Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

centos:mail_c7:mta_1 [20.04.2018 07:42. ]
django Postfix, der sichere Mailserver (MTA) unter CentOS 7.x
centos:mail_c7:mta_1 [22.07.2019 15:05. ]
Zeile 1: Zeile 1:
-====== Postfix, der sichere Mailserver (MTA) unter CentOS 7.x ====== 
-{{:centos:mailserver:postfix:postfixlogo.gif |Postfix-Logo}}Für die eMailkommunikation in unserem SOHO(( **S**mall **O**ffice **H**ome **O**ffice ))-LAN wie auch für die Versorgung unserer Kunden bedienen wir uns des MTA((**M**ail **T**ransport **A**gent))/SMTP-Server **Postfix**. Dies nicht zuletzt, da dieser, im Gegensatz zum Dinosaurier verschrieenen **Sendmail** wesentlich einfacher zu konfigurieren ist und auch sicherheitstechnische Vorteile bietet. 
  
-Die nachfolgende Beschreibung zeigt, wie man unter CentOS 7.x einen Postfix-Mailserver **MTA**((**M**ail **T**ransport **A**gent)) aufsetzen und sicher betreiben kann. 
- 
-<WRAP round important>Grundvoraussetzung eines jeden Postmasters ist entweder der Besitz und das eingehende, auch mehrmalige Studium des: 
-  * Postfix-Buchs **[[http://www.postfixbuch.de/|Das Postfix-Buch]]** (**ISBN 978-3-937514-50-5**) von //[[http://www.postfixbuch.de/web/home/autor/|Peer Heinlein]]// bzw. 
-  * der des Weltbestsellers **[[http://www.isbns.com.ec/isbn/9783898645188|Postfix: Einrichtung, Betrieb und Wartung]]** \\ (**ISBN 978-3-898645-18-8**) von //Ralf Hildebrandt// und //Patrick Ben Koetter//. 
- 
-<WRAP center round box 95%> 
- <WRAP round info> \\ Empfehlenswert ist natürlich der Besuch eines Postfix Kurses beim **"Postfix-Meister" //Heinlein//** in der [[http://www.heinlein-support.de/schulung/|Heinlein Akademie]].</WRAP>  
- 
- <WRAP round tip> \\ Oder noch besser ist natürlich die Buchung eines Postfix/AMaViS-Kurses beim **"Postfix-Joda" //Koetter//** bei der [[https://sys4.de/de/messaging/|sys4]].</WRAP>  
-</WRAP> 
- 
-Viele der Design und Konfigurationsvorschläge stammen aus einem der beiden Postfix-Büchern. Bei der genaueren Betrachtung der hier gezeigten Konfigurationsdokumentation, werden wir noch über den ein oder anderen Querverweis auf einzelne Seiten und Kapiteln der Bücher stoßen. 
-</WRAP> 
- 
-===== verschiedene Mailserver ===== 
-==== Übersichtsskizze ==== 
-Bevor wir uns in das Design und Konfiguration unseres Mailservers stürzen, werfen wir noch einen Blick auf die (möglichen) Mitspieler in Form von Servern, Diensten, Protokolle und Ports, die uns beim Verarbeiten der elektronischen begegnen werden. 
- 
-<uml width=1024 title="Verarbeitungsschritte einer eMail"> 
-skinparam defaultFontName Courier 
- 
-state "Anwender generiert eine eMail mit seinem MUA (Mail User Agent)" as sender 
-state "MUA (Mail User Agent)" as sender 
-sender : Anwender erstellt eine Nachricht 
-sender : mit Hilfe seines MUA, wie z.B.  
-sender : mit Thunderbird, kMail oder R2Mail2 
- 
-state "DNS (Domain Name System)" as dns { 
-    state "Anfragen an den zuständigen Name-Server" as dns_anfragen 
-        dns_anfragen : │ 
-        dns_anfragen : ├── (Reverse) Auflösen einer IP-Adresse 
-        dns_anfragen : │   zu einem Hostnamen 
-        dns_anfragen : ├── Abfrage des zuständigen Mailservers 
-        dns_anfragen : │   zu einer Domäne 
-        dns_anfragen : └── Auflösen von Hostnamen zu IP-Adressen 
-        dns_anfragen : . 
-} 
- 
-state "zuständiges MHS (Mail Handling System) des Absenders" as mhs1 { 
-    state "MSA (Mail Submission Agent)" as msa 
-        msa : Nach erfolgter Authentifizierung 
-        msa : und Authorisierung des einliefernden 
-        msa : Mail User Agent bzw. Kontoinhabers   
-        msa : erfolgt die Annahme der Nachricht 
-        msa : und Weiterleitung an ein ASAV-System 
-        msa : oder weiterleitung an den MTA 
- 
-    state "ASAV (Anti Spam und Anti Virus)" as asav1 
-        asav1 : Überprüfen der vorliegenden eMail auf  
-        asav1 : RFC-Konformität, SPAM, HOAXe ect. pp.  
-        asav1 : und auf Schadcode  
- 
-    state "MTA (Mail Transfer Agent)" as mta1 
-        mta1 : Versand der eMail 
-        mta1 : zum eMail-Server (MTA) 
-        mta1 : des Empfängers 
-} 
- 
-state "zuständiges MHS (Mail Handling System) des Empfängers" as mhs2 { 
-    state "MTA (Mail Transfer Agent)" as mta2 
-        mta2 : Nach erfolgter Prüfung auf Zuständigkeit, 
-        mta2 : legitime Empfänger und ggf. auch Sender, 
-        mta2 : erfolgt nach Rückmeldung ("O.K.") des   
-        mta2 : ASAV-Systems die Annahme der eMail mit 
-        mta2 : Bestätigung an den einliefernden MTA. 
-        mta2 : Anschließend Weitergabe der Nachricht an 
-        mta2 : das MDA Backend-System. 
- 
-    state "ASAV (Anti Spam und Anti Virus)" as asav2 
-        asav2 : Überprüfen der vorliegenden eMail auf  
-        asav2 : RFC-Konformität, SPAM, HOAXe ect. pp.  
-        asav2 : und auf Schadcode  
- 
-    state "MDA (Mail Delivery Agent)" as mda1 
-        mda1 : Versand der eMail 
-        mda1 : zum eMail-Server (MTA) 
-        mda1 : des Empfängers 
-} 
- 
-state "System des Empfängers, z.B. Rechner oder mobiles Endgerät" as luser { 
-    state "MRA (Mail Retrieval Agent)" as mra1 
-        mra1 : Abholen der bei Server eingegangenen  
-        mra1 : Nachrichten mit Hilfe eines zeit- 
-        mra1 : gesteuerten POP3-Daemon (z.B. fetchmail)  
- 
-    state "MUA (Mail User Agent)" as mua2 
-        mua2 : Abholen der Mailhaeder und ggf. der  
-        mua2 : Nachrichten auf das Endgerät des   
-        mua2 : Endanwenders, z.B. Thunderbird oder 
-        mua2 : R2Mail2 auf einem Android-Gerät.  
-} 
- 
- 
- sender --> dns : DNS :53 
- msa -right-> dns : DNS :53 
- asav1 --> dns : DNS :53 
- mta1 --> dns : DNS :53 
- mta2 --> dns : DNS :53 
- asav2 --> dns : DNS :53 
- mra1 --> dns : DNS :53 
- mua2 --> dns : DNS :53 
- 
- sender -right-> msa : <- SMTP :587 
- msa --> asav1 : <- SMTP bzw. milter 
- asav1 --> mta1 : <- SMTP bzw. milter 
- mta1 -down-> mta2 : <- SMTP :25 
- 
- mta2 --> asav2 : <- SMTP bzw. milter 
- asav2 --> mta2 : <- SMTP bzw. milter 
- mta2 --> mda1 : SMTP :25 bzw. LMTP :24 
- 
- mda1 --> mra1 : POP3 
- mda1 --> mua2 : POP3/IMAP 
- 
-    note left of sender 
-        =========================================== 
-        From: django@mailserver.guru 
-        To: michael@nausch.org 
-        Subject: Terminbestätigung 
-        Date: Thu, 20 Mar 2014 18:40:18 +0100 
-        =========================================== 
-        HI! 
-        sender : 
-        Der Termin geht klar, wir sehen uns heute 
-        Abend bei der Kryptoveranstaltung. 
- 
-        cul8r 
-        Django 
-        =========================================== 
-    end note 
- 
-</uml> 
- 
-==== Beschreibung ==== 
-Wie wir der oben stehenden Skizze entnehmen können, sind im Verlauf einer eMail-Verarbeitung viele  Mailsysteme und Dienste/Protokolle beteidigt. Eine zentrale Stellung nimmt dabei das [[centos:bind_c6|DNS]]((**D**omain **N**ame **S**ystem)) ein, ohne dessen Informationen keine Mailzustellung und Verarbeitung erfolgen kann. Wir werden uns daher diesem Thema in einem gesonderten Kapitel [[centos:mail_c7:mta_3|"DNS Einstellungen rund um Mailserver"]] hier im WIKI widmen. 
- 
-Zuerst wollen wr aber noch einen gezielten Blick auf die Begrifflickeiten, die in der obigen Skizze genannt wurden, werfen. Viele interessante und erklärende Informationen findet man auch im entsprechedem Artikel bei der [[http://de.wikipedia.org/wiki/E-Mail|Wikipedia]]. 
-=== Systeme === 
-  * **MHS**: Mail Handling System, bezeichnet ein eMail-System welches mit Hilfe eines oder mehreren nachfolgend genannten Systemen Nachrichten annimmt, verarbeitet und zustellt. 
-  * **MSA**: Als Mail Submission Agent bezeichnet man ein System oder einen Server, der eMails von einem MUA (Mail User Agent) annimmt und zur weiteren Verarbeitung einem nachgelagertem System übergibt. In der Regel wird der Mailserver zur Annahme der eMails den Submission-Port **587** verwenden. 
-  * **MTA**: Ein Mail Transfer Agent beschreibt eine Anwendung eines MHS, die Emails annimmt, validiert und weiterleitet. Zur MTA - MTA Kommunikation zwischen zwei Mailservern, wird der SMTP-Port **25** verwendet. Zur Anbindung weiterer Subsysteme können weitere Ports oder Milter-Sockets geöffnet werden. Wird der MTA als Borderfilter oder als Front-Relay eingesetzt kommuniziert der MTA mit entfernten MTAs über Port 25 - erfolgt die Zustellung an einen MDA, so wird dessen LMTP((**L**ocal **M**ail **T**ransfer **P**rotokoll))-Port **24** verwendet. 
-  * **MDA**: Mail Delivery Agent, bezeichnet den Teil eines Mail Handling Systems, welches für die Zustellung der elektronischen Post in die einzelnen Benutzerkonten verantwortlich ist. Die eMail nimmt der MDA in der Regel auf Port **24** entgegen; zur Kommunikation mit den Clients werden POP3 via Port **110**, POP3s via Port **995**, IMAP via Port **143**, IMAPs über Port **993** und ggf. der Manage Sieve Port **4190** angeboten. 
-  * **MRA**: Ein Mail Retrieval Agent holt eMails vom Mail Delivery Agent ab und speichert diese auf dem lokalen Rechner ab. Der MRA ist fester Bestandteil eines Mail User Agent der zum Herunterladen der Nachrichten mitteles POP3 verwendet wird. Der bekannteste Vertreter der MRAs ist z.B. das Konsolenprogramm **fetchmail**. 
-  * **MUA**: Mail User Agent oder auch kurz das eMail-Programm/-client bezeichnet ein Programm/Applikation, die ein Anwender benutzt, um eMails zu schreiben, zu versenden, zu empfangen und zu verwalten. Bekannte Vertreter sind z.B. [[https://www.mozilla.org/de/thunderbird/|Thunderbird]], [[https://userbase.kde.org/KMail/de|kMail]], [[https://wiki.gnome.org/Apps/Evolution|Evolution]] oder [[http://r2mail2.com/|R2Mail2]]. Zum Abholen der Nachrichten wird entweder POP3 via Port **110**, POP3s via Port **995** oder IMAP über den Port **143**, IMAPs über Port **993** und zum Versenden an den MSA Port **587** verwendet. 
-  * **ASAV**: Mit Hilfe eines AntiSpam und AntiVirus Systems kann eine komplette eMail oder auch getrennt in Mail-Header und Mail-Body/Anhänge geprüft und bewertet werden, so dass keine unerwünschten Nachrichten versendet oder empfangen werden bzw. ob Schadcode enthalten ist. 
- 
- 
-=== Ports === 
-Zur Kommunikation beim Senden, Transportieren und Abholen von eMails werden in der Regel folgende Ports verwendet bzw. von den Systemen angeboten. 
-  * **24**: LMTP - Annahmeport eines MDAs bei dem der MTA die eMails abliefert 
-  * **25**: SMTP - Port an dem ein MTA Nachrichten eines anderen MTAs entgegen nimmt 
-  * **465**: SMTP over SSL (TLS) - Port an dem ein MTA Nachrichten eines anderen MTAs entgegen nimmt 
-  * **587**: MSA - Mail Message Submission - Port auf dem der MSA die Nachrichten eines MUAs entgegennimmt. 
-  * **110**: POP version 3 - Port über den ein MRA oder MUA die Nachrichten abholen kann. 
-  * **993**: POP-3 over SSL - Port über den ein MRA oder MUA die Nachrichten "transportverschlüsselt" abholen kann. 
-  * **143**: IMAP - Interim Mail Access Port - Port über den ein MUA z.B. IMAP-Client seine Nachrichten verwalten kann. 
-  * **995**: IMAP over SSL - Interim Mail Access Port - Port über den ein MUA z.B. IMAP-Client seine Nachrichten "transportverschlüsselt" verwalten kann. 
-  * **4190**: ManageSieve Protocol - Port über den ein Endanwender mit Hilfe seines MUAs Filterregeln auf dem MDA verwalten und (de-)aktivieren kann. 
- 
-=== Protokolle === 
-Zu guter Letzt werfen wir noch einen Blick auf die beteidigten Protokolle. 
-  * **LMTP**: LMTP Local Mail Transfer Protokoll benutzt der MTA zum Einliefern der eMails bei einem MDA. 
-  * **SMTP**: SMTP Simple Mail Transfer Protokoll Verwendet sowohl ein MUA zum Einliefern seiner Nachrichten beim MSA, wie auch zur Interkommunikation von unterscheidlichen MTAs und auch ASAVs 
-  * **SMTPs**: SMTPs - Port an dem ein MTA Nachrichten eines anderen MTAs entgegen nimmt 
-  * **POP3**: Post Office Protokoll 3 - Ein MRA holt die Nachrichten mit Hilfe von POP3 ab. 
-  * **POP3s**: secured Post Office Protokoll 3 - Ein MRA holt die Nachrichten mit Hilfe von POP3 "transportverschlüsselt" beim MDA ab. 
-  * **IMAP**: Interim Mail Access Protokoll - Ein MUA kann mit Hilfe des Interim Mail Access Protokolls die Nachrichten auf dem IMAP-Server verwalten. 
-  * **IMAPs** secured Interim Mail Access Protokoll - Ein MUA kann mit Hilfe des Interim Mail Access Protokolls die Nachrichten auf dem IMAP-Server über einen "transportverschlüsselten Kanal "verwalten. 
-  * **SIEVE**: Eine Scriptsprache mit deren Hilfe ein eMailkonteninhaber die serverseitige Filterung auf dem MDA steuern und verwalten kann. 
- 
- 
- 
-===== Daemone, Queues und Dienste ===== 
-Bevor wir uns nun mit den einzelnen Modulen, Daemons und/oder Delivery-Agents befassen, werfen wir zum besseren Verständnis dieser Komponenten erst einfach mal einen Blick unter die Motorhaube unseres 12-Zylinders. ;)  
- 
-{{page>centos:mail_c7:postfix&nofooter}}  
- 
-Welche Aufgaben und Funktionen die einzelnen Dienste mitbringen wollen wir uns kurz befassen. 
-==== master ==== 
-Die Steuerung der in der obigen Übersichtskizze dargestellten Daemone und Module erfolgt mit Hilfe des **master**-Daemon, welcher den Postfix-Main-Prozess definiert. Dieser Master-Prozess steuert und überwacht zum einen die einzelnen Postfix-Module, definiert wie viele Instanzen den einzelnen Modulen zugewiesen werden sollen. Zum anderen werden durch den Master-Prozess in regelmäßigen Abständen die Module zum Verwalten und Steuern der Queues gestartet.  
- 
-Weitere Hinweise zum **master**-Daemon findet man in dessen **manpage**. 
-   # man 5 master 
-<code>MASTER(5)                         File Formats Manual                         MASTER(5) 
- 
-NAME 
-       master - Postfix master process configuration file format 
- 
-DESCRIPTION 
-       The  Postfix  mail system is implemented by small number of (mostly) client com‐ 
-       mands that are invoked by users, and by a larger number of services that run  in 
-       the background. 
- 
-       Postfix  services  are  implemented  by daemon processes. These run in the back‐ 
-       ground under control of the master(8) process.  The master.cf configuration file 
-       defines how a client program connects to a service, and what daemon program runs 
-       when a service is requested.  Most daemon processes are short-lived  and  termi‐ 
-       nate voluntarily after serving max_use clients, or after inactivity for max_idle 
-       or more units of time. 
- 
-       All daemons specified here must speak a Postfix-internal protocol. In  order  to 
-       execute  non-Postfix software use the local(8), pipe(8) or spawn(8) services, or 
-       run the server under control by inetd(8) or equivalent. 
- 
-       After changing master.cf you must execute "postfix reload" to reload the config‐ 
-       uration. 
- 
-SYNTAX 
-       The general format of the master.cf file is as follows: 
- 
-       ·      Empty  lines  and  whitespace-only  lines are ignored, as are lines whose 
-              first non-whitespace character is a `#'. 
- 
-       ·      A logical line starts with non-whitespace text. A line that  starts  with 
-              whitespace continues a logical line. 
- 
-       ·      Each  logical  line  defines  a  single Postfix service.  Each service is 
-              identified by its name and type as described below.  When multiple  lines 
-              specify  the same service name and type, only the last one is remembered. 
-              Otherwise, the order of master.cf service definitions does not matter. 
- 
-       Each logical line consists of eight fields separated by whitespace.   These  are 
-       described below in the order as they appear in the master.cf file. 
- 
-       Where  applicable  a  field  of  "-" requests that the built-in default value be 
-       used. For boolean fields specify "y" or "n" to override the default value. 
- 
-       Service name 
-              The service name syntax depends on the service type as described next. 
- 
-       Service type 
-              Specify one of the following service types: 
- 
-              inet   The service listens on a TCP/IP socket and is accessible  via  the 
-                     network. 
- 
-                     The  service name is specified as host:port, denoting the host and 
-                     port on which new connections should be accepted.  The  host  part 
-                     (and  colon)  may be omitted.  Either host or port may be given in 
-                     symbolic form (host or  service  name)  or  in  numeric  form  (IP 
-                     address  or port number).  Host information may be enclosed inside 
-                     "[]"; this form is necessary only with IPv6 addresses. 
- 
-                     Examples: a service named 127.0.0.1:smtp or ::1:smtp receives mail 
-                     via the loopback interface only; and a service named 10025 accepts 
-                     connections on TCP port 10025 via all interfaces  configured  with 
-                     the inet_interfaces parameter. 
- 
-                     Note:  with Postfix version 2.2 and later specify "inet_interfaces 
-                     = loopback-only" in main.cf, instead of  hard-coding  loopback  IP 
-                     address information in master.cf or in main.cf. 
- 
-              unix   The  service listens on a UNIX-domain socket and is accessible for 
-                     local clients only. 
- 
-                     The service name is a  pathname  relative  to  the  Postfix  queue 
-                     directory (pathname controlled with the queue_directory configura‐ 
-                     tion parameter in main.cf). 
- 
-                     On Solaris 8 and earlier systems the unix type is implemented with 
-                     streams sockets. 
- 
-              fifo   The  service  listens on a FIFO (named pipe) and is accessible for 
-                     local clients only. 
- 
-                     The service name is a  pathname  relative  to  the  Postfix  queue 
-                     directory (pathname controlled with the queue_directory configura‐ 
-                     tion parameter in main.cf). 
- 
-              pass   The service listens on a UNIX-domain socket, and is accessible  to 
-                     local clients only. It receives one open connection (file descrip‐ 
-                     tor passing) per connection request. 
- 
-                     The service name is a  pathname  relative  to  the  Postfix  queue 
-                     directory (pathname controlled with the queue_directory configura‐ 
-                     tion parameter in main.cf). 
- 
-                     On Solaris 8 and earlier systems the pass type is implemented with 
-                     streams sockets. 
- 
-                     This feature is available as of Postfix version 2.5. 
- 
-       Private (default: y) 
-              Whether  or  not access is restricted to the mail system.  Internet (type 
-              inet) services can't be private. 
- 
-       Unprivileged (default: y) 
-              Whether the service runs with root privileges or  as  the  owner  of  the 
-              Postfix system (the owner name is controlled by the mail_owner configura‐ 
-              tion variable in the main.cf file). 
- 
-              The local(8), pipe(8), spawn(8), and virtual(8)  daemons  require  privi‐ 
-              leges. 
- 
-       Chroot (default: y) 
-              Whether  or  not  the  service  runs chrooted to the mail queue directory 
-              (pathname is controlled by the queue_directory configuration variable  in 
-              the main.cf file). 
- 
-              Chroot  should not be used with the local(8), pipe(8), spawn(8), and vir‐ 
-              tual(8) daemons.  Although the proxymap(8) server can run chrooted, doing 
-              so defeats most of the purpose of having that service in the first place. 
- 
-              The files in the examples/chroot-setup subdirectory of the Postfix source 
-              archive show set up a Postfix chroot environment on a variety of systems. 
-              See also BASIC_CONFIGURATION_README for issues related to running daemons 
-              chrooted. 
- 
-       Wake up time (default: 0) 
-              Automatically wake up the named service after  the  specified  number  of 
-              seconds.  The  wake  up  is  implemented by connecting to the service and 
-              sending a wake up request.  A ? at the end  of  the  wake-up  time  field 
-              requests  that  no wake up events be sent before the first time a service 
-              is used.  Specify 0 for no automatic wake up. 
- 
-              The pickup(8), qmgr(8) and flush(8) daemons require a wake up timer. 
- 
-       Process limit (default: $default_process_limit) 
-              The maximum number of processes that may execute this service  simultane‐ 
-              ously. Specify 0 for no process count limit. 
- 
-              NOTE:  Some  Postfix services must be configured as a single-process ser‐ 
-              vice (for example, qmgr(8)) and some services must be configured with  no 
-              process  limit  (for  example,  cleanup(8)).   These  limits  must not be 
-              changed. 
- 
-       Command name + arguments 
-              The command to be executed.  Characters that are  special  to  the  shell 
-              such  as  ">"  or  "|" have no special meaning here, and quotes cannot be 
-              used to protect arguments containing whitespace. 
- 
-              The command name is relative to the Postfix daemon directory (pathname is 
-              controlled by the daemon_directory configuration variable). 
- 
-              The  command  argument  syntax  for specific commands is specified in the 
-              respective daemon manual page. 
- 
-              The following command-line options have the same effect  for  all  daemon 
-              programs: 
- 
-              -D     Run  the  daemon  under  control by the command specified with the 
-                     debugger_command variable in the main.cf configuration file.   See 
-                     DEBUG_README for hints and tips. 
- 
-              -o name=value 
-                     Override  the named main.cf configuration parameter. The parameter 
-                     value can refer to other parameters as $name etc.,  just  like  in 
-                     main.cf.  See postconf(5) for syntax. 
- 
-                     NOTE  1:  do not specify whitespace around the "=" or in parameter 
-                     values. To specify a parameter value that contains whitespace, use 
-                     commas  instead  of spaces, or specify the value in main.cf. Exam‐ 
-                     ple: 
- 
-                     /etc/postfix/master.cf: 
-                         submission inet .... smtpd 
-                             -o smtpd_mumble=$submission_mumble 
- 
-                     /etc/postfix/main.cf 
-                         submission_mumble = text with whitespace... 
- 
-                     NOTE 2: Over-zealous use of parameter overrides makes the  Postfix 
-                     configuration  hard  to  understand  and  maintain.   At a certain 
-                     point, it might be easier to configure multiple instances of Post‐ 
-                     fix, instead of configuring multiple personalities via master.cf. 
- 
-              -v     Increase the verbose logging level. Specify multiple -v options to 
-                     make a Postfix daemon process increasingly verbose. 
- 
-SEE ALSO 
-       master(8), process manager 
-       postconf(5), configuration parameters 
- 
-README FILES 
-       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this 
-       information. 
-       BASIC_CONFIGURATION_README, basic configuration 
-       DEBUG_README, Postfix debugging 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Initial version by 
-       Magnus Baeck 
-       Lund Institute of Technology 
-       Sweden 
- 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                              MASTER(5) 
-</code> 
-==== lmtp, smtp, smtps und relay ==== 
-Der **smtp**-Client wird benutzt, um Nachrichten an vom Postfix zu anderen SMTP/LMTP-Daemons weiterzurouten, die dieser vom **[[centos:mail_c7:mta_1?&#qmgr|queue]]**-Manager zugewiesen bekommt. Der Client ermittelt selbst die Routinginformationen, wie er den Empfänger erreichen kann und versucht je nach Priorität der Nachricht diese erfolgreich zuzustellen. Weiterhin übergibt der Client Statusberichte zur Zustellung von Nachrichten an den **[[centos:mail_c7:mta_1?&#bounce|bounce]]**-, **[[centos:mail_c7:mta_1?&#defer|defer]]**- und **[[centos:mail_c7:mta_1?&#trace|trace]]**-daemon. 
-Nach der erfolgreichen Übertragung der Nachricht, kann eine Verbindung an den **[[centos:mail_c7:mta_1?&#scache|scache]]**-Daemon übergeben werden, damit die bestehende Verbindung ggf für weitere Nachrichtenübertragungen genutzt werden kann.  
-Der **smtps**-Client benutzt zur Übertragung entsprechend TLS-geschützten Übertragungsweg. 
- 
-Weitere Hinweise können der **smtp** manpage entnommen werden.  
- 
-   # man 8 smtp 
-<code>SMTP(8)                         System Manager's Manual                         SMTP(8) 
- 
-NAME 
-       smtp - Postfix SMTP+LMTP client 
- 
-SYNOPSIS 
-       smtp [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  Postfix  SMTP+LMTP client implements the SMTP and LMTP mail delivery proto‐ 
-       cols. It processes message  delivery  requests  from  the  queue  manager.  Each 
-       request  specifies  a  queue file, a sender address, a domain or host to deliver 
-       to, and recipient information.  This program expects to be  run  from  the  mas‐ 
-       ter(8) process manager. 
- 
-       The SMTP+LMTP client updates the queue file and marks recipients as finished, or 
-       it informs the queue manager that delivery should be  tried  again  at  a  later 
-       time.  Delivery  status  reports are sent to the bounce(8), defer(8) or trace(8) 
-       daemon as appropriate. 
- 
-       The SMTP+LMTP client looks up a list of mail exchanger addresses for the  desti‐ 
-       nation  host,  sorts the list by preference, and connects to each listed address 
-       until it finds a server that responds. 
- 
-       When a server is not reachable, or when mail delivery fails due to a recoverable 
-       error  condition, the SMTP+LMTP client will try to deliver the mail to an alter‐ 
-       nate host. 
- 
-       After a successful mail transaction, a connection may be saved to the  scache(8) 
-       connection  cache  server,  so that it may be used by any SMTP+LMTP client for a 
-       subsequent transaction. 
