, and <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> for possible actions.
</p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_greet_action">postscreen_greet_action</a>
(default: ignore)</b></DT><DD>
<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client speaks
before its turn within the time specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a>
parameter. Specify one of the following: </p>
<dl>
<dt> <b>ignore</b> (default) </dt>
<dd> Ignore the failure of this test. Allow other tests to complete.
Repeat this test the next time the client connects.
This option is useful for testing and collecting statistics
without blocking mail. </dd>
<dt> <b>enforce</b> </dt>
<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>
<dt> <b>drop</b> </dt>
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>
</dl>
<p> In either case, <a href="postscreen.8.html">postscreen(8)</a> will not whitelist the remote SMTP client
IP address. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_greet_banner">postscreen_greet_banner</a>
(default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b></DT><DD>
<p> The <i>text</i> in the optional "220-<i>text</i>..." server
response that
<a href="postscreen.8.html">postscreen(8)</a> sends ahead of the real Postfix SMTP server's "220
text..." response, in an attempt to confuse bad SMTP clients so
that they speak before their turn (pre-greet). Specify an empty
value to disable this feature. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_greet_ttl">postscreen_greet_ttl</a>
(default: 1d)</b></DT><DD>
<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
a successful PREGREET test. During this time, the client IP address
is excluded from this test. The default is relatively short, because
a good client can immediately talk to a real Postfix SMTP server. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_greet_wait">postscreen_greet_wait</a>
(default: ${stress?2}${stress:6}s)</b></DT><DD>
<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will wait for an SMTP
client to send a command before its turn, and for DNS blocklist
lookup results to arrive (default: up to 2 seconds under stress,
up to 6 seconds otherwise). <p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_helo_required">postscreen_helo_required</a>
(default: $<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b></DT><DD>
<p> Require that a remote SMTP client sends HELO or EHLO before
commencing a MAIL transaction. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a>
(default: drop)</b></DT><DD>
<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends
non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a>
parameter. Specify one of the following: </p>
<dl>
<dt> <b>ignore</b> </dt>
<dd> Ignore the failure of this test. Allow other tests to complete.
Do <i>not</i> repeat this test before some the result from some
other test expires.
This option is useful for testing and collecting statistics
without blocking mail permanently. </dd>
<dt> <b>enforce</b> </dt>
<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>
<dt> <b>drop</b> </dt>
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. This action is the
same as with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>
feature. </dd>
</dl>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a>
(default: no)</b></DT><DD>
<p> Enable "non-SMTP command" tests in the <a href="postscreen.8.html">postscreen(8)</a> server. These
tests are expensive: a client must disconnect after it passes the
test, before it can talk to a real Postfix SMTP server. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a>
(default: 30d)</b></DT><DD>
<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
a successful "non_smtp_command" SMTP protocol test. During this
time, the client IP address is excluded from this test. The default
is long because a client must disconnect after it passes the test,
before it can talk to a real Postfix SMTP server. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_pipelining_action">postscreen_pipelining_action</a>
(default: enforce)</b></DT><DD>
<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client
sends
multiple commands instead of sending one command and waiting for
the server to respond. Specify one of the following: </p>
<dl>
<dt> <b>ignore</b> </dt>
<dd> Ignore the failure of this test. Allow other tests to complete.
Do <i>not</i> repeat this test before some the result from some
other test expires.
This option is useful for testing and collecting statistics
without blocking mail permanently. </dd>
<dt> <b>enforce</b> </dt>
<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>
<dt> <b>drop</b> </dt>
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>
</dl>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_pipelining_enable">postscreen_pipelining_enable</a>
(default: no)</b></DT><DD>
<p> Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a>
server. These tests are expensive: a good client must disconnect
after it passes the test, before it can talk to a real Postfix SMTP
server. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_pipelining_ttl">postscreen_pipelining_ttl</a>
(default: 30d)</b></DT><DD>
<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
a successful "pipelining" SMTP protocol test. During this time, the
client IP address is excluded from this test. The default is
long because a good client must disconnect after it passes the test,
before it can talk to a real Postfix SMTP server. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_post_queue_limit">postscreen_post_queue_limit</a>
(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD>
<p> The number of clients that can be waiting for service from a
real Postfix SMTP server process. When this queue is full, all
clients will
receive a 421 response. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_pre_queue_limit">postscreen_pre_queue_limit</a>
(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD>
<p> The number of non-whitelisted clients that can be waiting for
a decision whether they will receive service from a real Postfix
SMTP server
process. When this queue is full, all non-whitelisted clients will
receive a 421 response. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_reject_footer">postscreen_reject_footer</a>
(default: $<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b></DT><DD>
<p> Optional information that is appended after a 4XX or 5XX
<a href="postscreen.8.html">postscreen(8)</a> server
response. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="postscreen_tls_security_level">postscreen_tls_security_level</a>
(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD>
<p> The SMTP TLS security level for the <a href="postscreen.8.html">postscreen(8)</a> server; when
a non-empty value is specified, this overrides the obsolete parameters
<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>. See <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>
for details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a>
(default: empty)</b></DT><DD>
<p> The name of the proxy protocol used by an optional before-postscreen
proxy agent. When a proxy agent is used, this protocol conveys local
and remote address and port information. Specify
"<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> = haproxy" to enable the haproxy
protocol. <p>
<p> This feature is available in Postfix 2.10 and later. </p>
</DD>
<DT><b><a name="postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a>
(default: 5s)</b></DT><DD>
<p> The time limit for the proxy protocol specified with the
<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter. </p>
<p> This feature is available in Postfix 2.10 and later. </p>
</DD>
<DT><b><a name="postscreen_use_tls">postscreen_use_tls</a>
(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD>
<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. </p>
<p> This feature is available in Postfix 2.8 and later.
Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p>
</DD>
<DT><b><a name="postscreen_watchdog_timeout">postscreen_watchdog_timeout</a>
(default: 10s)</b></DT><DD>
<p> How much time a <a href="postscreen.8.html">postscreen(8)</a> process may take to respond to
a remote SMTP client command or to perform a cache operation before it
is terminated by a built-in watchdog timer. This is a safety
mechanism that prevents <a href="postscreen.8.html">postscreen(8)</a> from becoming non-responsive
due to a bug in Postfix itself or in system software. To avoid
false alarms and unnecessary cache corruption this limit cannot be
set under 10s. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a>
(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD>
<p> A list of local <a href="postscreen.8.html">postscreen(8)</a> server IP addresses where a
non-whitelisted remote SMTP client can obtain <a href="postscreen.8.html">postscreen(8)</a>'s temporary
whitelist status. This status is required before the client can
talk to a Postfix SMTP server process. By default, a client can
obtain <a href="postscreen.8.html">postscreen(8)</a>'s whitelist status on any local <a href="postscreen.8.html">postscreen(8)</a>
server IP address. </p>
<p> When <a href="postscreen.8.html">postscreen(8)</a> listens on both primary and backup MX
addresses, the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> parameter can be
configured to give the temporary whitelist status only when a client
connects to a primary MX address. Once a client is whitelisted it
can talk to a Postfix SMTP server on any address. Thus, clients
that connect only to backup MX addresses will never become whitelisted,
and will never be allowed to talk to a Postfix SMTP server process.
</p>
<p> Specify a list of network addresses or network/netmask patterns,
separated by commas and/or whitespace. The netmask specifies the
number of bits in the network part of a host address. Continue long
lines by starting the next line with whitespace. </p>
<p> You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A
"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
lookup table is matched when a table entry matches a lookup string
(the lookup result is ignored). </p>
<p> The list is matched left to right, and the search stops on the
first match. Specify "!pattern" to exclude an address or network
block from the list. </p>
<p> Note: IP version 6 address information must be specified inside
[] in the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> value, and in files
specified with "/file/name". IP version 6 addresses contain the
":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
<p> Example: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Don't whitelist connections to the backup IP address.
<a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> = !168.100.189.8, <a href="DATABASE_README.html#types">static</a>:all
</pre>
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="prepend_delivered_header">prepend_delivered_header</a>
(default: command, file, forward)</b></DT><DD>
<p> The message delivery contexts where the Postfix <a href="local.8.html">local(8)</a> delivery
agent prepends a Delivered-To: message header with the address
that the mail was delivered to. This information is used for mail
delivery loop detection. </p>
<p>
By default, the Postfix local delivery agent prepends a Delivered-To:
header when forwarding mail and when delivering to file (mailbox)
and command. Turning off the Delivered-To: header when forwarding
mail is not recommended.
</p>
<p>
Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> = forward
</pre>
</DD>
<DT><b><a name="process_id">process_id</a>
(read-only)</b></DT><DD>
<p>
The process ID of a Postfix command or daemon process.
</p>
</DD>
<DT><b><a name="process_id_directory">process_id_directory</a>
(default: pid)</b></DT><DD>
<p>
The location of Postfix PID files relative to $<a href="postconf.5.html#queue_directory">queue_directory</a>.
This is a read-only parameter.
</p>
</DD>
<DT><b><a name="process_name">process_name</a>
(read-only)</b></DT><DD>
<p>
The process name of a Postfix command or daemon process.
</p>
</DD>
<DT><b><a name="propagate_unmatched_extensions">propagate_unmatched_extensions</a>
(default: canonical, virtual)</b></DT><DD>
<p>
What address lookup tables copy an address extension from the lookup
key to the lookup result.
</p>
<p>
For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com =>
joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>"
would rewrite to "<i>joe.user+foo@example.net</i>".
</p>
<p>
Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>,
<b>forward</b>, <b>include</b> or <b>generic</b>. These cause
address extension
propagation with <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a>, and <a href="aliases.5.html">aliases(5)</a> maps,
with <a href="local.8.html">local(8)</a> .forward and :include: file lookups, and with <a href="smtp.8.html">smtp(8)</a>
generic maps, respectively. </p>
<p>
Note: enabling this feature for types other than <b>canonical</b>
and <b>virtual</b> is likely to cause problems when mail is forwarded
to other sites, especially with mail that is sent to a mailing list
exploder address.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual, alias,
forward, include
<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual
</pre>
</DD>
<DT><b><a name="proxy_interfaces">proxy_interfaces</a>
(default: empty)</b></DT><DD>
<p>
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
<p> You must specify your "outside" proxy/NAT addresses when your
system is a backup MX host for other domains, otherwise mail delivery
loops will happen when the primary MX host is down. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
</pre>
</DD>
<DT><b><a name="proxy_read_maps">proxy_read_maps</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to
access for the read-only service.
Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="proxy_write_maps">proxy_write_maps</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to
access for the read-write service. Postfix-owned local database
files should be stored under the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>.
Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. </p>
<p>
This feature is available in Postfix 2.5 and later.
</p>
</DD>
<DT><b><a name="proxymap_service_name">proxymap_service_name</a>
(default: proxymap)</b></DT><DD>
<p> The name of the proxymap read-only table lookup service. This
service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="proxywrite_service_name">proxywrite_service_name</a>
(default: proxywrite)</b></DT><DD>
<p> The name of the proxywrite read-write table lookup service.
This service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon.
</p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="qmgr_clog_warn_time">qmgr_clog_warn_time</a>
(default: 300s)</b></DT><DD>
<p>
The minimal delay between warnings that a specific destination is
clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>. Specify 0 to disable.
</p>
<p>
This feature is enabled with the <a href="postconf.5.html#helpful_warnings">helpful_warnings</a> parameter.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="qmgr_daemon_timeout">qmgr_daemon_timeout</a>
(default: 1000s)</b></DT><DD>
<p> How much time a Postfix queue manager process may take to handle
a request before it is terminated by a built-in watchdog timer.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="qmgr_fudge_factor">qmgr_fudge_factor</a>
(default: 100)</b></DT><DD>
<p>
Obsolete feature: the percentage of delivery resources that a busy
mail system will use up for delivery of a large mailing list
message.
</p>
<p>
This feature exists only in the <a href="qmgr.8.html">oqmgr(8)</a> old queue manager. The
current queue manager solves the problem in a better way.
</p>
</DD>
<DT><b><a name="qmgr_ipc_timeout">qmgr_ipc_timeout</a>
(default: 60s)</b></DT><DD>
<p> The time limit for the queue manager to send or receive information
over an internal communication channel. The purpose is to break
out of deadlock situations. If the time limit is exceeded the
software either retries or aborts the operation. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="qmgr_message_active_limit">qmgr_message_active_limit</a>
(default: 20000)</b></DT><DD>
<p>
The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
</p>
</DD>
<DT><b><a name="qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>
(default: 20000)</b></DT><DD>
<p> The maximal number of recipients held in memory by the Postfix
queue manager, and the maximal size of the short-term,
in-memory "dead" destination status cache. </p>
</DD>
<DT><b><a name="qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>
(default: 10)</b></DT><DD>
<p>
The minimal number of in-memory recipients for any message. This
takes priority over any other in-memory recipient limits (i.e.,
the global <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> and the per transport
_recipient_limit) if necessary. The minimum value allowed for this
parameter is 1.
</p>
</DD>
<DT><b><a name="qmqpd_authorized_clients">qmqpd_authorized_clients</a>
(default: empty)</b></DT><DD>
<p>
What remote QMQP clients are allowed to connect to the Postfix QMQP
server port.
</p>
<p>
By default, no client is allowed to use the service. This is
because the QMQP server will relay mail to any destination.
</p>
<p>
Specify a list of client patterns. A list pattern specifies a host
name, a domain name, an internet address, or a network/mask pattern,
where the mask specifies the number of bits in the network part.
When a pattern specifies a file name, its contents are substituted
for the file name; when a pattern is a "<a href="DATABASE_README.html">type:table</a>" table specification,
table lookup is used instead. </p>
<p>
Patterns are separated by whitespace and/or commas. In order to
reverse the result, precede a pattern with an
exclamation point (!). The form "!/file/name" is supported only
in Postfix version 2.4 and later.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> = !192.168.0.1, 192.168.0.0/24
</pre>
</DD>
<DT><b><a name="qmqpd_client_port_logging">qmqpd_client_port_logging</a>
(default: no)</b></DT><DD>
<p> Enable logging of the remote QMQP client port in addition to
the hostname and IP address. The logging format is "host[address]:port".
</p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="qmqpd_error_delay">qmqpd_error_delay</a>
(default: 1s)</b></DT><DD>
<p>
How long the Postfix QMQP server will pause before sending a negative
reply to the remote QMQP client. The purpose is to slow down confused
or malicious clients.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="qmqpd_timeout">qmqpd_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The time limit for sending or receiving information over the network.
If a read or write operation blocks for more than $<a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a>
seconds the Postfix QMQP server gives up and disconnects.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="queue_directory">queue_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The location of the Postfix top-level queue directory. This is the
root directory of Postfix daemon processes that run chrooted.
</p>
</DD>
<DT><b><a name="queue_file_attribute_count_limit">queue_file_attribute_count_limit</a>
(default: 100)</b></DT><DD>
<p>
The maximal number of (name=value) attributes that may be stored
in a Postfix queue file. The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a>
server.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="queue_minfree">queue_minfree</a>
(default: 0)</b></DT><DD>
<p>
The minimal amount of free space in bytes in the queue file system
that is needed to receive mail. This is currently used by the
Postfix SMTP server to decide if it will accept any mail at all.
</p>
<p>
By default, the Postfix SMTP server rejects MAIL FROM commands when
the amount of free space is less than 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>
(Postfix version 2.1 and later).
To specify a higher minimum free space limit, specify a <a href="postconf.5.html#queue_minfree">queue_minfree</a>
value that is at least 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>.
</p>
<p>
With Postfix versions 2.0 and earlier, a <a href="postconf.5.html#queue_minfree">queue_minfree</a> value of
zero means there is no minimum required amount of free space.
</p>
</DD>
<DT><b><a name="queue_run_delay">queue_run_delay</a>
(default: 300s)</b></DT><DD>
<p>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
</p>
<p> This parameter should be set less than or equal to
$<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="queue_service_name">queue_service_name</a>
(default: qmgr)</b></DT><DD>
<p>
The name of the <a href="qmgr.8.html">qmgr(8)</a> service. This service manages the Postfix
queue and schedules delivery requests.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="rbl_reply_maps">rbl_reply_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional lookup tables with RBL response templates. The tables are
indexed by the RBL domain name. By default, Postfix uses the default
template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration
parameter. See there for a discussion of the syntax of RBL reply
templates.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="readme_directory">readme_directory</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The location of Postfix README files that describe how to build,
configure or operate a specific Postfix subsystem or feature.
</p>
</DD>
<DT><b><a name="receive_override_options">receive_override_options</a>
(default: empty)</b></DT><DD>
<p> Enable or disable recipient validation, built-in content
filtering, or address mapping. Typically, these are specified in
<a href="master.5.html">master.cf</a> as command-line arguments for the <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a> or
<a href="pickup.8.html">pickup(8)</a> daemons. </p>
<p> Specify zero or more of the following options. The options
override <a href="postconf.5.html">main.cf</a> settings and are either implemented by <a href="smtpd.8.html">smtpd(8)</a>,
<a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a> themselves, or they are forwarded to the
cleanup server. </p>
<dl>
<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt>
<dd>Do not try to reject unknown recipients (SMTP server only).
This is typically specified AFTER an external content filter.
</dd>
<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt>
<dd>Disable canonical address mapping, virtual alias map expansion,
address masquerading, and automatic BCC (blind carbon-copy)
recipients. This is typically specified BEFORE an external content
filter. </dd>
<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt>
<dd>Disable header/body_checks. This is typically specified AFTER
an external content filter. </dd>
<dt><b><a name="no_milters">no_milters</a></b></dt>
<dd>Disable Milter (mail filter) applications. This is typically
specified AFTER an external content filter. </dd>
</dl>
<p>
Note: when the "BEFORE content filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a>
setting is specified in the <a href="postconf.5.html">main.cf</a> file, specify the "AFTER content
filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> setting in <a href="master.5.html">master.cf</a> (and vice
versa).
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#receive_override_options">receive_override_options</a> =
<a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>, <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>
<a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
</pre>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="recipient_bcc_maps">recipient_bcc_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional BCC (blind carbon-copy) address lookup tables, indexed by
recipient address. The BCC address (multiple results are not
supported) is added when mail enters from outside of Postfix.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
<p>
The table search order is as follows:
</p>
<ul>
<li> Look up the "user+extension@domain.tld" address including the
optional address extension.
<li> Look up the "user@domain.tld" address without the optional
address extension.
<li> Look up the "user+extension" address local part when the
recipient domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<li> Look up the "user" address local part when the recipient domain
equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<li> Look up the "@domain.tld" part.
</ul>
<p>
Specify the types and names of databases to use. After change,
run "<b>postmap /etc/postfix/recipient_bcc</b>".
</p>
<p>
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
</p>
<p>
Note: with Postfix 2.2 and earlier the sender will be notified
when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_bcc
</pre>
</DD>
<DT><b><a name="recipient_canonical_classes">recipient_canonical_classes</a>
(default: envelope_recipient, header_recipient)</b></DT><DD>
<p> What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address
mapping. By default, <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address mapping is
applied to envelope recipient addresses, and to header recipient
addresses. </p>
<p> Specify one or more of: envelope_recipient, header_recipient
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="recipient_canonical_maps">recipient_canonical_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional address mapping lookup tables for envelope and header
recipient addresses.
The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>.
</p>
<p>
Note: $<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_canonical
</pre>
</DD>
<DT><b><a name="recipient_delimiter">recipient_delimiter</a>
(default: empty)</b></DT><DD>
<p> The set of characters that can separate a user name from its
extension (example: user+foo), or a .forward file name from its
extension (example: .forward+foo). Basically, the software tries
user+foo and .forward+foo before trying user and .forward. This
implementation recognizes one delimiter character and one extension
per email address or .forward file name. </p>
<p> When the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set contains multiple characters
(Postfix 2.11 and later), a user name or .forward file name is
separated from its extension by the first character that matches
the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set. </p>
<p> See <a href="canonical.5.html">canonical(5)</a>, <a href="local.8.html">local(8)</a>, <a href="relocated.5.html">relocated(5)</a> and <a href="virtual.5.html">virtual(5)</a> for the
effects of <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> on lookups in aliases, canonical,
virtual, and relocated maps, and see the <a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a>
parameter for propagating an extension from one email address to
another. </p>
<p> When used in <a href="postconf.5.html#command_execution_directory">command_execution_directory</a>, <a href="postconf.5.html#forward_path">forward_path</a>, or
<a href="postconf.5.html#luser_relay">luser_relay</a>, ${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>} is replaced with the actual
recipient delimiter that was found in the recipient email address
(Postfix 2.11 and later), or it is replaced with the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> parameter value (Postfix 2.10 and earlier).
</p>
<p> The <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is not applied to the mailer-daemon
address, the postmaster address, or the double-bounce address. With
the default "<a href="postconf.5.html#owner_request_special">owner_request_special</a> = yes" setting, the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>
is also not applied to addresses with the special "owner-" prefix
or the special "-request" suffix. </p>
<p>
Examples:
</p>
<pre>
# Handle Postfix-style extensions.
<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +
</pre>
<pre>
# Handle both Postfix and qmail extensions (Postfix 2.11 and later).
recipient_delimiters = +-
</pre>
<pre>
# Use .forward for mail without address extension, and for mail with
# an unrecognized address extension.
<a href="postconf.5.html#forward_path">forward_path</a> = $home/.forward${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>}${extension},
$home/.forward
</pre>
</DD>
<DT><b><a name="reject_code">reject_code</a>
(default: 554)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "reject" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="reject_tempfail_action">reject_tempfail_action</a>
(default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b></DT><DD>
<p> The Postfix SMTP server's action when a reject-type restriction
fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>
<p> For finer control, see: <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>,
<a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>, <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a>,
and <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="relay_clientcerts">relay_clientcerts</a>
(default: empty)</b></DT><DD>
<p> List of tables with remote SMTP client-certificate fingerprints or
public key fingerprints (Postfix 2.9 and later) for which the Postfix
SMTP server will allow access with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
feature. The fingerprint digest algorithm is configurable via the
<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
Postfix version 2.5). </p>
<p> Postfix lookup tables are in the form of (key, value) pairs.
Since we only need the key, the value can be chosen freely, e.g.
the name of the user or host:
D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_clientcerts
</pre>
<p>For more fine-grained control, use <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> to select
an appropriate <a href="access.5.html">access(5)</a> policy for each client.
See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
fingerprint incorrectly. To use public-key fingerprints, upgrade
to Postfix 2.9.6 or later. </p>
<p>This feature is available with Postfix version 2.2.</p>
</DD>
<DT><b><a name="relay_destination_concurrency_limit">relay_destination_concurrency_limit</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
<p> The maximal number of parallel deliveries to the same destination
via the relay message delivery transport. This limit is enforced
by the queue manager. The message delivery transport name is the
first field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
<p> This feature is available in Postfix 2.0 and later. </p>
</DD>
<DT><b><a name="relay_destination_recipient_limit">relay_destination_recipient_limit</a>
(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
<p> The maximal number of recipients per message for the relay
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the <a href="master.5.html">master.cf</a> file. </p>
<p> Setting this parameter to a value of 1 changes the meaning of
<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> from concurrency per domain
into concurrency per recipient. </p>
<p> This feature is available in Postfix 2.0 and later. </p>
</DD>
<DT><b><a name="relay_domains">relay_domains</a>
(default: $<a href="postconf.5.html#mydestination">mydestination</a>)</b></DT><DD>
<p> What destination domains (and subdomains thereof) this system
will relay mail to. Subdomain matching is controlled with the
<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. For details about how
the <a href="postconf.5.html#relay_domains">relay_domains</a> value is used, see the description of the
<a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> and <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> SMTP recipient
restrictions. </p>
<p> Domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a> are delivered with the
$<a href="postconf.5.html#relay_transport">relay_transport</a> mail delivery transport. The SMTP server validates
recipient addresses with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> and rejects non-existent
recipients. See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the
<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
<p> Note: Postfix will not automatically forward mail for domains
that list this system as their primary or backup MX host. See the
<a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> restriction in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
<p> Specify a list of host or domain names, "/file/name" patterns
or "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
lookup table is matched when a (parent) domain appears as lookup
key. Specify "!pattern" to exclude a domain from the list. The form
"!/file/name" is supported only in Postfix version 2.4 and later.
</p>
</DD>
<DT><b><a name="relay_domains_reject_code">relay_domains_reject_code</a>
(default: 554)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a client
request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="relay_recipient_maps">relay_recipient_maps</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables with all valid addresses in the domains
that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for
domains that have no valid recipient list, and become a source of
backscatter mail: Postfix accepts spam for non-existent recipients
and then floods innocent people with undeliverable mail. Technically,
tables
listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup. </p>
<p>
If this parameter is non-empty, then the Postfix SMTP server will reject
mail to unknown relay users. This feature is off by default.
</p>
<p>
See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>
file.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients
</pre>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="relay_transport">relay_transport</a>
(default: relay)</b></DT><DD>
<p>
The default mail delivery transport and next-hop destination for
remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of
decreasing precedence, the nexthop destination is taken from
$<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or
from the recipient domain. This information can be overruled with
the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>
file.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="relayhost">relayhost</a>
(default: empty)</b></DT><DD>
<p>
The next-hop destination of non-local mail; overrides non-local
domains in recipient addresses. This information is overruled with
<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,
<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
and with the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
On an intranet, specify the organizational domain name. If your
internal DNS uses no MX records, specify the name of the intranet
gateway host instead.
</p>
<p>
In the case of SMTP, specify a domain name, hostname, hostname:port,
[hostname]:port, [hostaddress] or [hostaddress]:port. The form
[hostname] turns off MX lookups.
</p>
<p>
If you're connected via UUCP, see the <a href="UUCP_README.html">UUCP_README</a> file for useful
information.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.example.com]
<a href="postconf.5.html#relayhost">relayhost</a> = uucphost
<a href="postconf.5.html#relayhost">relayhost</a> = [an.ip.add.ress]
</pre>
</DD>
<DT><b><a name="relocated_maps">relocated_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional lookup tables with new contact information for users or
domains that no longer exist. The table format and lookups are
documented in <a href="relocated.5.html">relocated(5)</a>.