- 
-       By default, connection caching is enabled temporarily for destinations that have 
-        high  volume  of  mail in the active queue. Connection caching can be enabled 
-       permanently for specific destinations. 
- 
-SMTP DESTINATION SYNTAX 
-       SMTP destinations have the following form: 
-       domainname 
- 
-       domainname:port 
-              Look up the mail exchangers for the specified domain, and connect to  the 
-              specified port (default: smtp). 
- 
-       [hostname] 
- 
-       [hostname]:port 
-              Look  up the address(es) of the specified host, and connect to the speci‐ 
-              fied port (default: smtp). 
- 
-       [address] 
- 
-       [address]:port 
-              Connect to the host at the specified address, and connect to  the  speci‐ 
-              fied  port  (default:  smtp).  An  IPv6  address  must  be  formatted  as 
-              [ipv6:address]. 
- 
-LMTP DESTINATION SYNTAX 
-       LMTP destinations have the following form: 
- 
-       unix:pathname 
-              Connect to the local UNIX-domain server that is bound  to  the  specified 
-              pathname.  If  the  process runs chrooted, an absolute pathname is inter‐ 
-              preted relative to the Postfix queue directory. 
- 
-       inet:hostname 
- 
-       inet:hostname:port 
- 
-       inet:[address] 
- 
-       inet:[address]:port 
-              Connect to the specified TCP port on the specified local or remote  host. 
-              If  no  port  is  specified,  connect to the port defined as lmtp in ser‐ 
-              vices(4).  If no such service is found, the  lmtp_tcp_port  configuration 
-              parameter  (default  value  of 24) will be used.  An IPv6 address must be 
-              formatted as [ipv6:address]. 
- 
-SECURITY 
-       The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP or  LMTP 
-       servers  and  to  DNS  servers  on  the network. The SMTP+LMTP client can be run 
-       chrooted at fixed low privilege. 
- 
-STANDARDS 
-       RFC 821 (SMTP protocol) 
-       RFC 822 (ARPA Internet Text Messages) 
-       RFC 1651 (SMTP service extensions) 
-       RFC 1652 (8bit-MIME transport) 
-       RFC 1870 (Message Size Declaration) 
-       RFC 2033 (LMTP protocol) 
-       RFC 2034 (SMTP Enhanced Error Codes) 
-       RFC 2045 (MIME: Format of Internet Message Bodies) 
-       RFC 2046 (MIME: Media Types) 
-       RFC 2554 (AUTH command) 
-       RFC 2821 (SMTP protocol) 
-       RFC 2920 (SMTP Pipelining) 
-       RFC 3207 (STARTTLS command) 
-       RFC 3461 (SMTP DSN Extension) 
-       RFC 3463 (Enhanced Status Codes) 
-       RFC 4954 (AUTH command) 
-       RFC 5321 (SMTP protocol) 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8).  Corrupted message files are 
-       marked  so that the queue manager can move them to the corrupt queue for further 
-       inspection. 
- 
-       Depending on the setting of the  notify_classes  parameter,  the  postmaster  is 
-       notified of bounces, protocol problems, and of other trouble. 
- 
-BUGS 
-       SMTP  and  LMTP connection caching does not work with TLS. The necessary support 
-       for TLS object passivation and re-activation does not exist without closing  the 
-       session, which defeats the purpose. 
- 
-       SMTP and LMTP connection caching assumes that SASL credentials are valid for all 
-       destinations that map onto the same IP address and TCP port. 
- 
-CONFIGURATION PARAMETERS 
-       Before Postfix version 2.3, the LMTP client is a separate  program  that  imple‐ 
-       ments  only  a subset of the functionality available with SMTP: there is no sup‐ 
-       port for TLS, and connections are cached in-process, making it ineffective  when 
-       the client is used for multiple domains. 
- 
-       Most  smtp_xxx  configuration parameters have an lmtp_xxx "mirror" parameter for 
-       the equivalent LMTP feature. This document  describes  only  those  LMTP-related 
-       parameters that aren't simply "mirror" parameters. 
- 
-       Changes  to  main.cf  are  picked up automatically, as smtp(8) processes run for 
-       only a limited amount of time. Use the command "postfix reload" to  speed  up  a 
-       change. 
- 
-       The  text  below  provides  only  a  parameter summary. See postconf(5) for more 
-       details including examples. 
- 
-COMPATIBILITY CONTROLS 
-       ignore_mx_lookup_error (no) 
-              Ignore DNS MX lookups that produce no response. 
- 
-       smtp_always_send_ehlo (yes) 
-              Always send EHLO at the start of an SMTP session. 
- 
-       smtp_never_send_ehlo (no) 
-              Never send EHLO at the start of an SMTP session. 
- 
-       smtp_defer_if_no_mx_address_found (no) 
-              Defer mail delivery when no MX record resolves to an IP address. 
- 
-       smtp_line_length_limit (998) 
-              The maximal length of message header and body  lines  that  Postfix  will 
-              send via SMTP. 
- 
-       smtp_pix_workaround_delay_time (10s) 
-              How  long  the  Postfix  SMTP client pauses before sending ".<CR><LF>" in 
-              order to work around the PIX firewall "<CR><LF>.<CR><LF>" bug. 
- 
-       smtp_pix_workaround_threshold_time (500s) 
-              How long a message must be queued before the Postfix SMTP client turns on 
-              the  PIX firewall "<CR><LF>.<CR><LF>" bug workaround for delivery through 
-              firewalls with "smtp fixup" mode turned on. 
- 
-       smtp_pix_workarounds (disable_esmtp, delay_dotcrlf) 
-              A list that specifies zero or more workarounds  for  CISCO  PIX  firewall 
-              bugs. 
- 
-       smtp_pix_workaround_maps (empty) 
-              Lookup tables, indexed by the remote SMTP server address, with per-desti‐ 
-              nation workarounds for CISCO PIX firewall bugs. 
- 
-       smtp_quote_rfc821_envelope (yes) 
-              Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands  as 
-              required by RFC 5321. 
- 
-       smtp_reply_filter (empty) 
-              A  mechanism  to transform replies from remote SMTP servers one line at a 
-              time. 
- 
-       smtp_skip_5xx_greeting (yes) 
-              Skip remote SMTP servers that greet with a 5XX status code. 
- 
-       smtp_skip_quit_response (yes) 
-              Do not wait for the response to the SMTP QUIT command. 
- 
-       Available in Postfix version 2.0 and earlier: 
- 
-       smtp_skip_4xx_greeting (yes) 
-              Skip SMTP servers that greet with a 4XX status code (go away,  try  again 
-              later). 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       smtp_discard_ehlo_keyword_address_maps (empty) 
-              Lookup  tables,  indexed  by  the  remote  SMTP server address, with case 
-              insensitive lists of EHLO keywords  (pipelining,  starttls,  auth,  etc.) 
-              that  the  Postfix  SMTP  client  will ignore in the EHLO response from a 
-              remote SMTP server. 
- 
-       smtp_discard_ehlo_keywords (empty) 
-              A case insensitive list of EHLO  keywords  (pipelining,  starttls,  auth, 
-              etc.)  that the Postfix SMTP client will ignore in the EHLO response from 
-              a remote SMTP server. 
- 
-       smtp_generic_maps (empty) 
-              Optional lookup tables that perform address rewriting in the Postfix SMTP 
-              client,  typically  to  transform a locally valid address into a globally 
-              valid address when sending mail across the Internet. 
- 
-       Available in Postfix version 2.2.9 and later: 
- 
-       smtp_cname_overrides_servername (version dependent) 
-              Allow DNS CNAME records to override the servername that the Postfix  SMTP 
-              client  uses  for logging, SASL password lookup, TLS policy decisions, or 
-              TLS certificate verification. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       lmtp_discard_lhlo_keyword_address_maps (empty) 
-              Lookup tables, indexed by the  remote  LMTP  server  address,  with  case 
-              insensitive  lists  of  LHLO  keywords (pipelining, starttls, auth, etc.) 
-              that the Postfix LMTP client will ignore in  the  LHLO  response  from  a 
-              remote LMTP server. 
- 
-       lmtp_discard_lhlo_keywords (empty) 
-              A  case  insensitive  list  of LHLO keywords (pipelining, starttls, auth, 
-              etc.) that the Postfix LMTP client will ignore in the LHLO response  from 
-              a remote LMTP server. 
- 
-       Available in Postfix version 2.4.4 and later: 
- 
-       send_cyrus_sasl_authzid (no) 
-              When authenticating to a remote SMTP or LMTP server with the default set‐ 
-              ting "no", send no SASL authoriZation ID (authzid); send  only  the  SASL 
-              authentiCation ID (authcid) plus the authcid's password. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       smtp_header_checks (empty) 
-              Restricted header_checks(5) tables for the Postfix SMTP client. 
- 
-       smtp_mime_header_checks (empty) 
-              Restricted mime_header_checks(5) tables for the Postfix SMTP client. 
- 
-       smtp_nested_header_checks (empty) 
-              Restricted nested_header_checks(5) tables for the Postfix SMTP client. 
- 
-       smtp_body_checks (empty) 
-              Restricted body_checks(5) tables for the Postfix SMTP client. 
- 
-       Available in Postfix version 2.6 and later: 
- 
-       tcp_windowsize (0) 
-              An optional workaround for routers that break TCP window scaling. 
- 
-       Available in Postfix version 2.8 and later: 
- 
-       smtp_dns_resolver_options (empty) 
-              DNS Resolver options for the Postfix SMTP client. 
- 
-       Available in Postfix version 2.9 and later: 
- 
-       smtp_per_record_deadline (no) 
-              Change  the behavior of the smtp_*_timeout time limits, from a time limit 
-              per read or write system call, to a time limit to send or receive a  com‐ 
-              plete record (an SMTP command line, SMTP response line, SMTP message con‐ 
-              tent line, or TLS protocol message). 
- 
-       smtp_send_dummy_mail_auth (no) 
-              Whether or not to append the "AUTH=<>" option to the MAIL FROM command in 
-              SASL-authenticated SMTP sessions. 
- 
-       Available in Postfix version 2.11 and later: 
- 
-       smtp_dns_support_level (empty) 
-              Level of DNS support in the Postfix SMTP client. 
- 
-MIME PROCESSING CONTROLS 
-       Available in Postfix version 2.0 and later: 
- 
-       disable_mime_output_conversion (no) 
-              Disable the conversion of 8BITMIME format to 7BIT format. 
- 
-       mime_boundary_length_limit (2048) 
-              The maximal length of MIME multipart boundary strings. 
- 
-       mime_nesting_limit (100) 
-              The maximal recursion level that the MIME processor will handle. 
- 
-EXTERNAL CONTENT INSPECTION CONTROLS 
-       Available in Postfix version 2.1 and later: 
- 
-       smtp_send_xforward_command (no) 
-              Send  the non-standard XFORWARD command when the Postfix SMTP server EHLO 
-              response announces XFORWARD support. 
- 
-SASL AUTHENTICATION CONTROLS 
-       smtp_sasl_auth_enable (no) 
-              Enable SASL authentication in the Postfix SMTP client. 
- 
-       smtp_sasl_password_maps (empty) 
-              Optional Postfix SMTP client lookup  tables  with  one  username:password 
-              entry per remote hostname or domain, or sender address when sender-depen‐ 
-              dent authentication is enabled. 
- 
-       smtp_sasl_security_options (noplaintext, noanonymous) 
-              Postfix SMTP client SASL security options; as of Postfix 2.3 the list  of 
-              available  features  depends  on  the  SASL client implementation that is 
-              selected with smtp_sasl_type. 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       smtp_sasl_mechanism_filter (empty) 
-              If non-empty, a Postfix SMTP client filter for the remote  SMTP  server's 
-              list of offered SASL mechanisms. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       smtp_sender_dependent_authentication (no) 
-              Enable  sender-dependent  authentication in the Postfix SMTP client; this 
-              is available only with SASL authentication, and disables SMTP  connection 
-              caching to ensure that mail from different senders will use the appropri‐ 
-              ate credentials. 
- 
-       smtp_sasl_path (empty) 
-              Implementation-specific information that the Postfix SMTP  client  passes 
-              through  to  the  SASL  plug-in  implementation  that  is  selected  with 
-              smtp_sasl_type. 
- 
-       smtp_sasl_type (cyrus) 
-              The SASL plug-in type that the Postfix SMTP client should use for authen‐ 
-              tication. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       smtp_sasl_auth_cache_name (empty) 
-              An  optional  table to prevent repeated SASL authentication failures with 
-              the same remote SMTP server hostname, username and password. 
- 
-       smtp_sasl_auth_cache_time (90d) 
-              The maximal age  of  an  smtp_sasl_auth_cache_name  entry  before  it  is 
-              removed. 
- 
-       smtp_sasl_auth_soft_bounce (yes) 
-              When  a  remote  SMTP server rejects a SASL authentication request with a 
-              535 reply code, defer mail delivery instead of returning mail as undeliv‐ 
-              erable. 
- 
-       Available in Postfix version 2.9 and later: 
- 
-       smtp_send_dummy_mail_auth (no) 
-              Whether or not to append the "AUTH=<>" option to the MAIL FROM command in 
-              SASL-authenticated SMTP sessions. 
- 
-STARTTLS SUPPORT CONTROLS 
-       Detailed information about STARTTLS configuration may be found in the TLS_README 
-       document. 
- 
-       smtp_tls_security_level (empty) 
-              The  default  SMTP TLS security level for the Postfix SMTP client; when a 
-              non-empty value is specified,  this  overrides  the  obsolete  parameters 
-              smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 
- 
-       smtp_sasl_tls_security_options ($smtp_sasl_security_options) 
-              The  SASL  authentication  security  options that the Postfix SMTP client 
-              uses for TLS encrypted SMTP sessions. 
- 
-       smtp_starttls_timeout (300s) 
-              Time limit for Postfix SMTP client write and read operations  during  TLS 
-              startup and shutdown handshake procedures. 
- 
-       smtp_tls_CAfile (empty) 
-              A  file  containing  CA  certificates  of root CAs trusted to sign either 
-              remote SMTP server certificates or intermediate CA certificates. 
- 
-       smtp_tls_CApath (empty) 
-              Directory with PEM format certificate  authority  certificates  that  the 
-              Postfix SMTP client uses to verify a remote SMTP server certificate. 
- 
-       smtp_tls_cert_file (empty) 
-              File with the Postfix SMTP client RSA certificate in PEM format. 
- 
-       smtp_tls_mandatory_ciphers (medium) 
-              The  minimum  TLS cipher grade that the Postfix SMTP client will use with 
-              mandatory TLS encryption. 
- 
-       smtp_tls_exclude_ciphers (empty) 
-              List of ciphers or cipher types to exclude from the Postfix  SMTP  client 
-              cipher list at all TLS security levels. 
- 
-       smtp_tls_mandatory_exclude_ciphers (empty) 
-              Additional  list  of  ciphers or cipher types to exclude from the Postfix 
-              SMTP client cipher list at mandatory TLS security levels. 
- 
-       smtp_tls_dcert_file (empty) 
-              File with the Postfix SMTP client DSA certificate in PEM format. 
- 
-       smtp_tls_dkey_file ($smtp_tls_dcert_file) 
-              File with the Postfix SMTP client DSA private key in PEM format. 
- 
-       smtp_tls_key_file ($smtp_tls_cert_file) 
-              File with the Postfix SMTP client RSA private key in PEM format. 
- 
-       smtp_tls_loglevel (0) 
-              Enable additional Postfix SMTP client logging of TLS activity. 
- 
-       smtp_tls_note_starttls_offer (no) 
-              Log the hostname of a remote SMTP server that offers STARTTLS,  when  TLS 
-              is not already enabled for that server. 
- 
-       smtp_tls_policy_maps (empty) 
-              Optional  lookup  tables with the Postfix SMTP client TLS security policy 
-              by next-hop destination; when a non-empty value is specified, this  over‐ 
-              rides the obsolete smtp_tls_per_site parameter. 
- 
-       smtp_tls_mandatory_protocols (!SSLv2) 
-              List  of  SSL/TLS  protocols  that  the Postfix SMTP client will use with 
-              mandatory TLS encryption. 
- 
-       smtp_tls_scert_verifydepth (9) 
-              The verification depth for remote SMTP server certificates. 
- 
-       smtp_tls_secure_cert_match (nexthop, dot-nexthop) 
-              How the Postfix SMTP client verifies the server certificate peername  for 
-              the "secure" TLS security level. 
- 
-       smtp_tls_session_cache_database (empty) 
-              Name  of the file containing the optional Postfix SMTP client TLS session 
-              cache. 
- 
-       smtp_tls_session_cache_timeout (3600s) 
-              The expiration time of Postfix SMTP client TLS session cache information. 
- 
-       smtp_tls_verify_cert_match (hostname) 
-              How the Postfix SMTP client verifies the server certificate peername  for 
-              the "verify" TLS security level. 
- 
-       tls_daemon_random_bytes (32) 
-              The  number  of  pseudo-random  bytes that an smtp(8) or smtpd(8) process 
-              requests from the tlsmgr(8) server in order to seed its  internal  pseudo 
-              random number generator (PRNG). 
- 
-       tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "HIGH" grade ciphers. 
- 
-       tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. 
- 
-       tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "LOW" or higher grade ciphers. 
- 
-       tls_export_cipherlist (ALL:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. 
- 
-       tls_null_cipherlist (eNULL:!aNULL) 
-              The  OpenSSL cipherlist for "NULL" grade ciphers that provide authentica‐ 
-              tion without encryption. 
- 
-       Available in Postfix version 2.4 and later: 
- 
-       smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options) 
-              The SASL authentication security options that  the  Postfix  SMTP  client 
-              uses for TLS encrypted SMTP sessions with a verified server certificate. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       smtp_tls_fingerprint_cert_match (empty) 
-              List  of  acceptable  remote SMTP server certificate fingerprints for the 
-              "fingerprint" TLS security level (smtp_tls_security_level = fingerprint). 
- 
-       smtp_tls_fingerprint_digest (md5) 
-              The message digest algorithm used to construct remote  SMTP  server  cer‐ 
-              tificate fingerprints. 
- 
-       Available in Postfix version 2.6 and later: 
- 
-       smtp_tls_protocols (!SSLv2) 
-              List  of  TLS  protocols  that  the  Postfix  SMTP client will exclude or 
-              include with opportunistic TLS encryption. 
- 
-       smtp_tls_ciphers (export) 
-              The minimum TLS cipher grade that the Postfix SMTP client will  use  with 
-              opportunistic TLS encryption. 
- 
-       smtp_tls_eccert_file (empty) 
-              File with the Postfix SMTP client ECDSA certificate in PEM format. 
- 
-       smtp_tls_eckey_file ($smtp_tls_eccert_file) 
-              File with the Postfix SMTP client ECDSA private key in PEM format. 
- 
-       Available in Postfix version 2.7 and later: 
- 
-       smtp_tls_block_early_mail_reply (no) 
-              Try to detect a mail hijacking attack based on a TLS protocol vulnerabil‐ 
-              ity (CVE-2009-3555), where an attacker  prepends  malicious  HELO,  MAIL, 
-              RCPT, DATA commands to a Postfix SMTP client TLS session. 
- 
-       Available in Postfix version 2.8 and later: 
- 
-       tls_disable_workarounds (see 'postconf -d' output) 
-              List or bit-mask of OpenSSL bug work-arounds to disable. 
- 
-       Available in Postfix version 2.11 and later: 
- 
-       smtp_tls_trust_anchor_file (empty) 
-              Zero  or more PEM-format files with trust-anchor certificates and/or pub‐ 
-              lic keys. 
- 
-       smtp_tls_force_insecure_host_tlsa_lookup (no) 
-              Lookup the associated DANE TLSA RRset even when  a  hostname  is  not  an 
-              alias and its address records lie in an unsigned zone. 
- 
-       tls_dane_trust_anchor_digest_enable (yes) 
-              RFC 6698 trust-anchor digest support in the Postfix TLS library. 
- 
-       tlsmgr_service_name (tlsmgr) 
-              The name of the tlsmgr(8) service entry in master.cf. 
- 
-OBSOLETE STARTTLS CONTROLS 
-       The following configuration parameters exist for compatibility with Postfix ver‐ 
-       sions before 2.3. Support for these will be removed in a future release. 
- 
-       smtp_use_tls (no) 
-              Opportunistic mode: use TLS when a remote SMTP server announces  STARTTLS 
-              support, otherwise send the mail in the clear. 
- 
-       smtp_enforce_tls (no) 
-              Enforcement  mode:  require  that remote SMTP servers use TLS encryption, 
-              and never send mail in the clear. 
- 
-       smtp_tls_enforce_peername (yes) 
-              With mandatory TLS encryption, require that the remote SMTP server  host‐ 
-              name matches the information in the remote SMTP server certificate. 
- 
-       smtp_tls_per_site (empty) 
-              Optional  lookup  tables with the Postfix SMTP client TLS usage policy by 
-              next-hop destination and by remote SMTP server hostname. 
- 
-       smtp_tls_cipherlist (empty) 
-              Obsolete Postfix < 2.3 control for the Postfix  SMTP  client  TLS  cipher 
-              list. 
- 
-RESOURCE AND RATE CONTROLS 
-       smtp_destination_concurrency_limit ($default_destination_concurrency_limit) 
-              The maximal number of parallel deliveries to the same destination via the 
-              smtp message delivery transport. 
- 
-       smtp_destination_recipient_limit ($default_destination_recipient_limit) 
-              The maximal number of recipients per message for the smtp message  deliv‐ 
-              ery transport. 
- 
-       smtp_connect_timeout (30s) 
-              The  Postfix  SMTP  client time limit for completing a TCP connection, or 
-              zero (use the operating system built-in time limit). 
- 
-       smtp_helo_timeout (300s) 
-              The Postfix SMTP client time limit for sending the HELO or EHLO  command, 
-              and for receiving the initial remote SMTP server response. 
- 
-       lmtp_lhlo_timeout (300s) 
-              The  Postfix LMTP client time limit for sending the LHLO command, and for 
-              receiving the initial remote LMTP server response. 
- 
-       smtp_xforward_timeout (300s) 
-              The Postfix SMTP client time limit for sending the XFORWARD command,  and 
-              for receiving the remote SMTP server response. 
- 
-       smtp_mail_timeout (300s) 
-              The Postfix SMTP client time limit for sending the MAIL FROM command, and 
-              for receiving the remote SMTP server response. 
- 
-       smtp_rcpt_timeout (300s) 
-              The Postfix SMTP client time limit for sending the SMTP RCPT TO  command, 
-              and for receiving the remote SMTP server response. 
- 
-       smtp_data_init_timeout (120s) 
-              The Postfix SMTP client time limit for sending the SMTP DATA command, and 
-              for receiving the remote SMTP server response. 
- 
-       smtp_data_xfer_timeout (180s) 
-              The Postfix SMTP client time limit for sending the SMTP message content. 
- 
-       smtp_data_done_timeout (600s) 
-              The Postfix SMTP client time limit for sending  the  SMTP  ".",  and  for 
-              receiving the remote SMTP server response. 
- 
-       smtp_quit_timeout (300s) 
-              The  Postfix SMTP client time limit for sending the QUIT command, and for 
-              receiving the remote SMTP server response. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtp_mx_address_limit (5) 
-              The maximal number of MX (mail exchanger) IP addresses  that  can  result 
-              from Postfix SMTP client mail exchanger lookups, or zero (no limit). 
- 
-       smtp_mx_session_limit (2) 
-              The maximal number of SMTP sessions per delivery request before the Post‐ 
-              fix SMTP client gives up or delivers to a fall-back relay host,  or  zero 
-              (no limit). 
- 
-       smtp_rset_timeout (20s) 
-              The  Postfix SMTP client time limit for sending the RSET command, and for 
-              receiving the remote SMTP server response. 
- 
-       Available in Postfix version 2.2 and earlier: 
- 
-       lmtp_cache_connection (yes) 
-              Keep Postfix LMTP client connections open for up to $max_idle seconds. 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       smtp_connection_cache_destinations (empty) 
-              Permanently enable SMTP connection caching  for  the  specified  destina‐ 
-              tions. 
- 
-       smtp_connection_cache_on_demand (yes) 
-              Temporarily enable SMTP connection caching while a destination has a high 
-              volume of mail in the active queue. 
- 
-       smtp_connection_reuse_time_limit (300s) 
-              The amount of time during which  Postfix  will  use  an  SMTP  connection 
-              repeatedly. 
- 
-       smtp_connection_cache_time_limit (2s) 
-              When  SMTP  connection  caching  is  enabled,  the amount of time that an 
-              unused SMTP client socket is kept open before it is closed. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       connection_cache_protocol_timeout (5s) 
-              Time limit for connection cache connect, send or receive operations. 
- 
-       Available in Postfix version 2.9 and later: 
- 
-       smtp_per_record_deadline (no) 
-              Change the behavior of the smtp_*_timeout time limits, from a time  limit 
-              per  read or write system call, to a time limit to send or receive a com‐ 
-              plete record (an SMTP command line, SMTP response line, SMTP message con‐ 
-              tent line, or TLS protocol message). 
- 
-       Available in Postfix version 2.11 and later: 
- 
-       smtp_connection_reuse_count_limit (0) 
-              When SMTP connection caching is enabled, the number of times that an SMTP 
-              session may be reused before it is closed, or zero (no limit). 
- 
-TROUBLE SHOOTING CONTROLS 
-       debug_peer_level (2) 
-              The increment in verbose logging level when a  remote  client  or  server 
-              matches a pattern in the debug_peer_list parameter. 
- 
-       debug_peer_list (empty) 
-              Optional list of remote client or server hostname or network address pat‐ 
-              terns that cause the verbose logging level  to  increase  by  the  amount 
-              specified in $debug_peer_level. 
- 
-       error_notice_recipient (postmaster) 
-              The  recipient  of  postmaster notifications about mail delivery problems 
-              that are caused by policy, resource, software or protocol errors. 
- 
-       internal_mail_filter_classes (empty) 
-              What categories of Postfix-generated mail  are  subject  to  before-queue 
-              content inspection by non_smtpd_milters, header_checks and body_checks. 
- 
-       notify_classes (resource, software) 
-              The list of error classes that are reported to the postmaster. 
- 
-MISCELLANEOUS CONTROLS 
-       best_mx_transport (empty) 
-              Where the Postfix SMTP client should deliver mail when it detects a "mail 
-              loops back to myself" error condition. 
- 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       daemon_timeout (18000s) 
-              How  much  time  a  Postfix  daemon  process may take to handle a request 
-              before it is terminated by a built-in watchdog timer. 
- 
-       delay_logging_resolution_limit (2) 
-              The maximal number of digits after the decimal point  when  logging  sub- 
-              second delay values. 
- 
-       disable_dns_lookups (no) 
-              Disable DNS lookups in the Postfix SMTP and LMTP clients. 
- 
-       inet_interfaces (all) 
-              The network interface addresses that this mail system receives mail on. 
- 
-       inet_protocols (all) 
-              The Internet protocols Postfix will attempt to use when making or accept‐ 
-              ing connections. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal com‐ 
-              munication channel. 
- 
-       lmtp_assume_final (no) 
-              When  a  remote  LMTP  server  announces  no DSN support, assume that the 
-              server performs final delivery,  and  send  "delivered"  delivery  status 
-              notifications instead of "relayed". 
- 
-       lmtp_tcp_port (24) 
-              The default TCP port that the Postfix LMTP client connects to. 