</p>
<p>
If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to
build the necessary DBM or DB file after change, then "<b>postfix
reload</b>" to make the changes visible.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/relocated
<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relocated
</pre>
</DD>
<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a>
(default: empty)</b></DT><DD>
<p> Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite message headers and
append the specified domain name to incomplete addresses. The
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what clients Postfix
considers local. </p>
<p> Examples: </p>
<p> The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses. </p>
<blockquote>
<pre>
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid
</pre>
</blockquote>
<p> The default, purist, setting: don't rewrite headers from remote
clients at all. </p>
<blockquote>
<pre>
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> =
</pre>
</blockquote>
</DD>
<DT><b><a name="require_home_directory">require_home_directory</a>
(default: no)</b></DT><DD>
<p>
Require that a <a href="local.8.html">local(8)</a> recipient's home directory exists
before mail delivery is attempted. By default this test is disabled.
It can be useful for environments that import home directories to
the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).
</p>
</DD>
<DT><b><a name="reset_owner_alias">reset_owner_alias</a>
(default: no)</b></DT><DD>
<p> Reset the <a href="local.8.html">local(8)</a> delivery agent's idea of the owner-alias
attribute, when delivering mail to a child alias that does not have
its own owner alias. </p>
<p> This feature is available in Postfix 2.8 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"yes". </p>
<p> As documented in <a href="aliases.5.html">aliases(5)</a>, when an alias <i>name</i> has a
companion alias named owner-<i>name</i>, delivery errors will be
reported to the owner alias instead of the sender. This configuration
is recommended for mailing lists. <p>
<p> A less known property of the owner alias is that it also forces
the <a href="local.8.html">local(8)</a> delivery agent to write local and remote addresses
from alias expansion to a new queue file, instead of attempting to
deliver mail to local addresses as soon as they come out of alias
expansion. </p>
<p> Writing local addresses from alias expansion to a new queue
file allows for robust handling of temporary delivery errors: errors
with one local member have no effect on deliveries to other members
of the list. On the other hand, delivery to local addresses as
soon as they come out of alias expansion is fragile: a temporary
error with one local address from alias expansion will cause the
entire alias to be expanded repeatedly until the error goes away,
or until the message expires in the queue. In that case, a problem
with one list member results in multiple message deliveries to other
list members. </p>
<p> The default behavior of Postfix 2.8 and later is to keep the
owner-alias attribute of the parent alias, when delivering mail to
a child alias that does not have its own owner alias. Then, local
addresses from that child alias will be written to a new queue file,
and a temporary error with one local address will not affect delivery
to other mailing list members. </p>
<p> Unfortunately, older Postfix releases reset the owner-alias
attribute when delivering mail to a child alias that does not have
its own owner alias. The <a href="local.8.html">local(8)</a> delivery agent then attempts to
deliver local addresses as soon as they come out of child alias
expansion. If delivery to any address from child alias expansion
fails with a temporary error condition, the entire mailing list may
be expanded repeatedly until the mail expires in the queue, resulting
in multiple deliveries of the same message to mailing list members.
</p>
</DD>
<DT><b><a name="resolve_dequoted_address">resolve_dequoted_address</a>
(default: yes)</b></DT><DD>
<p> Resolve a recipient address safely instead of correctly, by
looking inside quotes. </p>
<p> By default, the Postfix address resolver does not quote the
address localpart as per <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or !
operators remain visible. This behavior is safe but it is also
technically incorrect. </p>
<p> If you specify "<a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> = no", then
the Postfix
resolver will not know about additional @ etc. operators in the
address localpart. This opens opportunities for obscure mail relay
attacks with user@domain@domain addresses when Postfix provides
backup MX service for Sendmail systems. </p>
</DD>
<DT><b><a name="resolve_null_domain">resolve_null_domain</a>
(default: no)</b></DT><DD>
<p> Resolve an address that ends in the "@" null domain as if the
local hostname were specified, instead of rejecting the address as
invalid. </p>
<p> This feature is available in Postfix 2.1 and later.
Earlier versions always resolve the null domain as the local
hostname. </p>
<p> The Postfix SMTP server uses this feature to reject mail from
or to addresses that end in the "@" null domain, and from addresses
that rewrite into a form that ends in the "@" null domain. </p>
</DD>
<DT><b><a name="resolve_numeric_domain">resolve_numeric_domain</a>
(default: no)</b></DT><DD>
<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of
rejecting the address as invalid. </p>
<p> This feature is available in Postfix 2.3 and later.
</DD>
<DT><b><a name="rewrite_service_name">rewrite_service_name</a>
(default: rewrite)</b></DT><DD>
<p>
The name of the address rewriting service. This service rewrites
addresses to standard form and resolves them to a (delivery method,
next-hop host, recipient) triple.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="sample_directory">sample_directory</a>
(default: /etc/postfix)</b></DT><DD>
<p>
The name of the directory with example Postfix configuration files.
Starting with Postfix 2.1, these files have been replaced with the
<a href="postconf.5.html">postconf(5)</a> manual page.
</p>
</DD>
<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a>
(default: no)</b></DT><DD>
<p> When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid); send
only the SASL authentiCation ID (authcid) plus the authcid's password.
</p>
<p> The non-default setting "yes" enables the behavior of older
Postfix versions. These always send a SASL authzid that is equal
to the SASL authcid, but this causes inter-operability problems
with some SMTP servers. </p>
<p> This feature is available in Postfix 2.4.4 and later. </p>
</DD>
<DT><b><a name="sender_based_routing">sender_based_routing</a>
(default: no)</b></DT><DD>
<p>
This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
in Postfix version 2.3.
</p>
</DD>
<DT><b><a name="sender_bcc_maps">sender_bcc_maps</a>
(default: empty)</b></DT><DD>
<p> Optional BCC (blind carbon-copy) address lookup tables, indexed
by sender address. The BCC address (multiple results are not
supported) is added when mail enters from outside of Postfix. </p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
<p>
The table search order is as follows:
</p>
<ul>
<li> Look up the "user+extension@domain.tld" address including the
optional address extension.
<li> Look up the "user@domain.tld" address without the optional
address extension.
<li> Look up the "user+extension" address local part when the
sender domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<li> Look up the "user" address local part when the sender domain
equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<li> Look up the "@domain.tld" part.
</ul>
<p>
Specify the types and names of databases to use. After change,
run "<b>postmap /etc/postfix/sender_bcc</b>".
</p>
<p>
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
</p>
<p>
Note: with Postfix 2.2 and earlier the sender will be notified
when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_bcc
</pre>
</DD>
<DT><b><a name="sender_canonical_classes">sender_canonical_classes</a>
(default: envelope_sender, header_sender)</b></DT><DD>
<p> What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address
mapping. By default, <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address mapping is
applied to envelope sender addresses, and to header sender addresses.
</p>
<p> Specify one or more of: envelope_sender, header_sender </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="sender_canonical_maps">sender_canonical_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional address mapping lookup tables for envelope and header
sender addresses.
The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>.
</p>
<p>
Example: you want to rewrite the SENDER address "user@ugly.domain"
to "user@pretty.domain", while still being able to send mail to
the RECIPIENT address "user@ugly.domain".
</p>
<p>
Note: $<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_canonical
</pre>
</DD>
<DT><b><a name="sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>
(default: empty)</b></DT><DD>
<p> A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a>
parameter setting. The tables are searched by the envelope sender
address and @domain. A lookup result of DUNNO terminates the search
without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting.
This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
<p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and
therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>, not the
syntax of <a href="postconf.5.html#transport_maps">transport_maps</a>. Specifically, this does not support the
<a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport, null nexthop, or null
email addresses. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
</DD>
<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
(default: empty)</b></DT><DD>
<p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
setting. The tables are searched by the envelope sender address and
@domain. A lookup result of DUNNO terminates the search without
overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and
later). This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a> and with
the <a href="transport.5.html">transport(5)</a> table. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
<p>
This feature is available in Postfix 2.3 and later.
</p>
</DD>
<DT><b><a name="sendmail_fix_line_endings">sendmail_fix_line_endings</a>
(default: always)</b></DT><DD>
<p> Controls how the Postfix sendmail command converts email message
line endings from <CR><LF> into UNIX format (<LF>).
</p>
<dl>
<dt> <b>always</b> </dt> <dd> Always convert message lines ending
in <CR><LF>. This setting is the default with Postfix
2.9 and later. </dd>
<dt> <b>strict</b> </dt> <dd> Convert message lines ending in
<CR><LF> only if the first input line ends in
<CR><LF>. This setting is backwards-compatible with
Postfix 2.8 and earlier. </dd>
<dt> <b>never</b> </dt> <dd> Never convert message lines ending in
<CR><LF>. This setting exists for completeness only.
</dd>
</dl>
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="sendmail_path">sendmail_path</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
A Sendmail compatibility feature that specifies the location of
the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. This command can be used to
submit mail into the Postfix queue.
</p>
</DD>
<DT><b><a name="service_throttle_time">service_throttle_time</a>
(default: 60s)</b></DT><DD>
<p>
How long the Postfix <a href="master.8.html">master(8)</a> waits before forking a server that
appears to be malfunctioning.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="setgid_group">setgid_group</a>
(default: postdrop)</b></DT><DD>
<p>
The group ownership of set-gid Postfix commands and of group-writable
Postfix directories. When this parameter value is changed you need
to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and
earlier: "<b>/etc/postfix/post-install set-permissions</b>".
</p>
</DD>
<DT><b><a name="show_user_unknown_table_name">show_user_unknown_table_name</a>
(default: yes)</b></DT><DD>
<p>
Display the name of the recipient table in the "User unknown"
responses. The extra detail makes trouble shooting easier but also
reveals information that is nobody elses business.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="showq_service_name">showq_service_name</a>
(default: showq)</b></DT><DD>
<p>
The name of the <a href="showq.8.html">showq(8)</a> service. This service produces mail queue
status reports.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="smtp_address_preference">smtp_address_preference</a>
(default: any)</b></DT><DD>
<p> The address type ("ipv6", "ipv4" or "any") that the Postfix
SMTP client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference. This feature has no effect
unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6.
With Postfix 2.8 the default is "ipv6". </p>
<p> Notes for mail delivery between sites that have both IPv4 and
IPv6 connectivity: </p>
<ul>
<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv6" is unsafe.
It can fail to deliver mail when there is an outage that affects
IPv6, while the destination is still reachable over IPv4. </p>
<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = any" is safe. With
this, mail will eventually be delivered even if there is an outage
that affects IPv6 or IPv4, as long as it does not affect both. </p>
</ul>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="smtp_always_send_ehlo">smtp_always_send_ehlo</a>
(default: yes)</b></DT><DD>
<p>
Always send EHLO at the start of an SMTP session.
</p>
<p>
With "<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> = no", the Postfix SMTP client sends
EHLO only when
the word "ESMTP" appears in the server greeting banner (example:
220 spike.porcupine.org ESMTP Postfix).
</p>
</DD>
<DT><b><a name="smtp_bind_address">smtp_bind_address</a>
(default: empty)</b></DT><DD>
<p>
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.
</p>
<p>
This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or
it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client,
for example:
</p>
<blockquote>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44
</pre>
</blockquote>
<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv4
address, and that address is a non-loopback address, it is
automatically used as the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not required here. </p>
</DD>
<DT><b><a name="smtp_bind_address6">smtp_bind_address6</a>
(default: empty)</b></DT><DD>
<p>
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv6 connection.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p>
This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or
it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client,
for example:
</p>
<blockquote>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>=1:2:3:4:5:6:7:8
</pre>
</blockquote>
<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv6
address, and that address is a non-loopback address, it is
automatically used as the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended here. </p>
</DD>
<DT><b><a name="smtp_body_checks">smtp_body_checks</a>
(default: empty)</b></DT><DD>
<p> Restricted <a href="header_checks.5.html">body_checks(5)</a> tables for the Postfix SMTP client.
These tables are searched while mail is being delivered. Actions
that change the delivery time or destination are not available.
</p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_cname_overrides_servername">smtp_cname_overrides_servername</a>
(default: version dependent)</b></DT><DD>
<p> When the remote SMTP servername is a DNS CNAME, replace the
servername with the result from CNAME expansion for the purpose of
logging, SASL password lookup, TLS
policy decisions, or TLS certificate verification. The value "no"
hardens Postfix <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> hostname-based policies against
false hostname information in DNS CNAME records, and makes SASL
password file lookups more predictable. This is the default setting
as of Postfix 2.3. </p>
<p> When DNS CNAME records are validated with secure DNS lookups
(<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> = dnssec), they are always allowed to
override the above servername (Postfix 2.11 and later). </p>
<p> This feature is available in Postfix 2.2.9 and later. </p>
</DD>
<DT><b><a name="smtp_connect_timeout">smtp_connect_timeout</a>
(default: 30s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit).
</p>
<p>
When no connection can be made within the deadline, the Postfix
SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_connection_cache_destinations">smtp_connection_cache_destinations</a>
(default: empty)</b></DT><DD>
<p> Permanently enable SMTP connection caching for the specified
destinations. With SMTP connection caching, a connection is not
closed immediately after completion of a mail transaction. Instead,
the connection is kept open for up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a>
seconds. This allows connections to be reused for other deliveries,
and can improve mail delivery performance. </p>
<p> Specify a comma or white space separated list of destinations
or pseudo-destinations: </p>
<ul>
<li> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the
right-hand side of an email address, without the [] around a numeric
IP address),
<li> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without
[] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the
transport map,
<li> if mail is sent via a UNIX-domain socket: a pathname (without
the unix: prefix),
<li> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as
defined above,
<li> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names on
the left-hand side. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>"
lookups is ignored.
</ul>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a>
(default: yes)</b></DT><DD>
<p> Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. With SMTP connection
caching, a connection is not closed immediately after completion
of a mail transaction. Instead, the connection is kept open for
up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> seconds. This allows
connections to be reused for other deliveries, and can improve mail
delivery performance. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a>
(default: 2s)</b></DT><DD>
<p> When SMTP connection caching is enabled, the amount of time that
an unused SMTP client socket is kept open before it is closed. Do
not specify larger values without permission from the remote sites.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a>
(default: 0)</b></DT><DD>
<p> When SMTP connection caching is enabled, the number of times
that an SMTP session may be reused before it is closed, or zero (no
limit). With a reuse count limit of N, a connection is used up to
N+1 times. </p>
<p> NOTE: This feature is unsafe. When a high-volume destination
has multiple inbound MTAs, then the slowest inbound MTA will attract
the most connections to that destination. This limitation does not
exist with the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> feature. </p>
<p> This feature is available in Postfix 2.11. </p>
</DD>
<DT><b><a name="smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a>
(default: 300s)</b></DT><DD>
<p> The amount of time during which Postfix will use an SMTP
connection repeatedly. The timer starts when the connection is
initiated (i.e. it includes the connect, greeting and helo latency,
in addition to the latencies of subsequent mail delivery transactions).
</p>
<p> This feature addresses a performance stability problem with
remote SMTP servers. This problem is not specific to Postfix: it
can happen when any MTA sends large amounts of SMTP email to a site
that has multiple MX hosts. </p>
<p> The problem starts when one of a set of MX hosts becomes slower
than the rest. Even though SMTP clients connect to fast and slow
MX hosts with equal probability, the slow MX host ends up with more
simultaneous inbound connections than the faster MX hosts, because
the slow MX host needs more time to serve each client request. </p>
<p> The slow MX host becomes a connection attractor. If one MX
host becomes N times slower than the rest, it dominates mail delivery
latency unless there are more than N fast MX hosts to counter the
effect. And if the number of MX hosts is smaller than N, the mail
delivery latency becomes effectively that of the slowest MX host
divided by the total number of MX hosts. </p>
<p> The solution uses connection caching in a way that differs from
Postfix version 2.2. By limiting the amount of time during which a connection
can be used repeatedly (instead of limiting the number of deliveries
over that connection), Postfix not only restores fairness in the
distribution of simultaneous connections across a set of MX hosts,
it also favors deliveries over connections that perform well, which
is exactly what we want. </p>
<p> The default reuse time limit, 300s, is comparable to the various
smtp transaction timeouts which are fair estimates of maximum excess
latency for a slow delivery. Note that hosts may accept thousands
of messages over a single connection within the default connection
reuse time limit. This number is much larger than the default Postfix
version 2.2 limit of 10 messages per cached connection. It may prove necessary
to lower the limit to avoid interoperability issues with MTAs that
exhibit bugs when many messages are delivered via a single connection.
A lower reuse time limit risks losing the benefit of connection
reuse when the average connection and mail delivery latency exceeds
the reuse time limit. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_data_done_timeout">smtp_data_done_timeout</a>
(default: 600s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the SMTP ".", and
for receiving the remote SMTP server response.
</p>
<p>
When no response is received within the deadline, a warning is
logged that the mail may be delivered multiple times.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_data_init_timeout">smtp_data_init_timeout</a>
(default: 120s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the SMTP DATA command,
and for receiving the remote SMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>
(default: 180s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>
seconds the Postfix SMTP client terminates the transfer.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a>
(default: no)</b></DT><DD>
<p>
Defer mail delivery when no MX record resolves to an IP address.
</p>
<p>
The default (no) is to return the mail as undeliverable. With older
Postfix versions the default was to keep trying to deliver the mail
until someone fixed the MX record or until the mail was too old.
</p>
<p>
Note: the Postfix SMTP client always ignores MX records with equal
or worse preference
than the local MTA itself.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
<p> The maximal number of parallel deliveries to the same destination
via the smtp message delivery transport. This limit is enforced by
the queue manager. The message delivery transport name is the first
field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
</DD>
<DT><b><a name="smtp_destination_recipient_limit">smtp_destination_recipient_limit</a>
(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
<p> The maximal number of recipients per message for the smtp
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the <a href="master.5.html">master.cf</a> file. </p>
<p> Setting this parameter to a value of 1 changes the meaning of
<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> from concurrency per domain
into concurrency per recipient. </p>
</DD>
<DT><b><a name="smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>
(default: empty)</b></DT><DD>
<p> Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The
table is not indexed by hostname for consistency with
<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a>
(default: empty)</b></DT><DD>
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> Notes: </p>
<ul>
<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
this action from being logged. </p>
<li> <p> Use the <a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to
discard EHLO keywords selectively. </p>
</ul>
</DD>
<DT><b><a name="smtp_dns_resolver_options">smtp_dns_resolver_options</a>
(default: empty)</b></DT><DD>
<p> DNS Resolver options for the Postfix SMTP client. Specify zero
or more of the following options, separated by comma or whitespace.
Option names are case-sensitive. Some options refer to domain names
that are specified in the file /etc/resolv.conf or equivalent. </p>
<dl>
<dt><b>res_defnames</b></dt>
<dd> Append the current domain name to single-component names (those
that do not contain a "." character). This can produce incorrect
results, and is the hard-coded behavior prior to Postfix 2.8. </dd>
<dt><b>res_dnsrch</b></dt>
<dd> Search for host names in the current domain and in parent
domains. This can produce incorrect results and is therefore not
recommended. </dd>
</dl>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="smtp_dns_support_level">smtp_dns_support_level</a>
(default: empty)</b></DT><DD>
<p> Level of DNS support in the Postfix SMTP client. With
"<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>" left at its empty default value, the legacy
"<a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>" parameter controls whether DNS is enabled in
the Postfix SMTP client, otherwise the legacy parameter is ignored.
</p>
<p> Specify one of the following: </p>
<dl>
<dt><b>disabled</b></dt>
<dd>Disable DNS lookups. No MX lookups are performed and hostname
to address lookups are unconditionally "native". This setting is
not appropriate for hosts that deliver mail to the public Internet.
Some obsolete how-to documents recommend disabling DNS lookups in
some configurations with content_filters. This is no longer required
and strongly discouraged. </dd>
<dt><b>enabled</b></dt>
<dd>Enable DNS lookups. Nexthop destination domains not enclosed
in "[]" will be subject to MX lookups. If "dns" and "native" are
included in the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter value, DNS will be
queried first to resolve MX-host A records, followed by "native"
lookups if no answer is found in DNS. </dd>
<dt><b>dnssec</b></dt>
<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a>
lookups. The "dnssec" setting differs from the "enabled" setting
above in the following ways: <ul> <li>Any MX lookups will set
RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
responses. If the MX response is DNSSEC-validated the corresponding
hostnames are considered validated. <li> The address lookups of
validated hostnames are also validated, (provided of course
"<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" includes "dns", see below). <li>Temporary
failures in DNSSEC-enabled hostname-to-address resolution block any
"native" lookups. Additional "native" lookups only happen when
DNSSEC lookups hard-fail (NODATA or NXDOMAIN). </ul> </dd>
</dl>
<p> The Postfix SMTP client considers non-MX "[nexthop]" and
"[nexthop]:port" destinations equivalent to statically-validated
MX records of the form "nexthop. IN MX 0 nexthop." Therefore,
with "dnssec" support turned on, validated hostname-to-address
lookups apply to the nexthop domain of any "[nexthop]" or
"[nexthop]:port" destination. This is also true for LMTP "inet:host"
and "inet:host:port" destinations, as LMTP hostnames are never
subject to MX lookups. </p>
<p>The "dnssec" setting is recommended only if you plan to use the
<a href="TLS_README.html#client_tls_dane">dane</a> or <a
href="TLS_README.html#client_tls_dane">dane-only</a> TLS security
level, otherwise enabling DNSSEC support in Postfix offers no
additional security. Postfix DNSSEC support relies on an upstream
recursive nameserver that validates DNSSEC signatures. Such a DNS
server will always filter out forged DNS responses, even when Postfix
itself is not configured to use DNSSEC. </p>
<p> When using Postfix DANE support the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter
should include "dns", as <a
href="https://tools.ietf.org/html/rfc6698">DANE</a> is not applicable
to hosts resolved via "native" lookups. </p>
<p> As mentioned above, Postfix is not a validating <a
href="https://tools.ietf.org/html/rfc4035#section-4.9">stub
resolver</a>; it relies on the system's configured DNSSEC-validating
<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive
nameserver</a> to perform all DNSSEC validation. Since this
nameserver's DNSSEC-validated responses will be fully trusted, it
is strongly recommended that the MTA host have a local DNSSEC-validating
recursive caching nameserver listening on a loopback address, and
be configured to use only this nameserver for all lookups. Otherwise,
Postfix may remain subject to man-in-the-middle attacks that forge
responses from the recursive nameserver</p>
<p>DNSSEC support requires a version of Postfix compiled against a
reasonably-modern DNS resolver(3) library that implements the
RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a>
(default: no)</b></DT><DD>
<p> Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear. This also requires
that the remote SMTP server hostname matches the information in
the remote server certificate, and that the remote SMTP server
certificate was issued by a CA that is trusted by the Postfix SMTP
client. If the certificate doesn't verify or the hostname doesn't
match, delivery is deferred and mail stays in the queue. </p>
<p> The server hostname is matched against all names provided as
dNSNames in the SubjectAlternativeName. If no dNSNames are specified,
the CommonName is checked. The behavior may be changed with the
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p>
<p> This option is useful only if you are definitely sure that you
will only connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that
provide valid server certificates. Typical use is for clients that
send all their email to a dedicated mailhub. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p>
</DD>
<DT><b><a name="smtp_fallback_relay">smtp_fallback_relay</a>
(default: $<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b></DT><DD>
<p>
Optional list of relay hosts for SMTP destinations that can't be
found or that are unreachable. With Postfix 2.2 and earlier this
parameter is called <a href="postconf.5.html#fallback_relay">fallback_relay</a>. </p>
<p>
By default, mail is returned to the sender when a destination is
not found, and delivery is deferred when a destination is unreachable.
</p>
<p> With bulk email deliveries, it can be beneficial to run the
fallback relay MTA on the same host, so that it can reuse the sender
IP address. This speeds up deliveries that are delayed by IP-based
reputation systems (greylist, etc.). </p>
<p> The fallback relays must be SMTP destinations. Specify a domain,
host, host:port, [host]:port, [address] or [address]:port; the form
[host] turns off MX lookups. If you specify multiple SMTP
destinations, Postfix will try them in the specified order. </p>
<p> To prevent mailer loops between MX hosts and fall-back hosts,
Postfix version 2.2 and later will not use the fallback relays for
destinations that it is MX host for (assuming DNS lookup is turned on).
</p>
</DD>
<DT><b><a name="smtp_generic_maps">smtp_generic_maps</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables that perform address rewriting in the
Postfix SMTP client, typically to transform a locally valid address into
a globally valid address when sending mail across the Internet.
This is needed when the local machine does not have its own Internet
domain name, but uses something like <i>localdomain.local</i>
instead. </p>
<p> The table format and lookups are documented in <a href="generic.5.html">generic(5)</a>;
examples are shown in the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> and
<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_header_checks">smtp_header_checks</a>
(default: empty)</b></DT><DD>
<p> Restricted <a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP client.
These tables are searched while mail is being delivered. Actions
that change the delivery time or destination are not available.
</p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_helo_name">smtp_helo_name</a>
(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
<p>
The hostname to send in the SMTP EHLO or HELO command.
</p>
<p>
The default value is the machine hostname. Specify a hostname or
[ip.add.re.ss].
</p>
<p>
This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP
clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific
client, for example:
</p>
<blockquote>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
mysmtp ... smtp -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=foo.bar.com
</pre>
</blockquote>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="smtp_helo_timeout">smtp_helo_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the HELO or EHLO command,
and for receiving the initial remote SMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_host_lookup">smtp_host_lookup</a>
(default: dns)</b></DT><DD>
<p>
What mechanisms the Postfix SMTP client uses to look up a host's
IP address. This parameter is ignored when DNS lookups are disabled
(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> and <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>). The "dns"
mechanism is always tried before "native" if both are listed.
</p>
<p>
Specify one of the following:
</p>
<dl>
<dt><b>dns</b></dt>
<dd>Hosts can be found in the DNS (preferred). </dd>
<dt><b>native</b></dt>
<dd>Use the native naming service only (nsswitch.conf, or equivalent
mechanism). </dd>
<dt><b>dns, native</b></dt>
<dd>Use the native service for hosts not found in the DNS. </dd>
</dl>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtp_line_length_limit">smtp_line_length_limit</a>
(default: 998)</b></DT><DD>
<p>
The maximal length of message header and body lines that Postfix
will send via SMTP. This limit does not include the <CR><LF>
at the end of each line. Longer lines are broken by inserting
"<CR><LF><SPACE>", to minimize the damage to MIME
formatted mail.
</p>
<p>
The Postfix limit of 998 characters not including <CR><LF>
is consistent with the SMTP limit of 1000 characters including
<CR><LF>. The Postfix limit was 990 with Postfix 2.8
and earlier.
</p>
</DD>
<DT><b><a name="smtp_mail_timeout">smtp_mail_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the MAIL FROM command,
and for receiving the remote SMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_mime_header_checks">smtp_mime_header_checks</a>
(default: empty)</b></DT><DD>
<p> Restricted mime_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP
client. These tables are searched while mail is being delivered.
Actions that change the delivery time or destination are not
available. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_mx_address_limit">smtp_mx_address_limit</a>
(default: 5)</b></DT><DD>
<p>
The maximal number of MX (mail exchanger) IP addresses that can
result from Postfix SMTP client mail exchanger lookups, or zero (no
limit). Prior to
Postfix version 2.3, this limit was disabled by default.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtp_mx_session_limit">smtp_mx_session_limit</a>
(default: 2)</b></DT><DD>
<p> The maximal number of SMTP sessions per delivery request before
the Postfix SMTP client
gives up or delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no
limit). This restriction ignores sessions that fail to complete the
SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p>
<p> This feature is available in Postfix 2.1 and later. </p>
</DD>
<DT><b><a name="smtp_nested_header_checks">smtp_nested_header_checks</a>
(default: empty)</b></DT><DD>
<p> Restricted nested_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP
client. These tables are searched while mail is being delivered.
Actions that change the delivery time or destination are not
available. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_never_send_ehlo">smtp_never_send_ehlo</a>
(default: no)</b></DT><DD>
<p> Never send EHLO at the start of an SMTP session. See also the
<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p>
</DD>
<DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a>
(default: no)</b></DT><DD>
<p> Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to send
or receive a complete record (an SMTP command line, SMTP response
line, SMTP message content line, or TLS protocol message). This
limits the impact from hostile peers that trickle data one byte at
a time. </p>
<p> Note: when per-record deadlines are enabled, a short timeout
may cause problems with TLS over very slow network connections.
The reasons are that a TLS protocol message can be up to 16 kbytes
long (with TLSv1), and that an entire TLS protocol message must be
sent or received within the per-record deadline. </p>
<p> This feature is available in Postfix 2.9 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"no". </p>
</DD>
<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
(default: 10s)</b></DT><DD>
<p>
How long the Postfix SMTP client pauses before sending
".<CR><LF>" in order to work around the PIX firewall
"<CR><LF>.<CR><LF>" bug.
</p>
<p>
Choosing a too short time makes this workaround ineffective when
sending large messages over slow network connections.
</p>
</DD>
<DT><b><a name="smtp_pix_workaround_maps">smtp_pix_workaround_maps</a>
(default: empty)</b></DT><DD>
<p> Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs. The table
is not indexed by hostname for consistency with
<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>. </p>
<p> This feature is available in Postfix 2.4 and later. </p>
</DD>
<DT><b><a name="smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a>
(default: 500s)</b></DT><DD>
<p> How long a message must be queued before the Postfix SMTP client
turns on the PIX firewall "<CR><LF>.<CR><LF>"
bug workaround for delivery through firewalls with "smtp fixup"
mode turned on. </p>
<p>
By default, the workaround is turned off for mail that is queued
for less than 500 seconds. In other words, the workaround is normally
turned off for the first delivery attempt.
</p>
<p>
Specify 0 to enable the PIX firewall
"<CR><LF>.<CR><LF>" bug workaround upon the
first delivery attempt.
</p>
</DD>
<DT><b><a name="smtp_pix_workarounds">smtp_pix_workarounds</a>
(default: disable_esmtp, delay_dotcrlf)</b></DT><DD>
<p> A list that specifies zero or more workarounds for CISCO PIX
firewall bugs. These workarounds are implemented by the Postfix
SMTP client. Workaround names are separated by comma or space, and
are case insensitive. This parameter setting can be overruled with
per-destination <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> settings. </p>
<dl>
<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending
".<CR><LF>" after the end of the message content. The
delay is subject to the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> and
<a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> parameter settings. </dd>
<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands:
send HELO instead of EHLO. </dd>
</dl>
<p> This feature is available in Postfix 2.4 and later. The default
settings are backwards compatible with earlier Postfix versions.
</p>
</DD>
<DT><b><a name="smtp_quit_timeout">smtp_quit_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the QUIT command,
and for receiving the remote SMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>
(default: yes)</b></DT><DD>
<p>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
The default is to comply with <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to
a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>:
</p>
<blockquote>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
broken-smtp . . . smtp -o <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>=no
</pre>
</blockquote>
<p>
and route mail for the destination in question to the "broken-smtp"
message delivery with a <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtp_randomize_addresses">smtp_randomize_addresses</a>
(default: yes)</b></DT><DD>
<p>
Randomize the order of equal-preference MX host addresses. This
is a performance feature of the Postfix SMTP client.
</p>
</DD>
<DT><b><a name="smtp_rcpt_timeout">smtp_rcpt_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtp_reply_filter">smtp_reply_filter</a>
(default: empty)</b></DT><DD>
<p> A mechanism to transform replies from remote SMTP servers one
line at a time. This is a last-resort tool to work around server
replies that break inter-operability with the Postfix SMTP client.
Other uses involve fault injection to test Postfix's handling of
invalid responses. </p>
<p> Notes: </p>
<ul>
<li> <p> In the case of a multi-line reply, the Postfix SMTP client
uses the final reply line's numerical SMTP reply code and enhanced
status code. </p>
<li> <p> The numerical SMTP reply code (XYZ) takes precedence over
the enhanced status code (X.Y.Z). When the enhanced status code
initial digit differs from the SMTP reply code initial digit, or
when no enhanced status code is present, the Postfix SMTP client
uses a generic enhanced status code (X.0.0) instead. </p>
</ul>
<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search
string is a single SMTP reply line as received from the remote SMTP
server, except that the trailing <CR><LF> are removed.
When the lookup succeeds, the result replaces the single SMTP reply
line. </p>
<p> Examples: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/reply_filter
</pre>
<pre>
/etc/postfix/reply_filter:
# Transform garbage into "250-filler..." so that it looks like
# one line from a multi-line reply. It does not matter what we
# substitute here as long it has the right syntax. The Postfix
# SMTP client will use the final line's numerical SMTP reply
# code and enhanced status code.
!/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage
</pre>
<p> This feature is available in Postfix 2.7. </p>
</DD>
<DT><b><a name="smtp_rset_timeout">smtp_rset_timeout</a>
(default: 20s)</b></DT><DD>
<p> The Postfix SMTP client time limit for sending the RSET command,
and for receiving the remote SMTP server response. The SMTP client
sends RSET in
order to finish a recipient address probe, or to verify that a
cached session is still usable. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
(default: empty)</b></DT><DD>
<p> An optional table to prevent repeated SASL authentication
failures with the same remote SMTP server hostname, username and
password. Each table (key, value) pair contains a server name, a
username and password, and the full server response. This information
is stored when a remote SMTP server rejects an authentication attempt
with a 535 reply code. As long as the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a>
information does no change, and as long as the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
information does not expire (see <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>) the
Postfix SMTP client avoids SASL authentication attempts with the
same server, username and password, and instead bounces or defers
mail as controlled with the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> configuration
parameter. </p>
<p> Use a per-destination delivery concurrency of 1 (for example,
"<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> = 1",
"<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> = 1", etc.), otherwise multiple
delivery agents may experience a login failure at the same time.
</p>
<p> The table must be accessed via the proxywrite service, i.e. the
map name must start with "<a href="proxymap.8.html">proxy</a>:". The table should be stored under
the directory specified with the <a href="postconf.5.html#data_directory">data_directory</a> parameter. </p>
<p> This feature uses cryptographic hashing to protect plain-text
passwords, and requires that Postfix is compiled with TLS support.
</p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/sasl_auth_cache
</pre>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>
(default: 90d)</b></DT><DD>
<p> The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
is removed. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_auth_enable">smtp_sasl_auth_enable</a>
(default: no)</b></DT><DD>
<p>
Enable SASL authentication in the Postfix SMTP client. By default,
the Postfix SMTP client uses no authentication.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
</pre>
</DD>
<DT><b><a name="smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a>
(default: yes)</b></DT><DD>
<p> When a remote SMTP server rejects a SASL authentication request
with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable. The latter behavior was hard-coded prior to
Postfix version 2.5. </p>
<p> Note: the setting "yes" overrides the global <a href="postconf.5.html#soft_bounce">soft_bounce</a>
parameter, but the setting "no" does not. </p>
<p> Example: </p>
<pre>
# Default as of Postfix 2.5
<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = yes
# The old hard-coded default
<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = no
</pre>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
(default: empty)</b></DT><DD>
<p>
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> specifies an optional third mechanism
list to intersect with. </p>
<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>"
lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups
is ignored. Specify "!pattern" to exclude a mechanism name from the
list. The form "!/file/name" is supported only in Postfix version
2.4 and later. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login
<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = /etc/postfix/smtp_mechs
<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:rest
</pre>
</DD>
<DT><b><a name="smtp_sasl_password_maps">smtp_sasl_password_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional Postfix SMTP client lookup tables with one username:password
entry
per remote hostname or domain, or sender address when sender-dependent
authentication is enabled. If no username:password entry is found,
then the Postfix SMTP client will not
attempt to authenticate to the remote host.
</p>
<p>
The Postfix SMTP client opens the lookup table before going to
chroot jail, so you can leave the password file in /etc/postfix.
</p>
</DD>
<DT><b><a name="smtp_sasl_path">smtp_sasl_path</a>
(default: empty)</b></DT><DD>
<p> Implementation-specific information that the Postfix SMTP client
passes through to
the SASL plug-in implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_security_options">smtp_sasl_security_options</a>
(default: noplaintext, noanonymous)</b></DT><DD>
<p> Postfix SMTP client SASL security options; as of Postfix 2.3
the list of available
features depends on the SASL client implementation that is selected
with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. </p>
<p> The following security features are defined for the <b>cyrus</b>
client SASL implementation: </p>
<p>
Specify zero or more of the following:
</p>
<dl>
<dt><b>noplaintext</b></dt>
<dd>Disallow methods that use plaintext passwords. </dd>
<dt><b>noactive</b></dt>
<dd>Disallow methods subject to active (non-dictionary) attack.
</dd>
<dt><b>nodictionary</b></dt>
<dd>Disallow methods subject to passive (dictionary) attack. </dd>
<dt><b>noanonymous</b></dt>
<dd>Disallow methods that allow anonymous authentication. </dd>
<dt><b>mutual_auth</b></dt>
<dd>Only allow methods that provide mutual authentication (not
available with SASL version 1). </dd>
</dl>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noplaintext
</pre>
</DD>
<DT><b><a name="smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>
(default: $<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b></DT><DD>
<p> The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a>
(default: $<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b></DT><DD>
<p> The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified server
certificate. </p>
<p> When mail is sent to the public MX host for the recipient's
domain, server certificates are by default optional, and delivery
proceeds even if certificate verification fails. For delivery via
a submission service that requires SASL authentication, it may be
appropriate to send plaintext passwords only when the connection
to the server is strongly encrypted <b>and</b> the server identity
is verified. </p>
<p> The <a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> parameter makes it
possible to only enable plaintext mechanisms when a secure connection
to the server is available. Submission servers subject to this
policy must either have verifiable certificates or offer suitable
non-plaintext SASL mechanisms. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_type">smtp_sasl_type</a>
(default: cyrus)</b></DT><DD>
<p> The SASL plug-in type that the Postfix SMTP client should use
for authentication. The available types are listed with the
"<b>postconf -A</b>" command. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a>
(default: no)</b></DT><DD>
<p> Whether or not to append the "AUTH=<>" option to the MAIL
FROM command in SASL-authenticated SMTP sessions. The default is
not to send this, to avoid problems with broken remote SMTP servers.
Before Postfix 2.9 the behavior is as if "<a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a>
= yes".
<p> This feature is available in Postfix 2.9 and later. </p>
</DD>
<DT><b><a name="smtp_send_xforward_command">smtp_send_xforward_command</a>
(default: no)</b></DT><DD>
<p>
Send the non-standard XFORWARD command when the Postfix SMTP server
EHLO response announces XFORWARD support.
</p>
<p>
This allows a Postfix SMTP delivery agent, used for injecting mail
into
a content filter, to forward the name, address, protocol and HELO
name of the original client to the content filter and downstream
queuing SMTP server. This can produce more useful logging than
localhost[127.0.0.1] etc.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a>
(default: no)</b></DT><DD>
<p>
Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials. </p>
<p>
This feature is available in Postfix 2.3 and later.
</p>
</DD>
<DT><b><a name="smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a>
(default: yes)</b></DT><DD>
<p>
Skip SMTP servers that greet with a 4XX status code (go away, try
again later).
</p>
<p>
By default, the Postfix SMTP client moves on the next mail exchanger.
Specify
"<a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> = no" if Postfix should defer delivery
immediately.
</p>
<p> This feature is available in Postfix 2.0 and earlier.
Later Postfix versions always skip remote SMTP servers that greet
with a
4XX status code. </p>
</DD>
<DT><b><a name="smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a>
(default: yes)</b></DT><DD>
<p>
Skip remote SMTP servers that greet with a 5XX status code.
</p>
<p> By default, the Postfix SMTP client moves on the next mail
exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should
bounce the mail immediately. Caution: the latter behavior appears
to contradict <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
</DD>
<DT><b><a name="smtp_skip_quit_response">smtp_skip_quit_response</a>
(default: yes)</b></DT><DD>
<p>
Do not wait for the response to the SMTP QUIT command.
</p>
</DD>
<DT><b><a name="smtp_starttls_timeout">smtp_starttls_timeout</a>
(default: 300s)</b></DT><DD>
<p> Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_CAfile">smtp_tls_CAfile</a>
(default: empty)</b></DT><DD>
<p> A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA certificates.
These are loaded into memory before the <a href="smtp.8.html">smtp(8)</a> client enters the
chroot jail. If the number of trusted roots is large, consider using
<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> instead, but note that the latter directory must be
present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use
ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_CApath">smtp_tls_CApath</a>
(default: empty)</b></DT><DD>
<p> Directory with PEM format certificate authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate. Don't forget to create the necessary "hash" links
with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
</p>
<p> To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. </p>
<p> Specify "<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a>
(default: no)</b></DT><DD>
<p> Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends malicious
HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
The attack would succeed with non-Postfix SMTP servers that reply
to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
the Postfix SMTP client TLS session. </p>
<p> This feature is available in Postfix 2.7. </p>
</DD>
<DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client RSA certificate in PEM format.
This file may also contain the Postfix SMTP client private RSA key,
and these may be the same as the Postfix SMTP server RSA certificate and key
file. </p>
<p> Do not configure client certificates unless you <b>must</b> present
client TLS certificates to one or more servers. Client certificates are
not usually needed, and can cause problems in configurations that work
well without them. The recommended setting is to let the defaults stand: </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> =
<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> =
<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> =
<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> =
<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> =
<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> =
</pre>
</blockquote>
<p> The best way to use the default settings is to comment out the above
parameters in <a href="postconf.5.html">main.cf</a> if present. </p>
<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
certificate file, the client certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem > client.pem". </p>
<p> If you also want to verify remote SMTP server certificates issued by
these CAs, you can add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in
which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>,
<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p>
<p> A certificate supplied here must be usable as an SSL client certificate
and hence pass the "openssl verify -purpose sslclient ..." test. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/client.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_cipherlist">smtp_tls_cipherlist</a>
(default: empty)</b></DT><DD>
<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list. As this feature applies to all TLS security levels, it is easy
to create inter-operability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
only support the ciphers you exclude. Using a restricted cipher list
may be more appropriate for an internal MTA, where one can exert some
control over the TLS software and settings of the peer servers. </p>
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
<p> This feature is available in Postfix version 2.2. It is not used with
Postfix 2.3 and later; use <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> instead. </p>
</DD>
<DT><b><a name="smtp_tls_ciphers">smtp_tls_ciphers</a>
(default: export)</b></DT><DD>
<p> The minimum TLS cipher grade that the Postfix SMTP client
will use with opportunistic TLS encryption. Cipher types listed in
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> are excluded from the base definition of
the selected cipher grade. The default value "export" ensures maximum
inter-operability. Because encryption is optional, stronger controls
are not appropriate, and this setting SHOULD NOT be changed unless the
change is essential. </p>
<p> When TLS is mandatory the cipher grade is chosen via the
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameter, see there for syntax
details. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
ciphers on a per-destination basis. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
</pre>
<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
releases only the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter is implemented,
and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
</DD>
<DT><b><a name="smtp_tls_dcert_file">smtp_tls_dcert_file</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client DSA certificate in PEM format.
This file may also contain the Postfix SMTP client private DSA key. </p>
<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details.
</p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_dkey_file">smtp_tls_dkey_file</a>
(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP client DSA private key in PEM format.
This file may be combined with the Postfix SMTP client DSA certificate
file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_eccert_file">smtp_tls_eccert_file</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client ECDSA certificate in PEM format.
This file may also contain the Postfix SMTP client ECDSA private key. </p>
<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details.
</p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = /etc/postfix/ecdsa-ccert.pem
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
<DT><b><a name="smtp_tls_eckey_file">smtp_tls_eckey_file</a>
(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP client ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP client ECDSA
certificate file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
(default: yes)</b></DT><DD>
<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking
for MTA clients are not specified. </p>
<p> This option can be set to "no" to disable strict peer name
checking. This setting has no effect on sessions that are controlled
via the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table. </p>
<p> Disabling the hostname verification can make sense in closed
environment where special CAs are created. If not used carefully,
this option opens the danger of a "man-in-the-middle" attack (the
CommonName of this attacker will be logged). </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p>
</DD>
<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> List of ciphers or cipher types to exclude from the Postfix
SMTP client cipher
list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>
<p> Examples (some of these will cause problems): </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = MD5, DES
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = DES+MD5
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = kEDH+aRSA
</pre>
</blockquote>
<p> The first setting, disables anonymous ciphers. The next setting
disables ciphers that use the MD5 digest algorithm or the (single) DES
encryption algorithm. The next setting disables ciphers that use MD5 and
DES together. The next setting disables the two ciphers "AES256-SHA"
and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
key exchange with RSA authentication. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a>
(default: empty)</b></DT><DD>
<p> List of acceptable remote SMTP server certificate fingerprints for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> =
fingerprint). At this security level, certificate authorities are not
used, and certificate expiration times are ignored. Instead, server
certificates are verified directly via their certificate fingerprint
or public key fingerprint (Postfix 2.9 and later). The fingerprint
is a message digest of the server certificate (or public key). The
digest algorithm is selected via the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b>
parameter. </p>
<p> When an <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a></b> table entry specifies the
"fingerprint" security level, any "match" attributes in that entry specify
the list of valid fingerprints for the corresponding destination. Multiple
fingerprints can be combined with a "|" delimiter in a single match
attribute, or multiple match attributes can be employed. </p>
<p> Example: Certificate fingerprint verification with internal mailhub.
Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple
physical hosts behind a load-balancer, each with its own private/public
key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may
be in the process of switching from one set of private/public keys to
another, and both keys are trusted just prior to the transition. </p>
<blockquote>
<pre>
<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5
<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
</blockquote>
<p> Example: Certificate fingerprint verification with selected destinations.
As in the example above, we show two matching fingerprints: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5
</pre>
</blockquote>
<blockquote>
<pre>
/etc/postfix/tls_policy:
example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
</blockquote>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>
(default: md5)</b></DT><DD>
<p> The message digest algorithm used to construct remote SMTP server
certificate fingerprints. At the "fingerprint" TLS security level
(<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint), the server certificate is
verified by directly matching its certificate fingerprint or its public
key fingerprint (Postfix 2.9 and later). The fingerprint is the
message digest of the server certificate (or its public key)
using the selected
algorithm. With a digest algorithm resistant to "second pre-image"
attacks, it is not feasible to create a new public key and a matching
certificate (or public/private key-pair) that has the same fingerprint. </p>
<p> The default algorithm is <b>md5</b>; this is consistent with
the backwards compatible setting of the digest used to verify client
certificates in the SMTP server. </p>
<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash
function cryptanalysis have led to md5 being deprecated in favor of sha1.
However, as long as there are no known "second pre-image" attacks
against md5, its use in this context can still be considered safe.
</p>
<p> While additional digest algorithms are often available with OpenSSL's
libcrypto, only those used by libssl in SSL cipher suites are available to
Postfix. For now this means just md5 or sha1. </p>
<p> To find the fingerprint of a specific certificate file, with a
specific digest algorithm, run:
</p>
<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem
</pre>
</blockquote>
<p> The text to the right of "=" sign is the desired fingerprint.
For example: </p>
<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -sha1 -in cert.pem
SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
</pre>
</blockquote>
<p> To extract the public key fingerprint from an X.509 certificate,
you need to extract the public key from the certificate and compute
the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
the "-pubkey" option of the "x509" command extracts the public
key always in "PEM" format. We pipe the result to another OpenSSL
command that converts the key to DER and then to the "dgst" command
to compute the fingerprint. </p>
<p> The actual command to transform the key to DER format depends
on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
"pkey" command supports all key types. With OpenSSL 0.9.8 and
earlier, the key type is always RSA (nobody uses DSA, and EC
keys are not fully supported by 0.9.8), so the "rsa" command is
used. </p>
<blockquote>
<pre>
# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
openssl pkey -pubin -outform DER |
openssl dgst -sha1 -c
(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
</pre>
</blockquote>
<blockquote>
<pre>
# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
openssl rsa -pubin -outform DER |
openssl dgst -md5 -c
(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
</pre>
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
fingerprint incorrectly. To use public-key fingerprints, upgrade
to Postfix 2.9.6 or later. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a>
(default: no)</b></DT><DD>
<p> Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone. This
is unlikely to ever yield DNSSEC validated results, since child
zones of unsigned zones are also unsigned in the absence of DLV or
locally configured non-root trust-anchors. We anticipate that such
mechanisms will not be used for just the "_tcp" subdomain of a host.
Suppressing the TLSA RRset lookup reduces latency and avoids potential
interoperability problems with nameservers for unsigned zones that
are not prepared to handle the new TLSA RRset. </p>
<p> This feature is available in Postfix 2.11. </p>
</DD>
<DT><b><a name="smtp_tls_key_file">smtp_tls_key_file</a>
(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP client RSA private key in PEM format.
This file may be combined with the Postfix SMTP client RSA certificate
file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_loglevel">smtp_tls_loglevel</a>
(default: 0)</b></DT><DD>
<p> Enable additional Postfix SMTP client logging of TLS activity.
Each logging level also includes the information that is logged at
a lower logging level. </p>
<dl compact>
<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion
— no logging of remote SMTP server certificate trust-chain
verification errors if server certificate verification is not required.
With Postfix 2.8 and earlier, disable logging of TLS activity. </dd>
<dt> </dt> <dd> 1 Also log remote SMTP server trust-chain verification
errors and peer certificate summary information. With Postfix 2.8
and earlier, log TLS handshake and certificate information. </dd>
<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd>
<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation
process. </dd>
<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete
transmission after STARTTLS. </dd>
</dl>
<p> Do not use "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 2" or higher except in case of
problems. Use of loglevel 4 is strongly discouraged. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>
(default: medium)</b></DT><DD>
<p> The minimum TLS cipher grade that the Postfix SMTP client will
use with
mandatory TLS encryption. The default value "medium" is suitable
for most destinations with which you may want to enforce TLS, and
is beyond the reach of today's cryptanalytic methods. See
<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers
on a per-destination basis. </p>
<p> The following cipher grades are supported: </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable "EXPORT" grade or better OpenSSL
ciphers. This is the default for opportunistic encryption. It is
not recommended for mandatory encryption unless you must enforce TLS
with "crippled" peers. The underlying cipherlist is specified via the
<a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, which you are strongly
encouraged to not change. </dd>
<dt><b>low</b></dt>
<dd> Enable "LOW" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration
parameter, which you are strongly encouraged to not change. </dd>
<dt><b>medium</b></dt>
<dd> Enable "MEDIUM" grade or better OpenSSL ciphers.
The underlying cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a>
configuration parameter, which you are strongly encouraged to not change.
</dd>
<dt><b>high</b></dt>
<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may
be appropriate when all mandatory TLS destinations (e.g. when all
mail is routed to a suitably capable <a href="postconf.5.html#relayhost">relayhost</a>) support at least one
"HIGH" grade cipher. The underlying cipherlist is specified via the
<a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration parameter, which you are strongly
encouraged to not change. </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption. This setting is only appropriate in the rare case
that all servers are prepared to use NULL ciphers (not normally enabled
in TLS servers). A plausible use-case is an LMTP server listening on a
UNIX-domain socket that is configured to support "NULL" ciphers. The
underlying cipherlist is specified via the <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a>
configuration parameter, which you are strongly encouraged to not
change. </dd>
</dl>
<p> The underlying cipherlists for grades other than "null" include
anonymous ciphers, but these are automatically filtered out if the
Postfix SMTP client is configured to verify server certificates.
You are very unlikely to need to take any steps to exclude anonymous
ciphers, they are excluded automatically as necessary. If you must
exclude anonymous ciphers at the "may" or "encrypt" security levels,
when the Postfix SMTP client does not need or use peer certificates, set
"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only when
TLS is enforced, set "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL". </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> Additional list of ciphers or cipher types to exclude from the
Postfix SMTP client cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
(see there for syntax details). </p>
<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be
specified on a per-destination basis via the TLS policy "exclude"
attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for notes and examples. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
(default: !SSLv2)</b></DT><DD>
<p> List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names, (see
<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". </p>
<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics.
</p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher
version. Thus, for example: </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled except by also disabling "TLSv1" (typically leaving just
"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
server, the Postfix SMTP client is obligated to include the SNI TLS
extension in its SSL client hello message. This may help the remote
SMTP server live up to its promise to provide a certificate that
matches its TLSA records. Since TLS extensions require TLS 1.0 or
later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
SNI is required. If you use "dane" or "dane-only" do not disable
TLSv1, except perhaps via the policy table for destinations which
you are sure will support "TLSv1.1" or "TLSv1.2". </p>
<p> Since SSL version 2 has known protocol weaknesses and is now
deprecated, the default setting excludes "SSLv2". This means that by
default, SSL version 2 will not be used at the "encrypt" security level
and higher. </p>
<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and
<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix ≥ 2.5:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
# Legacy syntax:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a>
(default: no)</b></DT><DD>
<p> Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server. </p>
<p> The logfile record looks like: </p>
<pre>
postfix/smtp[pid]: Host offered STARTTLS: [name.of.host]
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_per_site">smtp_tls_per_site</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server hostname.
When both lookups succeed, the more specific per-site policy (NONE,
MUST, etc) overrides the less specific one (MAY), and the more secure
per-site policy (MUST, etc) overrides the less secure one (NONE).