- 
-       max_idle (100s) 
-              The  maximum amount of time that an idle Postfix daemon process waits for 
-              an incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The maximal number of incoming connections that a Postfix daemon  process 
-              will service before terminating voluntarily. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       proxy_interfaces (empty) 
-              The network interface addresses that this mail system receives mail on by 
-              way of a proxy or network address translation unit. 
- 
-       smtp_address_preference (any) 
-              The address type ("ipv6", "ipv4" or "any") that the Postfix  SMTP  client 
-              will try first, when a destination has IPv6 and IPv4 addresses with equal 
-              MX preference. 
- 
-       smtp_bind_address (empty) 
-              An optional numerical network address that the Postfix SMTP client should 
-              bind to when making an IPv4 connection. 
- 
-       smtp_bind_address6 (empty) 
-              An optional numerical network address that the Postfix SMTP client should 
-              bind to when making an IPv6 connection. 
- 
-       smtp_helo_name ($myhostname) 
-              The hostname to send in the SMTP EHLO or HELO command. 
- 
-       lmtp_lhlo_name ($myhostname) 
-              The hostname to send in the LMTP LHLO command. 
- 
-       smtp_host_lookup (dns) 
-              What mechanisms the Postfix SMTP client uses  to  look  up  a  host' IP 
-              address. 
- 
-       smtp_randomize_addresses (yes) 
-              Randomize the order of equal-preference MX host addresses. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is prepended to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-       Available with Postfix 2.2 and earlier: 
- 
-       fallback_relay (empty) 
-              Optional list of relay hosts for SMTP destinations that can't be found or 
-              that are unreachable. 
- 
-       Available with Postfix 2.3 and later: 
- 
-       smtp_fallback_relay ($fallback_relay) 
-              Optional list of relay hosts for SMTP destinations that can't be found or 
-              that are unreachable. 
- 
-SEE ALSO 
-       generic(5), output address rewriting 
-       header_checks(5), message header content inspection 
-       body_checks(5), body parts content inspection 
-       qmgr(8), queue manager 
-       bounce(8), delivery status reports 
-       scache(8), connection cache server 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       tlsmgr(8), TLS session and PRNG management 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this 
-       information. 
-       SASL_README, Postfix SASL howto 
-       TLS_README, Postfix STARTTLS howto 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-       Command pipelining in cooperation with: 
-       Jon Ribbens 
-       Oaktree Internet Solutions Ltd., 
-       Internet House, 
-       Canal Basin, 
-       Coventry, 
-       CV1 4LY, United Kingdom. 
- 
-       SASL support originally by: 
-       Till Franke 
-       SuSE Rhein/Main AG 
-       65760 Eschborn, Germany 
- 
-       TLS support originally by: 
-       Lutz Jaenicke 
-       BTU Cottbus 
-       Allgemeine Elektrotechnik 
-       Universitaetsplatz 3-4 
-       D-03044 Cottbus, Germany 
- 
-       Revised TLS and SMTP connection cache support by: 
-       Victor Duchovni 
-       Morgan Stanley 
- 
-                                                                                SMTP(8) 
-</code> 
- 
-==== pipe ==== 
-Der **pipe**-Daemon ist neben den Mailclient-Programmen **[[centos:mail_c7:mta_1?&#lmtp_smtp_und_smtps|lmtp]]** und **[[centos:mail_c7:mta_1?&#lmtp_smtp_und_smtps|smtp]]** ein weiterer Dienst, der mit der Weiterverteilung der Nachrichten zu externen Mail-Transportprogrammen/-scripten zur Anwendung kommt. Bekannte Vertreter sind hier der Mailinglisten-Server **[[centos:mailman|Mailman]]** oder auch der **[[centos:sks_c6|sks-keyserver]]** oder ein **[[centos:hylafax_c6?s[]=mail2fax#fax-versand_per_email|Mail2Fax]]**-Programm. 
- 
-Detailinformationen zum **pipe**-Daemon findet man in dessen **manpage**. 
-   # man 8 pipe 
- 
-<code>PIPE(8)                         System Manager's Manual                         PIPE(8) 
- 
-NAME 
-       pipe - Postfix delivery to external command 
- 
-SYNOPSIS 
-       pipe [generic Postfix daemon options] command_attributes... 
- 
-DESCRIPTION 
-       The  pipe(8) daemon processes requests from the Postfix queue manager to deliver 
-       messages to external commands.  This program expects to be  run  from  the  mas‐ 
-       ter(8) process manager. 
- 
-       Message  attributes  such as sender address, recipient address and next-hop host 
-       name can be specified as command-line macros that are expanded before the exter‐ 
-       nal command is executed. 
- 
-       The  pipe(8)  daemon updates queue files and marks recipients as finished, or it 
-       informs the queue manager that delivery should be tried again at a  later  time. 
-       Delivery  status  reports are sent to the bounce(8), defer(8) or trace(8) daemon 
-       as appropriate. 
- 
-SINGLE-RECIPIENT DELIVERY 
-       Some destinations cannot handle more than one recipient  per  delivery  request. 
-       Examples  are  pagers or fax machines.  In addition, multi-recipient delivery is 
-       undesirable when prepending a Delivered-to: or X-Original-To: message header. 
- 
-       To prevent Postfix from sending multiple recipients per delivery request,  spec‐ 
-       ify 
- 
-           transport_destination_recipient_limit = 1 
- 
-       in  the Postfix main.cf file, where transport is the name in the first column of 
-       the Postfix master.cf entry for the pipe-based delivery transport. 
- 
-COMMAND ATTRIBUTE SYNTAX 
-       The external command attributes are given in the master.cf file at the end of  a 
-       service definition.  The syntax is as follows: 
- 
-       chroot=pathname (optional) 
-              Change  the  process  root  directory  and working directory to the named 
-              directory. This happens before switching to the privileges specified with 
-              the  user attribute, and before executing the optional directory=pathname 
-              directive. Delivery is deferred in case of failure. 
- 
-              This feature is available as of Postfix 2.3. 
- 
-       directory=pathname (optional) 
-              Change to the named directory before executing the external command.  The 
-              directory  must  be  accessible  for  the  user  specified  with the user 
-              attribute (see below).  The default working  directory  is  $queue_direc‐ 
-              tory.  Delivery is deferred in case of failure. 
- 
-              This feature is available as of Postfix 2.2. 
- 
-       eol=string (optional, default: \n) 
-              The  output  record delimiter. Typically one would use either \r\n or \n. 
-              The usual C-style backslash escape sequences are recognized: \a \b \f  \n 
-              \r \t \v \ddd (up to three octal digits) and \\. 
- 
-       flags=BDFORXhqu.> (optional) 
-              Optional  message  processing  flags.  By  default,  a  message is copied 
-              unchanged. 
- 
-              B      Append a blank line at the end of each message. This  is  required 
-                     by  some  mail  user agents that recognize "From " lines only when 
-                     preceded by a blank line. 
- 
-              D      Prepend a "Delivered-To: recipient" message header with the  enve‐ 
-                     lope recipient address. Note: for this to work, the transport_des‐ 
-                     tination_recipient_limit must be 1 (see SINGLE-RECIPIENT  DELIVERY 
-                     above for details). 
- 
-                     The  D  flag also enforces loop detection (Postfix 2.5 and later): 
-                     if a message already contains a Delivered-To: header with the same 
-                     recipient  address, then the message is returned as undeliverable. 
-                     The address comparison is case insensitive. 
- 
-                     This feature is available as of Postfix 2.0. 
- 
-              F      Prepend a "From sender time_stamp" envelope header to the  message 
-                     content.  This is expected by, for example, UUCP software. 
- 
-              O      Prepend  an  "X-Original-To:  recipient"  message  header with the 
-                     recipient address as given to Postfix. Note: for this to work, the 
-                     transport_destination_recipient_limit must be 1 (see SINGLE-RECIP‐ 
-                     IENT DELIVERY above for details). 
- 
-                     This feature is available as of Postfix 2.0. 
- 
-              R      Prepend a Return-Path: message header  with  the  envelope  sender 
-                     address. 
- 
-              X      Indicate  that the external command performs final delivery.  This 
-                     flag affects the status reported in "success" DSN (delivery status 
-                     notification) messages, and changes it from "relayed" into "deliv‐ 
-                     ered". 
- 
-                     This feature is available as of Postfix 2.5. 
- 
-              h      Fold the command-line $original_recipient and  $recipient  address 
-                     domain  part  (text to the right of the right-most @ character) to 
-                     lower case; fold the entire command-line $domain and $nexthop host 
-                     or  domain  information  to  lower  case.  This is recommended for 
-                     delivery via UUCP. 
- 
-              q      Quote white space and other special characters in the command-line 
-                     $sender,  $original_recipient  and  $recipient  address localparts 
-                     (text to the left of the right-most @ character), according to  an 
-                     8-bit  transparent  version  of  RFC 822.  This is recommended for 
-                     delivery via UUCP or BSMTP. 
- 
-                     The result is compatible with the address parsing of  command-line 
-                     recipients by the Postfix sendmail(1) mail submission command. 
- 
-                     The  q flag affects only entire addresses, not the partial address 
-                     information from the $user, $extension  or  $mailbox  command-line 
-                     macros. 
- 
-              u      Fold  the  command-line $original_recipient and $recipient address 
-                     localpart (text to the left of  the  right-most  @  character)  to 
-                     lower case.  This is recommended for delivery via UUCP. 
- 
-              .      Prepend  "."  to  lines  starting with ".". This is needed by, for 
-                     example, BSMTP software. 
- 
-              >      Prepend ">" to lines starting with "From ". This is  expected  by, 
-                     for example, UUCP software. 
- 
-       null_sender=replacement (default: MAILER-DAEMON) 
-              Replace the null sender address (typically used for delivery status noti‐ 
-              fications) with the specified text when expanding  the  $sender  command- 
-              line macro, and when generating a From_ or Return-Path: message header. 
- 
-              If  the  null  sender  replacement  text is a non-empty string then it is 
-              affected by the q flag for address quoting in command-line arguments. 
- 
-              The null sender replacement text may be empty; this form  is  recommended 
-              for  content  filters  that feed mail back into Postfix. The empty sender 
-              address is not affected by the q flag for address quoting in command-line 
-              arguments. 
- 
-              Caution:  a  null  sender address is easily mis-parsed by naive software. 
-              For example, when the pipe(8) daemon executes a command such as: 
- 
-                  Wrong: command -f$sender -- $recipient 
- 
-              the command will mis-parse the -f option value when the sender address is 
-              a  null  string.   For correct parsing, specify $sender as an argument by 
-              itself: 
- 
-                  Right: command -f $sender -- $recipient 
- 
-              This feature is available as of Postfix 2.3. 
- 
-       size=size_limit (optional) 
-              Don't deliver messages that exceed this size  limit  (in  bytes);  return 
-              them to the sender instead. 
- 
-       user=username (required) 
- 
-       user=username:groupname 
-              Execute  the external command with the user ID and group ID of the speci‐ 
-              fied username.  The software refuses to execute commands with root privi‐ 
-              leges,  or  with the privileges of the mail system owner. If groupname is 
-              specified, the corresponding group ID is used instead of the group ID  of 
-              username. 
- 
-       argv=command... (required) 
-              The  command  to  be executed. This must be specified as the last command 
-              attribute.  The command is executed directly, i.e. without interpretation 
-              of shell meta characters by a shell command interpreter. 
- 
-              In  the  command argument vector, the following macros are recognized and 
-              replaced with corresponding information from the  Postfix  queue  manager 
-              delivery request. 
- 
-              In  addition  to  the  form ${name}, the forms $name and $(name) are also 
-              recognized.  Specify $$ where a single $ is wanted. 
- 
-              ${client_address} 
-                     This macro expands to the remote client network address. 
- 
-                     This feature is available as of Postfix 2.2. 
- 
-              ${client_helo} 
-                     This macro expands to the remote client HELO command parameter. 
- 
-                     This feature is available as of Postfix 2.2. 
- 
-              ${client_hostname} 
-                     This macro expands to the remote client hostname. 
- 
-                     This feature is available as of Postfix 2.2. 
- 
-              ${client_port} 
-                     This macro expands to the remote client TCP port number. 
- 
-                     This feature is available as of Postfix 2.5. 
- 
-              ${client_protocol} 
-                     This macro expands to the remote client protocol. 
- 
-                     This feature is available as of Postfix 2.2. 
- 
- 
-              ${domain} 
-                     This macro expands to the domain portion of the recipient address. 
-                     For example, with an address user+foo@domain the domain is domain. 
- 
-                     This information is modified by the h flag for case folding. 
- 
-                     This feature is available as of Postfix 2.5. 
- 
-              ${extension} 
-                     This  macro  expands to the extension part of a recipient address. 
-                     For example, with an address user+foo@domain the extension is foo. 
- 
-                     A command-line argument that contains ${extension} expands into as 
-                     many command-line arguments as there are recipients. 
- 
-                     This information is modified by the u flag for case folding. 
- 
-              ${mailbox} 
-                     This  macro  expands  to  the  complete  local part of a recipient 
-                     address.  For example, with an address user+foo@domain the mailbox 
-                     is user+foo. 
- 
-                      command-line  argument  that  contains ${mailbox} expands to as 
-                     many command-line arguments as there are recipients. 
- 
-                     This information is modified by the u flag for case folding. 
- 
-              ${nexthop} 
-                     This macro expands to the next-hop hostname. 
- 
-                     This information is modified by the h flag for case folding. 
- 
-              ${original_recipient} 
-                     This macro expands to the complete recipient  address  before  any 
-                     address rewriting or aliasing. 
- 
-                       command-line   argument  that  contains  ${original_recipient} 
-                     expands to as many command-line arguments as there are recipients. 
- 
-                     This information is modified by the hqu flags for quoting and case 
-                     folding. 
- 
-                     This feature is available as of Postfix 2.5. 
- 
-              ${queue_id} 
-                     This macro expands to the queue id. 
- 
-                     This feature is available as of Postfix 2.11. 
- 
-              ${recipient} 
-                     This macro expands to the complete recipient address. 
- 
-                      command-line  argument that contains ${recipient} expands to as 
-                     many command-line arguments as there are recipients. 
- 
-                     This information is modified by the hqu flags for quoting and case 
-                     folding. 
- 
-              ${sasl_method} 
-                     This  macro  expands to the name of the SASL authentication mecha‐ 
-                     nism in the AUTH command when the Postfix SMTP server received the 
-                     message. 
- 
-                     This feature is available as of Postfix 2.2. 
- 
-              ${sasl_sender} 
-                     This macro expands to the SASL sender name (i.e. the original sub‐ 
-                     mitter as per RFC 4954) in the MAIL FROM command when the  Postfix 
-                     SMTP server received the message. 
- 
-                     This feature is available as of Postfix 2.2. 
- 
-              ${sasl_username} 
-                     This  macro expands to the SASL user name in the AUTH command when 
-                     the Postfix SMTP server received the message. 
- 
-                     This feature is available as of Postfix 2.2. 
- 
-              ${sender} 
-                     This macro expands to the envelope sender address. By default, the 
-                     null  sender address expands to MAILER-DAEMON; this can be changed 
-                     with the null_sender attribute, as described above. 
- 
-                     This information is modified by the q flag for quoting. 
- 
-              ${size} 
-                     This macro expands to Postfix's idea of the message size, which is 
-                     an approximation of the size of the message as delivered. 
- 
-              ${user} 
-                     This  macro  expands  to the username part of a recipient address. 
-                     For example, with an address user+foo@domain the username part  is 
-                     user. 
- 
-                     A command-line argument that contains ${user} expands into as many 
-                     command-line arguments as there are recipients. 
- 
-                     This information is modified by the u flag for case folding. 
- 
-STANDARDS 
-       RFC 3463 (Enhanced status codes) 
- 
-DIAGNOSTICS 
-       Command exit status codes are expected to  follow  the  conventions  defined  in 
-       <sysexits.h> Exit status 0 means normal successful completion. 
- 
-       In  the  case  of  a non-zero exit status, a limited amount of command output is 
-       reported in an delivery status notification.  When  the  output  begins  with  a 
-       4.X.X  or  5.X.X enhanced status code, the status code takes precedence over the 
-       non-zero exit status (Postfix version 2.3 and later). 
- 
-       Problems and transactions are logged to syslogd(8).  Corrupted message files are 
-       marked  so that the queue manager can move them to the corrupt queue for further 
-       inspection. 
- 
-SECURITY 
-       This program needs a dual personality 1) to access the private Postfix queue and 
-       IPC mechanisms, and 2) to execute external commands as the specified user. It is 
-       therefore security sensitive. 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are picked up automatically as pipe(8) processes run for only 
-       a limited amount of time. Use the command "postfix reload" to speed up a change. 
- 
-       The  text  below  provides  only  a  parameter summary. See postconf(5) for more 
-       details including examples. 
- 
-RESOURCE AND RATE CONTROLS 
-       In the text below, transport is the first field in a master.cf entry. 
- 
-       transport_destination_concurrency_limit ($default_destination_concurrency_limit) 
-              Limit the number of parallel deliveries  to  the  same  destination,  for 
-              delivery  via  the named transport.  The limit is enforced by the Postfix 
-              queue manager. 
- 
-       transport_destination_recipient_limit ($default_destination_recipient_limit) 
-              Limit the number of recipients per message delivery, for delivery via the 
-              named transport.  The limit is enforced by the Postfix queue manager. 
- 
-       transport_time_limit ($command_time_limit) 
-              Limit  the  time  for  delivery to external command, for delivery via the 
-              named transport.  The limit is enforced by the pipe delivery agent. 
- 
-              Postfix 2.4 and later support a suffix that specifies the  time  unit:  s 
-              (seconds),  m (minutes), h (hours), d (days), w (weeks). The default time 
-              unit is seconds. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       daemon_timeout (18000s) 
-              How  much  time  a  Postfix  daemon  process may take to handle a request 
-              before it is terminated by a built-in watchdog timer. 
- 
-       delay_logging_resolution_limit (2) 
-              The maximal number of digits after the decimal point  when  logging  sub- 
-              second delay values. 
- 
-       export_environment (see 'postconf -d' output) 
-              The  list  of environment variables that a Postfix process will export to 
-              non-Postfix processes. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal com‐ 
-              munication channel. 
- 
-       mail_owner (postfix) 
-              The UNIX system account that owns the Postfix queue and most Postfix dae‐ 
-              mon processes. 
- 
-       max_idle (100s) 
-              The maximum amount of time that an idle Postfix daemon process waits  for 
-              an incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The  maximal number of incoming connections that a Postfix daemon process 
-              will service before terminating voluntarily. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       recipient_delimiter (empty) 
-              The set of characters that can separate a user name  from  its  extension 
-              (example: user+foo), or a .forward file name from its extension (example: 
-              .forward+foo). 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The mail system name that is prepended to  the  process  name  in  syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-SEE ALSO 
-       qmgr(8), queue manager 
-       bounce(8), delivery status reports 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                                PIPE(8) 
-</code> 
- 
- 
- 
- 
-==== sendmail ==== 
-Der **sendmail**-Client ersetzt das ürsprüngliche, von Eric Allmann entwickelte sendmail-binary. Jedes extere Script oder Programm, welches das Client-Programm unter //**/usr/sbin/sendmail**// aufruft, benutzt somit die von Wietse Venema erstellte, wesentlich sicherere Variante, die sich unmittelbar an den Sicherheitsstandards von Postfix einfügt. Nachrichten werden vom **sendmail**-Client in die **maildrop**-Queue abgelegt, wo diese vom **[[centos:mail_c7:mta_1?&#pickup|pickup]]**-Daemon zur weiteren Verarbeitung abgeholt werden. 
- 
-Weitere Informationen findet man zum **sendmail**-Client in dessen **manpage**. 
-   # man 8 sendmail 
- 
-<code>SENDMAIL(1)                     General Commands Manual                     SENDMAIL(1) 
- 
-NAME 
-       sendmail - Postfix to Sendmail compatibility interface 
- 
-SYNOPSIS 
-       sendmail [option ...] [recipient ...] 
- 
-       mailq 
-       sendmail -bp 
- 
-       newaliases 
-       sendmail -I 
- 
-DESCRIPTION 
-       The Postfix sendmail(1) command implements the Postfix to Sendmail compatibility 
-       interface.  For the sake of compatibility with existing applications, some Send‐ 
-       mail command-line options are recognized but silently ignored. 
- 
-       By default, Postfix sendmail(1) reads a message from standard input until EOF or 
-       until it reads a line with only a . character, and arranges for delivery.  Post‐ 
-       fix  sendmail(1) relies on the postdrop(1) command to create a queue file in the 
-       maildrop directory. 
- 
-       Specific command aliases are provided for other common modes of operation: 
- 
-       mailq  List the mail queue. Each entry shows the queue file  ID,  message  size, 
-              arrival time, sender, and the recipients that still need to be delivered. 
-              If mail could not be delivered upon the  last  attempt,  the  reason  for 
-              failure  is  shown. The queue ID string is followed by an optional status 
-              character: 
- 
-              *      The message is in the active queue, i.e. the message  is  selected 
-                     for delivery. 
- 
-              !      The message is in the hold queue, i.e. no further delivery attempt 
-                     will be made until the mail is taken off hold. 
- 
-              This mode of operation is implemented by executing the postqueue(1)  com‐ 
-              mand. 
- 
-       newaliases 
-              Initialize  the  alias database.  If no input file is specified (with the 
-              -oA option, see below), the program processes the file(s) specified  with 
-              the alias_database configuration parameter.  If no alias database type is 
-              specified, the program uses the type  specified  with  the  default_data‐ 
-              base_type configuration parameter.  This mode of operation is implemented 
-              by running the postalias(1) command. 
- 
-              Note: it may take a minute or so before an alias database update  becomes 
-              visible. Use the "postfix reload" command to eliminate this delay. 
- 
-       These  and other features can be selected by specifying the appropriate combina‐ 
-       tion of command-line options. Some features are controlled by parameters in  the 
-       main.cf configuration file. 
- 
-       The following options are recognized: 
- 
-       -Am (ignored) 
- 
-       -Ac (ignored) 
-              Postfix  sendmail  uses the same configuration file regardless of whether 
-              or not a message is an initial submission. 
- 
-       -B body_type 
-              The message body MIME type: 7BIT or 8BITMIME. 
- 
-       -bd    Go into daemon mode. This mode of operation is implemented  by  executing 
-              the "postfix start" command. 
- 
-       -bh (ignored) 
- 
-       -bH (ignored) 
-              Postfix has no persistent host status database. 
- 
-       -bi    Initialize alias database. See the newaliases command above. 
- 
-       -bl    Go  into daemon mode. To accept only local connections as with Sendmail´s 
-              -bl option, specify "inet_interfaces = loopback" in the  Postfix  main.cf 
-              configuration file. 
- 
-       -bm    Read  mail  from  standard  input  and arrange for delivery.  This is the 
-              default mode of operation. 
- 
-       -bp    List the mail queue. See the mailq command above. 
- 
-       -bs    Stand-alone SMTP server mode. Read SMTP commands from standard input, and 
-              write  responses  to  standard  output.  In stand-alone SMTP server mode, 
-              mail relaying and other access  controls  are  disabled  by  default.  To 
-              enable them, run the process as the mail_owner user. 
- 
-              This mode of operation is implemented by running the smtpd(8) daemon. 
- 
-       -bv    Do  not collect or deliver a message. Instead, send an email report after 
-              verifying each recipient address.  This is  useful  for  testing  address 
-              rewriting and routing configurations. 
- 
-              This feature is available in Postfix version 2.1 and later. 
- 
-       -C config_file 
- 
-       -C config_dir 
-              The  path  name  of the Postfix main.cf file, or of its parent directory. 
-              This information is ignored with Postfix versions before 2.3. 
- 
-              With all Postfix versions, you can specify a directory pathname with  the 
-              MAIL_CONFIG  environment  variable to override the location of configura‐ 
-              tion files. 
- 
-       -F full_name 
-              Set the sender full name. This overrides the NAME  environment  variable, 
-              and is used only with messages that have no From: message header. 
- 
-       -f sender 
-              Set the envelope sender address. This is the address where delivery prob‐ 
-              lems are sent to. With Postfix versions before 2.1, the  Errors-To:  mes‐ 
-              sage header overrides the error return address. 
- 
-       -G     Gateway  (relay)  submission,  as  opposed  to  initial  user submission. 
-              Either do not rewrite addresses at all, or  update  incomplete  addresses 
-              with the domain information specified with remote_header_rewrite_domain. 
- 
-              This option is ignored before Postfix version 2.3. 
- 
-       -h hop_count (ignored) 
-              Hop count limit. Use the hopcount_limit configuration parameter instead. 
- 
-       -I     Initialize alias database. See the newaliases command above. 
- 
-       -i     When  reading a message from standard input, don´t treat a line with only 
-              a . character as the end of input. 
- 
-       -L label (ignored) 
-              The logging label. Use the syslog_name configuration parameter instead. 
- 
-       -m (ignored) 
-              Backwards compatibility. 
- 
-       -N dsn (default: 'delay, failure') 
-              Delivery status notification control. Specify  either  a  comma-separated 
-              list with one or more of failure (send notification when delivery fails), 
-              delay (send notification when delivery  is  delayed),  or  success  (send 
-              notification when the message is delivered); or specify never (don't send 
-              any notifications at all). 
- 
-              This feature is available in Postfix 2.3 and later. 
- 
-       -n (ignored) 
-              Backwards compatibility. 
- 
-       -oAalias_database 
-              Non-default  alias  database.  Specify  pathname  or  type:pathname.  See 
-              postalias(1) for details. 
- 
-       -O option=value (ignored) 
-              Set the named option to value. Use the equivalent configuration parameter 
-              in main.cf instead. 
- 
-       -o7 (ignored) 
- 
-       -o8 (ignored) 
-              To send 8-bit or binary content, use an  appropriate  MIME  encapsulation 
-              and specify the appropriate -B command-line option. 
- 
-       -oi    When  reading a message from standard input, don´t treat a line with only 
-              a . character as the end of input. 
- 
-       -om (ignored) 
-              The sender is never eliminated from alias etc. expansions. 
- 
-       -o x value (ignored) 
-              Set option x to value. Use  the  equivalent  configuration  parameter  in 
-              main.cf instead. 
- 
-       -r sender 
-              Set the envelope sender address. This is the address where delivery prob‐ 
-              lems are sent to. With Postfix versions before 2.1, the  Errors-To:  mes‐ 
-              sage header overrides the error return address. 
- 
-       -R return 
-              Delivery  status notification control.  Specify "hdrs" to return only the 
-              header when a message bounces, "full" to return a full copy (the  default 
-              behavior). 
- 
-              The  -R  option  specifies  an  upper bound; Postfix will return only the 
-              header, when a full copy would exceed the bounce_size_limit setting. 
- 
-              This option is ignored before Postfix version 2.10. 
- 
-       -q     Attempt to deliver all queued mail. This is implemented by executing  the 
-              postqueue(1) command. 
- 
-              Warning:  flushing  undeliverable  mail  frequently  will  result in poor 
-              delivery performance of all other mail. 
- 
-       -qinterval (ignored) 
-              The interval between queue runs. Use  the  queue_run_delay  configuration 
-              parameter instead. 
- 
-       -qIqueueid 
-              Schedule  immediate  delivery  of mail with the specified queue ID.  This 
-              option is implemented by  executing  the  postqueue(1)  command,  and  is 
-              available with Postfix version 2.4 and later. 
- 
-       -qRsite 
-              Schedule  immediate  delivery  of  all  mail that is queued for the named 
-              site. This option accepts only site names that are eligible for the "fast 
-              flush" service, and is implemented by executing the postqueue(1) command. 
-              See flush(8) for more information about the "fast flush" service. 
- 
-       -qSsite 
-              This command is not implemented. Use the  slower  "sendmail  -q"  command 
-              instead. 
- 
-       -t     Extract  recipients  from message headers. These are added to any recipi‐ 
-              ents specified on the command line. 
- 
-              With Postfix versions prior to 2.1, this option requires that no  recipi‐ 
-              ent addresses are specified on the command line. 
- 
-       -U (ignored) 
-              Initial user submission. 
- 
-       -V envid 
-              Specify the envelope ID for notification by servers that support DSN. 
- 
-              This feature is available in Postfix 2.3 and later. 
- 
-       -XV (Postfix 2.2 and earlier: -V) 
-              Variable  Envelope  Return  Path. Given an envelope sender address of the 
-              form owner-listname@origin, each recipient user@domain receives mail with 
-              a personalized envelope sender address. 
- 
-              By  default,  the  personalized  envelope  sender  address is owner-list‐ 
-              name+user=domain@origin. The default + and = characters are  configurable 
-              with the default_verp_delimiters configuration parameter. 
- 
-       -XVxy (Postfix 2.2 and earlier: -Vxy) 
-              As -XV, but uses x and y as the VERP delimiter characters, instead of the 
-              characters  specified  with  the  default_verp_delimiters   configuration 
-              parameter. 
- 
-       -v     Send  an email report of the first delivery attempt (Postfix versions 2.1 
-              and later). Mail delivery always happens in the background. When multiple 
-              -v options are given, enable verbose logging for debugging purposes. 
- 
-       -X log_file (ignored) 
-              Log mailer traffic. Use the debug_peer_list and debug_peer_level configu‐ 
-              ration parameters instead. 
- 
-SECURITY 
-       By design, this program is not set-user (or group) id. However, it  must  handle 
-       data  from  untrusted, possibly remote, users.  Thus, the usual precautions need 
-       to be taken against malicious inputs. 
- 
-DIAGNOSTICS 
-       Problems are logged to syslogd(8) and to the standard error stream. 
- 
-ENVIRONMENT 
-       MAIL_CONFIG 
-              Directory with Postfix configuration files. 
- 
-       MAIL_VERBOSE (value does not matter) 
-              Enable verbose logging for debugging purposes. 
- 
-       MAIL_DEBUG (value does not matter) 
-              Enable debugging with an external command, as specified with  the  debug‐ 
-              ger_command configuration parameter. 
- 
-       NAME   The  sender full name. This is used only with messages that have no From: 
-              message header. See also the -F option above. 
- 
-CONFIGURATION PARAMETERS 
-       The following main.cf parameters are especially relevant to this  program.   The 
-       text  below  provides only a parameter summary. See postconf(5) for more details 
-       including examples. 
- 
-COMPATIBILITY CONTROLS 
-       Available with Postfix 2.9 and later: 
- 
-       sendmail_fix_line_endings (always) 
-              Controls how the Postfix sendmail command  converts  email  message  line 
-              endings from <CR><LF> into UNIX format (<LF>). 
- 
-TROUBLE SHOOTING CONTROLS 
-       The DEBUG_README file gives examples of how to trouble shoot a Postfix system. 
- 
-       debugger_command (empty) 
-              The  external command to execute when a Postfix daemon program is invoked 
-              with the -D option. 
- 
-       debug_peer_level (2) 
-              The increment in verbose logging level when a  remote  client  or  server 
-              matches a pattern in the debug_peer_list parameter. 
- 
-       debug_peer_list (empty) 
-              Optional list of remote client or server hostname or network address pat‐ 
-              terns that cause the verbose logging level  to  increase  by  the  amount 
-              specified in $debug_peer_level. 
- 
-ACCESS CONTROLS 
-       Available in Postfix version 2.2 and later: 
- 
-       authorized_flush_users (static:anyone) 
-              List of users who are authorized to flush the queue. 
- 
-       authorized_mailq_users (static:anyone) 
-              List of users who are authorized to view the queue. 
- 
-       authorized_submit_users (static:anyone) 
-              List of users who are authorized to submit mail with the sendmail(1) com‐ 
-              mand (and with the privileged postdrop(1) helper command). 
- 
-RESOURCE AND RATE CONTROLS 
-       bounce_size_limit (50000) 
-              The maximal amount of original message text that is sent in a  non-deliv‐ 
-              ery notification. 
- 
-       fork_attempts (5) 
-              The maximal number of attempts to fork() a child process. 
- 
-       fork_delay (1s) 
-              The delay between attempts to fork() a child process. 
- 
-       hopcount_limit (50) 
-              The  maximal  number of Received:  message headers that is allowed in the 
-              primary message headers. 
- 
-       queue_run_delay (300s) 
-              The time between deferred queue scans by  the  queue  manager;  prior  to 
-              Postfix 2.4 the default value was 1000s. 
- 
-FAST FLUSH CONTROLS 
-       The ETRN_README file describes configuration and operation details for the Post‐ 
-       fix "fast flush" service. 
- 
-       fast_flush_domains ($relay_domains) 
-              Optional list of destinations that are eligible for per-destination  log‐ 
-              files with mail that is queued to those destinations. 
- 
-VERP CONTROLS 
-       The  VERP_README  file  describes configuration and operation details of Postfix 
-       support for variable envelope return path addresses. 
- 
-       default_verp_delimiters (+=) 
-              The two default VERP delimiter characters. 
- 
-       verp_delimiter_filter (-=+) 
-              The characters Postfix accepts as VERP delimiter characters on the  Post‐ 
-              fix sendmail(1) command line and in SMTP commands. 
- 
-MISCELLANEOUS CONTROLS 
-       alias_database (see 'postconf -d' output) 
-              The   alias  databases  for  local(8)  delivery  that  are  updated  with 
-              "newaliases" or with "sendmail -bi". 
- 
-       command_directory (see 'postconf -d' output) 
-              The location of all postfix administrative commands. 
- 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       daemon_directory (see 'postconf -d' output) 
-              The directory with Postfix support programs and daemon programs. 
- 
-       default_database_type (see 'postconf -d' output) 
-              The  default  database  type  for  use in newaliases(1), postalias(1) and 
-              postmap(1) commands. 
- 
-       delay_warning_time (0h) 
-              The time after which the sender receives a copy of the message headers of 
-              mail that is still queued. 
- 
-       enable_errors_to (no) 
-              Report  mail  delivery errors to the address specified with the non-stan‐ 
-              dard Errors-To: message header, instead of the  envelope  sender  address 
-              (this  feature  is  removed  with  Postfix  version 2.2, is turned off by 
-              default with Postfix version 2.1, and is  always  turned  on  with  older 
-              Postfix versions). 
- 
-       mail_owner (postfix) 
-              The UNIX system account that owns the Postfix queue and most Postfix dae‐ 
-              mon processes. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       remote_header_rewrite_domain (empty) 
-              Don't rewrite message headers from remote clients at all when this param‐ 
-              eter  is  empty; otherwise, rewrite message headers and append the speci‐ 
-              fied domain name to incomplete addresses. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The mail system name that is prepended to  the  process  name  in  syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-FILES 
-       /var/spool/postfix, mail queue 
-       /etc/postfix, configuration files 
- 
-SEE ALSO 
-       pickup(8), mail pickup daemon 
-       qmgr(8), queue manager 
-       smtpd(8), SMTP server 
-       flush(8), fast flush service 
-       postsuper(1), queue maintenance 
-       postalias(1), create/update/query alias database 
-       postdrop(1), mail posting utility 
-       postfix(1), mail system control 
-       postqueue(1), mail queue control 
-       syslogd(8), system logging 
- 
-README_FILES 
-       Use  "postconf  readme_directory"  or  "postconf  html_directory" to locate this 
-       information. 
-       DEBUG_README, Postfix debugging howto 
-       ETRN_README, Postfix ETRN howto 
-       VERP_README, Postfix VERP howto 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                            SENDMAIL(1) 
-</code> 
- 
- 
-==== smtpd ==== 
-Der **smtpd**-Server nimmt Netzwerkverbindungen an und wickelt über die entsprechende Verbindung abhängig vom Prüfungsergebnis entweder keine, eine oder auch mehrere Nachrichten entgegen. Für diese Prüfung können DNS-Anfragen, black-/whitelists und noch viele weitere Kriterien herangezogen werden, die bei der Konfiguration dem **smtpd**-Daemon definiert worden sind. Auf diese Konfiguration werden wir später in einem weiterem Kapitel hier im Wiki eingehen. Jede akzeptierte Nachricht wird an den **[[centos:mail_c7:mta_1?&#cleanup|cleanup]]**-Daemon weitergeleitet, der diese dann jeweils als separates Queue-File in die **incoming**-Queue stellt. 
- 
-Weitere Informationen findet man natürlich auch in der **manpage** des **smtpd**-Servers. 
- 
-   # man 8 smtpd  
-<code>SMTPD(8)                        System Manager's Manual                        SMTPD(8) 
- 
-NAME 
-       smtpd - Postfix SMTP server 
- 
-SYNOPSIS 
-       smtpd [generic Postfix daemon options] 
- 
-       sendmail -bs 
- 
-DESCRIPTION 
-       The  SMTP  server  accepts network connection requests and performs zero or more 
-       SMTP transactions per connection.  Each received message is  piped  through  the 
-       cleanup(8)  daemon,  and  is  placed into the incoming queue as one single queue 
-       file.  For this mode of operation, the program expects to be run from  the  mas‐ 
-       ter(8) process manager. 
- 
-       Alternatively,  the  SMTP  server be can run in stand-alone mode; this is tradi‐ 
-       tionally obtained with "sendmail -bs" When the SMTP  server  runs  stand-alone 
-       with  non $mail_owner privileges, it receives mail even while the mail system is 
-       not running, deposits messages directly into the maildrop  queue,  and  disables 
-       the  SMTP  server' access policies. As of Postfix version 2.3, the SMTP server 
-       refuses to receive mail from the network when it runs with non $mail_owner priv‐ 
-       ileges. 
- 
-       The  SMTP  server  implements a variety of policies for connection requests, and 
-       for parameters given to HELO, ETRN, MAIL FROM, VRFY and RCPT TO  commands.  They 
-       are detailed below and in the main.cf configuration file. 
- 
-SECURITY 
-       The  SMTP  server is moderately security-sensitive. It talks to SMTP clients and 
-       to DNS servers on the network. The SMTP server can be run chrooted at fixed  low 
-       privilege. 
- 
-STANDARDS 
-       RFC 821 (SMTP protocol) 
-       RFC 1123 (Host requirements) 
-       RFC 1652 (8bit-MIME transport) 
-       RFC 1869 (SMTP service extensions) 
-       RFC 1870 (Message size declaration) 
-       RFC 1985 (ETRN command) 
-       RFC 2034 (SMTP enhanced status codes) 
-       RFC 2554 (AUTH command) 
-       RFC 2821 (SMTP protocol) 
-       RFC 2920 (SMTP pipelining) 
-       RFC 3207 (STARTTLS command) 
-       RFC 3461 (SMTP DSN extension) 
-       RFC 3463 (Enhanced status codes) 
-       RFC 3848 (ESMTP transmission types) 
-       RFC 4409 (Message submission) 
-       RFC 4954 (AUTH command) 
-       RFC 5321 (SMTP protocol) 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-       Depending  on  the  setting  of  the notify_classes parameter, the postmaster is 
-       notified of bounces, protocol problems, policy violations, and of other trouble. 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are picked up automatically, as smtpd(8)  processes  run  for 
-       only  a  limited  amount of time. Use the command "postfix reload" to speed up a 
-       change. 
- 
-       The text below provides only a  parameter  summary.  See  postconf(5)  for  more 
-       details including examples. 
- 
-COMPATIBILITY CONTROLS 
-       The  following  parameters  work around implementation errors in other software, 
-       and/or allow you to override standards in order to prevent undesirable use. 
- 
-       broken_sasl_auth_clients (no) 
-              Enable inter-operability with remote SMTP clients that implement an obso‐ 
-              lete version of the AUTH command (RFC 4954). 
- 
-       disable_vrfy_command (no) 
-              Disable the SMTP VRFY command. 
- 
-       smtpd_noop_commands (empty) 
-              List  of  commands that the Postfix SMTP server replies to with "250 Ok", 
-              without doing any syntax checks and without changing state. 
- 
-       strict_rfc821_envelopes (no) 
-              Require that addresses received in SMTP MAIL FROM and  RCPT  TO  commands 
-              are  enclosed  with  <>,  and that those addresses do not contain RFC 822 
-              style comments or phrases. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtpd_reject_unlisted_sender (no) 
-              Request that the Postfix SMTP server rejects  mail  from  unknown  sender 
-              addresses,  even  when no explicit reject_unlisted_sender access restric‐ 
-              tion is specified. 
- 
-       smtpd_sasl_exceptions_networks (empty) 
-              What remote SMTP clients the Postfix SMTP server will not offer AUTH sup‐ 
-              port to. 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       smtpd_discard_ehlo_keyword_address_maps (empty) 
-              Lookup  tables,  indexed  by  the  remote  SMTP client address, with case 
-              insensitive lists of EHLO keywords  (pipelining,  starttls,  auth,  etc.) 
-              that  the  Postfix  SMTP  server  will not send in the EHLO response to a 
-              remote SMTP client. 
- 
-       smtpd_discard_ehlo_keywords (empty) 
-              A case insensitive list of EHLO  keywords  (pipelining,  starttls,  auth, 
-              etc.)  that the Postfix SMTP server will not send in the EHLO response to 
-              a remote SMTP client. 
- 
-       smtpd_delay_open_until_valid_rcpt (yes) 
-              Postpone the start of an SMTP mail transaction until a valid RCPT TO com‐ 
-              mand is received. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       smtpd_tls_always_issue_session_ids (yes) 
-              Force  the  Postfix  SMTP server to issue a TLS session id, even when TLS 
-              session  caching  is  turned  off  (smtpd_tls_session_cache_database   is 
-              empty). 
- 
-       Available in Postfix version 2.6 and later: 
- 
-       tcp_windowsize (0) 
-              An optional workaround for routers that break TCP window scaling. 
- 
-       Available in Postfix version 2.7 and later: 
- 
-       smtpd_command_filter (empty) 
-              A mechanism to transform commands from remote SMTP clients. 
- 
-       Available in Postfix version 2.9 and later: 
- 
-       smtpd_per_record_deadline (normal: no, overload: yes) 
-              Change  the behavior of the smtpd_timeout and smtpd_starttls_timeout time 
-              limits, from a time limit per read or write system call, to a time  limit 
-              to send or receive a complete record (an SMTP command line, SMTP response 
-              line, SMTP message content line, or TLS protocol message). 
- 
-ADDRESS REWRITING CONTROLS 
-       See the ADDRESS_REWRITING_README document for a detailed discussion  of  Postfix 
-       address rewriting. 
- 
-       receive_override_options (empty) 
-              Enable  or  disable  recipient validation, built-in content filtering, or 
-              address mapping. 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       local_header_rewrite_clients (permit_inet_interfaces) 
-              Rewrite message header addresses in mail from these  clients  and  update 
-              incomplete  addresses  with  the  domain  name in $myorigin or $mydomain; 
-              either don't rewrite message headers from other clients at  all,  or  re‐ 
-              write  message  headers  and  update incomplete addresses with the domain 
-              specified in the remote_header_rewrite_domain parameter. 
- 
-BEFORE-SMTPD PROXY AGENT 
-       Available in Postfix version 2.10 and later: 
- 
-       smtpd_upstream_proxy_protocol (empty) 
-              The name of the proxy protocol used by  an  optional  before-smtpd  proxy 
-              agent. 
- 
-       smtpd_upstream_proxy_timeout (5s) 
-              The   time   limit   for   the   proxy   protocol   specified   with  the 
-              smtpd_upstream_proxy_protocol parameter. 
- 
-AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS 
-       As of version 1.0, Postfix can be configured to send new  mail  to  an  external 
-       content  filter  AFTER  the  mail  is queued. This content filter is expected to 
-       inject mail back into a (Postfix or other) MTA for  further  delivery.  See  the 
-       FILTER_README document for details. 
- 
-       content_filter (empty) 
-              After  the  message  is  queued, send the entire message to the specified 
-              transport:destination. 
- 
-BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS 
-       As of version 2.1, the Postfix SMTP server can be configured  to  send  incoming 
-       mail  to a real-time SMTP-based content filter BEFORE mail is queued.  This con‐ 
-       tent  filter  is  expected  to  inject  mail  back  into   Postfix.    See   the 
-       SMTPD_PROXY_README  document  for  details  on how to configure and operate this 
-       feature. 
- 
-       smtpd_proxy_filter (empty) 
-              The hostname and TCP port of the mail filtering proxy server. 
- 
-       smtpd_proxy_ehlo ($myhostname) 
-              How the Postfix SMTP server announces itself to the proxy filter. 
- 
-       smtpd_proxy_options (empty) 
-              List of options that control how the  Postfix  SMTP  server  communicates 
-              with a before-queue content filter. 
- 
-       smtpd_proxy_timeout (100s) 
-              The  time  limit  for  connecting  to  a  proxy filter and for sending or 
-              receiving information. 
- 
-BEFORE QUEUE MILTER CONTROLS 
-       As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail  filter) 
-       protocol.  These  content filters run outside Postfix. They can inspect the SMTP 
-       command stream and the message content, and  can  request  modifications  before 
-       mail is queued. For details see the MILTER_README document. 
- 
-       smtpd_milters (empty) 
-              A list of Milter (mail filter) applications for new mail that arrives via 
-              the Postfix smtpd(8) server. 
- 
-       milter_protocol (6) 
-              The mail filter protocol version and  optional  protocol  extensions  for 
-              communication with a Milter application; prior to Postfix 2.6 the default 
-              protocol is 2. 
- 
-       milter_default_action (tempfail) 
-              The default action when a Milter (mail filter) application is unavailable 
-              or mis-configured. 
- 
-       milter_macro_daemon_name ($myhostname) 
-              The {daemon_name} macro value for Milter (mail filter) applications. 
- 
-       milter_macro_v ($mail_name $mail_version) 
-              The {v} macro value for Milter (mail filter) applications. 
- 
-       milter_connect_timeout (30s) 
-              The  time limit for connecting to a Milter (mail filter) application, and 
-              for negotiating protocol options. 
- 
-       milter_command_timeout (30s) 
-              The time limit for sending an SMTP command  to  a  Milter  (mail  filter) 
-              application, and for receiving the response. 
- 
-       milter_content_timeout (300s) 
-              The  time  limit  for  sending  message content to a Milter (mail filter) 
-              application, and for receiving the response. 
- 
-       milter_connect_macros (see 'postconf -d' output) 
-              The macros that are sent to Milter (mail filter) applications after  com‐ 
-              pletion of an SMTP connection. 
- 
-       milter_helo_macros (see 'postconf -d' output) 
-              The  macros  that are sent to Milter (mail filter) applications after the 
-              SMTP HELO or EHLO command. 
- 
-       milter_mail_macros (see 'postconf -d' output) 
-              The macros that are sent to Milter (mail filter) applications  after  the 
-              SMTP MAIL FROM command. 
- 
-       milter_rcpt_macros (see 'postconf -d' output) 
-              The  macros  that are sent to Milter (mail filter) applications after the 
-              SMTP RCPT TO command. 
- 
-       milter_data_macros (see 'postconf -d' output) 
-              The macros that are sent to version 4  or  higher  Milter  (mail  filter) 
-              applications after the SMTP DATA command. 
- 
-       milter_unknown_command_macros (see 'postconf -d' output) 
-              The  macros  that  are  sent  to version 3 or higher Milter (mail filter) 
-              applications after an unknown SMTP command. 
- 
-       milter_end_of_header_macros (see 'postconf -d' output) 
-              The macros that are sent to Milter (mail filter) applications  after  the 
-              end of the message header. 
- 
-       milter_end_of_data_macros (see 'postconf -d' output) 
-              The  macros  that are sent to Milter (mail filter) applications after the 
-              message end-of-data. 
- 
-GENERAL CONTENT INSPECTION CONTROLS 
-       The following parameters are applicable for both built-in and  external  content 
-       filters. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       receive_override_options (empty) 
-              Enable  or  disable  recipient validation, built-in content filtering, or 
-              address mapping. 
- 
-EXTERNAL CONTENT INSPECTION CONTROLS 
-       The following parameters are applicable for both  before-queue  and  after-queue 
-       content filtering. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtpd_authorized_xforward_hosts (empty) 
-              What remote SMTP clients are allowed to use the XFORWARD feature. 
- 
-SASL AUTHENTICATION CONTROLS 
-       Postfix  SASL support (RFC 4954) can be used to authenticate remote SMTP clients 
-       to the Postfix SMTP server, and to authenticate the Postfix  SMTP  client  to  a 
-       remote SMTP server.  See the SASL_README document for details. 
- 
-       broken_sasl_auth_clients (no) 
-              Enable inter-operability with remote SMTP clients that implement an obso‐ 
-              lete version of the AUTH command (RFC 4954). 
- 
-       smtpd_sasl_auth_enable (no) 
-              Enable SASL authentication in the Postfix SMTP server. 
- 
-       smtpd_sasl_local_domain (empty) 
-              The name of the Postfix SMTP server's local SASL authentication realm. 
- 
-       smtpd_sasl_security_options (noanonymous) 
-              Postfix SMTP server SASL security options; as of Postfix 2.3 the list  of 
-              available  features  depends  on  the  SASL server implementation that is 
-              selected with smtpd_sasl_type. 
- 
-       smtpd_sender_login_maps (empty) 
-              Optional lookup table with the SASL login names  that  own  sender  (MAIL 
-              FROM) addresses. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtpd_sasl_exceptions_networks (empty) 
-              What remote SMTP clients the Postfix SMTP server will not offer AUTH sup‐ 
-              port to. 
- 
-       Available in Postfix version 2.1 and 2.2: 
- 
-       smtpd_sasl_application_name (smtpd) 
-              The application name that the Postfix SMTP server uses  for  SASL  server 
-              initialization. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       smtpd_sasl_authenticated_header (no) 
-              Report  the SASL authenticated user name in the smtpd(8) Received message 
-              header. 
- 
-       smtpd_sasl_path (smtpd) 
-              Implementation-specific information that the Postfix SMTP  server  passes 
-              through  to  the  SASL  plug-in  implementation  that  is  selected  with 
-              smtpd_sasl_type. 
- 
-       smtpd_sasl_type (cyrus) 
-              The SASL plug-in type that the Postfix SMTP server should use for authen‐ 
-              tication. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       cyrus_sasl_config_path (empty) 
-              Search  path  for  Cyrus  SASL application configuration files, currently 
-              used only to locate the $smtpd_sasl_path.conf file. 
- 
-       Available in Postfix version 2.11 and later: 
- 
-       smtpd_sasl_service (smtp) 
-              The service name that is passed to the SASL plug-in that is selected with 
-              smtpd_sasl_type and smtpd_sasl_path. 
- 
-STARTTLS SUPPORT CONTROLS 
-       Detailed information about STARTTLS configuration may be found in the TLS_README 
-       document. 
- 
-       smtpd_tls_security_level (empty) 
-              The SMTP TLS security level for the Postfix SMTP server; when a non-empty 
-              value  is specified, this overrides the obsolete parameters smtpd_use_tls 
-              and smtpd_enforce_tls. 
- 
-       smtpd_sasl_tls_security_options ($smtpd_sasl_security_options) 
-              The SASL authentication security options that  the  Postfix  SMTP  server 
-              uses for TLS encrypted SMTP sessions. 
- 
-       smtpd_starttls_timeout (see 'postconf -d' output) 
-              The  time  limit for Postfix SMTP server write and read operations during 
-              TLS startup and shutdown handshake procedures. 
- 
-       smtpd_tls_CAfile (empty) 
-              A file containing (PEM format) CA certificates of  root  CAs  trusted  to 
-              sign  either  remote SMTP client certificates or intermediate CA certifi‐ 
-              cates. 
- 
-       smtpd_tls_CApath (empty) 
-              A directory containing (PEM format) CA certificates of root  CAs  trusted 
-              to  sign  either  remote SMTP client certificates or intermediate CA cer‐ 
-              tificates. 
- 
-       smtpd_tls_always_issue_session_ids (yes) 
-              Force the Postfix SMTP server to issue a TLS session id,  even  when  TLS 
-              session   caching  is  turned  off  (smtpd_tls_session_cache_database  is 
-              empty). 
- 
-       smtpd_tls_ask_ccert (no) 
-              Ask a remote SMTP client for a client certificate. 
- 
-       smtpd_tls_auth_only (no) 
-              When TLS encryption is optional  in  the  Postfix  SMTP  server,  do  not 
-              announce or accept SASL authentication over unencrypted connections. 
- 
-       smtpd_tls_ccert_verifydepth (9) 
-              The verification depth for remote SMTP client certificates. 
- 
-       smtpd_tls_cert_file (empty) 
-              File with the Postfix SMTP server RSA certificate in PEM format. 
- 
-       smtpd_tls_exclude_ciphers (empty) 
-              List  of  ciphers  or cipher types to exclude from the SMTP server cipher 
-              list at all TLS security levels. 
- 
-       smtpd_tls_dcert_file (empty) 
-              File with the Postfix SMTP server DSA certificate in PEM format. 
- 
-       smtpd_tls_dh1024_param_file (empty) 
-              File with DH parameters that the Postfix SMTP server should use with non- 
-              export EDH ciphers. 
- 
-       smtpd_tls_dh512_param_file (empty) 
-              File  with  DH  parameters  that  the Postfix SMTP server should use with 
-              export-grade EDH ciphers. 
- 
-       smtpd_tls_dkey_file ($smtpd_tls_dcert_file) 
-              File with the Postfix SMTP server DSA private key in PEM format. 
- 
-       smtpd_tls_key_file ($smtpd_tls_cert_file) 
-              File with the Postfix SMTP server RSA private key in PEM format. 
- 
-       smtpd_tls_loglevel (0) 
-              Enable additional Postfix SMTP server logging of TLS activity. 
- 
-       smtpd_tls_mandatory_ciphers (medium) 
-              The minimum TLS cipher grade that the Postfix SMTP server will  use  with 
-              mandatory TLS encryption. 
- 
-       smtpd_tls_mandatory_exclude_ciphers (empty) 
-              Additional  list  of  ciphers or cipher types to exclude from the Postfix 
-              SMTP server cipher list at mandatory TLS security levels. 
- 
-       smtpd_tls_mandatory_protocols (!SSLv2) 
-              The SSL/TLS protocols accepted by the Postfix SMTP server with  mandatory 
-              TLS encryption. 
- 
-       smtpd_tls_received_header (no) 
-              Request  that the Postfix SMTP server produces Received:  message headers 
-              that include information about the protocol and cipher used, as  well  as 
-              the  remote  SMTP client CommonName and client certificate issuer Common‐ 
-              Name. 
- 
-       smtpd_tls_req_ccert (no) 
-              With mandatory TLS encryption, require a trusted remote SMTP client  cer‐ 
-              tificate in order to allow TLS connections to proceed. 
- 
-       smtpd_tls_wrappermode (no) 
-              Run  the  Postfix SMTP server in the non-standard "wrapper" mode, instead 
-              of using the STARTTLS command. 
- 
-       tls_daemon_random_bytes (32) 
-              The number of pseudo-random bytes that an  smtp(8)  or  smtpd(8)  process 
-              requests  from  the tlsmgr(8) server in order to seed its internal pseudo 
-              random number generator (PRNG). 
- 
-       tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "HIGH" grade ciphers. 
- 
-       tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. 
- 
-       tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "LOW" or higher grade ciphers. 
- 
-       tls_export_cipherlist (ALL:+RC4:@STRENGTH) 
-              The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. 