With Postfix 2.3 and later <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> is strongly discouraged:
use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p>
<p> Use of the bare hostname as the per-site table lookup key is
discouraged. Always use the full destination nexthop (enclosed in
[] with a possible ":port" suffix). A recipient domain or MX-enabled
transport next-hop with no port suffix may look like a bare hostname,
but is still a suitable <i>destination</i>. </p>
<p> Specify a next-hop destination or server hostname on the left-hand
side; no wildcards are allowed. The next-hop destination is either
the recipient domain, or the destination specified with a <a href="transport.5.html">transport(5)</a>
table, the <a href="postconf.5.html#relayhost">relayhost</a> parameter, or the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter.
On the right hand side specify one of the following keywords: </p>
<dl>
<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less
specific <b>MAY</b> lookup result from the alternate host or next-hop
lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,
and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd>
<dt> MAY </dt> <dd> Try to use TLS if the server announces support,
otherwise use the unencrypted connection. This has less precedence
than a more specific result (including <b>NONE</b>) from the alternate
host or next-hop lookup key, and has less precedence than the more
specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
= yes". </dd>
<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not
require that the remote SMTP server hostname matches the information
in the remote SMTP server certificate, or that the server certificate
was issued by a trusted CA. This overrides a less secure <b>NONE</b>
or a less specific <b>MAY</b> lookup result from the alternate host
or next-hop lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,
<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd>
<dt> MUST </dt> <dd> Require TLS encryption, require that the remote
SMTP server hostname matches the information in the remote SMTP
server certificate, and require that the remote SMTP server certificate
was issued by a trusted CA. This overrides a less secure <b>NONE</b>
and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup
result from the alternate host or next-hop lookup key, and overrides
the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
settings. </dd>
</dl>
<p> The above keywords correspond to the "none", "may", "encrypt" and
"verify" security levels for the new <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> parameter
introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
of how the policy is specified, the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters apply when TLS encryption
is mandatory. Connections for which encryption is optional typically
enable all "export" grade and better ciphers (see <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>
and <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>). </p>
<p> As long as no secure DNS lookup mechanism is available, false
hostnames in MX or CNAME responses can change the server hostname
that Postfix uses for TLS policy lookup and server certificate
verification. Even with a perfect match between the server hostname and
the server certificate, there is no guarantee that Postfix is connected
to the right server. See <a href="TLS_README.html">TLS_README</a> (Closing a DNS loophole with obsolete
per-site TLS policies) for a possible work-around. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p>
</DD>
<DT><b><a name="smtp_tls_policy_maps">smtp_tls_policy_maps</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables with the Postfix SMTP client TLS security
policy by next-hop destination; when a non-empty value is specified,
this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. See
<a href="TLS_README.html">TLS_README</a> for a more detailed discussion of TLS security levels.
</p>
<p> The TLS policy table is indexed by the full next-hop destination,
which is either the recipient domain, or the verbatim next-hop
specified in the transport table, $<a href="postconf.5.html#local_transport">local_transport</a>, $<a href="postconf.5.html#virtual_transport">virtual_transport</a>,
$<a href="postconf.5.html#relay_transport">relay_transport</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. This includes any enclosing
square brackets and any non-default destination server port suffix. The
LMTP socket type prefix (inet: or unix:) is not included in the lookup
key. </p>
<p> Only the next-hop domain, or $<a href="postconf.5.html#myhostname">myhostname</a> with LMTP over UNIX-domain
sockets, is used as the nexthop name for certificate verification. The
port and any enclosing square brackets are used in the table lookup key,
but are not used for server name verification. </p>
<p> When the lookup key is a domain name without enclosing square brackets
or any <i>:port</i> suffix (typically the recipient domain), and the full
domain is not found in the table, just as with the <a href="transport.5.html">transport(5)</a> table,
the parent domain starting with a leading "." is matched recursively. This
allows one to specify a security policy for a recipient domain and all
its sub-domains. </p>
<p> The lookup result is a security level, followed by an optional list
of whitespace and/or comma separated name=value attributes that override
related <a href="postconf.5.html">main.cf</a> settings. The TLS security levels in order of increasing
security are: </p>
<dl>
<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt>
<dd>No TLS. No additional attributes are supported at this level. </dd>
<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt>
<dd>Opportunistic TLS. Since sending in the clear is acceptable,
demanding stronger than default TLS security merely reduces
inter-operability. The optional "ciphers", "exclude" and "protocols"
attributes (available for opportunistic TLS with Postfix ≥ 2.6)
override the "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and
"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" configuration parameters. When opportunistic TLS
handshakes fail, Postfix retries the connection with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations.</dd>
<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt>
<dd>Mandatory TLS encryption. At this level
and higher, the optional "protocols" attribute overrides the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter, the optional "ciphers" attribute
overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the
optional "exclude" attribute (Postfix ≥ 2.6) overrides the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter. In the policy table,
multiple protocols or excluded ciphers must be separated by colons,
as attribute values may not contain whitespace or commas. </dd>
<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
<dd>Opportunistic DANE TLS. The TLS policy for the destination is
obtained via TLSA records in DNSSEC. If no TLSA records are found,
the effective security level used is <a
href="TLS_README.html#client_tls_may">may</a>. If TLSA records are
found, but none are usable, the effective security level is <a
href="TLS_README.html#client_tls_encrypt">encrypt</a>. When usable
TLSA records are obtained for the remote SMTP server, the
server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE)
TLS authentication and DNSSEC support is available with Postfix
2.11 and later. </dd>
<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
<dd>Mandatory DANE TLS. The TLS policy for the destination is
obtained via TLSA records in DNSSEC. If no TLSA records are found,
or none are usable, no connection is made to the server. When
usable TLSA records are obtained for the remote SMTP server, the
server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE) TLS
authentication and DNSSEC support is available with Postfix 2.11
and later. </dd>
<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt>
<dd>Certificate fingerprint
verification. Available with Postfix 2.5 and later. At this security
level, there are no trusted certificate authorities. The certificate
trust chain, expiration date, ... are not checked. Instead,
the optional <b>match</b> attribute, or else the <a href="postconf.5.html">main.cf</a>
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter, lists the certificate
fingerprints or the public key fingerprint (Postfix 2.9 and later)
of the valid server certificate. The digest
algorithm used to calculate the fingerprint is selected by the
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can
be combined with a "|" delimiter in a single match attribute, or multiple
match attributes can be employed. The ":" character is not used as a
delimiter as it occurs between each pair of fingerprint (hexadecimal)
digits. </dd>
<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt>
<dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name
verified in the server certificate is usually obtained indirectly via
unauthenticated DNS MX lookups. The optional "match" attribute overrides
the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. In the policy table,
multiple match patterns and strategies must be separated by colons.
In practice explicit control over matching is more common with the
"secure" policy, described below. </dd>
<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt>
<dd>Secure-channel TLS. At this security level, DNS
MX lookups, though potentially used to determine the candidate next-hop
gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS
peername verification. Instead, the default name verified in the server
certificate is obtained directly from the next-hop, or is explicitly
specified via the optional <b>match</b> attribute which overrides the
<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. In the policy table,
multiple match patterns and strategies must be separated by colons.
The match attribute is most useful when multiple domains are supported by
common server, the policy entries for additional domains specify matching
rules for the primary domain certificate. While transport table overrides
routing the secondary domains to the primary nexthop also allow secure
verification, they risk delivery to the wrong destination when domains
change hands or are re-assigned to new gateways. With the "match"
attribute approach, routing is not perturbed, and mail is deferred if
verification of a new MX host fails. </dd>
</dl>
<p>
Example:
</p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
# Postfix 2.5 and later
<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5
</pre>
<pre>
/etc/postfix/tls_policy:
example.edu none
example.mil may
example.gov encrypt protocols=TLSv1
example.com verify ciphers=high
example.net secure
.example.net secure match=.example.net:example.net
[mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
</pre>
<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default
setting of <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> or in the <b>match</b> attribute
in the policy table can render the <b>secure</b> level vulnerable to
DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel
configurations in environments where DNS security is not assured. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a>
(default: !SSLv2)</b></DT><DD>
<p> List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. Starting with Postfix 2.6,
the Postfix SMTP client will by default not use the obsolete SSLv2
protocol. </p>
<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or
colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid
separator is colon. An empty value means allow all protocols. The valid
protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
and "TLSv1". </p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher
version. Thus, for example: </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 even for opportunistic TLS set
"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>
<p> Example: </p>
<pre>
# TLSv1 or better:
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>
(default: 9)</b></DT><DD>
<p> The verification depth for remote SMTP server certificates. A depth
of 1 is sufficient if the issuing CA is listed in a local CA file. </p>
<p> The default verification depth is 9 (the OpenSSL default) for
compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
the default value was 5, but the limit was not actually enforced. If
you have set this to a lower non-default value, certificates with longer
trust chains may now fail to verify. Certificate chains with 1 or 2
CAs are common, deeper chains are more rare and any number between 5
and 9 should suffice in practice. You can choose a lower number if,
for example, you trust certificates directly signed by an issuing CA
but not any CAs it delegates to. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a>
(default: nexthop, dot-nexthop)</b></DT><DD>
<p> How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level. In a "secure" TLS policy table
($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute
overrides this <a href="postconf.5.html">main.cf</a> setting. </p>
<p> This parameter specifies one or more patterns or strategies separated
by commas, whitespace or colons. In the policy table the only valid
separator is the colon character. </p>
<p> For a description of the pattern and strategy syntax see the
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. The "hostname" strategy should
be avoided in this context, as in the absence of a secure global DNS, using
the results of MX lookups in certificate verification is not immune to active
(man-in-the-middle) attacks on DNS. </p>
<p>
Sample <a href="postconf.5.html">main.cf</a> setting:
</p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop
</pre>
</blockquote>
<p>
Sample policy table override:
</p>
<blockquote>
<pre>
example.net secure match=example.com:.example.com
.example.net secure match=example.com:.example.com
</pre>
</blockquote>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a>
(default: empty)</b></DT><DD>
<p> The default SMTP TLS security level for the Postfix SMTP client;
when a non-empty value is specified, this overrides the obsolete
parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
</p>
<p> Specify one of the following security levels: </p>
<dl>
<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt>
<dd> No TLS. TLS will not be used unless enabled for specific
destinations via <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </dd>
<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt>
<dd> Opportunistic TLS. Use TLS if this is supported by the remote
SMTP server, otherwise use plaintext. Since
sending in the clear is acceptable, demanding stronger than default TLS
security merely reduces inter-operability.
The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" (Postfix ≥ 2.6)
configuration parameters provide control over the protocols and
cipher grade used with opportunistic TLS. With earlier releases the
opportunistic TLS cipher grade is always "export" and no protocols
are disabled.
When TLS handshakes fail, the connection is retried with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations. </dd>
<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt>
<dd>Mandatory TLS encryption. Since a minimum
level of security is intended, it is reasonable to be specific about
sufficiently secure protocol versions and ciphers. At this security level
and higher, the <a href="postconf.5.html">main.cf</a> parameters <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> and
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> specify the TLS protocols and minimum
cipher grade which the administrator considers secure enough for
mandatory encrypted sessions. This security level is not an appropriate
default for systems delivering mail to the Internet. </dd>
<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
<dd>Opportunistic DANE TLS. At this security level, the TLS policy
for the destination is obtained via DNSSEC. For TLSA policy to be
in effect, the destination domain's containing DNS zone must be
signed and the Postfix SMTP client's operating system must be
configured to send its DNS queries to a recursive DNS nameserver
that is able to validate the signed records. Each MX host's DNS
zone should also be signed, and should publish DANE TLSA (<a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>)
records that specify how that MX host's TLS certificate is to be
verified. TLSA records do not preempt the normal SMTP MX host
selection algorithm, if some MX hosts support TLSA and others do
not, TLS security will vary from delivery to delivery. It is up
to the domain owner to configure their MX hosts and their DNS
sensibly. To configure the Postfix SMTP client for DNSSEC lookups
see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> <a href="postconf.5.html">main.cf</a>
parameter. When DNSSEC-validated TLSA records are not found the
effective tls security level is "may". When TLSA records are found,
but are all unusable the effective security level is "encrypt". For
purposes of protocol and cipher selection, the "dane" security level
is treated like a "mandatory" TLS security level, and weak ciphers
and protocols are disabled. Since DANE authenticates server
certificates the "aNULL" cipher-suites are transparently excluded
at this level, no need to configure this manually. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE)
TLS authentication is available with Postfix 2.11 and later. </dd>
<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
<dd>Mandatory DANE TLS. This is just like "dane" above, but DANE
TLSA authentication is required. There is no fallback to "may" or
"encrypt" when TLSA records are missing or unusable. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>
(DANE) TLS authentication is available with Postfix 2.11 and later.
</dd>
<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt>
<dd>Certificate fingerprint verification.
At this security level, there are no trusted certificate authorities.
The certificate trust chain, expiration date, etc., are
not checked. Instead, the <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b>
parameter lists the certificate fingerprint or public key fingerprint
(Postfix 2.9 and later) of the valid server certificate. The digest
algorithm used to calculate the fingerprint is selected by the
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Available with Postfix
2.5 and later. </dd>
<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt>
<dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name
verified in the server certificate is usually obtained indirectly
via unauthenticated DNS MX lookups. The <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a>
parameter controls how the server name is verified. In practice explicit
control over matching is more common at the "secure" level, described
below. This security level is not an appropriate default for systems
delivering mail to the Internet. </dd>
<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt>
<dd>Secure-channel TLS. At this security level,
DNS MX lookups, though potentially used to determine the candidate
next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough
for TLS peername verification. Instead, the default name verified in
the server certificate is obtained from the next-hop domain as specified
in the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> configuration parameter. The default
matching rule is that a server certificate matches when its name is equal
to or is a sub-domain of the nexthop domain. This security level is not
an appropriate default for systems delivering mail to the Internet. </dd>
</dl>
<p>
Examples:
</p>
<pre>
# No TLS. Formerly: <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>=no and <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>=no.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none
</pre>
<pre>
# Opportunistic TLS.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
# Postfix ≥ 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
# cipher grade from "export" to "low" or "medium").
<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2
</pre>
<pre>
# Mandatory (high-grade) TLS encryption.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
</pre>
<pre>
# Mandatory TLS verification of hostname or nexthop domain.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop
</pre>
<pre>
# Secure channel TLS with exact nexthop name match.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop
</pre>
<pre>
# Certificate fingerprint verification (Postfix ≥ 2.5).
# The CA-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per-site
# setting, this is practical when mail for all recipients is sent
# to a central mail hub.
<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
(default: empty)</b></DT><DD>
<p> Name of the file containing the optional Postfix SMTP client
TLS session cache. Specify a database type that supports enumeration,
such as <b>btree</b> or <b>sdbm</b>; there is no need to support
concurrent access. The file is created if it does not exist. The <a href="smtp.8.html">smtp(8)</a>
daemon does not use this parameter directly, rather the cache is
implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that
per-smtp-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not effective.
Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon:
$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to
be stored separately. It is not at this time possible to store multiple
caches in a single database. </p>
<p> Note: <b>dbm</b> databases are not suitable. TLS
session objects are too large. </p>
<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file. The file should now be stored under the Postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtp_scache
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a>
(default: 3600s)</b></DT><DD>
<p> The expiration time of Postfix SMTP client TLS session cache
information. A cache cleanup is performed periodically
every $<a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> seconds. As with
$<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>, this parameter is implemented in the
<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtp-instance <a href="master.5.html">master.cf</a> overrides
are not possible. </p>
<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set
≤ 0, session caching is disabled. If set to a positive value
less than 2 minutes, the minimum value of 2 minutes is used instead. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>
(default: empty)</b></DT><DD>
<p> Zero or more PEM-format files with trust-anchor certificates
and/or public keys. If the parameter is not empty the root CAs in
CAfile and CApath are no longer trusted. Rather, the Postfix SMTP
client will only trust certificate-chains signed by one of the
trust-anchors contained in the chosen files. The specified
trust-anchor certificates and public keys are not subject to
expiration, and need not be (self-signed) root CAs. They may, if
desired, be intermediate certificates. Therefore, these certificates
also may be found "in the middle" of the trust chain presented by
the remote SMTP server, and any untrusted issuing parent certificates
will be ignored. Specify a list of pathnames separated by comma
or whitespace. </p>
<p> Whether specified in <a href="postconf.5.html">main.cf</a>, or on a per-destination basis,
the trust-anchor PEM file must be accessible to the Postfix SMTP
client in the chroot jail if applicable. The trust-anchor file
should contain only certificates and public keys, no private key
material, and must be readable by the non-privileged $<a href="postconf.5.html#mail_owner">mail_owner</a>
user. This allows destinations to be bound to a set of specific
CAs or public keys without trusting the same CAs for all destinations.
</p>
<p> The <a href="postconf.5.html">main.cf</a> parameter supports single-purpose Postfix installations
that send mail to a fixed set of SMTP peers. At most sites, if
trust-anchor files are used at all, they will be specified on a
per-destination basis via the "tafile" attribute of the "verify"
and "secure" levels in <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </p>
<p> The underlying mechanism is in support of <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA),
which defines mechanisms for a client to securely determine server
TLS certificates via DNS. </p>
<p> If you want your trust anchors to be public keys, with OpenSSL
you can extract a single PEM public key from a PEM X.509 file
containing a single certificate, as follows: </p>
<blockquote>
<pre>
$ openssl x509 -in cert.pem -out ta-key.pem -noout -pubkey
</pre>
</blockquote>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a>
(default: hostname)</b></DT><DD>
<p> How the Postfix SMTP client verifies the server certificate
peername for the
"verify" TLS security level. In a "verify" TLS policy table
($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute
overrides this <a href="postconf.5.html">main.cf</a> setting. </p>
<p> This parameter specifies one or more patterns or strategies separated
by commas, whitespace or colons. In the policy table the only valid
separator is the colon character. </p>
<p> Patterns specify domain names, or domain name suffixes: </p>
<dl>
<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain,
i.e. one of the names the server certificate must be <i>example.com</i>,
upper and lower case distinctions are ignored. </dd>
<dt><i>.example.com</i></dt>
<dd> Match subdomains of the <i>example.com</i> domain, i.e. match
a name in the server certificate that consists of a non-zero number of
labels followed by a <i>.example.com</i> suffix. Case distinctions are
ignored.</dd>
</dl>
<p> Strategies specify a transformation from the next-hop domain
to the expected name in the server certificate: </p>
<dl>
<dt>nexthop</dt>
<dd> Match against the next-hop domain, which is either the recipient
domain, or the transport next-hop configured for the domain stripped of
any optional socket type prefix, enclosing square brackets and trailing
port. When MX lookups are not suppressed, this is the original nexthop
domain prior to the MX lookup, not the result of the MX lookup. For
LMTP delivery via UNIX-domain sockets, the verified next-hop name is
$<a href="postconf.5.html#myhostname">myhostname</a>. This strategy is suitable for use with the "secure"
policy. Case is ignored.</dd>
<dt>dot-nexthop</dt>
<dd> As above, but match server certificate names that are subdomains
of the next-hop domain. Case is ignored.</dd>
<dt>hostname</dt> <dd> Match against the hostname of the server, often
obtained via an unauthenticated DNS MX lookup. For LMTP delivery via
UNIX-domain sockets, the verified name is $<a href="postconf.5.html#myhostname">myhostname</a>. This matches
the verification strategy of the "MUST" keyword in the obsolete
<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, and is suitable for use with the "verify"
security level. When the next-hop name is enclosed in square brackets
to suppress MX lookups, the "hostname" strategy is the same as the
"nexthop" strategy. Case is ignored.</dd>
</dl>
<p>
Sample <a href="postconf.5.html">main.cf</a> setting:
</p>
<pre>
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop
</pre>
<p>
Sample policy table override:
</p>
<pre>
example.com verify match=hostname:nexthop
.example.com verify match=example.com:.example.com:hostname
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_use_tls">smtp_use_tls</a>
(default: no)</b></DT><DD>
<p> Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear. Beware:
some SMTP servers offer STARTTLS even if it is not configured. With
Postfix < 2.3, if the TLS handshake fails, and no other server is
available, delivery is deferred and mail stays in the queue. If this
is a concern for you, use the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> feature instead. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p>
</DD>
<DT><b><a name="smtp_xforward_timeout">smtp_xforward_timeout</a>
(default: 300s)</b></DT><DD>
<p>
The Postfix SMTP client time limit for sending the XFORWARD command,
and for receiving the remote SMTP server response.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a>
(default: $<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b></DT><DD>
<p> What remote SMTP clients are allowed to specify the XVERP command.
This command requests that mail be delivered one recipient at a
time with a per recipient return address. </p>
<p> By default, no clients are allowed to specify XVERP. </p>
<p> This parameter was renamed with Postfix version 2.1. The default value
is backwards compatible with Postfix version 2.0. </p>
<p> Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
<DT><b><a name="smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a>
(default: empty)</b></DT><DD>
<p>
What remote SMTP clients are allowed to use the XCLIENT feature. This
command overrides remote SMTP client information that is used for access
control. Typical use is for SMTP-based content filters, fetchmail-like
programs, or SMTP server access rule testing. See the <a href="XCLIENT_README.html">XCLIENT_README</a>
document for details.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
<p>
By default, no clients are allowed to specify XCLIENT.
</p>
<p>
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
<DT><b><a name="smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a>
(default: empty)</b></DT><DD>
<p>
What remote SMTP clients are allowed to use the XFORWARD feature. This
command forwards information that is used to improve logging after
SMTP-based content filters. See the <a href="XFORWARD_README.html">XFORWARD_README</a> document for
details.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
<p>
By default, no clients are allowed to specify XFORWARD.
</p>
<p>
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
<DT><b><a name="smtpd_banner">smtpd_banner</a>
(default: $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b></DT><DD>
<p>
The text that follows the 220 status code in the SMTP greeting
banner. Some people like to see the mail version advertised. By
default, Postfix shows no version.
</p>
<p>
You MUST specify $<a href="postconf.5.html#myhostname">myhostname</a> at the start of the text. This is
required by the SMTP protocol.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_banner">smtpd_banner</a> = $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a> ($<a href="postconf.5.html#mail_version">mail_version</a>)
</pre>
</DD>
<DT><b><a name="smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>
(default: 50)</b></DT><DD>
<p>
How many simultaneous connections any client is allowed to
make to this service. By default, the limit is set to half
the default process limit value.
</p>
<p>
To disable this feature, specify a limit of 0.
</p>
<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
</DD>
<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a>
(default: 0)</b></DT><DD>
<p>
The maximal number of connection attempts any client is allowed to
make to this service per time unit. The time unit is specified
with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
</p>
<p>
By default, a client can make as many connections per time unit as
Postfix can accept.
</p>
<p>
To disable this feature, specify a limit of 0.
</p>
<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000
</pre>
</DD>
<DT><b><a name="smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>
(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD>
<p>
Clients that are excluded from smtpd_client_*_count/rate_limit
restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter
description for the parameter value syntax.
</p>
<p>
By default, clients in trusted networks are excluded. Specify a
list of network blocks, hostnames or .domain names (the initial
dot causes the domain to match any name below it).
</p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> value, and
in files specified with "/file/name". IP version 6 addresses
contain the ":" character, and would otherwise be confused with a
"<a href="DATABASE_README.html">type:table</a>" pattern. </p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
</DD>
<DT><b><a name="smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a>
(default: 0)</b></DT><DD>
<p>
The maximal number of message delivery requests that any client is
allowed to make to this service per time unit, regardless of whether
or not Postfix actually accepts those messages. The time unit is
specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
</p>
<p>
By default, a client can send as many message delivery requests
per time unit as Postfix can accept.
</p>
<p>
To disable this feature, specify a limit of 0.
</p>
<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> = 1000
</pre>
</DD>
<DT><b><a name="smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a>
(default: 0)</b></DT><DD>
<p>
The maximal number of new (i.e., uncached) TLS sessions that a
remote SMTP client is allowed to negotiate with this service per
time unit. The time unit is specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
configuration parameter.
</p>
<p>
By default, a remote SMTP client can negotiate as many new TLS
sessions per time unit as Postfix can accept.
</p>
<p>
To disable this feature, specify a limit of 0. Otherwise, specify
a limit that is at least the per-client concurrent session limit,
or else legitimate client sessions may be rejected.
</p>
<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>
<p>
This feature is available in Postfix 2.3 and later.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> = 100
</pre>
</DD>
<DT><b><a name="smtpd_client_port_logging">smtpd_client_port_logging</a>
(default: no)</b></DT><DD>
<p> Enable logging of the remote SMTP client port in addition to
the hostname and IP address. The logging format is "host[address]:port".
</p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a>
(default: 0)</b></DT><DD>
<p>
The maximal number of recipient addresses that any client is allowed
to send to this service per time unit, regardless of whether or not
Postfix actually accepts those recipients. The time unit is specified
with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
</p>
<p>
By default, a client can send as many recipient addresses per time
unit as Postfix can accept.
</p>
<p>
To disable this feature, specify a limit of 0.
</p>
<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> = 1000
</pre>
</DD>
<DT><b><a name="smtpd_client_restrictions">smtpd_client_restrictions</a>
(default: empty)</b></DT><DD>
<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client connection request.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p>
The default is to allow all connection requests.
</p>
<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>
<p>
The following restrictions are specific to client hostname or
client network address information.
</p>
<dl>
<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd> Use the remote SMTP client certificate fingerprint or the public key
fingerprint (Postfix 2.9 and later) as lookup key for the specified
<a href="access.5.html">access(5)</a> database; with Postfix version 2.2, also require that the
remote SMTP client certificate is verified successfully.
The fingerprint digest algorithm is configurable via the
<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
Postfix version 2.5). This feature is available with Postfix version
2.2 and later. </dd>
<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd>
<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the
client hostname, and execute the corresponding action. Note: a result
of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
to exclude specific hosts from blacklists. This feature is available
in Postfix 2.7 and later. </dd>
<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for
the client hostname, and execute the corresponding action. Note: a
result of "OK" is not allowed for safety reasons. Instead, use DUNNO
in order to exclude specific hosts from blacklists. This feature is
available in Postfix 2.7 and later. </dd>
<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access database for the unverified reverse
client hostname, parent domains, client IP address, or networks
obtained by stripping least significant octets. See the <a href="access.5.html">access(5)</a>
manual page for details. Note: a result of "OK" is not allowed for
safety reasons. Instead, use DUNNO in order to exclude specific
hosts from blacklists. This feature is available in Postfix 2.6
and later.</dd>
<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the
unverified reverse client hostname, and execute the corresponding
action. Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from blacklists.
This feature is available in Postfix 2.7 and later. </dd>
<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for
the unverified reverse client hostname, and execute the corresponding
action. Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from blacklists.
This feature is available in Postfix 2.7 and later. </dd>
<dt><b><a name="check_sasl_access">check_sasl_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd> Use the remote SMTP client SASL user name as lookup key for
the specified <a href="access.5.html">access(5)</a> database. The lookup key has the form
"username@domainname" when the <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> parameter
value is non-empty. Unlike the <a href="postconf.5.html#check_client_access">check_client_access</a> feature,
<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> does not perform matches of parent domains or IP
subnet ranges. This feature is available with Postfix version 2.11
and later. </dd>
<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
<dd>Permit the request when the client IP address matches
$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. </dd>
<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt>
<dd>Permit the request when the client IP address matches any
network or network address listed in $<a href="postconf.5.html#mynetworks">mynetworks</a>. </dd>
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
<dd> Permit the request when the client is successfully
authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd>
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
<dd> Permit the request when the remote SMTP client certificate is
verified successfully. This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA. Otherwise, clients with a third-party certificate would also
be allowed to relay. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" when the
trusted CA is specified with <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>,
to prevent Postfix from appending the system-supplied default CAs.
This feature is available with Postfix version 2.2.</dd>
<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
<dd>Permit the request when the remote SMTP client certificate
fingerprint or public key fingerprint (Postfix 2.9 and later) is
listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>.
The fingerprint digest algorithm is configurable via the
<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
Postfix version 2.5). This feature is available with Postfix version
2.2. </dd>
<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the reversed client network address is
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
or a pattern inside "[]" that contains one or more ";"-separated
numbers or number..number ranges (Postfix version 2.8 and later).
If no "<i>=d.d.d.d</i>" is specified, reject the request when the
reversed client network address is listed with any A record under
<i>rbl_domain</i>. <br>
The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for
rejected requests (default: 554), the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter
specifies the default server reply, and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter
specifies tables with server replies indexed by <i>rbl_domain</i>.
This feature is available in Postfix 2.0 and later. </dd>
<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt>
<dd>Accept the request when the reversed client network address is
listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>.
Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
one or more ";"-separated numbers or number..number ranges.
If no "<i>=d.d.d.d</i>" is specified, accept the request when the
reversed client network address is listed with any A record under
<i>dnswl_domain</i>. <br> For safety, <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> is silently
ignored when it would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The
result is DEFER_IF_REJECT when whitelist lookup fails. This feature
is available in Postfix 2.8 and later. </dd>
<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the client hostname is listed with the
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
2.1 and later only). Each "<i>d</i>" is a number, or a pattern
inside "[]" that contains one or more ";"-separated numbers or
number..number ranges (Postfix version 2.8 and later). If no
"<i>=d.d.d.d</i>" is specified, reject the request when the client
hostname is listed with
any A record under <i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>
description above for additional RBL related configuration parameters.
This feature is available in Postfix 2.0 and later; with Postfix
version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually
produce better results. </dd>
<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
<dd>Accept the request when the client hostname is listed with the
A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>"
is a number, or a pattern inside "[]" that contains one or more
";"-separated numbers or number..number ranges. If no
"<i>=d.d.d.d</i>" is specified, accept the request when the client
hostname is listed with any A record under <i>rhswl_domain</i>.
<br> Caution: client name whitelisting is fragile, since the client
name lookup can fail due to temporary outages. Client name
whitelisting should be used only to reduce false positives in e.g.
DNS-based blocklists, and not for making access rule exceptions.
<br> For safety, <a href="postconf.5.html#permit_rhswl_client">permit_rhswl_client</a> is silently ignored when it
would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The result is DEFER_IF_REJECT
when whitelist lookup fails. This feature is available in Postfix
2.8 and later. </dd>
<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the unverified reverse client hostname
is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>.
Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
one or more ";"-separated numbers or number..number ranges.
If no "<i>=d.d.d.d</i>" is specified, reject the request when the
unverified reverse client hostname is listed with any A record under
<i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description above for
additional RBL related configuration parameters. This feature is
available in Postfix 2.8 and later. </dd>
<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt>
<dd>Reject the request when 1) the client IP address->name mapping
fails, 2) the name->address mapping fails, or 3) the name->address
mapping does not match the client IP address. <br> This is a
stronger restriction than the <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a>
feature, which triggers only under condition 1) above. <br> The
<a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response code
for rejected requests (default: 450). The reply is always 450 in
case the address->name or name->address lookup failed due to
a temporary problem. </dd>
<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt>
<dd>Reject the request when the client IP address has no address->name
mapping. <br> This is a weaker restriction than the
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> feature, which requires not only
that the address->name and name->address mappings exist, but
also that the two mappings reproduce the client IP address. <br>
The <a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response
code for rejected requests (default: 450). The reply is always 450
in case the address->name lookup failed due to a temporary
problem. <br> This feature is available in Postfix 2.3 and
later. </dd>
</dl>
<p>
In addition, you can use any of the following <a name="generic">
generic</a> restrictions. These restrictions are applicable in
any SMTP command context.
</p>
<dl>
<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt>
<dd>Query the specified policy server. See the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a>
document for details. This feature is available in Postfix 2.1
and later. </dd>
<dt><b><a name="defer">defer</a></b></dt>
<dd>Defer the request. The client is told to try again later. This
restriction is useful at the end of a restriction list, to make
the default policy explicit. <br> The <a href="postconf.5.html#defer_code">defer_code</a> parameter specifies
the SMTP server reply code (default: 450).</dd>
<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt>
<dd>Defer the request if some later restriction would result in an
explicit or implicit PERMIT action. This is useful when a blacklisting
feature fails due to a temporary problem. This feature is available
in Postfix version 2.1 and later. </dd>
<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt>
<dd>Defer the request if some later restriction would result in a
REJECT action. This is useful when a whitelisting feature fails
due to a temporary problem. This feature is available in Postfix
version 2.1 and later. </dd>
<dt><b><a name="permit">permit</a></b></dt>
<dd>Permit the request. This restriction is useful at the end of
a restriction list, to make the default policy explicit.</dd>
<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt>
<dd>Reject the request when the envelope sender is the null address,
and the message has multiple envelope recipients. This usage has
rare but legitimate applications: under certain conditions,
multi-recipient mail that was posted with the DSN option NOTIFY=NEVER
may be forwarded with the null sender address.
<br> Note: this restriction can only work reliably
when used in <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> or
<a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>, because the total number of
recipients is not known at an earlier stage of the SMTP conversation.
Use at the RCPT stage will only reject the second etc. recipient.
<br>
The <a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> parameter specifies the
response code for rejected requests (default: 550). This feature
is available in Postfix 2.1 and later. </dd>
<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt>
<dd>Reject the request when the connection is not encrypted. This
restriction should not be used before the client has had a chance
to negotiate encryption with the AUTH or STARTTLS commands.
<br>
The <a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> parameter specifies the response
code for rejected requests (default: 450). This feature is available
in Postfix 2.3 and later. </dd>
<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt>
<dd>Reject the request when the client sends SMTP commands ahead
of time where it is not allowed, or when the client sends SMTP
commands ahead of time without knowing that Postfix actually supports
ESMTP command pipelining. This stops mail from bulk mail software
that improperly uses ESMTP command pipelining in order to speed up
deliveries.
<br> With Postfix 2.6 and later, the SMTP server sets a per-session
flag whenever it detects illegal pipelining, including pipelined
EHLO or HELO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply
tests whether the flag was set at any point in time during the
session.
<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks
the current status of the input read queue, and its usage is not
recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd>
<dt><b><a name="reject">reject</a></b></dt>
<dd>Reject the request. This restriction is useful at the end of
a restriction list, to make the default policy explicit. The
<a href="postconf.5.html#reject_code">reject_code</a> configuration parameter specifies the response code for
rejected requests (default: 554).</dd>
<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt>
<dd>Pause for the specified number of seconds and proceed with
the next restriction in the list, if any. This may stop zombie
mail when used as:
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
sleep 1, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>
<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = no
</pre>
This feature is available in Postfix 2.3. </dd>
<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt>
<dd> A safety net for testing. When "<a href="postconf.5.html#warn_if_reject">warn_if_reject</a>" is placed
before a reject-type restriction, access table query, or
<a href="postconf.5.html#check_policy_service">check_policy_service</a> query, this logs a "reject_warning" message
instead of rejecting a request (when a reject-type restriction fails
due to a temporary error, this logs a "reject_warning" message for
any implicit "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" actions that would normally prevent
mail from being accepted by some later access restriction). This
feature has no effect on <a href="postconf.5.html#defer_if_reject">defer_if_reject</a> restrictions. </dd>
</dl>
<p>
Other restrictions that are valid in this context:
</p>
<ul>
<li> SMTP command specific restrictions that are described under
the <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameters. When helo, sender or
recipient restrictions are listed under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>,
they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> is evaluated at the time of the RCPT TO
command.
</ul>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a>
</pre>
</DD>
<DT><b><a name="smtpd_command_filter">smtpd_command_filter</a>
(default: empty)</b></DT><DD>
<p> A mechanism to transform commands from remote SMTP clients.
This is a last-resort tool to work around client commands that break
inter-operability with the Postfix SMTP server. Other uses involve
fault injection to test Postfix's handling of invalid commands.
</p>
<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search
string is the SMTP command as received from the remote SMTP client,
except that initial whitespace and the trailing <CR><LF>
are removed. The result value is executed by the Postfix SMTP
server. </p>
<p> There is no need to use <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for the following
cases: </p>
<ul>
<li> <p> Use "<a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> = yes" to accept
"<i>user@ipaddress</i>". </p>
<li> <p> Postfix already accepts the correct form
"<i>user@[ipaddress]</i>". Use <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> or <a href="postconf.5.html#canonical_maps">canonical_maps</a>
to translate these into domain names if necessary. </p>
<li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:<<i>User
Name <user@example.com>></i>". Postfix will ignore the "<i>User
Name</i>" part and deliver to the <i><user@example.com></i> address.
</p>
</ul>
<p> Examples of problems that can be solved with the <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>
feature: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/command_filter
</pre>
<pre>
/etc/postfix/command_filter:
# Work around clients that send malformed HELO commands.
/^HELO\s*$/ HELO domain.invalid
</pre>
<pre>
# Work around clients that send empty lines.
/^\s*$/ NOOP
</pre>
<pre>
# Work around clients that send RCPT TO:<'user@domain'>.
# WARNING: do not lose the parameters that follow the address.
/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2
</pre>
<pre>
# Append XVERP to MAIL FROM commands to request VERP-style delivery.
# See <a href="VERP_README.html">VERP_README</a> for more information on how to use Postfix VERP.
/^(MAIL FROM:<listname@example\.com>.*)/ $1 XVERP
</pre>
<pre>
# Bounce-never mail sink. Use <a href="postconf.5.html#notify_classes">notify_classes</a>=bounce,resource,software
# to send bounced mail to the postmaster (with message body removed).
/^(RCPT\s+TO:<.*>.*)\s+NOTIFY=\S+(.*)/ $1 NOTIFY=NEVER$2
/^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER
</pre>
<p> This feature is available in Postfix 2.7. </p>
</DD>
<DT><b><a name="smtpd_data_restrictions">smtpd_data_restrictions</a>
(default: empty)</b></DT><DD>
<p>
Optional access restrictions that the Postfix SMTP server applies
in the context of the SMTP DATA command.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>
<p>
The following restrictions are valid in this context:
</p>
<ul>
<li><a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
<li>SMTP command specific restrictions described under
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>,
<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<li>However, no recipient information is available in the case of
multi-recipient mail. Acting on only one recipient would be misleading,
because any decision will affect all recipients equally. Acting on
all recipients would require a possibly very large amount of memory,
and would also be misleading for the reasons mentioned before.
</ul>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>
<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a>
</pre>
</DD>
<DT><b><a name="smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a>
(default: yes)</b></DT><DD>
<p> Postpone the start of an SMTP mail transaction until a valid
RCPT TO command is received. Specify "no" to create a mail transaction
as soon as the Postfix SMTP server receives a valid MAIL FROM
command. </p>
<p> With sites that reject lots of mail, the default setting reduces
the use of
disk, CPU and memory resources. The downside is that rejected
recipients are logged with NOQUEUE instead of a mail transaction
ID. This complicates the logfile analysis of multi-recipient mail.
</p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_delay_reject">smtpd_delay_reject</a>
(default: yes)</b></DT><DD>
<p>
Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command before
evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
</p>
<p>
This feature is turned on by default because some clients apparently
mis-behave when the Postfix SMTP server rejects commands before
RCPT TO.
</p>
<p>
The default setting has one major benefit: it allows Postfix to log
recipient address information when rejecting a client name/address
or sender address, so that it is possible to find out whose mail
is being rejected.
</p>
</DD>
<DT><b><a name="smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>
(default: empty)</b></DT><DD>
<p> Lookup tables, indexed by the remote SMTP client address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the Postfix SMTP server will not send in the EHLO response
to a
remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details.
The table is not searched by hostname for robustness reasons. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>
(default: empty)</b></DT><DD>
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP server will not send in the EHLO
response
to a remote SMTP client. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> Notes: </p>
<ul>
<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
this action from being logged. </p>
<li> <p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature
to discard EHLO keywords selectively. </p>
</ul>
</DD>
<DT><b><a name="smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>
(default: empty)</b></DT><DD>
<p> Optional access restrictions that the Postfix SMTP server
applies in the context of the SMTP END-OF-DATA command.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for details and limitations. </p>
</DD>
<DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a>
(default: no)</b></DT><DD>
<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients,
and require that clients use TLS encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a>
this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is therefore off by default. </p>
<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
</DD>
<DT><b><a name="smtpd_error_sleep_time">smtpd_error_sleep_time</a>
(default: 1s)</b></DT><DD>
<p>With Postfix version 2.1 and later: the SMTP server response delay after
a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and
fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering mail.
</p>
<p>With Postfix version 2.0 and earlier: the SMTP server delay before
sending a reject (4xx or 5xx) response, when the client has made
fewer than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors without delivering
mail. </p>
</DD>
<DT><b><a name="smtpd_etrn_restrictions">smtpd_etrn_restrictions</a>
(default: empty)</b></DT><DD>
<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client ETRN command.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p>
The Postfix ETRN implementation accepts only destinations that are
eligible for the Postfix "fast flush" service. See the <a href="ETRN_README.html">ETRN_README</a>
file for details.
</p>
<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>
<p>
The following restrictions are specific to the domain name information
received with the ETRN command.
</p>
<dl>
<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access database for the ETRN domain name
or its parent domains. See the <a href="access.5.html">access(5)</a> manual page for details.
</dd>
</dl>
<p>
Other restrictions that are valid in this context:
</p>
<ul>
<li><a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
<li>SMTP command specific restrictions described under
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
</ul>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
</pre>
</DD>
<DT><b><a name="smtpd_expansion_filter">smtpd_expansion_filter</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
What characters are allowed in $name expansions of RBL reply
templates. Characters not in the allowed set are replaced by "_".
Use C like escapes to specify special characters such as whitespace.
</p>
<p>
This parameter is not subjected to $parameter expansion.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="smtpd_forbidden_commands">smtpd_forbidden_commands</a>
(default: CONNECT, GET, POST)</b></DT><DD>
<p>
List of commands that cause the Postfix SMTP server to immediately
terminate the session with a 221 code. This can be used to disconnect
clients that obviously attempt to abuse the system. In addition to the
commands listed in this parameter, commands that follow the "Label:"
format of message headers will also cause a disconnect.
</p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
</DD>
<DT><b><a name="smtpd_hard_error_limit">smtpd_hard_error_limit</a>
(default: normal: 20, overload: 1)</b></DT><DD>
<p>
The maximal number of errors a remote SMTP client is allowed to
make without delivering mail. The Postfix SMTP server disconnects
when the limit is exceeded. Normally the default limit is 20, but
it changes under overload to just 1. With Postfix 2.5 and earlier,
the SMTP server always allows up to 20 errors by default.
</p>
</DD>
<DT><b><a name="smtpd_helo_required">smtpd_helo_required</a>
(default: no)</b></DT><DD>
<p>
Require that a remote SMTP client introduces itself with the HELO
or EHLO command before sending the MAIL command or other commands
that require EHLO negotiation.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes
</pre>
</DD>
<DT><b><a name="smtpd_helo_restrictions">smtpd_helo_restrictions</a>
(default: empty)</b></DT><DD>
<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client HELO command.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p>
The default is to permit everything.
</p>
<p> Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
simply skip <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> by not sending HELO or EHLO).
</p>
<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>
<p>
The following restrictions are specific to the hostname information
received with the HELO or EHLO command.
</p>
<dl>
<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO
hostname or parent domains, and execute the corresponding action.
Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO). </dd>
<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
the HELO or EHLO hostname, and execute the corresponding action.
Note 1: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists. Note
2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
simply skip <a href="postconf.5.html#check_helo_mx_access">check_helo_mx_access</a> by not sending HELO or EHLO). This
feature is available in Postfix 2.1 and later.
</dd>
<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
for the HELO or EHLO hostname, and execute the corresponding action.
Note 1: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists. Note
2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
simply skip <a href="postconf.5.html#check_helo_ns_access">check_helo_ns_access</a> by not sending HELO or EHLO). This
feature is available in Postfix 2.1 and later.
</dd>
<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt>
<dd>Reject the request when the HELO or EHLO hostname is malformed.
Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce
this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply
skip <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> by not sending HELO or EHLO).
<br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies the response code
for rejected requests (default: 501).</dd>
<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt>
<dd>Reject the request when the HELO or EHLO hostname is not in
fully-qualified domain or address literal form, as required by the
RFC. Note: specify
"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction
(without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply skip
<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a> by not sending HELO or EHLO). <br>
The <a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for
rejected requests (default: 504).</dd>
<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the HELO or EHLO hostname is
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
or a pattern inside "[]" that contains one or more ";"-separated
numbers or number..number ranges (Postfix version 2.8 and later).
If no "<i>=d.d.d.d</i>" is
specified, reject the request when the HELO or EHLO hostname is
listed with any A record under <i>rbl_domain</i>. See the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description for additional RBL related configuration
parameters. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully
enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a
client can simply skip <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> by not sending HELO or
EHLO). This feature is available in Postfix 2.0
and later. </dd>
<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt>
<dd>Reject the request when the HELO or EHLO hostname has no DNS A
or MX record. <br> The <a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> parameter
specifies the numerical response code for rejected requests (default:
450). <br> The <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> parameter
specifies the action after a temporary DNS error (default:
<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully
enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a
client can simply skip <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> by not sending
HELO or EHLO). </dd>
</dl>
<p>
Other restrictions that are valid in this context:
</p>
<ul>
<li> <a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
<li> Client hostname or network address specific restrictions
described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
<li> SMTP command specific restrictions described under
<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When
sender or recipient restrictions are listed under <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>,
they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that
$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> is evaluated at the time of the RCPT TO
command.
</ul>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
</pre>
</DD>
<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a>
(default: 100)</b></DT><DD>
<p>
The maximal number of lines in the Postfix SMTP server command history
before it is flushed upon receipt of EHLO, RSET, or end of DATA.
</p>
</DD>
<DT><b><a name="smtpd_junk_command_limit">smtpd_junk_command_limit</a>
(default: normal: 100, overload: 1)</b></DT><DD>
<p>
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
SMTP client can send before the Postfix SMTP server starts to
increment the error counter with each junk command. The junk
command count is reset after mail is delivered. See also the
<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> and <a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> configuration
parameters. Normally the default limit is 100, but it changes under
overload to just 1. With Postfix 2.5 and earlier, the SMTP server
always allows up to 100 junk commands by default. </p>
</DD>
<DT><b><a name="smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a>
(default: empty)</b></DT><DD>
<p> Enable logging of the named "permit" actions in SMTP server
access lists (by default, the SMTP server logs "reject" actions but
not "permit" actions). This feature does not affect conditional
actions such as "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>". </p>
<p> Specify a list of "permit" action names, "/file/name" or
"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. The
list is matched left to right, and the search stops on the first
match. A "/file/name" pattern is replaced by its contents; a
"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup
key (the lookup result is ignored). Continue long lines by starting
the next line with whitespace. Specify "!pattern" to exclude a name
from the list. </p>
<p> Examples: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Log all "permit" actions.
<a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="DATABASE_README.html#types">static</a>:all
</pre>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Log "<a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a>" only.
<a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a>
</pre>
<p> This feature is available in Postfix 2.10 and later. </p>
</DD>
<DT><b><a name="smtpd_milters">smtpd_milters</a>
(default: empty)</b></DT><DD>
<p> A list of Milter (mail filter) applications for new mail that
arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. Specify space or comma as
separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_noop_commands">smtpd_noop_commands</a>
(default: empty)</b></DT><DD>
<p>
List of commands that the Postfix SMTP server replies to with "250
Ok", without doing any syntax checks and without changing state.
This list overrides any commands built into the Postfix SMTP server.
</p>
</DD>
<DT><b><a name="smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a>
(default: <>)</b></DT><DD>
<p>
The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables instead of the
null sender address.
</p>
</DD>
<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a>
(default: yes)</b></DT><DD>
<p> Attempt to look up the remote SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled. Turning off name lookup reduces delays due to
DNS lookup and increases the maximal inbound delivery rate. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a>
(default: normal: no, overload: yes)</b></DT><DD>
<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a>
time limits, from a
time limit per read or write system call, to a time limit to send
or receive a complete record (an SMTP command line, SMTP response
line, SMTP message content line, or TLS protocol message). This
limits the impact from hostile peers that trickle data one byte at
a time. </p>
<p> Note: when per-record deadlines are enabled, a short timeout
may cause problems with TLS over very slow network connections.
The reasons are that a TLS protocol message can be up to 16 kbytes
long (with TLSv1), and that an entire TLS protocol message must be
sent or received within the per-record deadline. </p>
<p> This feature is available in Postfix 2.9 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"no". </p>
</DD>
<DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a>
(default: 300s)</b></DT><DD>
<p>
The time after which an idle SMTPD policy service connection is
closed.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a>
(default: 1000s)</b></DT><DD>
<p>
The time after which an active SMTPD policy service connection is
closed.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a>
(default: 100s)</b></DT><DD>
<p>
The time limit for connecting to, writing to or receiving from a
delegated SMTPD policy server.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_proxy_ehlo">smtpd_proxy_ehlo</a>
(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
<p>
How the Postfix SMTP server announces itself to the proxy filter.
By default, the Postfix hostname is used.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_proxy_filter">smtpd_proxy_filter</a>
(default: empty)</b></DT><DD>
<p> The hostname and TCP port of the mail filtering proxy server.
The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process.
</p>
<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
"unix:pathname" for a UNIX-domain endpoint. The host can be specified
as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:" are specified, the local machine is
assumed. Pathname interpretation is relative to the Postfix queue
directory. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later. </p>
</DD>
<DT><b><a name="smtpd_proxy_options">smtpd_proxy_options</a>
(default: empty)</b></DT><DD>
<p>
List of options that control how the Postfix SMTP server
communicates with a before-queue content filter. Specify zero or
more of the following, separated by comma or whitespace. </p>
<dl>
<dt><b>speed_adjust</b></dt>
<dd> <p> Do not connect to a before-queue content filter until an entire
message has been received. This reduces the number of simultaneous
before-queue content filter processes. </p>
<p> NOTE 1: A filter must not <i>selectively</i> reject recipients
of a multi-recipient message. Rejecting all recipients is OK, as
is accepting all recipients. </p>
<p> NOTE 2: This feature increases the minimum amount of free queue
space by $<a href="postconf.5.html#message_size_limit">message_size_limit</a>. The extra space is needed to save the
message to a temporary file. </p> </dd>
</dl>
<p>
This feature is available in Postfix 2.7 and later.
</p>
</DD>
<DT><b><a name="smtpd_proxy_timeout">smtpd_proxy_timeout</a>
(default: 100s)</b></DT><DD>
<p>
The time limit for connecting to a proxy filter and for sending or
receiving information. When a connection fails the client gets a
generic error message while more detailed information is logged to
the maillog file.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_recipient_limit">smtpd_recipient_limit</a>
(default: 1000)</b></DT><DD>
<p>
The maximal number of recipients that the Postfix SMTP server
accepts per message delivery request.
</p>
</DD>
<DT><b><a name="smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a>
(default: 1000)</b></DT><DD>
<p> The number of recipients that a remote SMTP client can send in
excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before
the Postfix SMTP server increments the per-session error count
for each excess recipient. </p>
</DD>
<DT><b><a name="smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client RCPT TO command, after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p> With Postfix versions before 2.10, the rules for relay permission
and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>,
resulting in error-prone configuration. As of Postfix 2.10, relay
permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>,
so that a permissive spam blocking policy under
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive
mail relay policy. </p>
<p> For backwards compatibility, sites that migrate from Postfix
versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty
value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p>
<p>
IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify
at least one of the following restrictions. Otherwise Postfix will
refuse to receive mail:
</p>
<blockquote>
<pre>
reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
</pre>
</blockquote>
<blockquote>
<pre>
defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>
</pre>
</blockquote>
<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>
<p>
The following restrictions are specific to the recipient address
that is received with the RCPT TO command.
</p>
<dl>
<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the resolved RCPT
TO address, domain, parent domains, or localpart@, and execute the
corresponding action. </dd>
<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
the RCPT TO domain, and execute the corresponding action. Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
for the RCPT TO domain, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt>
<dd>Permit the request when one of the following is true:
<ul>
<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and the address contains no
sender-specified routing (user@elsewhere@domain),
<li> Postfix is the final destination: the resolved RCPT TO domain
matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and the address
contains no sender-specified routing (user@elsewhere@domain).
</ul></dd>
<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>
<dd>Permit the request when the local mail system is backup MX for
the RCPT TO domain, or when the domain is an authorized destination
(see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition).
<ul>
<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have
sender-specified routing information (example: user@elsewhere@domain).
<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when
access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>.
<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer
accepts the address when the local mail system is primary MX for
the recipient domain. Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address
when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a>
for definition).
<li> Limitation: mail may be rejected in case of a temporary DNS
lookup problem with Postfix prior to version 2.0.