- 
-       tls_null_cipherlist (eNULL:!aNULL) 
-              The OpenSSL cipherlist for "NULL" grade ciphers that provide  authentica‐ 
-              tion without encryption. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       smtpd_tls_fingerprint_digest (md5) 
-              The  message digest algorithm to construct remote SMTP client-certificate 
-              fingerprints or public key  fingerprints  (Postfix  2.9  and  later)  for 
-              check_ccert_access and permit_tls_clientcerts. 
- 
-       Available in Postfix version 2.6 and later: 
- 
-       smtpd_tls_protocols (empty) 
-              List  of  TLS  protocols  that  the  Postfix  SMTP server will exclude or 
-              include with opportunistic TLS encryption. 
- 
-       smtpd_tls_ciphers (export) 
-              The minimum TLS cipher grade that the Postfix SMTP server will  use  with 
-              opportunistic TLS encryption. 
- 
-       smtpd_tls_eccert_file (empty) 
-              File with the Postfix SMTP server ECDSA certificate in PEM format. 
- 
-       smtpd_tls_eckey_file ($smtpd_tls_eccert_file) 
-              File with the Postfix SMTP server ECDSA private key in PEM format. 
- 
-       smtpd_tls_eecdh_grade (see 'postconf -d' output) 
-              The  Postfix  SMTP  server  security  grade  for ephemeral elliptic-curve 
-              Diffie-Hellman (EECDH) key exchange. 
- 
-       tls_eecdh_strong_curve (prime256v1) 
-              The elliptic curve used by the Postfix SMTP server  for  sensibly  strong 
-              ephemeral ECDH key exchange. 
- 
-       tls_eecdh_ultra_curve (secp384r1) 
-              The  elliptic  curve used by the Postfix SMTP server for maximally strong 
-              ephemeral ECDH key exchange. 
- 
-       Available in Postfix version 2.8 and later: 
- 
-       tls_preempt_cipherlist (no) 
-              With SSLv3 and later, use the Postfix  SMTP  server' cipher  preference 
-              order instead of the remote client's cipher preference order. 
- 
-       tls_disable_workarounds (see 'postconf -d' output) 
-              List or bit-mask of OpenSSL bug work-arounds to disable. 
- 
-       Available in Postfix version 2.11 and later: 
- 
-       tlsmgr_service_name (tlsmgr) 
-              The name of the tlsmgr(8) service entry in master.cf. 
- 
-OBSOLETE STARTTLS CONTROLS 
-       The following configuration parameters exist for compatibility with Postfix ver‐ 
-       sions before 2.3. Support for these will be removed in a future release. 
- 
-       smtpd_use_tls (no) 
-              Opportunistic TLS: announce STARTTLS support to remote SMTP clients,  but 
-              do not require that clients use TLS encryption. 
- 
-       smtpd_enforce_tls (no) 
-              Mandatory  TLS:  announce  STARTTLS  support  to remote SMTP clients, and 
-              require that clients use TLS encryption. 
- 
-       smtpd_tls_cipherlist (empty) 
-              Obsolete Postfix < 2.3 control for the Postfix  SMTP  server  TLS  cipher 
-              list. 
- 
-VERP SUPPORT CONTROLS 
-       With VERP style delivery, each recipient of a message receives a customized copy 
-       of the message with his/her own recipient address encoded in the envelope sender 
-       address.   The VERP_README file describes configuration and operation details of 
-       Postfix support for variable envelope return path addresses.  VERP style  deliv‐ 
-       ery  is requested with the SMTP XVERP command or with the "sendmail -V" command- 
-       line option and is available in Postfix version 1.1 and later. 
- 
-       default_verp_delimiters (+=) 
-              The two default VERP delimiter characters. 
- 
-       verp_delimiter_filter (-=+) 
-              The characters Postfix accepts as VERP delimiter characters on the  Post‐ 
-              fix sendmail(1) command line and in SMTP commands. 
- 
-       Available in Postfix version 1.1 and 2.0: 
- 
-       authorized_verp_clients ($mynetworks) 
-              What remote SMTP clients are allowed to specify the XVERP command. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtpd_authorized_verp_clients ($authorized_verp_clients) 
-              What remote SMTP clients are allowed to specify the XVERP command. 
- 
-TROUBLE SHOOTING CONTROLS 
-       The  DEBUG_README document describes how to debug parts of the Postfix mail sys‐ 
-       tem. The methods vary from making the software log a lot of detail,  to  running 
-       some daemon processes under control of a call tracer or debugger. 
- 
-       debug_peer_level (2) 
-              The  increment  in  verbose  logging level when a remote client or server 
-              matches a pattern in the debug_peer_list parameter. 
- 
-       debug_peer_list (empty) 
-              Optional list of remote client or server hostname or network address pat‐ 
-              terns  that  cause  the  verbose  logging level to increase by the amount 
-              specified in $debug_peer_level. 
- 
-       error_notice_recipient (postmaster) 
-              The recipient of postmaster notifications about  mail  delivery  problems 
-              that are caused by policy, resource, software or protocol errors. 
- 
-       internal_mail_filter_classes (empty) 
-              What  categories  of  Postfix-generated  mail are subject to before-queue 
-              content inspection by non_smtpd_milters, header_checks and body_checks. 
- 
-       notify_classes (resource, software) 
-              The list of error classes that are reported to the postmaster. 
- 
-       smtpd_reject_footer (empty) 
-              Optional information that is appended after each Postfix SMTP server  4XX 
-              or 5XX response. 
- 
-       soft_bounce (no) 
-              Safety  net  to  keep mail queued that would otherwise be returned to the 
-              sender. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtpd_authorized_xclient_hosts (empty) 
-              What remote SMTP clients are allowed to use the XCLIENT feature. 
- 
-       Available in Postfix version 2.10 and later: 
- 
-       smtpd_log_access_permit_actions (empty) 
-              Enable logging of the named "permit" actions in SMTP server access  lists 
-              (by  default,  the  SMTP  server  logs  "reject" actions but not "permit" 
-              actions). 
- 
-KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS 
-       As of Postfix version 2.0, the SMTP server rejects mail for unknown  recipients. 
-       This  prevents  the mail queue from clogging up with undeliverable MAILER-DAEMON 
-       messages. Additional information on this topic is in the  LOCAL_RECIPIENT_README 
-       and ADDRESS_CLASS_README documents. 
- 
-       show_user_unknown_table_name (yes) 
-              Display the name of the recipient table in the "User unknown" responses. 
- 
-       canonical_maps (empty) 
-              Optional address mapping lookup tables for message headers and envelopes. 
- 
-       recipient_canonical_maps (empty) 
-              Optional  address mapping lookup tables for envelope and header recipient 
-              addresses. 
- 
-       Parameters concerning known/unknown local recipients: 
- 
-       mydestination ($myhostname, localhost.$mydomain, localhost) 
-              The list of domains that are  delivered  via  the  $local_transport  mail 
-              delivery transport. 
- 
-       inet_interfaces (all) 
-              The network interface addresses that this mail system receives mail on. 
- 
-       proxy_interfaces (empty) 
-              The network interface addresses that this mail system receives mail on by 
-              way of a proxy or network address translation unit. 
- 
-       inet_protocols (all) 
-              The Internet protocols Postfix will attempt to use when making or accept‐ 
-              ing connections. 
- 
-       local_recipient_maps (proxy:unix:passwd.byname $alias_maps) 
-              Lookup  tables with all names or addresses of local recipients: a recipi‐ 
-              ent address is local when its domain matches $mydestination, $inet_inter‐ 
-              faces or $proxy_interfaces. 
- 
-      unknown_local_recipient_reject_code (550) 
-              The  numerical Postfix SMTP server response code when a recipient address 
-              is local, and $local_recipient_maps specifies a  list  of  lookup  tables 
-              that does not match the recipient. 
- 
-       Parameters concerning known/unknown recipients of relay destinations: 
- 
-       relay_domains ($mydestination) 
-              What  destination domains (and subdomains thereof) this system will relay 
-              mail to. 
- 
-       relay_recipient_maps (empty) 
-              Optional lookup tables with all valid addresses in the domains that match 
-              $relay_domains. 
- 
-       unknown_relay_recipient_reject_code (550) 
-              The  numerical  Postfix  SMTP  server reply code when a recipient address 
-              matches $relay_domains, and  relay_recipient_maps  specifies  a  list  of 
-              lookup tables that does not match the recipient address. 
- 
-       Parameters concerning known/unknown recipients in virtual alias domains: 
- 
-       virtual_alias_domains ($virtual_alias_maps) 
-              Postfix  is  final  destination  for  the specified list of virtual alias 
-              domains, that  is,  domains  for  which  all  addresses  are  aliased  to 
-              addresses in other local or remote domains. 
- 
-       virtual_alias_maps ($virtual_maps) 
-              Optional  lookup  tables that alias specific mail addresses or domains to 
-              other local or remote address. 
- 
-       unknown_virtual_alias_reject_code (550) 
-              The Postfix SMTP server reply code when a recipient address matches $vir‐ 
-              tual_alias_domains,  and  $virtual_alias_maps  specifies a list of lookup 
-              tables that does not match the recipient address. 
- 
-       Parameters concerning known/unknown recipients in virtual mailbox domains: 
- 
-       virtual_mailbox_domains ($virtual_mailbox_maps) 
-              Postfix is final destination for the specified list of domains;  mail  is 
-              delivered via the $virtual_transport mail delivery transport. 
- 
-       virtual_mailbox_maps (empty) 
-              Optional lookup tables with all valid addresses in the domains that match 
-              $virtual_mailbox_domains. 
- 
-       unknown_virtual_mailbox_reject_code (550) 
-              The Postfix SMTP server reply code when a recipient address matches $vir‐ 
-              tual_mailbox_domains,  and  $virtual_mailbox_maps  specifies  a  list  of 
-              lookup tables that does not match the recipient address. 
- 
-RESOURCE AND RATE CONTROLS 
-       The following parameters limit resource usage by the SMTP server and/or  control 
-       client request rates. 
- 
-       line_length_limit (2048) 
-              Upon input, long lines are chopped up into pieces of at most this length; 
-              upon delivery, long lines are reconstructed. 
- 
-       queue_minfree (0) 
-              The minimal amount of free space in bytes in the queue file  system  that 
-              is needed to receive mail. 
- 
-       message_size_limit (10240000) 
-              The maximal size in bytes of a message, including envelope information. 
- 
-       smtpd_recipient_limit (1000) 
-              The maximal number of recipients that the Postfix SMTP server accepts per 
-              message delivery request. 
- 
-       smtpd_timeout (normal: 300s, overload: 10s) 
-              The time limit for sending a Postfix SMTP server response and for receiv‐ 
-              ing a remote SMTP client request. 
- 
-       smtpd_history_flush_threshold (100) 
-              The  maximal  number  of lines in the Postfix SMTP server command history 
-              before it is flushed upon receipt of EHLO, RSET, or end of DATA. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       smtpd_peername_lookup (yes) 
-              Attempt to look up the remote SMTP client hostname, and verify  that  the 
-              name matches the client IP address. 
- 
-       The  per SMTP client connection count and request rate limits are implemented in 
-       co-operation with the anvil(8) service, and are available in Postfix version 2.2 
-       and later. 
- 
-       smtpd_client_connection_count_limit (50) 
-              How  many  simultaneous connections any client is allowed to make to this 
-              service. 
- 
-       smtpd_client_connection_rate_limit (0) 
-              The maximal number of connection attempts any client is allowed  to  make 
-              to this service per time unit. 
- 
-       smtpd_client_message_rate_limit (0) 
-              The  maximal  number  of  message  delivery  requests  that any client is 
-              allowed to make to this service per time unit, regardless of  whether  or 
-              not Postfix actually accepts those messages. 
- 
-       smtpd_client_recipient_rate_limit (0) 
-              The  maximal  number of recipient addresses that any client is allowed to 
-              send to this service per time unit, regardless of whether or not  Postfix 
-              actually accepts those recipients. 
- 
-       smtpd_client_event_limit_exceptions ($mynetworks) 
-              Clients  that  are excluded from smtpd_client_*_count/rate_limit restric‐ 
-              tions. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       smtpd_client_new_tls_session_rate_limit (0) 
-              The maximal number of new (i.e., uncached) TLS  sessions  that  a  remote 
-              SMTP client is allowed to negotiate with this service per time unit. 
- 
-       Available in Postfix version 2.9 and later: 
- 
-       smtpd_per_record_deadline (normal: no, overload: yes) 
-              Change  the behavior of the smtpd_timeout and smtpd_starttls_timeout time 
-              limits, from a time limit per read or write system call, to a time  limit 
-              to send or receive a complete record (an SMTP command line, SMTP response 
-              line, SMTP message content line, or TLS protocol message). 
- 
-TARPIT CONTROLS 
-       When a remote SMTP client makes errors,  the  Postfix  SMTP  server  can  insert 
-       delays  before  responding.  This  can help to slow down run-away software.  The 
-       behavior is controlled by an error counter that  counts  the  number  of  errors 
-       within an SMTP session that a client makes without delivering mail. 
- 
-       smtpd_error_sleep_time (1s) 
-              With  Postfix version 2.1 and later: the SMTP server response delay after 
-              a client has made more than  $smtpd_soft_error_limit  errors,  and  fewer 
-              than $smtpd_hard_error_limit errors, without delivering mail. 
- 
-       smtpd_soft_error_limit (10) 
-              The  number  of  errors  a  remote SMTP client is allowed to make without 
-              delivering mail before  the  Postfix  SMTP  server  slows  down  all  its 
-              responses. 
- 
-       smtpd_hard_error_limit (normal: 20, overload: 1) 
-              The  maximal  number  of  errors  a remote SMTP client is allowed to make 
-              without delivering mail. 
- 
-       smtpd_junk_command_limit (normal: 100, overload: 1) 
-              The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote SMTP 
-              client  can  send  before the Postfix SMTP server starts to increment the 
-              error counter with each junk command. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtpd_recipient_overshoot_limit (1000) 
-              The number of recipients that a remote SMTP client can send in excess  of 
-              the  limit specified with $smtpd_recipient_limit, before the Postfix SMTP 
-              server increments the per-session error count for each excess recipient. 
- 
-ACCESS POLICY DELEGATION CONTROLS 
-       As of version 2.1, Postfix can be configured to delegate access policy decisions 
-       to  an  external  server  that  runs  outside  Postfix.  See the file SMTPD_POL‐ 
-       ICY_README for more information. 
- 
-       smtpd_policy_service_max_idle (300s) 
-              The time after which an idle SMTPD policy service connection is closed. 
- 
-       smtpd_policy_service_max_ttl (1000s) 
-              The time after which an active SMTPD policy service connection is closed. 
- 
-       smtpd_policy_service_timeout (100s) 
-              The time limit for connecting to, writing to or receiving  from  a  dele‐ 
-              gated SMTPD policy server. 
- 
-ACCESS CONTROLS 
-       The  SMTPD_ACCESS_README  document  gives an introduction to all the SMTP server 
-       access control features. 
- 
-       smtpd_delay_reject (yes) 
-              Wait until the RCPT TO command before  evaluating  $smtpd_client_restric‐ 
-              tions,  $smtpd_helo_restrictions  and $smtpd_sender_restrictions, or wait 
-              until the ETRN command before evaluating  $smtpd_client_restrictions  and 
-              $smtpd_helo_restrictions. 
- 
-       parent_domain_matches_subdomains (see 'postconf -d' output) 
-              What  Postfix  features  match  subdomains of "domain.tld" automatically, 
-              instead of requiring an explicit ".domain.tld" pattern. 
- 
-       smtpd_client_restrictions (empty) 
-              Optional restrictions that the Postfix SMTP server applies in the context 
-              of a client connection request. 
- 
-       smtpd_helo_required (no) 
-              Require that a remote SMTP client introduces itself with the HELO or EHLO 
-              command before sending the MAIL command or other  commands  that  require 
-              EHLO negotiation. 
- 
-       smtpd_helo_restrictions (empty) 
-              Optional restrictions that the Postfix SMTP server applies in the context 
-              of a client HELO command. 
- 
-       smtpd_sender_restrictions (empty) 
-              Optional restrictions that the Postfix SMTP server applies in the context 
-              of a client MAIL FROM command. 
- 
-       smtpd_recipient_restrictions (see 'postconf -d' output) 
-              Optional restrictions that the Postfix SMTP server applies in the context 
-              of a client RCPT TO command, after smtpd_relay_restrictions. 
- 
-       smtpd_etrn_restrictions (empty) 
-              Optional restrictions that the Postfix SMTP server applies in the context 
-              of a client ETRN command. 
- 
-       allow_untrusted_routing (no) 
-              Forward  mail  with  sender-specified  routing (user[@%!]remote[@%!]site) 
-              from untrusted clients to destinations matching $relay_domains. 
- 
-       smtpd_restriction_classes (empty) 
-              User-defined aliases for groups of access restrictions. 
- 
-       smtpd_null_access_lookup_key (<>) 
-              The lookup key to be used in SMTP access(5) tables instead  of  the  null 
-              sender address. 
- 
-       permit_mx_backup_networks (empty) 
-              Restrict  the  use  of  the  permit_mx_backup SMTP access feature to only 
-              domains whose primary MX hosts match the listed networks. 
- 
-       Available in Postfix version 2.0 and later: 
- 
-       smtpd_data_restrictions (empty) 
-              Optional access restrictions that the Postfix SMTP server applies in  the 
-              context of the SMTP DATA command. 
- 
-       smtpd_expansion_filter (see 'postconf -d' output) 
-              What characters are allowed in $name expansions of RBL reply templates. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       smtpd_reject_unlisted_sender (no) 
-              Request  that  the  Postfix  SMTP server rejects mail from unknown sender 
-              addresses, even when no explicit reject_unlisted_sender  access  restric‐ 
-              tion is specified. 
- 
-       smtpd_reject_unlisted_recipient (yes) 
-              Request  that  the Postfix SMTP server rejects mail for unknown recipient 
-              addresses,  even  when  no  explicit   reject_unlisted_recipient   access 
-              restriction is specified. 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       smtpd_end_of_data_restrictions (empty) 
-              Optional  access restrictions that the Postfix SMTP server applies in the 
-              context of the SMTP END-OF-DATA command. 
- 
-       Available in Postfix version 2.10 and later: 
- 
-       smtpd_relay_restrictions     (permit_mynetworks,      permit_sasl_authenticated, 
-       defer_unauth_destination) 
-              Access  restrictions  for mail relay control that the Postfix SMTP server 
-              applies in the context of  the  RCPT  TO  command,  before  smtpd_recipi‐ 
-              ent_restrictions. 
- 
-SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS 
-       Postfix  version 2.1 introduces sender and recipient address verification.  This 
-       feature is implemented by sending probe email messages  that  are  not  actually 
-       delivered.   This  feature  is  requested  via  the reject_unverified_sender and 
-       reject_unverified_recipient access restrictions.   The  status  of  verification 
-       probes  is  maintained  by the verify(8) server.  See the file ADDRESS_VERIFICA‐ 
-       TION_README for information about how  to  configure  and  operate  the  Postfix 
-       sender/recipient address verification service. 
- 
-       address_verify_poll_count (normal: 3, overload: 1) 
-              How  many  times  to query the verify(8) service for the completion of an 
-              address verification request in progress. 
- 
-       address_verify_poll_delay (3s) 
-              The delay between queries for the completion of an  address  verification 
-              request in progress. 
- 
-       address_verify_sender ($double_bounce_sender) 
-              The  sender address to use in address verification probes; prior to Post‐ 
-              fix 2.5 the default was "postmaster". 
- 
-       unverified_sender_reject_code (450) 
-              The numerical Postfix SMTP server response code when a recipient  address 
-              is rejected by the reject_unverified_sender restriction. 
- 
-       unverified_recipient_reject_code (450) 
-              The  numerical  Postfix  SMTP server response when a recipient address is 
-              rejected by the reject_unverified_recipient restriction. 
- 
-       Available in Postfix version 2.6 and later: 
- 
-       unverified_sender_defer_code (450) 
-              The numerical Postfix SMTP server response code  when  a  sender  address 
-              probe fails due to a temporary error condition. 
- 
-       unverified_recipient_defer_code (450) 
-              The numerical Postfix SMTP server response when a recipient address probe 
-              fails due to a temporary error condition. 
- 
-       unverified_sender_reject_reason (empty) 
-              The Postfix SMTP server's reply when rejecting mail  with  reject_unveri‐ 
-              fied_sender. 
- 
-       unverified_recipient_reject_reason (empty) 
-              The  Postfix  SMTP server's reply when rejecting mail with reject_unveri‐ 
-              fied_recipient. 
- 
-       unverified_sender_tempfail_action ($reject_tempfail_action) 
-              The Postfix SMTP server's action when reject_unverified_sender fails  due 
-              to a temporary error condition. 
- 
-       unverified_recipient_tempfail_action ($reject_tempfail_action) 
-              The  Postfix  SMTP server's action when reject_unverified_recipient fails 
-              due to a temporary error condition. 
- 
-       Available with Postfix 2.9 and later: 
- 
-       address_verify_sender_ttl (0s) 
-              The time between changes in the time-dependent portion of address verifi‐ 
-              cation probe sender addresses. 
- 
-ACCESS CONTROL RESPONSES 
-       The  following  parameters  control  numerical  SMTP  reply  codes  and/or  text 
-       responses. 
- 
-       access_map_reject_code (554) 
-              The numerical Postfix SMTP server response  code  for  an  access(5)  map 
-              "reject" action. 
- 
-       defer_code (450) 
-              The numerical Postfix SMTP server response code when a remote SMTP client 
-              request is rejected by the "defer" restriction. 
- 
-       invalid_hostname_reject_code (501) 
-              The numerical Postfix SMTP server response code when the client  HELO  or 
-              EHLO  command  parameter  is rejected by the reject_invalid_helo_hostname 
-              restriction. 
- 
-       maps_rbl_reject_code (554) 
-              The numerical Postfix SMTP server response code when a remote SMTP client 
-              request   is   blocked  by  the  reject_rbl_client,  reject_rhsbl_client, 
-              reject_rhsbl_reverse_client, reject_rhsbl_sender or  reject_rhsbl_recipi‐ 
-              ent restriction. 
- 
-       non_fqdn_reject_code (504) 
-              The  numerical  Postfix  SMTP  server reply code when a client request is 
-              rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender  or 
-              reject_non_fqdn_recipient restriction. 
- 
-       plaintext_reject_code (450) 
-              The  numerical  Postfix  SMTP  server  response  code  when  a request is 
-              rejected by the reject_plaintext_session restriction. 
- 
-       reject_code (554) 
-              The numerical Postfix SMTP server response code when a remote SMTP client 
-              request is rejected by the "reject" restriction. 
- 
-       relay_domains_reject_code (554) 
-              The  numerical Postfix SMTP server response code when a client request is 
-              rejected by the reject_unauth_destination recipient restriction. 
- 
-       unknown_address_reject_code (450) 
-              The numerical Postfix SMTP server response code when a sender or  recipi‐ 
-              ent   address   is   rejected   by  the  reject_unknown_sender_domain  or 
-              reject_unknown_recipient_domain restriction. 
- 
-       unknown_client_reject_code (450) 
-              The numerical Postfix SMTP server response code  when  a  client  without 
-              valid    address    <=>    name    mapping    is    rejected    by    the 
-              reject_unknown_client_hostname restriction. 
- 
-       unknown_hostname_reject_code (450) 
-              The numerical Postfix SMTP server response code when the hostname  speci‐ 
-              fied   with   the   HELO   or   EHLO   command   is   rejected   by   the 
-              reject_unknown_helo_hostname restriction. 
- 
-       Available in Postfix version 2.0 and later: 
- 
-       default_rbl_reply (see 'postconf -d' output) 
-              The default Postfix SMTP server response template for a request  that  is 
-              rejected by an RBL-based restriction. 
- 
-       multi_recipient_bounce_reject_code (550) 
-              The numerical Postfix SMTP server response code when a remote SMTP client 
-              request is blocked by the reject_multi_recipient_bounce restriction. 
- 
-       rbl_reply_maps (empty) 
-              Optional lookup tables with RBL response templates. 
- 
-       Available in Postfix version 2.6 and later: 
- 
-       access_map_defer_code (450) 
-              The numerical Postfix SMTP server response  code  for  an  access(5)  map 
-              "defer" action, including "defer_if_permit" or "defer_if_reject". 
- 
-       reject_tempfail_action (defer_if_permit) 
-              The Postfix SMTP server's action when a reject-type restriction fails due 
-              to a temporary error condition. 
- 
-       unknown_helo_hostname_tempfail_action ($reject_tempfail_action) 
-              The Postfix SMTP server's action when reject_unknown_helo_hostname  fails 
-              due to an temporary error condition. 
- 
-       unknown_address_tempfail_action ($reject_tempfail_action) 
-              The  Postfix  SMTP  server' action when reject_unknown_sender_domain or 
-              reject_unknown_recipient_domain fail due to a temporary error condition. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       daemon_timeout (18000s) 
-              How  much  time  a  Postfix  daemon  process may take to handle a request 
-              before it is terminated by a built-in watchdog timer. 
- 
-       command_directory (see 'postconf -d' output) 
-              The location of all postfix administrative commands. 
- 
-       double_bounce_sender (double-bounce) 
-              The sender address of postmaster notifications that are generated by  the 
-              mail system. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal com‐ 
-              munication channel. 
- 
-       mail_name (Postfix) 
-              The mail system name that is displayed in Received: headers, in the  SMTP 
-              greeting banner, and in bounced mail. 
- 
-       mail_owner (postfix) 
-              The UNIX system account that owns the Postfix queue and most Postfix dae‐ 
-              mon processes. 
- 
-       max_idle (100s) 
-              The maximum amount of time that an idle Postfix daemon process waits  for 
-              an incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The  maximal number of incoming connections that a Postfix daemon process 
-              will service before terminating voluntarily. 
- 
-       myhostname (see 'postconf -d' output) 
-              The internet hostname of this mail system. 
- 
-       mynetworks (see 'postconf -d' output) 
-              The list of "trusted" remote SMTP clients that have more privileges  than 
-              "strangers". 
- 
-       myorigin ($myhostname) 
-              The  domain  name that locally-posted mail appears to come from, and that 
-              locally posted mail is delivered to. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       recipient_delimiter (empty) 
-              The set of characters that can separate a user name  from  its  extension 
-              (example: user+foo), or a .forward file name from its extension (example: 
-              .forward+foo). 
- 
-       smtpd_banner ($myhostname ESMTP $mail_name) 
-              The text that follows the 220 status code in the SMTP greeting banner. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The mail system name that is prepended to  the  process  name  in  syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       smtpd_forbidden_commands (CONNECT, GET, POST) 
-              List of commands that cause the Postfix SMTP server to immediately termi‐ 
-              nate the session with a 221 code. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       smtpd_client_port_logging (no) 
-              Enable logging of the remote SMTP client port in addition to the hostname 
-              and IP address. 
- 
-SEE ALSO 
-       anvil(8), connection/rate limiting 
-       cleanup(8), message canonicalization 
-       tlsmgr(8), TLS session and PRNG management 
-       trivial-rewrite(8), address resolver 
-       verify(8), address verification service 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use  "postconf  readme_directory"  or  "postconf  html_directory" to locate this 
-       information. 
-       ADDRESS_CLASS_README, blocking unknown hosted or relay recipients 
-       ADDRESS_REWRITING_README Postfix address manipulation 
-       FILTER_README, external after-queue content filter 
-       LOCAL_RECIPIENT_README, blocking unknown local recipients 
-       MILTER_README, before-queue mail filter applications 
-       SMTPD_ACCESS_README, built-in access policies 
-       SMTPD_POLICY_README, external policy server 
-       SMTPD_PROXY_README, external before-queue content filter 
-       SASL_README, Postfix SASL howto 
-       TLS_README, Postfix STARTTLS howto 
-       VERP_README, Postfix XVERP extension 
-       XCLIENT_README, Postfix XCLIENT extension 
-       XFORWARD_README, Postfix XFORWARD extension 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-       SASL support originally by: 
-       Till Franke 
-       SuSE Rhein/Main AG 
-       65760 Eschborn, Germany 
- 
-       TLS support originally by: 
-       Lutz Jaenicke 
-       BTU Cottbus 
-       Allgemeine Elektrotechnik 
-       Universitaetsplatz 3-4 
-       D-03044 Cottbus, Germany 
- 
-       Revised TLS support by: 
-       Victor Duchovni 
-       Morgan Stanley 
- 
-                                                                               SMTPD(8) 
-</code> 
-==== postscreen ==== 
-Mit Hilfe des **postscreen**-Daemon kann helfen, die **[[centos:mail_c7:mta_1?&#smtpd|smtpd]]**-Serverprozesse vor unerwünschten Verkehr, die z.B. von SPAM-Botnetzen aus den Server mit SPAM überfluten wollen. Ein **postscreen**-Prozess kann mehrere **[[centos:mail_c7:mta_1?&#smtpd|smtpd]]**-Prozesse absichern. Typischerweise schützt man damit den SMTP-Port **25**, auf dem andere Mailserver ihre Nachrichten einliefern wollen. Zum "//wie//" und "//Warum//" werden wir hier im Wiki noch in einem gesonderten Kapitel eingehender vertiefen. 
- 
-Weitere Informationen sind ggf. auch in der **manpage** von **postscreen** zu entnehmen. 
- 
-   # man 8 postscreen 
-<code>POSTSCREEN(8)                   System Manager's Manual                   POSTSCREEN(8) 
- 
-NAME 
-       postscreen - Postfix zombie blocker 
- 
-SYNOPSIS 
-       postscreen [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  Postfix  postscreen(8)  server  provides additional protection against mail 
-       server overload. One postscreen(8) process handles multiple inbound SMTP connec‐ 
-       tions,  and decides which clients may talk to a Postfix SMTP server process.  By 
-       keeping spambots away, postscreen(8) leaves more SMTP server processes available 
-       for legitimate clients, and delays the onset of server overload conditions. 
- 
-       This  program  should  not be used on SMTP ports that receive mail from end-user 
-       clients (MUAs). In a typical deployment, postscreen(8) handles the MX service on 
-       TCP  port  25,  while  MUA clients submit mail via the submission service on TCP 
-       port 587 which requires client authentication.  Alternatively, a site could  set 
-       up  a  dedicated, non-postscreen, "port 25" server that provides submission ser‐ 
-       vice and client authentication, but no MX service. 
- 
-       postscreen(8) maintains a temporary whitelist for clients  that  have  passed  a 
-       number  of  tests.  When an SMTP client IP address is whitelisted, postscreen(8) 
-       hands off the connection immediately to a Postfix SMTP server process. This min‐ 
-       imizes the overhead for legitimate mail. 
- 
-       By  default,  postscreen(8)  logs statistics and hands off every connection to a 
-       Postfix SMTP server process, while excluding  clients  in  mynetworks  from  all 
-       tests  (primarily,  to  avoid problems with non-standard SMTP implementations in 
-       network appliances).  This mode is useful for non-destructive testing. 
- 
-       In a typical production setting, postscreen(8) is configured to reject mail from 
-       clients  that  fail one or more tests. postscreen(8) logs rejected mail with the 
-       client address, helo, sender and recipient information. 
- 
-       postscreen(8) is not an SMTP proxy; this is intentional.  The purpose is to keep 
-       spambots  away from Postfix SMTP server processes, while minimizing overhead for 
-       legitimate traffic. 
- 
-SECURITY 
-       The  postscreen(8)  server  is  moderately  security-sensitive.   It  talks   to 
-       untrusted  clients  on the network. The process can be run chrooted at fixed low 
-       privilege. 
- 
-STANDARDS 
-       RFC 821 (SMTP protocol) 
-       RFC 1123 (Host requirements) 
-       RFC 1652 (8bit-MIME transport) 
-       RFC 1869 (SMTP service extensions) 
-       RFC 1870 (Message Size Declaration) 
-       RFC 1985 (ETRN command) 
-       RFC 2034 (SMTP Enhanced Status Codes) 
-       RFC 2821 (SMTP protocol) 
-       Not: RFC 2920 (SMTP Pipelining) 
-       RFC 3207 (STARTTLS command) 
-       RFC 3461 (SMTP DSN Extension) 
-       RFC 3463 (Enhanced Status Codes) 
-       RFC 5321 (SMTP protocol, including multi-line 220 banners) 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-BUGS 
-       The postscreen(8) built-in SMTP protocol engine currently does not announce sup‐ 
-       port  for  AUTH, XCLIENT or XFORWARD.  If you need to make these services avail‐ 
-       able on port 25, then do not enable the optional  "after  220  server  greeting" 
-       tests,  and  do  not use DNSBLs that reject traffic from dial-up and residential 
-       networks. 
- 
-       The optional "after 220 server greeting" tests involve postscreen(8)' built-in 
-       SMTP protocol engine. When these tests succeed, postscreen(8) adds the client to 
-       the temporary whitelist, but it cannot not hand off the "live" connection  to  a 
-       Postfix  SMTP server process in the middle of a session.  Instead, postscreen(8) 
-       defers attempts to deliver mail with a 4XX status, and waits for the  client  to 
-       disconnect.  When the client connects again, postscreen(8) will allow the client 
-       to talk to a Postfix SMTP server process (provided that the whitelist status has 
-       not  expired).   postscreen(8) mitigates the impact of this limitation by giving 
-       the "after 220 server greeting" tests a long expiration time. 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are not picked up automatically, as  postscreen(8)  processes 
-       may  run for several hours.  Use the command "postfix reload" after a configura‐ 
-       tion change. 
- 
-       The text below provides only a  parameter  summary.  See  postconf(5)  for  more 
-       details including examples. 
- 
-       NOTE:  Some  postscreen(8) parameters implement stress-dependent behavior.  This 
-       is supported only when the default parameter value is stress-dependent (that is, 
-       it  looks  like ${stress?X}${stress:Y}, or it is the $name of an smtpd parameter 
-       with a stress-dependent default).  Other parameters always evaluate  as  if  the 
-       stress parameter value is the empty string. 
- 
-COMPATIBILITY CONTROLS 
-       postscreen_command_filter ($smtpd_command_filter) 
-              A mechanism to transform commands from remote SMTP clients. 
- 
-       postscreen_discard_ehlo_keyword_address_maps           ($smtpd_discard_ehlo_key‐ 
-       word_address_maps) 
-              Lookup tables, indexed by the  remote  SMTP  client  address,  with  case 
-              insensitive  lists  of  EHLO  keywords (pipelining, starttls, auth, etc.) 
-              that the postscreen(8) server will not send in the  EHLO  response  to  a 
-              remote SMTP client. 
- 
-       postscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords) 
-              A  case  insensitive  list  of EHLO keywords (pipelining, starttls, auth, 
-              etc.) that the postscreen(8) server will not send in the EHLO response to 
-              a remote SMTP client. 
- 
-TROUBLE SHOOTING CONTROLS 
-       postscreen_expansion_filter (see 'postconf -d' output) 
-              List   of  characters  that  are  permitted  in  postscreen_reject_footer 
-              attribute expansions. 
- 
-       postscreen_reject_footer ($smtpd_reject_footer) 
-              Optional information that is appended after a 4XX  or  5XX  postscreen(8) 
-              server response. 
- 
-       soft_bounce (no) 
-              Safety  net  to  keep mail queued that would otherwise be returned to the 
-              sender. 
- 
-BEFORE-POSTSCREEN PROXY AGENT 
-       Available in Postfix version 2.10 and later: 
- 
-       postscreen_upstream_proxy_protocol (empty) 
-              The name of the proxy protocol  used  by  an  optional  before-postscreen 
-              proxy agent. 
- 
-       postscreen_upstream_proxy_timeout (5s) 
-              The   time   limit   for   the   proxy   protocol   specified   with  the 
-              postscreen_upstream_proxy_protocol parameter. 
- 
-PERMANENT WHITE/BLACKLIST TEST 
-       This test is executed immediately after a remote  SMTP  client  connects.  If  a 
-       client  is permanently whitelisted, the client will be handed off immediately to 
-       a Postfix SMTP server process. 
- 
-       postscreen_access_list (permit_mynetworks) 
-              Permanent white/blacklist for remote SMTP client IP addresses. 
- 
-       postscreen_blacklist_action (ignore) 
-              The action that postscreen(8) takes when a remote SMTP client  is  perma‐ 
-              nently blacklisted with the postscreen_access_list parameter. 
- 
-MAIL EXCHANGER POLICY TESTS 
-       When postscreen(8) is configured to monitor all primary and backup MX addresses, 
-       it can refuse to whitelist clients that connect to a backup MX address only. For 
-       small  sites,  this  requires configuring primary and backup MX addresses on the 
-       same MTA. Larger sites would have to share the postscreen(8) cache between  pri‐ 
-       mary and backup MTAs, which would introduce a common point of failure. 
- 
-       postscreen_whitelist_interfaces (static:all) 
-              A list of local postscreen(8) server IP addresses where a non-whitelisted 
-              remote SMTP client can obtain postscreen(8)'s temporary whitelist status. 
- 
-BEFORE 220 GREETING TESTS 
-       These tests are executed before the remote SMTP client receives the "220 server‐ 
-       name"  greeting.  If  no  tests  remain  after the successful completion of this 
-       phase, the client will be handed  off  immediately  to  a  Postfix  SMTP  server 
-       process. 
- 
-       dnsblog_service_name (dnsblog) 
-              The name of the dnsblog(8) service entry in master.cf. 
- 
-       postscreen_dnsbl_action (ignore) 
-              The  action that postscreen(8) takes when a remote SMTP client's combined 
-              DNSBL score is equal to or greater than a threshold (as defined with  the 
-              postscreen_dnsbl_sites and postscreen_dnsbl_threshold parameters). 
- 
-       postscreen_dnsbl_reply_map (empty) 
-              A mapping from actual DNSBL domain name which includes a secret password, 
-              to the DNSBL domain name that postscreen will reply with when it  rejects 
-              mail. 
- 
-       postscreen_dnsbl_sites (empty) 
-              Optional list of DNS white/blacklist domains, filters and weight factors. 
- 
-       postscreen_dnsbl_threshold (1) 
-              The inclusive lower bound for blocking a remote SMTP client, based on its 
-              combined DNSBL score as defined with the  postscreen_dnsbl_sites  parame‐ 
-              ter. 
- 
-       postscreen_greet_action (ignore) 
-              The  action  that  postscreen(8)  takes  when a remote SMTP client speaks 
-              before its turn within the time specified with the  postscreen_greet_wait 
-              parameter. 
- 
-       postscreen_greet_banner ($smtpd_banner) 
-              The text in the optional "220-text..." server response that postscreen(8) 
-              sends ahead of the real Postfix SMTP server's "220 text..." response,  in 
-              an  attempt  to  confuse bad SMTP clients so that they speak before their 
-              turn (pre-greet). 
- 
-       postscreen_greet_wait (${stress?2}${stress:6}s) 
-              The amount of time that postscreen(8) will wait for  an  SMTP  client  to 
-              send  a  command before its turn, and for DNS blocklist lookup results to 
-              arrive (default: up to 2 seconds under stress, up  to  6  seconds  other‐ 
-              wise). 
- 
-       smtpd_service_name (smtpd) 
-              The internal service that postscreen(8) hands off allowed connections to. 
- 
-       Available in Postfix version 2.11 and later: 
- 
-       postscreen_dnsbl_whitelist_threshold (0) 
-              Allow a remote SMTP client to skip "before" and "after 220 greeting" pro‐ 
-              tocol tests, based on its  combined  DNSBL  score  as  defined  with  the 
-              postscreen_dnsbl_sites parameter. 
- 
-AFTER 220 GREETING TESTS 
-       These  tests are executed after the remote SMTP client receives the "220 server‐ 
-       name" greeting. If a client passes all tests during this phase, it will  receive 
-        4XX response to all RCPT TO commands. After the client reconnects, it will be 
-       allowed to talk directly to a Postfix SMTP server process. 
- 
-       postscreen_bare_newline_action (ignore) 
-              The action that postscreen(8) takes when a remote  SMTP  client  sends  a 
-              bare  newline  character,  that  is,  a  newline not preceded by carriage 
-              return. 
- 
-       postscreen_bare_newline_enable (no) 
-              Enable "bare newline" SMTP protocol tests in the postscreen(8) server. 
- 
-       postscreen_disable_vrfy_command ($disable_vrfy_command) 
-              Disable the SMTP VRFY command in the postscreen(8) daemon. 
- 
-       postscreen_forbidden_commands ($smtpd_forbidden_commands) 
-              List of commands that the postscreen(8) server considers in violation  of 
-              the SMTP protocol. 
- 
-       postscreen_helo_required ($smtpd_helo_required) 
-              Require  that a remote SMTP client sends HELO or EHLO before commencing a 
-              MAIL transaction. 
- 
-       postscreen_non_smtp_command_action (drop) 
-              The action that postscreen(8) takes when a remote SMTP client sends  non- 
-              SMTP commands as specified with the postscreen_forbidden_commands parame‐ 
-              ter. 
- 
-       postscreen_non_smtp_command_enable (no) 
-              Enable "non-SMTP command" tests in the postscreen(8) server. 
- 
-       postscreen_pipelining_action (enforce) 
-              The action that postscreen(8) takes when a remote SMTP client sends  mul‐ 
-              tiple  commands instead of sending one command and waiting for the server 
-              to respond. 
- 
-       postscreen_pipelining_enable (no) 
-              Enable "pipelining" SMTP protocol tests in the postscreen(8) server. 
- 
-CACHE CONTROLS 
-       postscreen_cache_cleanup_interval (12h) 
-              The amount of time between postscreen(8) cache cleanup runs. 
- 
-       postscreen_cache_map (btree:$data_directory/postscreen_cache) 
-              Persistent storage for the postscreen(8) server decisions. 
- 
-       postscreen_cache_retention_time (7d) 
-              The amount of time that postscreen(8) will  cache  an  expired  temporary 
-              whitelist entry before it is removed. 
- 
-       postscreen_bare_newline_ttl (30d) 
-              The amount of time that postscreen(8) will use the result from a success‐ 
-              ful "bare newline" SMTP protocol test. 
- 
-       postscreen_dnsbl_ttl (1h) 
-              The amount of time that postscreen(8) will use the result from a success‐ 
-              ful DNS blocklist test. 
- 
-       postscreen_greet_ttl (1d) 
-              The amount of time that postscreen(8) will use the result from a success‐ 
-              ful PREGREET test. 
- 
-       postscreen_non_smtp_command_ttl (30d) 
-              The amount of time that postscreen(8) will use the result from a success‐ 
-              ful "non_smtp_command" SMTP protocol test. 
- 
-       postscreen_pipelining_ttl (30d) 
-              The amount of time that postscreen(8) will use the result from a success‐ 
-              ful "pipelining" SMTP protocol test. 
- 
-RESOURCE CONTROLS 
-       line_length_limit (2048) 
-              Upon input, long lines are chopped up into pieces of at most this length; 
-              upon delivery, long lines are reconstructed. 
- 
-       postscreen_client_connection_count_limit ($smtpd_client_connection_count_limit) 
-              How  many  simultaneous  connections any remote SMTP client is allowed to 
-              have with the postscreen(8) daemon. 
- 
-       postscreen_command_count_limit (20) 
-              The  limit  on  the  total  number  of  commands  per  SMTP  session  for 
-              postscreen(8)'s built-in SMTP protocol engine. 
- 
-       postscreen_command_time_limit (${stress?10}${stress:300}s) 
-              The time limit to read an entire command line with postscreen(8)'s built- 
-              in SMTP protocol engine. 
- 
-       postscreen_post_queue_limit ($default_process_limit) 
-              The number of clients that can be waiting for service from a real Postfix 
-              SMTP server process. 
- 
-       postscreen_pre_queue_limit ($default_process_limit) 
-              The  number of non-whitelisted clients that can be waiting for a decision 
-              whether they will  receive  service  from  a  real  Postfix  SMTP  server 
-              process. 
- 
-       postscreen_watchdog_timeout (10s) 
-              How  much  time  a  postscreen(8) process may take to respond to a remote 
-              SMTP client command or to perform a cache operation before it  is  termi‐ 
-              nated by a built-in watchdog timer. 
- 
-STARTTLS CONTROLS 
-       postscreen_tls_security_level ($smtpd_tls_security_level) 
-              The  SMTP  TLS  security  level for the postscreen(8) server; when a non- 
-              empty  value  is  specified,  this  overrides  the  obsolete   parameters 
-              postscreen_use_tls and postscreen_enforce_tls. 
- 
-       tlsproxy_service_name (tlsproxy) 
-              The name of the tlsproxy(8) service entry in master.cf. 
- 
-OBSOLETE STARTTLS SUPPORT CONTROLS 
-       These  parameters  are  supported for compatibility with smtpd(8) legacy parame‐ 
-       ters. 
- 
-       postscreen_use_tls ($smtpd_use_tls) 
-              Opportunistic TLS: announce STARTTLS support to remote SMTP clients,  but 
-              do not require that clients use TLS encryption. 
- 
-       postscreen_enforce_tls ($smtpd_enforce_tls) 
-              Mandatory  TLS:  announce  STARTTLS  support  to remote SMTP clients, and 
-              require that clients use TLS encryption. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       delay_logging_resolution_limit (2) 
-              The  maximal  number  of digits after the decimal point when logging sub- 
-              second delay values. 
- 
-       command_directory (see 'postconf -d' output) 
-              The location of all postfix administrative commands. 
- 
-       max_idle (100s) 
-              The maximum amount of time that an idle Postfix daemon process waits  for 
-              an incoming connection before terminating voluntarily. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is prepended to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-SEE ALSO 
-       smtpd(8), Postfix SMTP server 
-       tlsproxy(8), Postfix TLS proxy server 
-       dnsblog(8), DNS black/whitelist logger 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this 
-       information. 
-       POSTSCREEN_README, Postfix Postscreen Howto 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-HISTORY 
-       This service was introduced with Postfix version 2.8. 
- 
-       Many ideas in postscreen(8) were explored in earlier work by Michael Tokarev, in 
-       OpenBSD spamd, and in MailChannels Traffic Control. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                          POSTSCREEN(8) 
-</code> 
-==== dnsblog ==== 
-Der **dnsblog**-Daemon implementiert einen ad-hoc DNS white/blacklist lookup service. Wietse Venema plant diesen Daemon direkt als eigenes UDP-Client im **[[centos:mail_c7:mta_1?&#postscreen|postscreen]]**-Modul zu implementieren. 
-Weitere Hinweise findet man in der manpage zum dnsblog-Daemon. 
- 
-   # man 8 dnsblog 
-<code>DNSBLOG(8)                      System Manager's Manual                      DNSBLOG(8) 
- 
-NAME 
-       dnsblog - Postfix DNS white/blacklist logger 
- 
-SYNOPSIS 
-       dnsblog [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  dnsblog(8)  server implements an ad-hoc DNS white/blacklist lookup service. 
-       This may eventually be replaced by an UDP client that is built directly into the 
-       postscreen(8) server. 
- 
-PROTOCOL 
-       With  each  connection,  the  dnsblog(8)  server  receives a DNS white/blacklist 
-       domain name, IP address, and an ID.  If the address  is  listed  under  the  DNS 
-       white/blacklist, the dnsblog(8) server logs the match and replies with the query 
-       arguments plus an address list with the  resulting  IP  addresses  separated  by 
-       whitespace.  Otherwise it replies with the query arguments plus an empty address 
-       list.  Finally, The dnsblog(8) server closes the connection. 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are picked up automatically, as dnsblog(8) processes run  for 
-       only  a  limited  amount of time. Use the command "postfix reload" to speed up a 
-       change. 
- 
-       The text below provides only a  parameter  summary.  See  postconf(5)  for  more 
-       details including examples. 
- 
-       config_directory (see 'postconf -d' output) 
-              The  default  location of the Postfix main.cf and master.cf configuration 
-              files. 
- 
-       daemon_timeout (18000s) 
-              How much time a Postfix daemon process  may  take  to  handle  a  request 
-              before it is terminated by a built-in watchdog timer. 
- 
-       postscreen_dnsbl_sites (empty) 
-              Optional list of DNS white/blacklist domains, filters and weight factors. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal com‐ 
-              munication channel. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The mail system name that is prepended to  the  process  name  in  syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-SEE ALSO 
-       smtpd(8), Postfix SMTP server 
-       postconf(5), configuration parameters 
-       syslogd(5), system logging 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-HISTORY 
-       This service was introduced with Postfix version 2.8. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                             DNSBLOG(8) 
-</code> 
-==== tlsproxy ==== 
-Der **tlsproxy** Daemon stellt einen Serverseitigen TLS-Proxy-Dienst zur Verfügung, der von **[[centos:mail_c7:mta_1?&#postscreen|postscreen]]** dazu benutzt wird, um mit Clients, die nicht in der whitelist stehen. Ebenso kann der **tlsproxy** für "Nicht-SMTP-Protokolle" verwendet werden. 
-Eine **tlsproxy**-Verbindung kann dabei für mehrere Session gleichzeitig genutzt werden. Somit kann die Load des Servers begrenzt werden, der daqnn auch unter hohen Verkehrsaufkommen erreichbar bleiben kann. 
- 
-Weitere informationen zum **tlsproxy** Daemon findet man in dessen manpage. 
- 
-   # man 8 tlsproxy 
-<code>TLSPROXY(8)                     System Manager's Manual                     TLSPROXY(8) 
- 
-NAME 
-       tlsproxy - Postfix TLS proxy 
- 
-SYNOPSIS 
-       tlsproxy [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  tlsproxy(8)  server  implements  a  server-side  TLS  proxy.  It is used by 
-       postscreen(8) to talk SMTP-over-TLS  with  remote  SMTP  clients  that  are  not 
-       whitelisted  (including  clients  whose  whitelist  status  has expired), but it 
-       should also work for non-SMTP protocols. 
- 
-       Although one tlsproxy(8) process can serve multiple sessions at the  same  time, 
-       it  is  a  good  idea to allow the number of processes to increase with load, so 
-       that the service remains responsive. 
- 
-PROTOCOL EXAMPLE 
-       The example below concerns postscreen(8). However,  the  tlsproxy(8)  server  is 
-       agnostic of the application protocol, and the example is easily adapted to other 
-       applications. 
- 
-       After receiving a valid remote SMTP client STARTTLS command,  the  postscreen(8) 
-       server  sends  the  remote  SMTP  client  endpoint  string,  the  requested role 
-       (server), and the requested timeout to tlsproxy(8).  postscreen(8) then receives 
-       a "TLS available" indication from tlsproxy(8).  If the TLS service is available, 
-       postscreen(8) sends the remote SMTP client file descriptor to  tlsproxy(8),  and 
-       sends  the  plaintext 220 greeting to the remote SMTP client.  This triggers TLS 
-       negotiations between the remote SMTP client and tlsproxy(8).  Upon completion of 
-       the  TLS-level  handshake,  tlsproxy(8)  translates  between  plaintext  from/to 
-       postscreen(8) and ciphertext to/from the remote SMTP client. 
- 
-SECURITY 
-       The tlsproxy(8) server is moderately security-sensitive.  It talks to  untrusted 
-       clients on the network. The process can be run chrooted at fixed low privilege. 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are not picked up automatically, as tlsproxy(8) processes may 
-       run for a long time depending on mail server load.   Use  the  command  "postfix 
-       reload" to speed up a change. 
- 
-       The  text  below  provides  only  a  parameter summary. See postconf(5) for more 
-       details including examples. 
- 
-STARTTLS SUPPORT CONTROLS 
-       tlsproxy_tls_CAfile ($smtpd_tls_CAfile) 
-              A file containing (PEM format) CA certificates of  root  CAs  trusted  to 
-              sign  either  remote SMTP client certificates or intermediate CA certifi‐ 
-              cates. 
- 
-       tlsproxy_tls_CApath ($smtpd_tls_CApath) 
-              A directory containing (PEM format) CA certificates of root  CAs  trusted 
-              to  sign  either  remote SMTP client certificates or intermediate CA cer‐ 
-              tificates. 
- 
-       tlsproxy_tls_always_issue_session_ids ($smtpd_tls_always_issue_session_ids) 
-              Force the Postfix tlsproxy(8) server to issue a TLS session id, even when 
-              TLS session caching is turned off. 
- 
-       tlsproxy_tls_ask_ccert ($smtpd_tls_ask_ccert) 
-              Ask a remote SMTP client for a client certificate. 
- 
-       tlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verifydepth) 
-              The verification depth for remote SMTP client certificates. 
- 
-       tlsproxy_tls_cert_file ($smtpd_tls_cert_file) 
-              File with the Postfix tlsproxy(8) server RSA certificate in PEM format. 
- 
-       tlsproxy_tls_ciphers ($smtpd_tls_ciphers) 
-              The minimum TLS cipher grade that the Postfix tlsproxy(8) server will use 
-              with opportunistic TLS encryption. 
- 
-       tlsproxy_tls_dcert_file ($smtpd_tls_dcert_file) 
-              File with the Postfix tlsproxy(8) server DSA certificate in PEM format. 
- 
-       tlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file) 
-              File with DH parameters that the Postfix tlsproxy(8)  server  should  use 
-              with non-export EDH ciphers. 
- 
-       tlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file) 
-              File  with  DH  parameters that the Postfix tlsproxy(8) server should use 
-              with export-grade EDH ciphers. 
- 
-       tlsproxy_tls_dkey_file ($smtpd_tls_dkey_file) 
-              File with the Postfix tlsproxy(8) server DSA private key in PEM format. 
- 
-       tlsproxy_tls_eccert_file ($smtpd_tls_eccert_file) 
-              File with the Postfix tlsproxy(8) server ECDSA certificate in PEM format. 
- 
-       tlsproxy_tls_eckey_file ($smtpd_tls_eckey_file) 
-              File with the Postfix tlsproxy(8) server ECDSA private key in PEM format. 
- 
-       tlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade) 
-              The Postfix tlsproxy(8) server security  grade  for  ephemeral  elliptic- 
-              curve Diffie-Hellman (EECDH) key exchange. 
- 
-       tlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers) 
-              List  of  ciphers  or cipher types to exclude from the tlsproxy(8) server 
-              cipher list at all TLS security levels. 
- 
-       tlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest) 
-              The message digest algorithm to construct remote SMTP  client-certificate 
-              fingerprints. 
- 
-       tlsproxy_tls_key_file ($smtpd_tls_key_file) 
-              File with the Postfix tlsproxy(8) server RSA private key in PEM format. 
- 
-       tlsproxy_tls_loglevel ($smtpd_tls_loglevel) 
-              Enable additional Postfix tlsproxy(8) server logging of TLS activity. 
- 
-       tlsproxy_tls_mandatory_ciphers ($smtpd_tls_mandatory_ciphers) 
-              The minimum TLS cipher grade that the Postfix tlsproxy(8) server will use 
-              with mandatory TLS encryption. 