</ul></dd>
<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>
<dd>Reject the request when the RCPT TO address is not in
fully-qualified domain form, as required by the RFC. <br> The
<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for
rejected requests (default: 504). </dd>
<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the RCPT TO domain is listed with the
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
2.1 and later only). Each "<i>d</i>" is a number, or a pattern
inside "[]" that contains one or more ";"-separated numbers or
number..number ranges (Postfix version 2.8 and later). If no
"<i>=d.d.d.d</i>" is specified, reject
the request when the RCPT TO domain is listed with
any A record under <i>rbl_domain</i>. <br> The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a>
parameter specifies the response code for rejected requests (default:
554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter specifies the default server
reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter specifies tables with server
replies indexed by <i>rbl_domain</i>. This feature is available
in Postfix version 2.0 and later.</dd>
<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt>
<dd>Reject the request unless one of the following is true:
<ul>
<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and contains no sender-specified
routing (user@elsewhere@domain),
<li> Postfix is the final destination: the resolved RCPT TO domain
matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and contains
no sender-specified routing (user@elsewhere@domain).
</ul>The <a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> parameter specifies the response
code for rejected requests (default: 554). </dd>
<dt><b><a name="defer_unauth_destination">defer_unauth_destination</a></b></dt>
<dd> Reject the same requests as <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>, with a
non-permanent error code. This feature is available in Postfix
2.10 and later.</dd>
<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>
<dd>Reject the request when Postfix is not final destination for
the recipient domain, and the RCPT TO domain has 1) no DNS A or MX
record or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later). <br> The
<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical
response code for rejected requests (default: 450). The response
is always 450 in case of a temporary DNS error. <br> The
<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action
after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd>
<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt>
<dd> Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the
<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> parameter description for details.
This feature is available in Postfix 2.1 and later.</dd>
<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt>
<dd>Reject the request when mail to the RCPT TO address is known
to bounce, or when the recipient address destination is not reachable.
Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server;
see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The
<a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter specifies the numerical
response code when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do so).
<br>The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter specifies the
numerical response code when an address probe failed due to a
temporary problem (default: 450). <br> The
<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action
after address probe failure due to a temporary problem (default:
<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available in Postfix 2.1
and later. </dd>
</dl>
<p>
Other restrictions that are valid in this context:
</p>
<ul>
<li><a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
<li>SMTP command specific restrictions described under
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>.
</ul>
<p>
Example:
</p>
<pre>
# The Postfix before 2.10 default mail relay policy. Later Postfix
# versions implement this preferably with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
</pre>
</DD>
<DT><b><a name="smtpd_reject_footer">smtpd_reject_footer</a>
(default: empty)</b></DT><DD>
<p> Optional information that is appended after each Postfix SMTP
server
4XX or 5XX response. </p>
<p> The following example uses "\c" at the start of the template
(supported in Postfix 2.10 and later) to suppress the line break
between the reply text and the footer text. With earlier Postfix
versions, the footer text always begins on a new line, and the "\c"
is output literally. </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = \c. For assistance, call 800-555-0101.
Please provide the following information in your problem report:
time ($localtime), client ($client_address) and server
($server_name).
</pre>
<p> Server response: </p>
<pre>
550-5.5.1 <user@example> Recipient address rejected: User
unknown. For assistance, call 800-555-0101. Please provide the
following information in your problem report: time (Jan 4 15:42:00),
client (192.168.1.248) and server (mail1.example.com).
</pre>
<p> Note: the above text is meant to make it easier to find the
Postfix logfile records for a failed SMTP session. The text itself
is not logged to the Postfix SMTP server's maillog file. </p>
<p> Be sure to keep the text as short as possible. Long text may
be truncated before it is logged to the remote SMTP client's maillog
file, or before it is returned to the sender in a delivery status
notification. </p>
<p> This feature supports a limited number of $name attributes in
the footer text. These are replaced by their current value for the
SMTP session: </p>
<dl>
<dt> <b>client_address</b> </dt> <dd> The Client IP address that
is logged in the maillog file. </dd>
<dt> <b>client_port</b> </dt> <dd> The client TCP port that is
logged in the maillog file. </dd>
<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd
hh:mm:ss) that is logged in the maillog file. </dd>
<dt> <b>server_name</b> </dt> <dd> The server's <a href="postconf.5.html#myhostname">myhostname</a> value.
This attribute is made available for sites with multiple MTAs
(perhaps behind a load-balancer), where the server name can help
the server support team to quickly find the right log files. </dd>
</dl>
<p> Notes: </p>
<ul>
<li> <p> NOT SUPPORTED are other attributes such as sender, recipient,
or <a href="postconf.5.html">main.cf</a> parameters. </p>
<li> <p> For safety reasons, text that does not match
$<a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> is censored. </p>
</ul>
<p> This feature supports the two-character sequence \n as a request
for a line break in the footer text. Postfix automatically inserts
after each line break the three-digit SMTP reply code (and optional
enhanced status code) from the original Postfix reject message.
</p>
<p> To work around mail software that mis-handles multi-line replies,
specify the two-character sequence \c at the start of the template.
This suppresses the line break between the reply text and the footer
text (Postfix 2.10 and later). </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a>
(default: yes)</b></DT><DD>
<p>
Request that the Postfix SMTP server rejects mail for unknown
recipient addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a>
access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER-DAEMON messages.
</p>
<p> An address is always considered "known" when it matches a
<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping.
<ul>
<li> The recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The recipient domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
is not null.
<li> The recipient domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the recipient
is not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>
is not null.
</ul>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a>
(default: no)</b></DT><DD>
<p> Request that the Postfix SMTP server rejects mail from unknown
sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses. </p>
<p> An address is always considered "known" when it matches a
<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping.
<ul>
<li> The sender domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the sender is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the sender
is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The sender domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
sender is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
is not null.
<li> The sender domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the sender is
not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> is
not null.
</ul>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_relay_restrictions">smtpd_relay_restrictions</a>
(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b></DT><DD>
<p> Access restrictions for mail relay control that the Postfix
SMTP server applies in the context of the RCPT TO command, before
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p> With Postfix versions before 2.10, the rules for relay permission
and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>,
resulting in error-prone configuration. As of Postfix 2.10, relay
permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>,
so that a permissive spam blocking policy under
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive
mail relay policy. </p>
<p> For backwards compatibility, sites that migrate from Postfix
versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty
value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p>
<p>
By default, the Postfix SMTP server accepts:
</p>
<ul>
<li> Mail from clients whose IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>, or:
<li> Mail to remote destinations that match $<a href="postconf.5.html#relay_domains">relay_domains</a>, except
for addresses that contain sender-specified routing
(user@elsewhere@domain), or:
<li> Mail to local destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
</ul>
<p>
IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify
at least one of the following restrictions. Otherwise Postfix will
refuse to receive mail:
</p>
<blockquote>
<pre>
reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
</pre>
</blockquote>
<blockquote>
<pre>
defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>
</pre>
</blockquote>
<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
The same restrictions are available as documented under
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
</p>
<p> This feature is available in Postix 2.10 and later. </p>
</DD>
<DT><b><a name="smtpd_restriction_classes">smtpd_restriction_classes</a>
(default: empty)</b></DT><DD>
<p>
User-defined aliases for groups of access restrictions. The aliases
can be specified in <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> etc., and on the
right-hand side of a Postfix <a href="access.5.html">access(5)</a> table.
</p>
<p>
One major application is for implementing per-recipient UCE control.
See the <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a> document for other examples.
</p>
</DD>
<DT><b><a name="smtpd_sasl_application_name">smtpd_sasl_application_name</a>
(default: smtpd)</b></DT><DD>
<p>
The application name that the Postfix SMTP server uses for SASL
server initialization. This
controls the name of the SASL configuration file. The default value
is <b>smtpd</b>, corresponding to a SASL configuration file named
<b>smtpd.conf</b>.
</p>
<p>
This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.
</p>
</DD>
<DT><b><a name="smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a>
(default: no)</b></DT><DD>
<p>
Enable SASL authentication in the Postfix SMTP server. By default,
the Postfix SMTP server does not use authentication.
</p>
<p>
If a remote SMTP client is authenticated, the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
access restriction can be used to permit relay access, like this:
</p>
<blockquote>
<pre>
# With Postfix 2.10 and later, the mail relay policy is
# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ...
</pre>
<pre>
# With Postfix before 2.10, the relay policy can be
# specified only under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ...
</pre>
</blockquote>
<p> To reject all SMTP connections from unauthenticated clients,
specify "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (which is the default) and use:
</p>
<blockquote>
<pre>
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, reject
</pre>
</blockquote>
<p>
See the <a href="SASL_README.html">SASL_README</a> file for SASL configuration and operation details.
</p>
</DD>
<DT><b><a name="smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a>
(default: no)</b></DT><DD>
<p> Report the SASL authenticated user name in the <a href="smtpd.8.html">smtpd(8)</a> Received
message header. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a>
(default: empty)</b></DT><DD>
<p>
What remote SMTP clients the Postfix SMTP server will not offer
AUTH support to.
</p>
<p>
Some clients (Netscape 4 at least) have a bug that causes them to
require a login and password whenever AUTH is offered, whether it's
necessary or not. To work around this, specify, for example,
$<a href="postconf.5.html#mynetworks">mynetworks</a> to prevent Postfix from offering AUTH to local clients.
</p>
<p>
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also "/file/name" or
"<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" pattern is replaced by its
contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry
matches a lookup string (the lookup result is ignored). Continue
long lines by starting the next line with whitespace. Specify
"!pattern" to exclude an address or network block from the list.
The form "!/file/name" is supported only in Postfix version 2.4 and
later. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
</pre>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="smtpd_sasl_local_domain">smtpd_sasl_local_domain</a>
(default: empty)</b></DT><DD>
<p>
The name of the Postfix SMTP server's local SASL authentication
realm.
</p>
<p>
By default, the local authentication realm name is the null string.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
</pre>
</DD>
<DT><b><a name="smtpd_sasl_path">smtpd_sasl_path</a>
(default: smtpd)</b></DT><DD>
<p> Implementation-specific information that the Postfix SMTP server
passes through to
the SASL plug-in implementation that is selected with
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a></b>. </p>
</DD>
<DT><b><a name="smtpd_sasl_security_options">smtpd_sasl_security_options</a>
(default: noanonymous)</b></DT><DD>
<p> Postfix SMTP server SASL security options; as of Postfix 2.3
the list of available
features depends on the SASL server implementation that is selected
with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. </p>
<p> The following security features are defined for the <b>cyrus</b>
server SASL implementation: </p>
<p>
Restrict what authentication mechanisms the Postfix SMTP server
will offer to the client. The list of available authentication
mechanisms is system dependent.
</p>
<p>
Specify zero or more of the following:
</p>
<dl>
<dt><b>noplaintext</b></dt>
<dd>Disallow methods that use plaintext passwords. </dd>
<dt><b>noactive</b></dt>
<dd>Disallow methods subject to active (non-dictionary) attack. </dd>
<dt><b>nodictionary</b></dt>
<dd>Disallow methods subject to passive (dictionary) attack. </dd>
<dt><b>noanonymous</b></dt>
<dd>Disallow methods that allow anonymous authentication. </dd>
<dt><b>forward_secrecy</b></dt>
<dd>Only allow methods that support forward secrecy (Dovecot only).
</dd>
<dt><b>mutual_auth</b></dt>
<dd>Only allow methods that provide mutual authentication (not available
with Cyrus SASL version 1). </dd>
</dl>
<p>
By default, the Postfix SMTP server accepts plaintext passwords but
not anonymous logins.
</p>
<p>
Warning: it appears that clients try authentication methods in the
order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5)
which means that if you disable plaintext passwords, clients will
log in anonymously, even when they should be able to use CRAM-MD5.
So, if you disable plaintext logins, disable anonymous logins too.
Postfix treats anonymous login as no authentication.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous, noplaintext
</pre>
</DD>
<DT><b><a name="smtpd_sasl_service">smtpd_sasl_service</a>
(default: smtp)</b></DT><DD>
<p> The service name that is passed to the SASL plug-in that is
selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>.
</p>
<p> This feature is available in Postfix 2.11 and later. Prior
versions behave as if "<b>smtp</b>" is specified. </p>
</DD>
<DT><b><a name="smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a>
(default: $<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b></DT><DD>
<p> The SASL authentication security options that the Postfix SMTP
server uses for TLS encrypted SMTP sessions. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_sasl_type">smtpd_sasl_type</a>
(default: cyrus)</b></DT><DD>
<p> The SASL plug-in type that the Postfix SMTP server should use
for authentication. The available types are listed with the
"<b>postconf -a</b>" command. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_sender_login_maps">smtpd_sender_login_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional lookup table with the SASL login names that own sender
(MAIL FROM) addresses.
</p>
<p>
Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. With lookups from
indexed files such as DB or DBM, or from networked tables such as
NIS, LDAP or SQL, the following search operations are done with a
sender address of <i>user@domain</i>: </p>
<dl>
<dt> 1) <i>user@domain</i> </dt>
<dd>This table lookup is always done and has the highest precedence. </dd>
<dt> 2) <i>user</i> </dt>
<dd>This table lookup is done only when the <i>domain</i> part of the
sender address matches $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </dd>
<dt> 3) <i>@domain</i> </dt>
<dd>This table lookup is done last and has the lowest precedence. </dd>
</dl>
<p>
In all cases the result of table lookup must be either "not found"
or a list of SASL login names separated by comma and/or whitespace.
</p>
</DD>
<DT><b><a name="smtpd_sender_restrictions">smtpd_sender_restrictions</a>
(default: empty)</b></DT><DD>
<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client MAIL FROM command.
See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>
<p>
The default is to permit everything.
</p>
<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>
<p>
The following restrictions are specific to the sender address
received with the MAIL FROM command.
</p>
<dl>
<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MAIL FROM
address, domain, parent domains, or localpart@, and execute the
corresponding action. </dd>
<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
the MAIL FROM address, and execute the corresponding action. Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
for the MAIL FROM address, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for
authenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>
<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
<dd>Apply the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction only to MAIL
FROM addresses that are known in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>. This
feature is available in Postfix version 2.11 and later. </dd>
<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
<dd>Reject the request when the MAIL FROM address is not in
fully-qualified domain form, as required by the RFC. <br> The
<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for
rejected requests (default: 504). </dd>
<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the MAIL FROM domain is listed with
the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix
version 2.1 and later only). Each "<i>d</i>" is a number, or a
pattern inside "[]" that contains one or more ";"-separated numbers
or number..number ranges (Postfix version 2.8 and later). If no
"<i>=d.d.d.d</i>" is specified,
reject the request when the MAIL FROM domain is
listed with any A record under <i>rbl_domain</i>. <br> The
<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for
rejected requests (default: 554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter
specifies the default server reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter
specifies tables with server replies indexed by <i>rbl_domain</i>.
This feature is available in Postfix 2.0 and later.</dd>
<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>
<dd>Reject the request when $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> specifies an
owner for the MAIL FROM address, but the client is not (SASL) logged
in as that MAIL FROM address owner; or when the client is (SASL)
logged in, but the client login name doesn't own the MAIL FROM
address according to $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.</dd>
<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for
unauthenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>
<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
<dd>Reject the request when Postfix is not final destination for
the sender address, and the MAIL FROM domain has 1) no DNS A or MX
record, or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later). <br> The
<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical
response code for rejected requests (default: 450). The response
is always 450 in case of a temporary DNS error. <br> The
<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action
after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd>
<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt>
<dd>Reject the request when the MAIL FROM address is not listed in
the list of valid recipients for its domain class. See the
<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> parameter description for details.
This feature is available in Postfix 2.1 and later.</dd>
<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt>
<dd>Reject the request when mail to the MAIL FROM address is known to
bounce, or when the sender address destination is not reachable.
Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server;
see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The
<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter specifies the numerical
response code when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do so).
<br>The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the numerical response
code when an address probe failed due to a temporary problem
(default: 450). <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter
specifies the action after address probe failure due to a temporary
problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available
in Postfix 2.1 and later. </dd>
</dl>
<p>
Other restrictions that are valid in this context:
</p>
<ul>
<li> <a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
<li> SMTP command specific restrictions described under
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
<li> SMTP command specific restrictions described under
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When recipient restrictions are listed
under <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, they have effect only with
"<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> is
evaluated at the time of the RCPT TO command.
</ul>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>,
<a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access
</pre>
</DD>
<DT><b><a name="smtpd_service_name">smtpd_service_name</a>
(default: smtpd)</b></DT><DD>
<p> The internal service that <a href="postscreen.8.html">postscreen(8)</a> hands off allowed
connections to. In a future version there may be different
classes of SMTP service. </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="smtpd_soft_error_limit">smtpd_soft_error_limit</a>
(default: 10)</b></DT><DD>
<p>
The number of errors a remote SMTP client is allowed to make without
delivering mail before the Postfix SMTP server slows down all its
responses.
</p>
<ul>
<li><p>With Postfix version 2.1 and later, the Postfix SMTP server
delays all responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> seconds. </p>
<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP
server delays all responses by (number of errors) seconds. </p>
</ul>
</DD>
<DT><b><a name="smtpd_starttls_timeout">smtpd_starttls_timeout</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The time limit for Postfix SMTP server write and read operations
during TLS startup and shutdown handshake procedures. The current
default value is stress-dependent. Before Postfix version 2.8, it
was fixed at 300s. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_timeout">smtpd_timeout</a>
(default: normal: 300s, overload: 10s)</b></DT><DD>
<p>
The time limit for sending a Postfix SMTP server response and for
receiving a remote SMTP client request. Normally the default limit
is 300s, but it changes under overload to just 10s. With Postfix
2.5 and earlier, the SMTP server always uses a time limit of 300s
by default.
</p>
<p>
Note: if you set SMTP time limits to very large values you may have
to update the global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="smtpd_tls_CAfile">smtpd_tls_CAfile</a>
(default: empty)</b></DT><DD>
<p> A file containing (PEM format) CA certificates of root CAs trusted
to sign either remote SMTP client certificates or intermediate CA
certificates. These are loaded into memory before the <a href="smtpd.8.html">smtpd(8)</a> server
enters the chroot jail. If the number of trusted roots is large, consider
using <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> instead, but note that the latter directory must
be present in the chroot jail if the <a href="smtpd.8.html">smtpd(8)</a> server is chrooted. This
file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file. </p>
<p> Specify "<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /path/to/system_CA_file" to use ONLY
the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are not
requested, and <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> should remain empty. If you do make use
of client certificates, the distinguished names (DNs) of the certificate
authorities listed in <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the remote SMTP client
in the client certificate request message. MUAs with multiple client
certificates may use the list of preferred certificate authorities
to select the correct client certificate. You may want to put your
"preferred" CA or CAs in this file, and install other trusted CAs in
$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_CApath">smtpd_tls_CApath</a>
(default: empty)</b></DT><DD>
<p> A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate CA
certificates. Do not forget to create the necessary "hash" links with,
for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>
<p> Specify "<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are
not requested, and <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> should remain empty. In contrast
to <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, DNs of certificate authorities installed
in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> are not included in the client certificate
request message. MUAs with multiple client certificates may use the
list of preferred certificate authorities to select the correct
client certificate. You may want to put your "preferred" CA or
CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, and install the remaining trusted CAs in
$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>
(default: yes)</b></DT><DD>
<p> Force the Postfix SMTP server to issue a TLS session id, even
when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>
is empty). This behavior is compatible with Postfix < 2.3. </p>
<p> With Postfix 2.3 and later the Postfix SMTP server can disable
session id generation when TLS session caching is turned off. This
keeps remote SMTP clients from caching sessions that almost certainly cannot
be re-used. </p>
<p> By default, the Postfix SMTP server always generates TLS session
ids. This works around a known defect in mail client applications
such as MS Outlook, and may also prevent interoperability issues
with other MTAs. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> = no
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>
(default: no)</b></DT><DD>
<p> Ask a remote SMTP client for a client certificate. This
information is needed for certificate based mail relaying with,
for example, the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. </p>
<p> Some clients such as Netscape will either complain if no
certificate is available (for the list of CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)
or will offer multiple client certificates to choose from. This
may be annoying, so this option is "off" by default. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_auth_only">smtpd_tls_auth_only</a>
(default: no)</b></DT><DD>
<p> When TLS encryption is optional in the Postfix SMTP server, do
not announce or accept SASL authentication over unencrypted
connections. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>
(default: 9)</b></DT><DD>
<p> The verification depth for remote SMTP client certificates. A
depth of 1 is sufficient if the issuing CA is listed in a local CA
file. </p>
<p> The default verification depth is 9 (the OpenSSL default) for
compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
the default value was 5, but the limit was not actually enforced. If
you have set this to a lower non-default value, certificates with longer
trust chains may now fail to verify. Certificate chains with 1 or 2
CAs are common, deeper chains are more rare and any number between 5
and 9 should suffice in practice. You can choose a lower number if,
for example, you trust certificates directly signed by an issuing CA
but not any CAs it delegates to. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_cert_file">smtpd_tls_cert_file</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server RSA certificate in PEM format.
This file may also contain the Postfix SMTP server private RSA key. </p>
<p> Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
self-signed or private-CA signed certificate. The client will not be
able to authenticate the server, but unless it is running Postfix 2.3 or
similar software, it will still insist on a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
2.3 supports configurations with no certificates. This entails the
use of just the anonymous TLS ciphers, which are not supported by
typical SMTP clients. Since such clients will not, as a rule, fall
back to plain text after a TLS handshake failure, the server will
be unable to receive email from TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly
sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. When both types
are present, the cipher used determines which certificate will be
presented to the client. For Netscape and OpenSSL clients without
special cipher choices the RSA certificate is preferred. </p>
<p> To enable a remote SMTP client to verify the Postfix SMTP server
certificate, the issuing CA certificates must be made available to the
client. You should include the required certificates in the server
certificate file, the server certificate first, then the issuing
CA(s) (bottom-up order). </p>
<p> Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem > server.pem". </p>
<p> If you also want to verify client certificates issued by these
CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which
case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> or
<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
<p> A certificate supplied here must be usable as an SSL server certificate
and hence pass the "openssl verify -purpose sslserver ..." test. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_cipherlist">smtpd_tls_cipherlist</a>
(default: empty)</b></DT><DD>
<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
cipher list. It is easy to create inter-operability problems by choosing
a non-default cipher list. Do not use a non-default TLS cipherlist for
MX hosts on the public Internet. Clients that begin the TLS handshake,
but are unable to agree on a common cipher, may not be able to send any
email to the SMTP server. Using a restricted cipher list may be more
appropriate for a dedicated MSA or an internal mailhub, where one can
exert some control over the TLS software and settings of the connecting
clients. </p>
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
<p>This feature is available with Postfix version 2.2. It is not used with
Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p>
</DD>
<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a>
(default: export)</b></DT><DD>
<p> The minimum TLS cipher grade that the Postfix SMTP server
will use with opportunistic TLS encryption. Cipher types listed in
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition of
the selected cipher grade. The default value "export" ensures maximum
inter-operability. Because encryption is optional, stronger controls
are not appropriate, and this setting SHOULD NOT be changed unless the
change is essential. </p>
<p> When TLS is mandatory the cipher grade is chosen via the
<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter, see there for syntax
details. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = export
</pre>
<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
releases only the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> parameter is implemented,
and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
</DD>
<DT><b><a name="smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server DSA certificate in PEM format.
This file may also contain the Postfix SMTP server private DSA key. </p>
<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details.
</p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
(default: empty)</b></DT><DD>
<p> File with DH parameters that the Postfix SMTP server should
use with non-export EDH ciphers. </p>
<p> Instead of using the exact same parameter sets as distributed
with other TLS packages, it is more secure to generate your own
set of parameters with something like the following commands: </p>
<blockquote>
<pre>
openssl dhparam -out /etc/postfix/dh512.pem 512
openssl dhparam -out /etc/postfix/dh1024.pem 1024
openssl dhparam -out /etc/postfix/dh2048.pem 2048
</pre>
</blockquote>
<p> It is safe to share the same DH parameters between multiple
Postfix instances. If you prefer, you can generate separate
parameters for each instance. </p>
<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh2048.pem
</pre>
<p>This feature is available with Postfix version 2.2.</p>
</DD>
<DT><b><a name="smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>
(default: empty)</b></DT><DD>
<p> File with DH parameters that the Postfix SMTP server should
use with export-grade EDH ciphers. </p>
<p> See also the discussion under the <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
configuration parameter. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem
</pre>
<p>This feature is available with Postfix version 2.2.</p>
</DD>
<DT><b><a name="smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP server DSA private key in PEM format.
This file may be combined with the Postfix SMTP server DSA certificate
file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server ECDSA certificate in PEM format.
This file may also contain the Postfix SMTP server private ECDSA key. </p>
<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/ecdsa-scert.pem
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
<DT><b><a name="smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP server ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP server ECDSA certificate
file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
<DT><b><a name="smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The Postfix SMTP server security grade for ephemeral elliptic-curve
Diffie-Hellman (EECDH) key exchange. </p>
<p> The available choices are: </p>
<dl>
<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key
exchange will be disabled. This is the default in Postfix versions
2.6 and 2.7. </dd>
<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128
bits of security at a reasonable computational cost. This is the
current best-practice trade-off between security and computational
efficiency. This is the default in Postfix version 2.8 and later.
</dd>
<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of
security at computational cost that is approximately twice as high
as 128 bit strength ECC. Barring significant progress in attacks on
elliptic curve crypto-systems, the "strong" curve is sufficient for most
users. </dd>
</dl>
<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 1.0.0 or later on platforms
where EC algorithms have not been disabled by the vendor. </p>
</DD>
<DT><b><a name="smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> List of ciphers or cipher types to exclude from the SMTP server
cipher list at all TLS security levels. Excluding valid ciphers
can create interoperability problems. DO NOT exclude ciphers unless it
is essential to do so. This is not an OpenSSL cipherlist; it is a simple
list separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which case
only ciphers matching <b>all</b> the properties are excluded. </p>
<p> Examples (some of these will cause problems): </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = MD5, DES
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = DES+MD5
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = kEDH+aRSA
</pre>
</blockquote>
<p> The first setting disables anonymous ciphers. The next setting
disables ciphers that use the MD5 digest algorithm or the (single) DES
encryption algorithm. The next setting disables ciphers that use MD5 and
DES together. The next setting disables the two ciphers "AES256-SHA"
and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
key exchange with RSA authentication. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>
(default: md5)</b></DT><DD>
<p> The message digest algorithm to construct remote SMTP
client-certificate
fingerprints or public key fingerprints (Postfix 2.9 and later)
for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>. The
default algorithm is <b>md5</b>, for backwards compatibility with Postfix
releases prior to 2.5. </p>
<p> Advances in hash
function cryptanalysis have led to md5 being deprecated in favor of sha1.