- 
-       tlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_mandatory_exclude_ciphers) 
-              Additional  list  of  ciphers  or  cipher  types  to  exclude  from   the 
-              tlsproxy(8) server cipher list at mandatory TLS security levels. 
- 
-       tlsproxy_tls_mandatory_protocols ($smtpd_tls_mandatory_protocols) 
-              The  SSL/TLS  protocols  accepted  by the Postfix tlsproxy(8) server with 
-              mandatory TLS encryption. 
- 
-       tlsproxy_tls_protocols ($smtpd_tls_protocols) 
-              List of TLS protocols that the Postfix tlsproxy(8) server will exclude or 
-              include with opportunistic TLS encryption. 
- 
-       tlsproxy_tls_req_ccert ($smtpd_tls_req_ccert) 
-              With  mandatory TLS encryption, require a trusted remote SMTP client cer‐ 
-              tificate in order to allow TLS connections to proceed. 
- 
-       tlsproxy_tls_security_level ($smtpd_tls_security_level) 
-              The SMTP TLS security level for the Postfix tlsproxy(8)  server;  when  a 
-              non-empty  value  is  specified,  this  overrides the obsolete parameters 
-              smtpd_use_tls and smtpd_enforce_tls. 
- 
-       Available in Postfix version 2.11 and later: 
- 
-       tlsmgr_service_name (tlsmgr) 
-              The name of the tlsmgr(8) service entry in master.cf. 
- 
-OBSOLETE STARTTLS SUPPORT CONTROLS 
-       These parameters are supported for compatibility with  smtpd(8)  legacy  parame‐ 
-       ters. 
- 
-       tlsproxy_use_tls ($smtpd_use_tls) 
-              Opportunistic  TLS: announce STARTTLS support to remote SMTP clients, but 
-              do not require that clients use TLS encryption. 
- 
-       tlsproxy_enforce_tls ($smtpd_enforce_tls) 
-              Mandatory TLS: announce STARTTLS support  to  remote  SMTP  clients,  and 
-              require that clients use TLS encryption. 
- 
-RESOURCE CONTROLS 
-       tlsproxy_watchdog_timeout (10s) 
-              How  much  time a tlsproxy(8) process may take to process local or remote 
-              I/O before it is terminated by a built-in watchdog timer. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is prepended to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-SEE ALSO 
-       postscreen(8), Postfix zombie blocker 
-       smtpd(8), Postfix SMTP server 
-       postconf(5), configuration parameters 
-       syslogd(5), system logging 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-HISTORY 
-       This service was introduced with Postfix version 2.8. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                            TLSPROXY(8) 
-</code> 
-==== submission ==== 
-Zu Entgegennahme von Nachrichten bedient der **[[centos:mail_c7:mta_1?&#smtpd|smtpd]]** Server auf Port **587** ausschließlich von authentifizierten Benutzer. Dieser Daemon stellt den **MSA**((**M**ail **M**essage **S**ubmission))-Server zur Verfügung, auf dem die **MUA**s((**M**ail **U**ser Agents)) Ihre eMail einliefern können. Nach Prüfung gibt der Submission-Server die nachricht an den **[[centos:mail_c7:mta_1?&#cleanup|cleanup]]**-Daemon weiter. 
- 
- 
-==== qmqpd ==== 
-Der **qmqpd**, stellt aus kompatibilitätsgründen **QMQP**((**Q**uick **M**ail **Q**ueueing **P**rotocol)) zur Verfügung. Der Postfix QMQP Server empfängt eine Nachricht pro Anschluss, die er dann zum **[[centos:mail_c7:mta_1?&#cleanup|cleanup]]**-Modul weitergeleitet wird. In der **incoming**-Queue wird jede einzelne Nachricht in einem eigenen Queue-File geschrieben. 
-Zur Absicherung des Daemon werden Verbindungen nur von extra berechtigten Clients angenommen (access policy). Nähere Hinweise zum qmqpd findet man in dessen manpage. 
- 
-   # man 8 qmqpd 
-<code>QMQPD(8)                        System Manager's Manual                        QMQPD(8) 
- 
-NAME 
-       qmqpd - Postfix QMQP server 
- 
-SYNOPSIS 
-       qmqpd [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  Postfix  QMQP  server receives one message per connection.  Each message is 
-       piped through the cleanup(8) daemon, and is placed into the  incoming  queue  as 
-       one single queue file.  The program expects to be run from the master(8) process 
-       manager. 
- 
-       The QMQP server implements one access policy: only explicitly authorized  client 
-       hosts are allowed to use the service. 
- 
-SECURITY 
-       The  QMQP  server is moderately security-sensitive. It talks to QMQP clients and 
-       to DNS servers on the network. The QMQP server can be run chrooted at fixed  low 
-       privilege. 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-BUGS 
-       The  QMQP  protocol  provides  only one server reply per message delivery. It is 
-       therefore not possible to reject individual recipients. 
- 
-       The QMQP protocol requires the server  to  receive  the  entire  message  before 
-       replying.  If  a  message  is malformed, or if any netstring component is longer 
-       than acceptable, Postfix replies immediately and closes the  connection.  It  is 
-       left up to the client to handle the situation. 
- 
-CONFIGURATION PARAMETERS 
-       Changes  to  main.cf  are picked up automatically, as qmqpd(8) processes run for 
-       only a limited amount of time. Use the command "postfix reload" to  speed  up  a 
-       change. 
- 
-       The  text  below  provides  only  a  parameter summary. See postconf(5) for more 
-       details including examples. 
- 
-CONTENT INSPECTION CONTROLS 
-       content_filter (empty) 
-              After the message is queued, send the entire  message  to  the  specified 
-              transport:destination. 
- 
-       receive_override_options (empty) 
-              Enable  or  disable  recipient validation, built-in content filtering, or 
-              address mapping. 
- 
-RESOURCE AND RATE CONTROLS 
-       line_length_limit (2048) 
-              Upon input, long lines are chopped up into pieces of at most this length; 
-              upon delivery, long lines are reconstructed. 
- 
-       hopcount_limit (50) 
-              The  maximal  number of Received:  message headers that is allowed in the 
-              primary message headers. 
- 
-       message_size_limit (10240000) 
-              The maximal size in bytes of a message, including envelope information. 
- 
-       qmqpd_timeout (300s) 
-              The time limit for sending or receiving information over the network. 
- 
-TROUBLE SHOOTING CONTROLS 
-       debug_peer_level (2) 
-              The increment in verbose logging level when a  remote  client  or  server 
-              matches a pattern in the debug_peer_list parameter. 
- 
-       debug_peer_list (empty) 
-              Optional list of remote client or server hostname or network address pat‐ 
-              terns that cause the verbose logging level  to  increase  by  the  amount 
-              specified in $debug_peer_level. 
- 
-       soft_bounce (no) 
-              Safety  net  to  keep mail queued that would otherwise be returned to the 
-              sender. 
- 
-TARPIT CONTROLS 
-       qmqpd_error_delay (1s) 
-              How long the Postfix QMQP server will pause  before  sending  a  negative 
-              reply to the remote QMQP client. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The  default  location of the Postfix main.cf and master.cf configuration 
-              files. 
- 
-       daemon_timeout (18000s) 
-              How much time a Postfix daemon process  may  take  to  handle  a  request 
-              before it is terminated by a built-in watchdog timer. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal com‐ 
-              munication channel. 
- 
-       max_idle (100s) 
-              The maximum amount of time that an idle Postfix daemon process waits  for 
-              an incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The  maximal number of incoming connections that a Postfix daemon process 
-              will service before terminating voluntarily. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       qmqpd_authorized_clients (empty) 
-              What remote QMQP clients are allowed  to  connect  to  the  Postfix  QMQP 
-              server port. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is prepended to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-       verp_delimiter_filter (-=+) 
-              The characters Postfix accepts as VERP delimiter characters on the  Post‐ 
-              fix sendmail(1) command line and in SMTP commands. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       qmqpd_client_port_logging (no) 
-              Enable logging of the remote QMQP client port in addition to the hostname 
-              and IP address. 
- 
-SEE ALSO 
-       http://cr.yp.to/proto/qmqp.html, QMQP protocol 
-       cleanup(8), message canonicalization 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this 
-       information. 
-       QMQP_README, Postfix ezmlm-idx howto. 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-HISTORY 
-       The qmqpd service was introduced with Postfix version 1.1. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                               QMQPD(8) 
-</code> 
-==== pickup ==== 
-Der **pickup**-Daemon hat die Aufgabe Nachrichten aus der **maildrop**-Queue abzuholen, die dort vom **[[centos:mail_c7:mta_1?&#sendmail|sendmail]]**-Client-Programm abgelegt wurden und übergibt die Nachricht dann nach erfolgter Prüfung an den **[[centos:mail_c7:mta_1?&#cleanup|cleanup]]**-Daemon. 
- 
-Weitere Hinweise zum **pickup**-Daemon findet man in dessen **manpage**.  
- 
-   # man 8 pickup 
-<code>PICKUP(8)                       System Manager's Manual                       PICKUP(8) 
- 
-NAME 
-       pickup - Postfix local mail pickup 
- 
-SYNOPSIS 
-       pickup [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  pickup(8)  daemon  waits  for hints that new mail has been dropped into the 
-       maildrop directory, and feeds it  into  the  cleanup(8)  daemon.   Ill-formatted 
-       files  are deleted without notifying the originator.  This program expects to be 
-       run from the master(8) process manager. 
- 
-STANDARDS 
-       None. The pickup(8) daemon does not interact with the outside world. 
- 
-SECURITY 
-       The pickup(8) daemon is moderately security sensitive. It runs  with  fixed  low 
-       privilege  and  can  run  in a chrooted environment.  However, the program reads 
-       files from potentially hostile users.  The pickup(8) daemon opens no  files  for 
-       writing, is careful about what files it opens for reading, and does not actually 
-       touch any data that is sent to its public service endpoint. 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-BUGS 
-       The pickup(8) daemon copies mail from file to the cleanup(8) daemon.   It  could 
-       avoid  message  copying  overhead  by  sending a file descriptor instead of file 
-       data, but then the already complex cleanup(8) daemon would  have  to  deal  with 
-       unfiltered user data. 
- 
-CONFIGURATION PARAMETERS 
-       As  the pickup(8) daemon is a relatively long-running process, up to an hour may 
-       pass before a main.cf change takes effect.  Use  the  command  "postfix  reload" 
-       command to speed up a change. 
- 
-       The  text  below  provides  only  a  parameter summary. See postconf(5) for more 
-       details including examples. 
- 
-CONTENT INSPECTION CONTROLS 
-       content_filter (empty) 
-              After the message is queued, send the entire  message  to  the  specified 
-              transport:destination. 
- 
-       receive_override_options (empty) 
-              Enable  or  disable  recipient validation, built-in content filtering, or 
-              address mapping. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal com‐ 
-              munication channel. 
- 
-       line_length_limit (2048) 
-              Upon input, long lines are chopped up into pieces of at most this length; 
-              upon delivery, long lines are reconstructed. 
- 
-       max_idle (100s) 
-              The  maximum amount of time that an idle Postfix daemon process waits for 
-              an incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The maximal number of incoming connections that a Postfix daemon  process 
-              will service before terminating voluntarily. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is prepended to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-SEE ALSO 
-       cleanup(8), message canonicalization 
-       sendmail(1), Sendmail-compatible interface 
-       postdrop(1), mail posting agent 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                              PICKUP(8) 
-</code> 
-==== cleanup ==== 
-Der **cleanup**-Daemon verarbeitet eingehende Nachrichten. So werden ggf. fehlende Mailheader **From:**, **To:**, **Message-Id:** sowie **Date:** ergänzt oder auch Adressen mit Hilfe der beiden Tabellen **virtual_maps** und **cannonical_maps** umgeschrieben. Nach der initialen Verarbeitung der Nachricht, legt der **cleanup**-Daemon die Nachricht in der **incoming**-Queue ab und informiert den **[[centos:mail_c7:mta_1?&#qmgr|qmgr]]**-Daemon. 
- 
-Nähere Informationen zum **cleanup**-Daemon findet man in dessen **manpage**. 
-   # man 8 cleanup 
- 
-<code>CLEANUP(8)                      System Manager's Manual                      CLEANUP(8) 
- 
-NAME 
-       cleanup - canonicalize and enqueue Postfix message 
- 
-SYNOPSIS 
-       cleanup [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  cleanup(8) daemon processes inbound mail, inserts it into the incoming mail 
-       queue, and informs the queue manager of its arrival. 
- 
-       The cleanup(8) daemon always performs the following transformations: 
- 
-       ·      Insert missing message headers: (Resent-) From:,  To:,  Message-Id:,  and 
-              Date:. 
- 
-       ·      Transform envelope and header addresses to the standard user@fully-quali‐ 
-              fied-domain form that is expected by other Postfix programs.   This  task 
-              is delegated to the trivial-rewrite(8) daemon. 
- 
-       ·      Eliminate duplicate envelope recipient addresses. 
- 
-       The following address transformations are optional: 
- 
-       ·      Optionally,  rewrite  all  envelope and header addresses according to the 
-              mappings specified in the canonical(5) lookup tables. 
- 
-       ·      Optionally, masquerade  envelope  sender  addresses  and  message  header 
-              addresses (i.e. strip host or domain information below all domains listed 
-              in the masquerade_domains parameter, except for user names listed in mas‐ 
-              querade_exceptions).   By  default,  address masquerading does not affect 
-              envelope recipients. 
- 
-       ·      Optionally, expand envelope recipients according to information found  in 
-              the virtual(5) lookup tables. 
- 
-       The  cleanup(8)  daemon  performs  sanity checks on the content of each message. 
-       When it finds a problem, by default  it  returns  a  diagnostic  status  to  the 
-       client,  and leaves it up to the client to deal with the problem. Alternatively, 
-       the client can request the cleanup(8) daemon to bounce the message back  to  the 
-       sender in case of trouble. 
- 
-STANDARDS 
-       RFC 822 (ARPA Internet Text Messages) 
-       RFC 2045 (MIME: Format of Internet Message Bodies) 
-       RFC 2046 (MIME: Media Types) 
-       RFC 2822 (Internet Message Format) 
-       RFC 3463 (Enhanced Status Codes) 
-       RFC 3464 (Delivery status notifications) 
-       RFC 5322 (Internet Message Format) 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-BUGS 
-       Table-driven rewriting rules make it hard to express if then else and other log‐ 
-       ical relationships. 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are picked up automatically, as cleanup(8) processes run  for 
-       only  a  limited  amount of time. Use the command "postfix reload" to speed up a 
-       change. 
- 
-       The text below provides only a  parameter  summary.  See  postconf(5)  for  more 
-       details including examples. 
- 
-COMPATIBILITY CONTROLS 
-       undisclosed_recipients_header (see 'postconf -d' output) 
-              Message  header that the Postfix cleanup(8) server inserts when a message 
-              contains no To: or Cc: message header. 
- 
-       Available in Postfix version 2.1 only: 
- 
-       enable_errors_to (no) 
-              Report mail delivery errors to the address specified with  the  non-stan‐ 
-              dard  Errors-To:  message  header, instead of the envelope sender address 
-              (this feature is removed with Postfix  version  2.2,  is  turned  off  by 
-              default  with  Postfix  version  2.1,  and is always turned on with older 
-              Postfix versions). 
- 
-       Available in Postfix version 2.6 and later: 
- 
-       always_add_missing_headers (no) 
-              Always add (Resent-) From:, To:, Date: or Message-ID:  headers  when  not 
-              present. 
- 
-       Available in Postfix version 2.9 and later: 
- 
-       enable_long_queue_ids (no) 
-              Enable long, non-repeating, queue IDs (queue file names). 
- 
-BUILT-IN CONTENT FILTERING CONTROLS 
-       Postfix built-in content filtering is meant to stop a flood of worms or viruses. 
-       It is not a general content filter. 
- 
-       body_checks (empty) 
-              Optional lookup  tables  for  content  inspection  as  specified  in  the 
-              body_checks(5) manual page. 
- 
-       header_checks (empty) 
-              Optional lookup tables for content inspection of primary non-MIME message 
-              headers, as specified in the header_checks(5) manual page. 
- 
-       Available in Postfix version 2.0 and later: 
- 
-       body_checks_size_limit (51200) 
-              How much text in a message body segment (or attachment, if you prefer  to 
-              use that term) is subjected to body_checks inspection. 
- 
-       mime_header_checks ($header_checks) 
-              Optional  lookup  tables  for  content inspection of MIME related message 
-              headers, as described in the header_checks(5) manual page. 
- 
-       nested_header_checks ($header_checks) 
-              Optional lookup tables for content inspection of non-MIME message headers 
-              in attached messages, as described in the header_checks(5) manual page. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       message_reject_characters (empty) 
-              The set of characters that Postfix will reject in message content. 
- 
-       message_strip_characters (empty) 
-              The set of characters that Postfix will remove from message content. 
- 
-BEFORE QUEUE MILTER CONTROLS 
-       As  of version 2.3, Postfix supports the Sendmail version 8 Milter (mail filter) 
-       protocol. When mail is not received via  the  smtpd(8)  server,  the  cleanup(8) 
-       server  will  simulate  SMTP  events  to  the  extent that this is possible. For 
-       details see the MILTER_README document. 
- 
-       non_smtpd_milters (empty) 
-              A list of Milter (mail filter) applications for new mail  that  does  not 
-              arrive via the Postfix smtpd(8) server. 
- 
-       milter_protocol (6) 
-              The  mail  filter  protocol  version and optional protocol extensions for 
-              communication with a Milter application; prior to Postfix 2.6 the default 
-              protocol is 2. 
- 
-       milter_default_action (tempfail) 
-              The default action when a Milter (mail filter) application is unavailable 
-              or mis-configured. 
- 
-       milter_macro_daemon_name ($myhostname) 
-              The {daemon_name} macro value for Milter (mail filter) applications. 
- 
-       milter_macro_v ($mail_name $mail_version) 
-              The {v} macro value for Milter (mail filter) applications. 
- 
-       milter_connect_timeout (30s) 
-              The time limit for connecting to a Milter (mail filter) application,  and 
-              for negotiating protocol options. 
- 
-       milter_command_timeout (30s) 
-              The  time  limit  for  sending  an SMTP command to a Milter (mail filter) 
-              application, and for receiving the response. 
- 
-       milter_content_timeout (300s) 
-              The time limit for sending message content  to  a  Milter  (mail  filter) 
-              application, and for receiving the response. 
- 
-       milter_connect_macros (see 'postconf -d' output) 
-              The  macros that are sent to Milter (mail filter) applications after com‐ 
-              pletion of an SMTP connection. 
- 
-       milter_helo_macros (see 'postconf -d' output) 
-              The macros that are sent to Milter (mail filter) applications  after  the 
-              SMTP HELO or EHLO command. 
- 
-       milter_mail_macros (see 'postconf -d' output) 
-              The  macros  that are sent to Milter (mail filter) applications after the 
-              SMTP MAIL FROM command. 
- 
-       milter_rcpt_macros (see 'postconf -d' output) 
-              The macros that are sent to Milter (mail filter) applications  after  the 
-              SMTP RCPT TO command. 
- 
-       milter_data_macros (see 'postconf -d' output) 
-              The  macros  that  are  sent  to version 4 or higher Milter (mail filter) 
-              applications after the SMTP DATA command. 
- 
-       milter_unknown_command_macros (see 'postconf -d' output) 
-              The macros that are sent to version 3  or  higher  Milter  (mail  filter) 
-              applications after an unknown SMTP command. 
- 
-       milter_end_of_data_macros (see 'postconf -d' output) 
-              The  macros  that are sent to Milter (mail filter) applications after the 
-              message end-of-data. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       milter_end_of_header_macros (see 'postconf -d' output) 
-              The macros that are sent to Milter (mail filter) applications  after  the 
-              end of the message header. 
- 
-       Available in Postfix version 2.7 and later: 
- 
-       milter_header_checks (empty) 
-              Optional lookup tables for content inspection of message headers that are 
-              produced by Milter applications. 
- 
-MIME PROCESSING CONTROLS 
-       Available in Postfix version 2.0 and later: 
- 
-       disable_mime_input_processing (no) 
-              Turn off MIME processing while receiving mail. 
- 
-       mime_boundary_length_limit (2048) 
-              The maximal length of MIME multipart boundary strings. 
- 
-       mime_nesting_limit (100) 
-              The maximal recursion level that the MIME processor will handle. 
- 
-       strict_8bitmime (no) 
-              Enable both strict_7bit_headers and strict_8bitmime_body. 
- 
-       strict_7bit_headers (no) 
-              Reject mail with 8-bit text in message headers. 
- 
-       strict_8bitmime_body (no) 
-              Reject 8-bit message body text without 8-bit MIME content encoding infor‐ 
-              mation. 
- 
-       strict_mime_encoding_domain (no) 
-              Reject  mail  with invalid Content-Transfer-Encoding: information for the 
-              message/* or multipart/* MIME content types. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       detect_8bit_encoding_header (yes) 
-              Automatically detect 8BITMIME body content by looking  at  Content-Trans‐ 
-              fer-Encoding: message headers; historically, this behavior was hard-coded 
-              to be "always on". 
- 
-AUTOMATIC BCC RECIPIENT CONTROLS 
-       Postfix can automatically add BCC (blind carbon copy) when mail enters the  mail 
-       system: 
- 
-       always_bcc (empty) 
-              Optional address that receives a "blind carbon copy" of each message that 
-              is received by the Postfix mail system. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       sender_bcc_maps (empty) 
-              Optional BCC (blind carbon-copy) address lookup tables, indexed by sender 
-              address. 
- 
-       recipient_bcc_maps (empty) 
-              Optional BCC (blind carbon-copy) address lookup tables, indexed by recip‐ 
-              ient address. 
- 
-ADDRESS TRANSFORMATION CONTROLS 
-       Address rewriting is delegated to the trivial-rewrite(8) daemon.  The cleanup(8) 
-       server implements table driven address mapping. 
- 
-       empty_address_recipient (MAILER-DAEMON) 
-              The recipient of mail addressed to the null address. 
- 
-       canonical_maps (empty) 
-              Optional address mapping lookup tables for message headers and envelopes. 
- 
-       recipient_canonical_maps (empty) 
-              Optional  address mapping lookup tables for envelope and header recipient 
-              addresses. 
- 
-       sender_canonical_maps (empty) 
-              Optional address mapping lookup tables for  envelope  and  header  sender 
-              addresses. 
- 
-       masquerade_classes (envelope_sender, header_sender, header_recipient) 
-              What addresses are subject to address masquerading. 
- 
-       masquerade_domains (empty) 
-              Optional  list  of domains whose subdomain structure will be stripped off 
-              in email addresses. 
- 
-       masquerade_exceptions (empty) 
-              Optional list of user names that are not subjected to address  masquerad‐ 
-              ing, even when their address matches $masquerade_domains. 
- 
-       propagate_unmatched_extensions (canonical, virtual) 
-              What  address lookup tables copy an address extension from the lookup key 
-              to the lookup result. 
- 
-       Available before Postfix version 2.0: 
- 
-       virtual_maps (empty) 
-              Optional lookup tables with a) names of domains for which  all  addresses 
-              are  aliased  to  addresses  in  other  local  or  remote domains, and b) 
-              addresses that are aliased to addresses in other local or remote domains. 
- 
-       Available in Postfix version 2.0 and later: 
- 
-       virtual_alias_maps ($virtual_maps) 
-              Optional lookup tables that alias specific mail addresses or  domains  to 
-              other local or remote address. 
- 
-       Available in Postfix version 2.2 and later: 
- 
-       canonical_classes     (envelope_sender,    envelope_recipient,    header_sender, 
-       header_recipient) 
-              What addresses are subject to canonical_maps address mapping. 
-       recipient_canonical_classes (envelope_recipient, header_recipient) 
-              What addresses are subject to recipient_canonical_maps address mapping. 
- 
-       sender_canonical_classes (envelope_sender, header_sender) 
-              What addresses are subject to sender_canonical_maps address mapping. 
- 
-       remote_header_rewrite_domain (empty) 
-              Don't rewrite message headers from remote clients at all when this param‐ 
-              eter  is  empty; otherwise, rewrite message headers and append the speci‐ 
-              fied domain name to incomplete addresses. 
- 
-RESOURCE AND RATE CONTROLS 
-       duplicate_filter_limit (1000) 
-              The maximal number of addresses remembered by the address duplicate  fil‐ 
-              ter  for  aliases(5) or virtual(5) alias expansion, or for showq(8) queue 
-              displays. 
- 
-       header_size_limit (102400) 
-              The maximal amount of memory in bytes for storing a message header. 
- 
-       hopcount_limit (50) 
-              The maximal number of Received:  message headers that is allowed  in  the 
-              primary message headers. 
- 
-       in_flow_delay (1s) 
-              Time  to  pause  before accepting a new message, when the message arrival 
-              rate exceeds the message delivery rate. 
- 
-       message_size_limit (10240000) 
-              The maximal size in bytes of a message, including envelope information. 
- 
-       Available in Postfix version 2.0 and later: 
- 
-       header_address_token_limit (10240) 
-              The maximal number of address tokens are allowed in  an  address  message 
-              header. 
- 
-       mime_boundary_length_limit (2048) 
-              The maximal length of MIME multipart boundary strings. 
- 
-       mime_nesting_limit (100) 
-              The maximal recursion level that the MIME processor will handle. 
- 
-       queue_file_attribute_count_limit (100) 
-              The  maximal  number  of  (name=value) attributes that may be stored in a 
-              Postfix queue file. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       virtual_alias_expansion_limit (1000) 
-              The maximal number of addresses that  virtual  alias  expansion  produces 
-              from each original recipient. 
- 
-       virtual_alias_recursion_limit (1000) 
-              The maximal nesting depth of virtual alias expansion. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The  default  location of the Postfix main.cf and master.cf configuration 
-              files. 
- 
-       daemon_timeout (18000s) 
-              How much time a Postfix daemon process  may  take  to  handle  a  request 
-              before it is terminated by a built-in watchdog timer. 
- 
-       delay_logging_resolution_limit (2) 
-              The  maximal  number  of digits after the decimal point when logging sub- 
-              second delay values. 
- 
-       delay_warning_time (0h) 
-              The time after which the sender receives a copy of the message headers of 
-              mail that is still queued. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal com‐ 
-              munication channel. 
- 
-       max_idle (100s) 
-              The maximum amount of time that an idle Postfix daemon process waits  for 
-              an incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The  maximal number of incoming connections that a Postfix daemon process 
-              will service before terminating voluntarily. 
- 
-       myhostname (see 'postconf -d' output) 
-              The internet hostname of this mail system. 
- 
-       myorigin ($myhostname) 
-              The domain name that locally-posted mail appears to come from,  and  that 
-              locally posted mail is delivered to. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       soft_bounce (no) 
-              Safety  net  to  keep mail queued that would otherwise be returned to the 
-              sender. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The mail system name that is prepended to  the  process  name  in  syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       enable_original_recipient (yes) 
-              Enable support for the X-Original-To message header. 
- 
-FILES 
-       /etc/postfix/canonical*, canonical mapping table 
-       /etc/postfix/virtual*, virtual mapping table 
- 
-SEE ALSO 
-       trivial-rewrite(8), address rewriting 
-       qmgr(8), queue manager 
-       header_checks(5), message header content inspection 
-       body_checks(5), body parts content inspection 
-       canonical(5), canonical address lookup table format 
-       virtual(5), virtual alias lookup table format 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use  "postconf  readme_directory"  or  "postconf  html_directory" to locate this 
-       information. 