However, as long as there are no known "second pre-image" attacks
against md5, its use in this context can still be considered safe.
</p>
<p> While additional digest algorithms are often available with OpenSSL's
libcrypto, only those used by libssl in SSL cipher suites are available to
Postfix. </p>
<p> To find the fingerprint of a specific certificate file, with a
specific digest algorithm, run: </p>
<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem
</pre>
</blockquote>
<p> The text to the right of "=" sign is the desired fingerprint.
For example: </p>
<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -sha1 -in cert.pem
SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
</pre>
</blockquote>
<p> To extract the public key fingerprint from an X.509 certificate,
you need to extract the public key from the certificate and compute
the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
the "-pubkey" option of the "x509" command extracts the public
key always in "PEM" format. We pipe the result to another OpenSSL
command that converts the key to DER and then to the "dgst" command
to compute the fingerprint. </p>
<p> The actual command to transform the key to DER format depends
on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
"pkey" command supports all key types. With OpenSSL 0.9.8 and
earlier, the key type is always RSA (nobody uses DSA, and EC
keys are not fully supported by 0.9.8), so the "rsa" command is
used. </p>
<blockquote>
<pre>
# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
openssl pkey -pubin -outform DER |
openssl dgst -sha1 -c
(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
</pre>
</blockquote>
<blockquote>
<pre>
# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
openssl rsa -pubin -outform DER |
openssl dgst -md5 -c
(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
</pre>
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
fingerprint incorrectly. To use public-key fingerprints, upgrade
to Postfix 2.9.6 or later. </p>
<p> Example: client-certificate access table, with sha1 fingerprints: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> = sha1
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
<a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access,
reject
</pre>
<pre>
/etc/postfix/access:
# Action folded to next line...
AF:88:7C:AD:51:95:6F:36:96:F6:01:FB:2E:48:CD:AB:49:25:A2:3B
OK
85:16:78:FD:73:6E:CE:70:E0:31:5F:0D:3C:C8:6D:C4:2C:24:59:E1
<a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a>
</pre>
</blockquote>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_key_file">smtpd_tls_key_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP server RSA private key in PEM format.
This file may be combined with the Postfix SMTP server RSA certificate
file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>
</DD>
<DT><b><a name="smtpd_tls_loglevel">smtpd_tls_loglevel</a>
(default: 0)</b></DT><DD>
<p> Enable additional Postfix SMTP server logging of TLS activity.
Each logging level also includes the information that is logged at
a lower logging level. </p>
<dl compact>
<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion
— no logging of remote SMTP client certificate trust-chain verification
errors
if client certificate verification is not required. With Postfix 2.8
and earlier, disable logging of TLS activity. </dd>
<dt> </dt> <dd> 1 Also log trust-chain verification errors and peer
certificate name and issuer. With Postfix 2.8 and earlier, log TLS
handshake and certificate information. </dd>
<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd>
<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation
process. </dd>
<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete
transmission after STARTTLS. </dd>
</dl>
<p> Do not use "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 2" or higher except in case
of problems. Use of loglevel 4 is strongly discouraged. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>
(default: medium)</b></DT><DD>
<p> The minimum TLS cipher grade that the Postfix SMTP server will
use with mandatory TLS encryption. The default grade ("medium") is
sufficiently strong that any benefit from globally restricting TLS
sessions to a more stringent grade is likely negligible, especially
given the fact that many implementations still do not offer any stronger
("high" grade) ciphers, while those that do, will always use "high"
grade ciphers. So insisting on "high" grade ciphers is generally
counter-productive. Allowing "export" or "low" ciphers is typically
not a good idea, as systems limited to just these are limited to
obsolete browsers. No known SMTP clients fail to support at least
one "medium" or "high" grade cipher. </p>
<p> The following cipher grades are supported: </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers.
This is the most appropriate setting for public MX hosts, and is always
used with opportunistic TLS encryption. The underlying cipherlist
is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter,
which you are strongly encouraged to not change. </dd>
<dt><b>low</b></dt>
<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The
underlying cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a>
configuration parameter, which you are strongly encouraged to
not change. </dd>
<dt><b>medium</b></dt>
<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit
or longer symmetric bulk-encryption keys. This is the default minimum
strength for mandatory TLS encryption. The underlying cipherlist is
specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which
you are strongly encouraged to not change. </dd>
<dt><b>high</b></dt>
<dd> Enable only "HIGH" grade OpenSSL ciphers. The
underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a>
configuration parameter, which you are strongly encouraged to
not change. </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption. This setting is only appropriate in the rare
case that all clients are prepared to use NULL ciphers (not normally
enabled in TLS clients). The underlying cipherlist is specified via the
<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly
encouraged to not change. </dd>
</dl>
<p> Cipher types listed in
<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are
excluded from the base definition of the selected cipher grade. See
<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> for cipher controls that apply to opportunistic
TLS. </p>
<p> The underlying cipherlists for grades other than "null" include
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for remote SMTP client certificates. You are very
unlikely to need to take any steps to exclude anonymous ciphers, they
are excluded automatically as required. If you must exclude anonymous
ciphers even when Postfix does not need or use peer certificates, set
"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only
when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> Additional list of ciphers or cipher types to exclude from the
Postfix SMTP server cipher list at mandatory TLS security levels.
This list
works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>
(see there for syntax details). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
(default: !SSLv2)</b></DT><DD>
<p> The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. If the list is empty, the server supports
all available SSL/TLS protocol versions. A non-empty value is a
list of protocol names separated by whitespace, commas or colons.
The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
are not case sensitive. </p>
<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled. The latest patch levels of Postfix ≥ 2.6, and all
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
<p> Since SSL version 2 has known protocol weaknesses and is now
deprecated, the default setting excludes "SSLv2". This means that
by default, SSL version 2 will not be used at the "encrypt" security
level. </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix ≥ 2.5:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
# Legacy syntax:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
(default: empty)</b></DT><DD>
<p> List of TLS protocols that the Postfix SMTP server will exclude
or include with opportunistic TLS encryption. This parameter SHOULD
be left at its default empty value, allowing all protocols to be
used with opportunistic TLS. A non-empty value is a list of protocol
names separated by whitespace, commas or colons. The supported
protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
sensitive. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 even for opportunistic TLS set
"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_received_header">smtpd_tls_received_header</a>
(default: no)</b></DT><DD>
<p> Request that the Postfix SMTP server produces Received: message
headers that include information about the protocol and cipher used,
as well as the remote SMTP client CommonName and client certificate issuer
CommonName. This is disabled by default, as the information may
be modified in transit through other mail servers. Only information
that was recorded by the final destination can be trusted. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>
(default: no)</b></DT><DD>
<p> With mandatory TLS encryption, require a trusted remote SMTP client
certificate in order to allow TLS connections to proceed. This
option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p>
<p> When TLS encryption is optional, this setting is ignored with
a warning written to the mail log. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a>
(default: empty)</b></DT><DD>
<p> The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with
"<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes". </p>
<p> Specify one of the following security levels: </p>
<dl>
<dt><b>none</b></dt> <dd> TLS will not be used. </dd>
<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
to remote SMTP clients, but do not require that clients use TLS encryption.
</dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to remote SMTP clients, and require that clients use TLS
encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced SMTP server. Instead, this option should
be used only on dedicated servers. </dd>
</dl>
<p> Note 1: the "fingerprint", "verify" and "secure" levels are not
supported here.
The Postfix SMTP server logs a warning and uses "encrypt" instead.
To verify remote SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion
of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
features. </p>
<p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> =
encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p>
<p> Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>
(default: empty)</b></DT><DD>
<p> Name of the file containing the optional Postfix SMTP server
TLS session cache. Specify a database type that supports enumeration,
such as <b>btree</b> or <b>sdbm</b>; there is no need to support
concurrent access. The file is created if it does not exist. The <a href="smtpd.8.html">smtpd(8)</a>
daemon does not use this parameter directly, rather the cache is
implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that
per-smtpd-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not
effective. Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a>
daemon: $<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to be
stored separately. It is not at this time possible to store multiple
caches in a single database. </p>
<p> Note: <b>dbm</b> databases are not suitable. TLS
session objects are too large. </p>
<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file. The file should now be stored under the Postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtpd_scache
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>
(default: 3600s)</b></DT><DD>
<p> The expiration time of Postfix SMTP server TLS session cache
information. A cache cleanup is performed periodically
every $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> seconds. As with
$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, this parameter is implemented in the
<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtpd-instance <a href="master.5.html">master.cf</a> overrides
are not possible. </p>
<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set
≤ 0, session caching is disabled, not just via the database, but
also via <a href="http://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side
storage. If set to a positive value less than 2 minutes, the minimum
value of 2 minutes is used instead. TLS session tickets require
an OpenSSL library (at least version 0.9.8h) that provides full
support for this TLS extension. </p>
<p> This feature is available in Postfix 2.2 and later, and updated
for TLS session ticket support in Postfix 2.11. </p>
</DD>
<DT><b><a name="smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>
(default: no)</b></DT><DD>
<p> Run the Postfix SMTP server in the non-standard "wrapper" mode,
instead of using the STARTTLS command. </p>
<p> If you want to support this service, enable a special port in
<a href="master.5.html">master.cf</a>, and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes" on the SMTP
server's command line. Port 465 (smtps) was once chosen for this
purpose. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a>
(default: empty)</b></DT><DD>
<p> The name of the proxy protocol used by an optional before-smtpd
proxy agent. When a proxy agent is used, this protocol conveys local
and remote address and port information. Specify
"<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> = haproxy" to enable the haproxy
protocol. </p>
<p> NOTE: To use the nginx proxy with <a href="smtpd.8.html">smtpd(8)</a>, enable the XCLIENT
protocol with <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a>. This supports SASL
authentication in the proxy agent (Postfix 2.9 and later). <p>
<p> This feature is available in Postfix 2.10 and later. </p>
</DD>
<DT><b><a name="smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a>
(default: 5s)</b></DT><DD>
<p> The time limit for the proxy protocol specified with the
<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter. </p>
<p> This feature is available in Postfix 2.10 and later. </p>
</DD>
<DT><b><a name="smtpd_use_tls">smtpd_use_tls</a>
(default: no)</b></DT><DD>
<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. </p>
<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
</DD>
<DT><b><a name="soft_bounce">soft_bounce</a>
(default: no)</b></DT><DD>
<p>
Safety net to keep mail queued that would otherwise be returned to
the sender. This parameter disables locally-generated bounces,
changes the handling of negative responses from remote servers,
content filters or plugins,
and prevents the Postfix SMTP server from rejecting mail permanently
by changing 5xx reply codes into 4xx. However, <a href="postconf.5.html#soft_bounce">soft_bounce</a> is no
cure for address rewriting mistakes or mail routing mistakes.
</p>
<p>
Note: "<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes" is in some cases implemented by modifying
server responses. Therefore, the response that Postfix logs may
differ from the response that Postfix actually sends or receives.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes
</pre>
</DD>
<DT><b><a name="stale_lock_time">stale_lock_time</a>
(default: 500s)</b></DT><DD>
<p>
The time after which a stale exclusive mailbox lockfile is removed.
This is used for delivery to file or mailbox.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="stress">stress</a>
(default: empty)</b></DT><DD>
<p> This feature is documented in the <a href="STRESS_README.html">STRESS_README</a> document. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="strict_7bit_headers">strict_7bit_headers</a>
(default: no)</b></DT><DD>
<p>
Reject mail with 8-bit text in message headers. This blocks mail
from poorly written applications.
</p>
<p>
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="strict_8bitmime">strict_8bitmime</a>
(default: no)</b></DT><DD>
<p>
Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>.
</p>
<p>
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="strict_8bitmime_body">strict_8bitmime_body</a>
(default: no)</b></DT><DD>
<p>
Reject 8-bit message body text without 8-bit MIME content encoding
information. This blocks mail from poorly written applications.
</p>
<p>
Unfortunately, this also rejects majordomo approval requests when
the included request contains valid 8-bit MIME mail, and it rejects
bounces from mailers that do not MIME encapsulate 8-bit content
(for example, bounces from qmail or from old versions of Postfix).
</p>
<p>
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
(default: yes)</b></DT><DD>
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>
</DD>
<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>
(default: no)</b></DT><DD>
<p>
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks
mail from poorly written software.
</p>
<p>
This feature should not be enabled on a general purpose mail server,
because it will reject mail after a single violation.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="strict_rfc821_envelopes">strict_rfc821_envelopes</a>
(default: no)</b></DT><DD>
<p>
Require that addresses received in SMTP MAIL FROM and RCPT TO
commands are enclosed with <>, and that those addresses do
not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail
from poorly written software.
</p>
<p>
By default, the Postfix SMTP server accepts <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL
FROM and RCPT TO addresses.
</p>
</DD>
<DT><b><a name="sun_mailtool_compatibility">sun_mailtool_compatibility</a>
(default: no)</b></DT><DD>
<p>
Obsolete SUN mailtool compatibility feature. Instead, use
"<a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = dotlock".
</p>
</DD>
<DT><b><a name="swap_bangpath">swap_bangpath</a>
(default: yes)</b></DT><DD>
<p>
Enable the rewriting of "site!user" into "user@site". This is
necessary if your machine is connected to UUCP networks. It is
enabled by default.
</p>
<p> Note: with Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
<ul>
<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
<li> The message is received from a network client that matches
$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
<li> The message is received from the network, and the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
</ul>
<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#swap_bangpath">swap_bangpath</a> = no
</pre>
</DD>
<DT><b><a name="syslog_facility">syslog_facility</a>
(default: mail)</b></DT><DD>
<p>
The syslog facility of Postfix logging. Specify a facility as
defined in syslog.conf(5). The default facility is "mail".
</p>
<p>
Warning: a non-default <a href="postconf.5.html#syslog_facility">syslog_facility</a> setting takes effect only
after a Postfix process has completed initialization. Errors during
process initialization will be logged with the default facility.
Examples are errors while parsing the command line arguments, and
errors while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file.
</p>
</DD>
<DT><b><a name="syslog_name">syslog_name</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
</p>
<p>
Warning: a non-default <a href="postconf.5.html#syslog_name">syslog_name</a> setting takes effect only after
a Postfix process has completed initialization. Errors during
process initialization will be logged with the default name. Examples
are errors while parsing the command line arguments, and errors
while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file.
</p>
</DD>
<DT><b><a name="tcp_windowsize">tcp_windowsize</a>
(default: 0)</b></DT><DD>
<p> An optional workaround for routers that break TCP window scaling.
Specify a value > 0 and < 65536 to enable this feature. With
Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented
by the Postfix <a href="master.8.html">master(8)</a> daemon. </p>
<p> To change this parameter without stopping Postfix, you need to
first terminate all Postfix TCP servers: </p>
<blockquote>
<pre>
# postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet
# postfix reload
</pre>
</blockquote>
<p> This immediately terminates all processes that accept network
connections. Next, you enable Postfix TCP servers with the updated
<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p>
<blockquote>
<pre>
# postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>=
# postfix reload
</pre>
</blockquote>
<p> If you skip these steps with a running Postfix system, then the
<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>,
<a href="lmtp.8.html">lmtp(8)</a>). </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="tls_append_default_CA">tls_append_default_CA</a>
(default: no)</b></DT><DD>
<p> Append the system-supplied default certificate authority
certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
The default is "no"; this prevents Postfix from trusting third-party
certificates and giving them relay permission with
<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
2.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for
backwards compatibility, to avoid breaking certificate verification
with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
</DD>
<DT><b><a name="tls_daemon_random_bytes">tls_daemon_random_bytes</a>
(default: 32)</b></DT><DD>
<p> The number of pseudo-random bytes that an <a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a>
process requests from the <a href="tlsmgr.8.html">tlsmgr(8)</a> server in order to seed its
internal pseudo random number generator (PRNG). The default of 32
bytes (equivalent to 256 bits) is sufficient to generate a 128bit
(or 168bit) session key. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="tls_dane_digest_agility">tls_dane_digest_agility</a>
(default: on)</b></DT><DD>
<p> Configure DANE TLSA digest algorithm agility. When digest
algorithm agility is enabled, and the server and client support a
common strong digest algorithm, TLSA records with weaker digest
algorithms are ignored. </p>
<p> Specify one of the following: </p>
<dl>
<dt><b>off</b></dt>
<dd> DANE verification examines each well-formed record in the TLSA
RRset whose matching type is either "0" (no hash used) or is one of
the digest algorithms listed in $<a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a>. This setting
is not recommended. </dd>
<dt><b>on</b></dt>
<dd> From each group of well-formed TLSA RRs a non-zero digest
matching type with the same certificate usage and selector, DANE
verification examines only those records whose matching type has
the highest precedence (appear earliest in $<a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a>).
</dd>
<dt><b>maybe</b></dt>
<dd> For compatibility with digest algorithm agility, each certificate
or public key whose digest is included in a DANE TLSA RRset, SHOULD
be published with the same set of digest matching type values as
any other with the same usage and selector. Therefore, compatible
TLSA RRsets will contain an identical count of well-formed RRs with
each non-zero digest matching type for any fixed combination of
usage and selector. When this constraint is violated, or any of
the digest records are malformed, digest algorithm agility will
disabled. Otherwise, digest algorithm agility is enabled. </dd>
</dl>
<p> Digest algorithm agility ensures that the strongest digest
supported by both the Postfix SMTP client and the remote server is
used, and weaker digests are ignored. This supports non-disruptive
deprecation of outdated digest algorithms. </p>
<p> To ensure compatibility with digest algorithm agility during
key rotation, when a certificate or public key is being replaced
with another, and both are published during the transition, both
the old and the new certificate MUST be specified with the same set
of digests. One can change the list of digest algorithms later,
once old keys are retired. At any given time, change either the
list of digests without changing the list of certificates or public
keys or the list of certificates or public keys without changing
the list of digests. Full value matching type "0" records are not
subject to this constraint, but are discouraged due to the size of
the resulting DNS records. </p>
<p> It is expected that this algorithm agility mechanism will be
published in a standards track RFC for SMTP with DANE, and also in
an eventual update to <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="tls_dane_digests">tls_dane_digests</a>
(default: sha512 sha256)</b></DT><DD>
<p> <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> TLSA resource-record "matching type" digest algorithms
in descending preference order. All the specified algorithms must
be supported by the underlying OpenSSL library, otherwise the Postfix
SMTP client will not support DANE TLSA security. </p>
<p> Specify a list of digest names separated by commas and/or
whitespace. Each digest name may be followed by an optional
"=<number>" suffix. For example, "sha512" may instead be specified
as "sha512=2" and "sha256" may instead be specified as "sha256=1".
The optional number must match the <a
href="https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types"
>IANA</a> assigned TLSA matching type number the algorithm in question.
Postfix will check this constraint for the algorithms it knows about.
Additional matching type algorithms registered with IANA can be added
with explicit numbers provided they are supported by OpenSSL. </p>
<p> Invalid list elements are logged with a warning and disable DANE
support. TLSA RRs that specify digests not included in the list are
ignored with a warning. </p>
<p> Note: It is unwise to omit sha256 from the digest list. This
digest algorithm is the only mandatory to implement digest algorithm
in <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>, and many servers are expected publish TLSA records
with just sha256 digests. Unless one of the standard digests is
seriously compromised and servers have had ample time to update their
TLSA records you should not omit any standard digests, just arrange
them in order from strongest to weakest. </p>
<p> When for a particular combination of "certificate usage" and
"selector" the TLSA RRset contains records with more than one digest
matching type, the tls_dane_digest_agility parameter determines
whether all the RRs are used, or only those with the most preferred
digest matching type. </p>
<p> The <a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> parameter controls
whether any digest TLSA records are acceptable in usage "2" (trust
anchor assertion) TLSA records. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a>
(default: yes)</b></DT><DD>
<p> <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> trust-anchor digest support in the Postfix TLS library.
Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
digests of trust-anchors with certificate usage "2". In this case
the certificate usage logically requires the server administrator
to configure the server to include the trust-anchor certificate in
the server's SSL certificate chain. If enough domains mess this
up, you can disable support for these TLSA records, but you'll no
longer have secure connections that get it right and only publish
trust anchor records. </p>
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a>
security level, when a TLSA RRset includes only unusable associations,
the Postfix SMTP client will automatically switch the connection
to the <a href="TLS_README.html#client_tls_encrypt">encrypt</a>
security level. At the <a
href="TLS_README.html#client_tls_dane">dane-only</a> security level,
the server in question is skipped and delivery is deferred if no
secure servers are found. </p>
<p> The <a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a> parameter controls the list of digest
algorithms that are supported in TLSA records. The tls_dane_digest_agility
parameter controls digest algorithm downgrade attack resistance.
</p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="tls_disable_workarounds">tls_disable_workarounds</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p>
<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS
implementations. Applications, such as Postfix, that want to maximize
interoperability ask the OpenSSL library to enable the full set of
recommended work-arounds. </p>
<p> From time to time, it is discovered that a work-around creates a
security issue, and should no longer be used. If upgrading OpenSSL
to a fixed version is not an option or an upgrade is not available
in a timely manner, or in closed environments where no buggy clients
or servers exist, it may be appropriate to disable some or all of the
OpenSSL interoperability work-arounds. This parameter specifies which
bug work-arounds to disable. </p>
<p> If the value of the parameter is a hexadecimal long integer starting
with "0x", the bug work-arounds corresponding to the bits specified in
its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask
(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more
bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying
0xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should
also be sufficient on 64-bit systems, until OpenSSL abandons support
for 32-bit systems and starts using the high 32 bits of a 64-bit
bug-workaround mask. </p>
<p> Otherwise, the parameter is a white-space or comma separated list
of specific named bug work-arounds chosen from the list below. It
is possible that your OpenSSL version includes new bug work-arounds
added after your Postfix source code was last updated, in that case
you can only disable one of these via the hexadecimal syntax above. </p>
<dl>
<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6! </dd>
<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
OpenSSL 1.0.0.</dd>
</dl>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tls_eecdh_strong_curve">tls_eecdh_strong_curve</a>
(default: prime256v1)</b></DT><DD>
<p> The elliptic curve used by the Postfix SMTP server for sensibly
strong
ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The phrase "sensibly
strong" means approximately 128-bit security based on best known
attacks. The selected curve must be implemented by OpenSSL (as
reported by ecparam(1) with the "-list_curves" option) and be one
of the curves listed in Section 5.1.1 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not
generally change this setting. Remote SMTP client implementations
must support this curve for EECDH key exchange to take place. It
is unwise to choose an "exotic" curve supported by only a small subset
of clients. </p>
<p> The default "strong" curve is rated in NSA <a
href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
B</a> for information classified up to SECRET. </p>
<p> Note: elliptic curve names are poorly standardized; different
standards groups are assigning different names to the same underlying
curves. The curve with the X9.62 name "prime256v1" is also known
under the SECG name "secp256r1", but OpenSSL does not recognize the
latter name. </p>
<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 1.0.0 or later on platforms where
EC algorithms have not been disabled by the vendor. </p>
</DD>
<DT><b><a name="tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a>
(default: secp384r1)</b></DT><DD>
<p> The elliptic curve used by the Postfix SMTP server for maximally
strong
ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = ultra". The phrase "maximally
strong" means approximately 192-bit security based on best known attacks.
This additional strength comes at a significant computational cost, most
users should instead set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The selected
curve must be implemented by OpenSSL (as reported by ecparam(1) with the
"-list_curves" option) and be one of the curves listed in Section 5.1.1
of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p>
<p> This default "ultra" curve is rated in NSA <a
href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
B</a> for information classified up to TOP SECRET. </p>
<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 1.0.0 or later on platforms where
EC algorithms have not been disabled by the vendor. </p>
</DD>
<DT><b><a name="tls_export_cipherlist">tls_export_cipherlist</a>
(default: ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
later the cipherlist may start with an "aNULL:" prefix, which restores
the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
list when they are enabled. This prefix is not needed with previous
OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a>
(default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
later the cipherlist may start with an "aNULL:" prefix, which restores
the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
list when they are enabled. This prefix is not needed with previous
OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a>
(default: no)</b></DT><DD>
<p> A temporary migration aid for sites that use certificate
<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use
an incorrect algorithm. This parameter has no effect on the certificate
fingerprint support that is available since Postfix 2.2. </p>
<p> Specify "<a href="postconf.5.html#tls_legacy_public_key_fingerprint">tls_legacy_public_key_fingerprints</a> = yes" temporarily,
pending a migration from configuration files with incorrect Postfix
2.9.0..2.9.5 certificate public-key finger prints, to the correct
fingerprints used by Postfix 2.9.6 and later. To compute the correct
certificate public-key fingerprints, see <a href="TLS_README.html">TLS_README</a>. </p>
<p> This feature is available in Postfix 2.9.6 and later. </p>
</DD>
<DT><b><a name="tls_low_cipherlist">tls_low_cipherlist</a>
(default: ALL:!EXPORT:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
later the cipherlist may start with an "aNULL:" prefix, which restores
the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
list when they are enabled. This prefix is not needed with previous
OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="tls_medium_cipherlist">tls_medium_cipherlist</a>
(default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
setting. With OpenSSL 1.0.0 and later the cipherlist may start with an
"aNULL:" prefix, which restores the 0.9.8-compatible ordering of the
aNULL ciphers to the top of the list when they are enabled. This prefix
is not needed with previous OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="tls_null_cipherlist">tls_null_cipherlist</a>
(default: eNULL:!aNULL)</b></DT><DD>
<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
setting in smtpd_mandatory_tls_ciphers, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged to not
change this setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="tls_preempt_cipherlist">tls_preempt_cipherlist</a>
(default: no)</b></DT><DD>
<p> With SSLv3 and later, use the Postfix SMTP server's cipher
preference order instead of the remote client's cipher preference
order. </p>
<p> By default, the OpenSSL server selects the client's most preferred
cipher that the server supports. With SSLv3 and later, the server may
choose its own most preferred cipher that is supported (offered) by
the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher
preferences. </p>
<p> While server cipher selection may in some cases lead to a more secure
or performant cipher choice, there is some risk of interoperability
issues. In the past, some SSL clients have listed lower priority ciphers
that they did not implement correctly. If the server chooses a cipher
that the client prefers less, it may select a cipher whose client
implementation is flawed. Most notably Windows 2003 Microsoft
Exchange servers have flawed implementations of DES-CBC3-SHA, which
OpenSSL considers stronger than RC4-SHA. Enabling server cipher-suite
selection may create interoperability issues with Windows 2003
Microsoft Exchange clients. </p>
<p> This feature is available in Postfix 2.8 and later, in combination
with OpenSSL 0.9.7 and later. </p>
</DD>
<DT><b><a name="tls_random_bytes">tls_random_bytes</a>
(default: 32)</b></DT><DD>
<p> The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a>
when (re)seeding the in-memory pseudo random number generator (PRNG)
pool. The default of 32 bytes (256 bits) is good enough for 128bit
symmetric keys. If using EGD or a device file, a maximum of 255
bytes is read. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="tls_random_exchange_name">tls_random_exchange_name</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> Name of the pseudo random number generator (PRNG) state file
that is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>. The file is created when it does
not exist, and its length is fixed at 1024 bytes. </p>
<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file, and the default file location was changed from
${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch to ${<a href="postconf.5.html#data_directory">data_directory</a>}/prng_exch. As
a migration aid, an attempt to open the file under a non-Postfix
directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a
warning is logged. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="tls_random_prng_update_period">tls_random_prng_update_period</a>
(default: 3600s)</b></DT><DD>
<p> The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the state of
the pseudo random number generator (PRNG) to the file specified
with $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="tls_random_reseed_period">tls_random_reseed_period</a>
(default: 3600s)</b></DT><DD>
<p> The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to re-seed the
in-memory pseudo random number generator (PRNG) pool from external
sources. The actual time between re-seeding attempts is calculated
using the PRNG, and is between 0 and the time specified. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="tls_random_source">tls_random_source</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> The external entropy source for the in-memory <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo
random number generator (PRNG) pool. Be sure to specify a non-blocking
source. If this source is not a regular file, the entropy source
type must be prepended: egd:/path/to/egd_socket for a source with
EGD compatible socket interface, or dev:/path/to/device for a
device file. </p>
<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
gives timeout errors. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="tls_ssl_options">tls_ssl_options</a>
(default: empty)</b></DT><DD>
<p> List or bit-mask of OpenSSL options to enable. </p>
<p> The OpenSSL toolkit provides a set of options that applications
can enable to tune the OpenSSL behavior. Some of these work around
bugs in other implementations and are on by default. You can use
the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter to selectively disable some
or all of the bug work-arounds, making OpenSSL more strict at the
cost of non-interoperability with SSL clients or servers that exhibit
the bugs. </p>
<p> Other options are off by default, and typically enable or disable
features rather than bug work-arounds. These may be turned on (with
care) via the tls_ssl_options parameter. The value is a white-space
or comma separated list of named options chosen from the list below.
The names are not case-sensitive, you can use lower-case if you
prefer. The upper case values below match the corresponding macro
name in the ssl.h header file with the SSL_OP_ prefix removed. It
is possible that your OpenSSL version includes new options added
after your Postfix source code was last updated, in that case you
can only enable one of these via the hexadecimal syntax below. </p>
<p> You should only enable features via the hexadecimal mask when
the need to control the feature is critical (to deal with a new
vulnerability or a serious interoperability problem). Postfix DOES
NOT promise backwards compatible behavior with respect to the mask
bits. A feature enabled via the mask in one release may be enabled
by other means in a later release, and the mask bit will then be
ignored. Therefore, use of the hexadecimal mask is only a temporary
measure until a new Postfix or OpenSSL release provides a better
solution. </p>
<p> If the value of the parameter is a hexadecimal long integer
starting with "0x", the options corresponding to the bits specified
in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p>
<dl>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU-intensive,
and compression before encryption does not always improve security. </dd>
</dl>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a>
(default: yes)</b></DT><DD>
<p> Match multiple DNS labels with "*" in wildcard certificates.
</p>
<p> Some mail service providers prepend the customer domain name
to a base domain for which they have a wildcard TLS certificate.
For example, the MX records for example.com hosted by example.net
may be: </p>
<blockquote>
<pre>
example.com. IN MX 0 example.com.mx1.example.net.
example.com. IN MX 0 example.com.mx2.example.net.
</pre>
</blockquote>
<p> and the TLS certificate may be for "*.example.net". The "*"
then corresponds with multiple labels in the mail server domain
name. While multi-label wildcards are not widely supported, and
are not blessed by any standard, there is little to be gained by
disallowing their use in this context. </p>
<p> Notes: <p>
<ul>
<li> <p> In a certificate name, the "*" is special only when it is
used as the first label. </p>
<li> <p> While Postfix (2.11 or later) can match "*" with multiple
domain name labels, other implementations likely will not. </p>
<li> <p> Earlier Postfix implementations behave as if
"<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> = no". </p>
</ul>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="tlsmgr_service_name">tlsmgr_service_name</a>
(default: tlsmgr)</b></DT><DD>
<p> The name of the <a href="tlsmgr.8.html">tlsmgr(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
service maintains TLS session caches and other information in support
of TLS. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="tlsproxy_enforce_tls">tlsproxy_enforce_tls</a>
(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD>
<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> for
further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_service_name">tlsproxy_service_name</a>
(default: tlsproxy)</b></DT><DD>
<p> The name of the <a href="tlsproxy.8.html">tlsproxy(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
service performs plaintext <=> TLS ciphertext conversion. <p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a>
(default: $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b></DT><DD>
<p> A file containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate
CA certificates. See <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_CApath">tlsproxy_tls_CApath</a>
(default: $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b></DT><DD>
<p> A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate
CA certificates. See <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a>
(default: $<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>)</b></DT><DD>
<p> Force the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server to issue a TLS session id,
even when TLS session caching is turned off. See
<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a>
(default: $<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b></DT><DD>
<p> Ask a remote SMTP client for a client certificate. See
<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a>
(default: $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b></DT><DD>
<p> The verification depth for remote SMTP client certificates. A
depth of 1 is sufficient if the issuing CA is listed in a local CA
file. See <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA certificate in PEM
format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a>
(default: $<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b></DT><DD>
<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
will use with opportunistic TLS encryption. See <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>
for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA certificate in PEM
format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
private DSA key. See <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details.
</p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b></DT><DD>
<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
should use with non-export EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b></DT><DD>
<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
should use with export-grade EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>
for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA private key in PEM
format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
server DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>.
See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in
PEM format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
server private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further
details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in
PEM format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
server ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>.
See <a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a>
(default: $<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b></DT><DD>
<p> The Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server security grade for ephemeral
elliptic-curve Diffie-Hellman (EECDH) key exchange. See
<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a>
(default: $<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b></DT><DD>
<p> List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html">tlsproxy(8)</a>
server cipher list at all TLS security levels. See
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a>
(default: $<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b></DT><DD>
<p> The message digest algorithm to construct remote SMTP
client-certificate
fingerprints. See <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> for further details.
</p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_key_file">tlsproxy_tls_key_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA private key in PEM
format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
server RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>.
See <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a>
(default: $<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b></DT><DD>
<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server logging of TLS
activity. Each logging level also includes the information that
is logged at a lower logging level. See <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> for
further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a>
(default: $<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b></DT><DD>
<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
will use with mandatory TLS encryption. See <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>
for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a>
(default: $<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>)</b></DT><DD>
<p> Additional list of ciphers or cipher types to exclude from the
<a href="tlsproxy.8.html">tlsproxy(8)</a> server cipher list at mandatory TLS security levels.
See <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a>
(default: $<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b></DT><DD>
<p> The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
with mandatory TLS encryption. If the list is empty, the server
supports all available SSL/TLS protocol versions. See
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_protocols">tlsproxy_tls_protocols</a>
(default: $<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b></DT><DD>
<p> List of TLS protocols that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server will
exclude or include with opportunistic TLS encryption. See
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a>
(default: $<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b></DT><DD>
<p> With mandatory TLS encryption, require a trusted remote SMTP
client certificate in order to allow TLS connections to proceed.
See <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_security_level">tlsproxy_tls_security_level</a>
(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD>
<p> The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server;
when a non-empty value is specified, this overrides the obsolete
parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. See
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_tls_session_cache_timeout">tlsproxy_tls_session_cache_timeout</a>
(default: $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>)</b></DT><DD>
<p> Obsolete expiration time of Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server TLS session
cache information. Since the cache is shared with <a href="smtpd.8.html">smtpd(8)</a> and managed
by <a href="tlsmgr.8.html">tlsmgr(8)</a>, there is only one expiration time for the SMTP server cache
shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_use_tls">tlsproxy_use_tls</a>
(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD>
<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>
for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a>
(default: 10s)</b></DT><DD>
<p> How much time a <a href="tlsproxy.8.html">tlsproxy(8)</a> process may take to process local
or remote I/O before it is terminated by a built-in watchdog timer.
This is a safety mechanism that prevents <a href="tlsproxy.8.html">tlsproxy(8)</a> from becoming
non-responsive due to a bug in Postfix itself or in system software.
To avoid false alarms and unnecessary cache corruption this limit
cannot be set under 10s. </p>
<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
<p> This feature is available in Postfix 2.8. </p>
</DD>
<DT><b><a name="trace_service_name">trace_service_name</a>
(default: trace)</b></DT><DD>
<p>
The name of the trace service. This service is implemented by the
<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record
of mail deliveries and produces a mail delivery report when verbose
delivery is requested with "<b>sendmail -v</b>".
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="transport_delivery_slot_cost">transport_delivery_slot_cost</a>
(default: $<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameters will not
show up in "postconf" command output before Postfix version 2.9.
This limitation applies to many parameters whose name is a combination
of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
"_delivery_slot_cost"). </p>
</DD>
<DT><b><a name="transport_delivery_slot_discount">transport_delivery_slot_discount</a>
(default: $<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> parameters will
not show up in "postconf" command output before Postfix version
2.9. This limitation applies to many parameters whose name is a
combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
this case: "_delivery_slot_discount"). </p>
</DD>
<DT><b><a name="transport_delivery_slot_loan">transport_delivery_slot_loan</a>
(default: $<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> parameters will not
show up in "postconf" command output before Postfix version 2.9.
This limitation applies to many parameters whose name is a combination
of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
"_delivery_slot_loan"). </p>
</DD>
<DT><b><a name="transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b></DT><DD>
<p> A transport-specific override for the
<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> parameter value,
where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>
parameters will not show up in "postconf" command output before
Postfix version 2.9. This limitation applies to many parameters
whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
built-in suffix (in this case:
"_destination_concurrency_failed_cohort_limit"). </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="transport_destination_concurrency_limit">transport_destination_concurrency_limit</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
<p> A transport-specific override for the
<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter value, where
<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a>
parameters will not show up in "postconf" command output before
Postfix version 2.9. This limitation applies to many parameters
whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
built-in suffix (in this case: "_destination_concurrency_limit").
</p>
</DD>
<DT><b><a name="transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b></DT><DD>
<p> A transport-specific override for the
<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> parameter value,
where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a>
parameters will not show up in "postconf" command output before
Postfix version 2.9. This limitation applies to many parameters
whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
built-in suffix (in this case:
"_destination_concurrency_negative_feedback"). </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b></DT><DD>
<p> A transport-specific override for the
<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> parameter value,
where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a>
parameters will not show up in "postconf" command output before
Postfix version 2.9. This limitation applies to many parameters
whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
built-in suffix (in this case:
"_destination_concurrency_positive_feedback"). </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="transport_destination_rate_delay">transport_destination_rate_delay</a>
(default: $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: some <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> parameters
will not show up in "postconf" command output before Postfix version
2.9. This limitation applies to many parameters whose name is a
combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
this case: "_destination_rate_delay"). </p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="transport_destination_recipient_limit">transport_destination_recipient_limit</a>
(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
<p> A transport-specific override for the
<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> parameter value, where
<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
<p> Note: some <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> parameters
will not show up in "postconf" command output before Postfix version
2.9. This limitation applies to many parameters whose name is a
combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
this case: "_destination_recipient_limit"). </p>
</DD>
<DT><b><a name="transport_extra_recipient_limit">transport_extra_recipient_limit</a>
(default: $<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> parameters will
not show up in "postconf" command output before Postfix version
2.9. This limitation applies to many parameters whose name is a
combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
this case: "_extra_recipient_limit"). </p>
</DD>
<DT><b><a name="transport_initial_destination_concurrency">transport_initial_destination_concurrency</a>
(default: $<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: some <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a>
parameters will not show up in "postconf" command output before
Postfix version 2.9. This limitation applies to many parameters
whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
built-in suffix (in this case: "_initial_destination_concurrency").
</p>
<p> This feature is available in Postfix 2.5 and later. </p>
</DD>
<DT><b><a name="transport_maps">transport_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional lookup tables with mappings from recipient address to
(message delivery transport, next-hop destination). See <a href="transport.5.html">transport(5)</a>
for details.
</p>
<p>
Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. If you use this
feature with local files, run "<b>postmap /etc/postfix/transport</b>"
after making a change. </p>
<p> For safety reasons, as of Postfix 2.3 this feature does not
allow $number substitutions in regular expression maps. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/transport
<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
</pre>
</DD>
<DT><b><a name="transport_minimum_delivery_slots">transport_minimum_delivery_slots</a>
(default: $<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> parameters will
not show up in "postconf" command output before Postfix version
2.9. This limitation applies to many parameters whose name is a
combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
this case: "_minimum_delivery_slots"). </p>
</DD>
<DT><b><a name="transport_recipient_limit">transport_recipient_limit</a>
(default: $<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: some <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> parameters will not
show up in "postconf" command output before Postfix version 2.9.
This limitation applies to many parameters whose name is a combination
of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
"_recipient_limit"). </p>
</DD>
<DT><b><a name="transport_recipient_refill_delay">transport_recipient_refill_delay</a>
(default: $<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> parameters will
not show up in "postconf" command output before Postfix version
2.9. This limitation applies to many parameters whose name is a
combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
this case: "_recipient_refill_delay"). </p>
<p> This feature is available in Postfix 2.4 and later. </p>
</DD>
<DT><b><a name="transport_recipient_refill_limit">transport_recipient_refill_limit</a>
(default: $<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> parameters will
not show up in "postconf" command output before Postfix version
2.9. This limitation applies to many parameters whose name is a
combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
this case: "_recipient_refill_limit"). </p>
<p> This feature is available in Postfix 2.4 and later. </p>
</DD>
<DT><b><a name="transport_retry_time">transport_retry_time</a>
(default: 60s)</b></DT><DD>
<p>
The time between attempts by the Postfix queue manager to contact
a malfunctioning message delivery transport.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="transport_time_limit">transport_time_limit</a>
(default: $<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b></DT><DD>
<p> A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parameter
value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
delivery transport. </p>
<p> Note: <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameters will not show up
in "postconf" command output before Postfix version 2.9. This
limitation applies to many parameters whose name is a combination
of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
"_time_limit"). </p>
</DD>
<DT><b><a name="trigger_timeout">trigger_timeout</a>
(default: 10s)</b></DT><DD>
<p>
The time limit for sending a trigger to a Postfix daemon (for
example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> daemon). This time limit prevents
programs from getting stuck when the mail system is under heavy
load.
</p>
<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>
</DD>
<DT><b><a name="undisclosed_recipients_header">undisclosed_recipients_header</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a
message contains no To: or Cc: message header. With Postfix 2.8
and later, the default value is empty. With Postfix 2.4-2.7,
specify an empty value to disable this feature. </p>
<p> Example: </p>
<pre>
# Default value before Postfix 2.8.
# Note: the ":" and ";" are both required.
<a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> = To: undisclosed-recipients:;
</pre>
</DD>
<DT><b><a name="unknown_address_reject_code">unknown_address_reject_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a sender or
recipient address is rejected by the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction. The response is
always 450 in case of a temporary DNS error.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="unknown_address_tempfail_action">unknown_address_tempfail_action</a>
(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a temporary error
condition. Specify "defer" to defer the remote SMTP client request
immediately. With the default "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix
SMTP server continues to look for opportunities to reject mail, and
defers the client request only if it would otherwise be accepted.
</p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="unknown_client_reject_code">unknown_client_reject_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a client
without valid address <=> name mapping is rejected by the
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction. The SMTP server always replies
with 450 when the mapping failed due to a temporary error condition.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>
(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
fails due to an temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="unknown_hostname_reject_code">unknown_hostname_reject_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when the hostname
specified with the HELO or EHLO command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</DD>
<DT><b><a name="unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a>
(default: 550)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a recipient
address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
lookup tables that does not match the recipient. A recipient
address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>,
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> or $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>.
</p>
<p>
The default setting is 550 (reject mail) but it is safer to initially
use 450 (try again later) so you have time to find out if your
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> settings are OK.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> = 450
</pre>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a>
(default: 550)</b></DT><DD>
<p>
The numerical Postfix SMTP server reply code when a recipient
address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies
a list of lookup tables that does not match the recipient address.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a>
(default: 550)</b></DT><DD>
<p>
The Postfix SMTP server reply code when a recipient address matches
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> specifies a list
of lookup tables that does not match the recipient address.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a>
(default: 550)</b></DT><DD>
<p>
The Postfix SMTP server reply code when a recipient address matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> specifies a list
of lookup tables that does not match the recipient address.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="unverified_recipient_defer_code">unverified_recipient_defer_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response when a recipient address
probe fails due to a temporary error condition.
</p>
<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
This feature is available in Postfix 2.6 and later.
</p>
</DD>
<DT><b><a name="unverified_recipient_reject_code">unverified_recipient_reject_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response when a recipient address
is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction.
</p>
<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="unverified_recipient_reject_reason">unverified_recipient_reject_reason</a>
(default: empty)</b></DT><DD>
<p> The Postfix SMTP server's reply when rejecting mail with
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. Do not include the numeric SMTP reply
code or the enhanced status code. By default, the response includes
actual address verification details.
<p> Example: </p>
<pre>
<a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Recipient address lookup failed
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>
(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>
fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="unverified_sender_defer_code">unverified_sender_defer_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a sender address
probe fails due to a temporary error condition.
</p>
<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
This feature is available in Postfix 2.6 and later.
</p>
</DD>
<DT><b><a name="unverified_sender_reject_code">unverified_sender_reject_code</a>
(default: 450)</b></DT><DD>
<p>
The numerical Postfix SMTP server response code when a recipient
address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
</p>
<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="unverified_sender_reject_reason">unverified_sender_reject_reason</a>
(default: empty)</b></DT><DD>
<p> The Postfix SMTP server's reply when rejecting mail with
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. Do not include the numeric SMTP reply
code or the enhanced status code. By default, the response includes
actual address verification details.
<p> Example: </p>
<pre>
<a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Sender address lookup failed
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>
(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>
<p> This feature is available in Postfix 2.6 and later. </p>
</DD>
<DT><b><a name="verp_delimiter_filter">verp_delimiter_filter</a>
(default: -=+)</b></DT><DD>
<p>
The characters Postfix accepts as VERP delimiter characters on the
Postfix <a href="sendmail.1.html">sendmail(1)</a> command line and in SMTP commands.
</p>
<p>
This feature is available in Postfix 1.1 and later.
</p>
</DD>
<DT><b><a name="virtual_alias_domains">virtual_alias_domains</a>
(default: $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b></DT><DD>
<p> Postfix is final destination for the specified list of virtual
alias domains, that is, domains for which all addresses are aliased
to addresses in other local or remote domains. The SMTP server
validates recipient addresses with $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> and rejects
non-existent recipients. See also the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> class
in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file </p>
<p>
This feature is available in Postfix 2.0 and later. The default
value is backwards compatible with Postfix version 1.1.
</p>
<p>
The default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> so that you can keep all
information about <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a> in one place. If you have
many users, it is better to separate information that changes more
frequently (virtual address -> local or remote address mapping)
from information that changes less frequently (the list of virtual
domain names).
</p>
<p> Specify a list of host or domain names, "/file/name" or
"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. A
"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
lookup table is matched when a table entry matches a lookup string
(the lookup result is ignored). Continue long lines by starting
the next line with whitespace. Specify "!pattern" to exclude a host
or domain name from the list. The form "!/file/name" is supported
only in Postfix version 2.4 and later. </p>
<p>
See also the <a href="VIRTUAL_README.html">VIRTUAL_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents
for further information.
</p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = virtual1.tld virtual2.tld
</pre>
</DD>
<DT><b><a name="virtual_alias_expansion_limit">virtual_alias_expansion_limit</a>
(default: 1000)</b></DT><DD>
<p>
The maximal number of addresses that virtual alias expansion produces
from each original recipient.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="virtual_alias_maps">virtual_alias_maps</a>
(default: $<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b></DT><DD>
<p>
Optional lookup tables that alias specific mail addresses or domains
to other local or remote address. The table format and lookups
are documented in <a href="virtual.5.html">virtual(5)</a>. For an overview of Postfix address
manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document.
</p>
<p>
This feature is available in Postfix 2.0 and later. The default
value is backwards compatible with Postfix version 1.1.
</p>
<p>
If you use this feature with indexed files, run "<b>postmap
/etc/postfix/virtual</b>" after changing the file.
</p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/virtual
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
</pre>
</DD>
<DT><b><a name="virtual_alias_recursion_limit">virtual_alias_recursion_limit</a>
(default: 1000)</b></DT><DD>
<p>
The maximal nesting depth of virtual alias expansion. Currently
the recursion limit is applied only to the left branch of the
expansion graph, so the depth of the tree can in the worst case
reach the sum of the expansion and recursion limits. This may
change in the future.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
</DD>
<DT><b><a name="virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a>
(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
<p> The maximal number of parallel deliveries to the same destination
via the virtual message delivery transport. This limit is enforced
by the queue manager. The message delivery transport name is the
first field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
</DD>
<DT><b><a name="virtual_destination_recipient_limit">virtual_destination_recipient_limit</a>
(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
<p> The maximal number of recipients per message for the virtual
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the <a href="master.5.html">master.cf</a> file. </p>
<p> Setting this parameter to a value of 1 changes the meaning of
<a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> from concurrency per domain
into concurrency per recipient. </p>
</DD>
<DT><b><a name="virtual_gid_maps">virtual_gid_maps</a>
(default: empty)</b></DT><DD>
<p>
Lookup tables with the per-recipient group ID for <a href="virtual.8.html">virtual(8)</a> mailbox
delivery.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
</p>
<p>
When a recipient address has an optional address extension
(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up
the full address first, and when the lookup fails, it looks up the
unextended address (user@domain.tld).
</p>
<p>
Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
</p>
<p>
Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
it will open the table directly. Before Postfix version 2.2, the
<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
</p>
</DD>
<DT><b><a name="virtual_mailbox_base">virtual_mailbox_base</a>
(default: empty)</b></DT><DD>
<p>
A prefix that the <a href="virtual.8.html">virtual(8)</a> delivery agent prepends to all pathname
results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups. This is a safety
measure to ensure that an out of control map doesn't litter the
file system with mailboxes. While <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> could be
set to "/", this setting isn't recommended.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
Example:
</p>
<pre>
<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail
</pre>
</DD>
<DT><b><a name="virtual_mailbox_domains">virtual_mailbox_domains</a>
(default: $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b></DT><DD>
<p> Postfix is final destination for the specified list of domains;
mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery transport.
By default this is the Postfix <a href="virtual.8.html">virtual(8)</a> delivery agent. The SMTP
server validates recipient addresses with $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
and rejects mail for non-existent recipients. See also the virtual
mailbox domain class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
<p> This parameter expects the same syntax as the <a href="postconf.5.html#mydestination">mydestination</a>
configuration parameter. </p>
<p>
This feature is available in Postfix 2.0 and later. The default
value is backwards compatible with Postfix version 1.1.
</p>
</DD>
<DT><b><a name="virtual_mailbox_limit">virtual_mailbox_limit</a>
(default: 51200000)</b></DT><DD>
<p>
The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or
maildir file, or zero (no limit). </p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
</DD>
<DT><b><a name="virtual_mailbox_lock">virtual_mailbox_lock</a>
(default: see "postconf -d" output)</b></DT><DD>
<p>
How to lock a UNIX-style <a href="virtual.8.html">virtual(8)</a> mailbox before attempting
delivery. For a list of available file locking methods, use the
"<b>postconf -l</b>" command.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
This setting is ignored with <b>maildir</b> style delivery, because
such deliveries are safe without application-level locks.
</p>
<p>
Note 1: the <b>dotlock</b> method requires that the recipient UID
or GID has write access to the parent directory of the recipient's
mailbox file.
</p>
<p>
Note 2: the default setting of this parameter is system dependent.
</p>
</DD>
<DT><b><a name="virtual_mailbox_maps">virtual_mailbox_maps</a>
(default: empty)</b></DT><DD>
<p>
Optional lookup tables with all valid addresses in the domains that
match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
</p>
<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
</p>
<p> The remainder of this text is specific to the <a href="virtual.8.html">virtual(8)</a> delivery
agent. It does not apply when mail is delivered with a different
mail delivery program. </p>
<p>
The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname. If the lookup result
ends in a slash ("/"), maildir-style delivery is carried out,
otherwise the path is assumed to specify a UNIX-style mailbox file.
Note that $<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> is unconditionally prepended to
this path.
</p>
<p>
When a recipient address has an optional address extension
(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up
the full address first, and when the lookup fails, it looks up the
unextended address (user@domain.tld).
</p>
<p>
Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
</p>
<p>
Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
it will open the table directly. Before Postfix version 2.2, the
<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
</p>
</DD>
<DT><b><a name="virtual_maps">virtual_maps</a>
(default: empty)</b></DT><DD>
<p> Optional lookup tables with a) names of domains for which all
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains. Available before Postfix version 2.0. With Postfix
version 2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
</DD>
<DT><b><a name="virtual_minimum_uid">virtual_minimum_uid</a>
(default: 100)</b></DT><DD>
<p>
The minimum user ID value that the <a href="virtual.8.html">virtual(8)</a> delivery agent accepts
as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup. Returned
values less than this will be rejected, and the message will be
deferred.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
</DD>
<DT><b><a name="virtual_transport">virtual_transport</a>
(default: virtual)</b></DT><DD>
<p>
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
This information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="virtual_uid_maps">virtual_uid_maps</a>
(default: empty)</b></DT><DD>
<p>
Lookup tables with the per-recipient user ID that the <a href="virtual.8.html">virtual(8)</a>
delivery agent uses while writing to the recipient's mailbox.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a
specific "user@domain.tld" entry.
</p>
<p>
When a recipient address has an optional address extension
(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up
the full address first, and when the lookup fails, it looks up the
unextended address (user@domain.tld).
</p>
<p>
Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
</p>
<p>
Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
it will open the table directly. Before Postfix version 2.2, the
<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
</p>
</DD>
</dl>
</body>
</html>
|