-       ADDRESS_REWRITING_README Postfix address manipulation 
-       CONTENT_INSPECTION_README content inspection 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                             CLEANUP(8) 
-</code> 
-==== qmgr ==== 
-Der **qmgr**-Daemon erwartet ankommende Nachrichten in der **incoming**-Queue und kümmert sich dann um die entsprechend richtige Zuordnung der eMails an die betreffenden ausgehenden Mail-Daemone **lmtp**, **[[centos:mail_c7:mta_1?&#lmtp_smtp_und_smtps|local]]**, **[[centos:mail_c7:mta_1?&#lmtp_smtp_und_smtps|smtp]]** bzw. **[[centos:mail_c7:mta_1?&#pipe|pipe]]**-Daemon. Dabei verwaltet der Queue-Manger-Daemon die gerade in der Verarbeit befindlichen Nachrichten in der **active**-Queue. Können Nachrichten gerade nicht zugestellt werden, verschiebt der **qmgr**-Daemon vom Arbeitsspeicher in Richtung **deferred**-Queue, also in Richtung Storage.  Neben der drei bereits genannten Mail-Queues kenn postfix noch die **hold**-Queue, in der Nachrichten gehalten werden, bis diese wieder freigegeben werden. Die letzte Queue ist die **corrupt**-Queue, in der unlesbare bzw. beschädigte Queue-Dateien abgelegt werden, damit diese später separat (vom Mailadmin) geprüft werden können. 
- 
-Nähere Hinweise findet man wie immer in der **manpage** des Daemon. 
-   # man 8 qmgr 
- 
-<code>QMGR(8)                         System Manager's Manual                         QMGR(8) 
- 
-NAME 
-       qmgr - Postfix queue manager 
- 
-SYNOPSIS 
-       qmgr [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  qmgr(8)  daemon  awaits  the  arrival of incoming mail and arranges for its 
-       delivery via Postfix delivery processes.  The actual mail  routing  strategy  is 
-       delegated to the trivial-rewrite(8) daemon.  This program expects to be run from 
-       the master(8) process manager. 
- 
-       Mail addressed to the local double-bounce address is logged and discarded.  This 
-       stops potential loops caused by undeliverable bounce notifications. 
- 
-MAIL QUEUES 
-       The qmgr(8) daemon maintains the following queues: 
- 
-       incoming 
-              Inbound  mail  from the network, or mail picked up by the local pickup(8) 
-              daemon from the maildrop directory. 
- 
-       active Messages that the queue manager has opened for delivery. Only  a  limited 
-              number  of  messages  is  allowed to enter the active queue (leaky bucket 
-              strategy, for a fixed delivery rate). 
- 
-       deferred 
-              Mail that could not be delivered upon the first attempt. The  queue  man‐ 
-              ager implements exponential backoff by doubling the time between delivery 
-              attempts. 
- 
-       corrupt 
-              Unreadable or damaged queue files are moved here for inspection. 
- 
-       hold   Messages that are kept "on hold" are kept here until  someone  sets  them 
-              free. 
- 
-DELIVERY STATUS REPORTS 
-       The  qmgr(8)  daemon  keeps an eye on per-message delivery status reports in the 
-       following directories. Each status report file has the same name as  the  corre‐ 
-       sponding message file: 
- 
-       bounce Per-recipient  status information about why mail is bounced.  These files 
-              are maintained by the bounce(8) daemon. 
- 
-       defer  Per-recipient status information about why mail is delayed.  These  files 
-              are maintained by the defer(8) daemon. 
- 
-       trace  Per-recipient  status information as requested with the Postfix "sendmail 
-              -v" or "sendmail  -bv"  command.   These  files  are  maintained  by  the 
-              trace(8) daemon. 
- 
-       The qmgr(8) daemon is responsible for asking the bounce(8), defer(8) or trace(8) 
-       daemons to send delivery reports. 
- 
-STRATEGIES 
-       The queue manager implements a variety of strategies for  either  opening  queue 
-       files (input) or for message delivery (output). 
- 
-       leaky bucket 
-              This  strategy limits the number of messages in the active queue and pre‐ 
-              vents the queue manager from running out of memory under heavy load. 
- 
-       fairness 
-              When the active queue has room, the queue manager takes one message  from 
-              the incoming queue and one from the deferred queue. This prevents a large 
-              mail backlog from blocking the delivery of new mail. 
- 
-       slow start 
-              This strategy eliminates "thundering herd" problems by  slowly  adjusting 
-              the number of parallel deliveries to the same destination. 
- 
-       round robin 
-              The  queue  manager  sorts delivery requests by destination.  Round-robin 
-              selection prevents one destination from dominating  deliveries  to  other 
-              destinations. 
- 
-       exponential backoff 
-              Mail  that  cannot  be delivered upon the first attempt is deferred.  The 
-              time interval between delivery attempts is doubled after each attempt. 
- 
-       destination status cache 
-              The queue manager avoids unnecessary delivery attempts by  maintaining  a 
-              short-term, in-memory list of unreachable destinations. 
- 
-       preemptive message scheduling 
-              The  queue  manager  attempts to minimize the average per-recipient delay 
-              while still preserving the correct per-message delays, using a  sophisti‐ 
-              cated preemptive message scheduling. 
- 
-TRIGGERS 
-       On an idle system, the queue manager waits for the arrival of trigger events, or 
-       it waits for a timer to go off. A trigger is a one-byte message.   Depending  on 
-       the  message  received,  the queue manager performs one of the following actions 
-       (the message is followed by the symbolic constant used internally by  the  soft‐ 
-       ware): 
- 
-       D (QMGR_REQ_SCAN_DEFERRED) 
-              Start  a  deferred  queue  scan.   If a deferred queue scan is already in 
-              progress, that scan will be restarted as soon as it finishes. 
- 
-       I (QMGR_REQ_SCAN_INCOMING) 
-              Start an incoming queue scan. If an incoming queue  scan  is  already  in 
-              progress, that scan will be restarted as soon as it finishes. 
- 
-       A (QMGR_REQ_SCAN_ALL) 
-              Ignore  deferred  queue  file  time  stamps. The request affects the next 
-              deferred queue scan. 
- 
-       F (QMGR_REQ_FLUSH_DEAD) 
-              Purge all information about dead transports and destinations. 
- 
-       W (TRIGGER_REQ_WAKEUP) 
-              Wakeup call, This is used by the master  server  to  instantiate  servers 
-              that should not go away forever. The action is to start an incoming queue 
-              scan. 
- 
-       The qmgr(8) daemon reads an entire buffer worth of triggers.  Multiple identical 
-       trigger requests are collapsed into one, and trigger requests are sorted so that 
-       A and F precede D and I. Thus, in order to force a deferred queue run, one would 
-       request  A  F D; in order to notify the queue manager of the arrival of new mail 
-       one would request I. 
- 
-STANDARDS 
-       RFC 3463 (Enhanced status codes) 
-       RFC 3464 (Delivery status notifications) 
- 
-SECURITY 
-       The qmgr(8) daemon is not security sensitive. It reads single-character messages 
-       from  untrusted  local  users,  and thus may be susceptible to denial of service 
-       attacks. The qmgr(8) daemon does not talk to the outside world, and  it  can  be 
-       run at fixed low privilege in a chrooted environment. 
- 
-DIAGNOSTICS 
-       Problems  and  transactions  are logged to the syslog daemon.  Corrupted message 
-       files are saved to the corrupt queue for further inspection. 
- 
-       Depending on the setting of the  notify_classes  parameter,  the  postmaster  is 
-       notified of bounces and of other trouble. 
- 
-BUGS 
-        single  queue  manager  process  has to compete for disk access with multiple 
-       front-end processes such as cleanup(8). A sudden burst of inbound mail can nega‐ 
-       tively impact outbound delivery rates. 
- 
-CONFIGURATION PARAMETERS 
-       Changes  to  main.cf  are not picked up automatically as qmgr(8) is a persistent 
-       process. Use the "postfix reload" command after a configuration change. 
- 
-       The text below provides only a  parameter  summary.  See  postconf(5)  for  more 
-       details including examples. 
- 
-       In the text below, transport is the first field in a master.cf entry. 
- 
-COMPATIBILITY CONTROLS 
-       Available before Postfix version 2.5: 
- 
-       allow_min_user (no) 
-              Allow a sender or recipient address to have `-' as the first character. 
- 
-       Available with Postfix version 2.7 and later: 
- 
-       default_filter_nexthop (empty) 
-              When  a  content_filter  or FILTER request specifies no explicit next-hop 
-              destination, use $default_filter_nexthop  instead;  when  that  value  is 
-              empty, use the domain in the recipient address. 
- 
-ACTIVE QUEUE CONTROLS 
-       qmgr_clog_warn_time (300s) 
-              The  minimal  delay between warnings that a specific destination is clog‐ 
-              ging up the Postfix active queue. 
- 
-       qmgr_message_active_limit (20000) 
-              The maximal number of messages in the active queue. 
- 
-       qmgr_message_recipient_limit (20000) 
-              The maximal number of recipients held in memory by the Postfix queue man‐ 
-              ager,  and  the maximal size of the short-term, in-memory "dead" destina‐ 
-              tion status cache. 
- 
-       qmgr_message_recipient_minimum (10) 
-              The minimal number of in-memory recipients for any message. 
- 
-       default_recipient_limit (20000) 
-              The default per-transport upper limit on the number of in-memory  recipi‐ 
-              ents. 
- 
-       transport_recipient_limit ($default_recipient_limit) 
-              Idem, for delivery via the named message transport. 
- 
-       default_extra_recipient_limit (1000) 
-              The default value for the extra per-transport limit imposed on the number 
-              of in-memory recipients. 
- 
-       transport_extra_recipient_limit ($default_extra_recipient_limit) 
-              Idem, for delivery via the named message transport. 
- 
-       Available in Postfix version 2.4 and later: 
- 
-       default_recipient_refill_limit (100) 
-              The default per-transport limit on the number of recipients  refilled  at 
-              once. 
- 
-       transport_recipient_refill_limit ($default_recipient_refill_limit) 
-              Idem, for delivery via the named message transport. 
- 
-       default_recipient_refill_delay (5s) 
-              The default per-transport maximum delay between recipients refills. 
- 
-       transport_recipient_refill_delay ($default_recipient_refill_delay) 
-              Idem, for delivery via the named message transport. 
- 
-DELIVERY CONCURRENCY CONTROLS 
-       initial_destination_concurrency (5) 
-              The  initial  per-destination  concurrency level for parallel delivery to 
-              the same destination. 
- 
-       default_destination_concurrency_limit (20) 
-              The default maximal number of parallel deliveries to  the  same  destina‐ 
-              tion. 
- 
-       transport_destination_concurrency_limit ($default_destination_concurrency_limit) 
-              Idem, for delivery via the named message transport. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       transport_initial_destination_concurrency ($initial_destination_concurrency) 
-              Initial concurrency for delivery via the named message transport. 
- 
-       default_destination_concurrency_failed_cohort_limit (1) 
-              How  many  pseudo-cohorts  must  suffer  connection  or handshake failure 
-              before a specific destination  is  considered  unavailable  (and  further 
-              delivery is suspended). 
- 
-       transport_destination_concurrency_failed_cohort_limit ($default_destination_con‐ 
-       currency_failed_cohort_limit) 
-              Idem, for delivery via the named message transport. 
- 
-       default_destination_concurrency_negative_feedback (1) 
-              The per-destination amount of  delivery  concurrency  negative  feedback, 
-              after a delivery completes with a connection or handshake failure. 
- 
-       transport_destination_concurrency_negative_feedback   ($default_destination_con‐ 
-       currency_negative_feedback) 
-              Idem, for delivery via the named message transport. 
- 
-       default_destination_concurrency_positive_feedback (1) 
-              The per-destination amount of  delivery  concurrency  positive  feedback, 
-              after a delivery completes without connection or handshake failure. 
- 
-       transport_destination_concurrency_positive_feedback   ($default_destination_con‐ 
-       currency_positive_feedback) 
-              Idem, for delivery via the named message transport. 
- 
-       destination_concurrency_feedback_debug (no) 
-              Make the queue manager's feedback algorithm verbose for performance anal‐ 
-              ysis purposes. 
- 
-RECIPIENT SCHEDULING CONTROLS 
-       default_destination_recipient_limit (50) 
-              The default maximal number of recipients per message delivery. 
- 
-       transport_destination_recipient_limit ($default_destination_recipient_limit) 
-              Idem, for delivery via the named message transport. 
- 
-MESSAGE SCHEDULING CONTROLS 
-       default_delivery_slot_cost (5) 
-              How  often  the  Postfix  queue manager's scheduler is allowed to preempt 
-              delivery of one message with another. 
- 
-       transport_delivery_slot_cost ($default_delivery_slot_cost) 
-              Idem, for delivery via the named message transport. 
- 
-       default_minimum_delivery_slots (3) 
-              How many recipients a message must have in order to  invoke  the  Postfix 
-              queue manager's scheduling algorithm at all. 
- 
-       transport_minimum_delivery_slots ($default_minimum_delivery_slots) 
-              Idem, for delivery via the named message transport. 
- 
-       default_delivery_slot_discount (50) 
-              The  default  value  for  transport-specific _delivery_slot_discount set‐ 
-              tings. 
- 
-       transport_delivery_slot_discount ($default_delivery_slot_discount) 
-              Idem, for delivery via the named message transport. 
- 
-       default_delivery_slot_loan (3) 
-              The default value for transport-specific _delivery_slot_loan settings. 
- 
-       transport_delivery_slot_loan ($default_delivery_slot_loan) 
-              Idem, for delivery via the named message transport. 
- 
-OTHER RESOURCE AND RATE CONTROLS 
-       minimal_backoff_time (300s) 
-              The minimal time between attempts to deliver a deferred message; prior to 
-              Postfix 2.4 the default value was 1000s. 
- 
-       maximal_backoff_time (4000s) 
-              The maximal time between attempts to deliver a deferred message. 
- 
-       maximal_queue_lifetime (5d) 
-              Consider a message as undeliverable, when delivery fails with a temporary 
-              error, and the time in the queue has reached  the  maximal_queue_lifetime 
-              limit. 
- 
-       queue_run_delay (300s) 
-              The  time  between  deferred  queue  scans by the queue manager; prior to 
-              Postfix 2.4 the default value was 1000s. 
- 
-       transport_retry_time (60s) 
-              The time between attempts by the Postfix queue manager to contact a  mal‐ 
-              functioning message delivery transport. 
- 
-       Available in Postfix version 2.1 and later: 
- 
-       bounce_queue_lifetime (5d) 
-              Consider  a  bounce  message as undeliverable, when delivery fails with a 
-              temporary  error,  and  the  time  in   the   queue   has   reached   the 
-              bounce_queue_lifetime limit. 
- 
-       Available in Postfix version 2.5 and later: 
- 
-       default_destination_rate_delay (0s) 
-              The  default amount of delay that is inserted between individual deliver‐ 
-              ies to the same destination; the resulting behavior depends on the  value 
-              of the corresponding per-destination recipient limit. 
- 
-       transport_destination_rate_delay $default_destination_rate_delay 
-              Idem, for delivery via the named message transport. 
- 
-SAFETY CONTROLS 
-       qmgr_daemon_timeout (1000s) 
-              How  much  time  a  Postfix  queue  manager  process may take to handle a 
-              request before it is terminated by a built-in watchdog timer. 
- 
-       qmgr_ipc_timeout (60s) 
-              The time limit for the queue manager to send or receive information  over 
-              an internal communication channel. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The  default  location of the Postfix main.cf and master.cf configuration 
-              files. 
- 
-       defer_transports (empty) 
-              The names of message delivery transports that  should  not  deliver  mail 
-              unless someone issues "sendmail -q" or equivalent. 
- 
-       delay_logging_resolution_limit (2) 
-              The  maximal  number  of digits after the decimal point when logging sub- 
-              second delay values. 
- 
-       helpful_warnings (yes) 
-              Log warnings about problematic configuration settings, and provide  help‐ 
-              ful suggestions. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is prepended to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-FILES 
-       /var/spool/postfix/incoming, incoming queue 
-       /var/spool/postfix/active, active queue 
-       /var/spool/postfix/deferred, deferred queue 
-       /var/spool/postfix/bounce, non-delivery status 
-       /var/spool/postfix/defer, non-delivery status 
-       /var/spool/postfix/trace, delivery status 
- 
-SEE ALSO 
-       trivial-rewrite(8), address routing 
-       bounce(8), delivery status reports 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this 
-       information. 
-       SCHEDULER_README, scheduling algorithm 
-       QSHAPE_README, Postfix queue analysis 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-       Preemptive scheduler enhancements: 
-       Patrik Rak 
-       Modra 6 
-       155 00, Prague, Czech Republic 
- 
-                                                                                QMGR(8) 
-</code> 
- 
-==== tlsmgr ==== 
-Der **tlsmgr**-Daemon verwendet die Postfix TLS Session Caches. Er speichert und empfängt Cache-Einträge des **[[centos:mail_c7:mta_1#smtpd|smtpd]]**-Daemons und auch **[[centos:mail_c7:mta_1#lmtp_smtp_und_smtps|smtp]]**-Clientprogramms und löscht diese wieder, sobald diese abgelaufen sind. Darüber hinaus verwaltet der **tlsmgr**-Daemon den **PRNG**((**P**seudo **R**andom **N**umber **G**enerator))-Pool. 
- 
-Weitere Informationen findet man in der **manpage** des **tlsmgr**-Daemon. 
-   # man 8 tlsmgr 
- 
-<code>TLSMGR(8)                       System Manager's Manual                       TLSMGR(8) 
- 
-NAME 
-       tlsmgr - Postfix TLS session cache and PRNG manager 
- 
-SYNOPSIS 
-       tlsmgr [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  tlsmgr(8)  manages the Postfix TLS session caches.  It stores and retrieves 
-       cache entries on request by smtpd(8) and  smtp(8)  processes,  and  periodically 
-       removes entries that have expired. 
- 
-       The  tlsmgr(8)  also  manages the PRNG (pseudo random number generator) pool. It 
-       answers queries by the smtpd(8) and smtp(8) processes  to  seed  their  internal 
-       PRNG pools. 
- 
-       The  tlsmgr(8)' PRNG  pool  is  initially seeded from an external source (EGD, 
-       /dev/urandom, or regular file).  It is  updated  at  configurable  pseudo-random 
-       intervals  with  data  from the external source. It is updated periodically with 
-       data from TLS session cache entries and with the time of  day,  and  is  updated 
-       with the time of day whenever a process requests tlsmgr(8) service. 
- 
-       The tlsmgr(8) saves the PRNG state to an exchange file periodically and when the 
-       process terminates, and reads the exchange file when initializing its PRNG. 
- 
-SECURITY 
-       The tlsmgr(8) is not security-sensitive. The code that  maintains  the  external 
-       and  internal  PRNG pools does not "trust" the data that it manipulates, and the 
-       code that maintains the TLS session cache does not touch  the  contents  of  the 
-       cached entries, except for seeding its internal PRNG pool. 
- 
-       The  tlsmgr(8)  can  be  run  chrooted  and with reduced privileges.  At process 
-       startup it connects to the entropy source and  exchange  file,  and  creates  or 
-       truncates the optional TLS session cache files. 
- 
-       With Postfix version 2.5 and later, the tlsmgr(8) no longer uses root privileges 
-       when opening cache files. These files should now be stored  under  the  Postfix- 
-       owned data_directory.  As a migration aid, an attempt to open a cache file under 
-       a non-Postfix directory is redirected to the Postfix-owned data_directory, and a 
-       warning is logged. 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to the syslog daemon. 
- 
-BUGS 
-       There  is  no  automatic means to limit the number of entries in the TLS session 
-       caches and/or the size of the TLS cache files. 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are not picked up automatically, because tlsmgr(8) is a  per‐ 
-       sistent  processes.   Use  the  command  "postfix  reload" after a configuration 
-       change. 
- 
-       The text below provides only a  parameter  summary.  See  postconf(5)  for  more 
-       details including examples. 
- 
-TLS SESSION CACHE 
-       lmtp_tls_loglevel (0) 
-              The  LMTP-specific version of the smtp_tls_loglevel configuration parame‐ 
-              ter. 
- 
-       lmtp_tls_session_cache_database (empty) 
-              The LMTP-specific version of the smtp_tls_session_cache_database configu‐ 
-              ration parameter. 
- 
-       lmtp_tls_session_cache_timeout (3600s) 
-              The  LMTP-specific version of the smtp_tls_session_cache_timeout configu‐ 
-              ration parameter. 
- 
-       smtp_tls_loglevel (0) 
-              Enable additional Postfix SMTP client logging of TLS activity. 
- 
-       smtp_tls_session_cache_database (empty) 
-              Name of the file containing the optional Postfix SMTP client TLS  session 
-              cache. 
- 
-       smtp_tls_session_cache_timeout (3600s) 
-              The expiration time of Postfix SMTP client TLS session cache information. 
- 
-       smtpd_tls_loglevel (0) 
-              Enable additional Postfix SMTP server logging of TLS activity. 
- 
-       smtpd_tls_session_cache_database (empty) 
-              Name  of the file containing the optional Postfix SMTP server TLS session 
-              cache. 
- 
-       smtpd_tls_session_cache_timeout (3600s) 
-              The expiration time of Postfix SMTP server TLS session cache information. 
- 
-PSEUDO RANDOM NUMBER GENERATOR 
-       tls_random_source (see 'postconf -d' output) 
-              The external entropy source for the  in-memory  tlsmgr(8)  pseudo  random 
-              number generator (PRNG) pool. 
- 
-       tls_random_bytes (32) 
-              The  number  of  bytes  that tlsmgr(8) reads from $tls_random_source when 
-              (re)seeding the in-memory pseudo random number generator (PRNG) pool. 
- 
-       tls_random_exchange_name (see 'postconf -d' output) 
-              Name of the pseudo random number generator  (PRNG)  state  file  that  is 
-              maintained by tlsmgr(8). 
- 
-       tls_random_prng_update_period (3600s) 
-              The  time  between  attempts by tlsmgr(8) to save the state of the pseudo 
-              random number generator (PRNG)  to  the  file  specified  with  $tls_ran‐ 
-              dom_exchange_name. 
- 
-       tls_random_reseed_period (3600s) 
-              The  maximal  time between attempts by tlsmgr(8) to re-seed the in-memory 
-              pseudo random number generator (PRNG) pool from external sources. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix main.cf and  master.cf  configuration 
-              files. 
- 
-       data_directory (see 'postconf -d' output) 
-              The  directory  with  Postfix-writable  data  files (for example: caches, 
-              pseudo-random numbers). 
- 
-       daemon_timeout (18000s) 
-              How much time a Postfix daemon process  may  take  to  handle  a  request 
-              before it is terminated by a built-in watchdog timer. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is prepended to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-SEE ALSO 
-       smtp(8), Postfix SMTP client 
-       smtpd(8), Postfix SMTP server 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use "postconf readme_directory" or  "postconf  html_directory"  to  locate  this 
-       information. 
-       TLS_README, Postfix TLS configuration and operation 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-HISTORY 
-       This service was introduced with Postfix version 2.2. 
- 
-AUTHOR(S) 
-       Lutz Jaenicke 
-       BTU Cottbus 
-       Allgemeine Elektrotechnik 
-       Universitaetsplatz 3-4 
-       D-03044 Cottbus, Germany 
- 
-       Adapted by: 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                              TLSMGR(8) 
-</code> 
- 
- 
-==== trivial-rewrite ==== 
-Der **trivial-rewrite**-Daemon ist für drei verschiedene Clientanfragen zuständig, den **rewrite**, **resolve** und **verify**.  
-  - **rewrite** Hier werden Adressen, die nicht dem Standardformat "**user@fqdn**" entsprechen geprüft, korrigiert und umgeschrieben. 
-  - **resolve** Hier ermittelt der Daemon anhand der Informationen aus //transport//, //nexthop//, //recipient// und //flags// wohin die Nachricht vom **[[centos:mail_c7:mta_1#qmgr|qmgr]]** als nächstes geroutet werden soll. 
-  - **verify** Hier bearbeitet die Daemon entsprechende Adressverification-Anfragen. 
- 
-Nähere Hinwiese zum **trivial-rewrite**-Daemon findet man in dessen **manpage**. 
-   # man 8 trivial-rewrite 
-<code>TRIVIAL-REWRITE(8)               System Manager's Manual               TRIVIAL-REWRITE(8) 
- 
-NAME 
-       trivial-rewrite - Postfix address rewriting and resolving daemon 
- 
-SYNOPSIS 
-       trivial-rewrite [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The trivial-rewrite(8) daemon processes three types of client service requests: 
- 
-       rewrite context address 
-              Rewrite  an  address  to  standard form, according to the address rewriting 
-              context: 
- 
-              local  Append the domain names specified with  $myorigin  or  $mydomain  to 
-                     incomplete  addresses;  do swap_bangpath and allow_percent_hack pro‐ 
-                     cessing as  described  below,  and  strip  source  routed  addresses 
-                     (@site,@site:user@domain) to user@domain form. 
- 
-              remote Append  the domain name specified with $remote_header_rewrite_domain 
-                     to incomplete addresses. Otherwise the result is identical  to  that 
-                     of  the  local address rewriting context. This prevents Postfix from 
-                     appending the local  domain  to  spam  from  poorly  written  remote 
-                     clients. 
- 
-       resolve sender address 
-              Resolve  the address to a (transport, nexthop, recipient, flags) quadruple. 
-              The meaning of the results is as follows: 
- 
-              transport 
-                     The delivery agent to use. This is the first field of  an  entry  in 
-                     the master.cf file. 
-              nexthop 
-                     The host to send to and optional delivery method information. 
- 
-              recipient 
-                     The envelope recipient address that is passed on to nexthop. 
- 
-              flags  The  address  class,  whether the address requires relaying, whether 
-                     the address has problems, and whether the request failed. 
- 
-       verify sender address 
-              Resolve the address for address verification purposes. 
- 
-SERVER PROCESS MANAGEMENT 
-       The trivial-rewrite(8) servers run under control by  the  Postfix  master  server. 
-       Each  server  can  handle multiple simultaneous connections.  When all servers are 
-       busy while a client connects, the master creates a new  server  process,  provided 
-       that  the  trivial-rewrite server process limit is not exceeded.  Each trivial-re‐ 
-       write server terminates after serving at least $max_use clients of after $max_idle 
-       seconds of idle time. 
- 
-STANDARDS 
-       None. The command does not interact with the outside world. 
- 
-SECURITY 
-       The  trivial-rewrite(8) daemon is not security sensitive.  By default, this daemon 
-       does not talk to remote or local users.  It can run at a fixed low privilege in  a 
-       chrooted environment. 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-CONFIGURATION PARAMETERS 
-       On  busy mail systems a long time may pass before a main.cf change affecting triv‐ 
-       ial-rewrite(8) is picked up. Use the  command  "postfix  reload"  to  speed  up  a 
-       change. 
- 
-       The text below provides only a parameter summary. See postconf(5) for more details 
-       including examples. 
- 
-COMPATIBILITY CONTROLS 
-       resolve_dequoted_address (yes) 
-              Resolve a recipient address safely instead of correctly, by looking  inside 
-              quotes. 
- 
-       Available with Postfix version 2.1 and later: 
- 
-       resolve_null_domain (no) 
-              Resolve  an  address that ends in the "@" null domain as if the local host‐ 
-              name were specified, instead of rejecting the address as invalid. 
- 
-       Available with Postfix version 2.3 and later: 
- 
-       resolve_numeric_domain (no) 
-              Resolve "user@ipaddress" as "user@[ipaddress]", instead  of  rejecting  the 
-              address as invalid. 
- 
-       Available with Postfix version 2.5 and later: 
- 
-       allow_min_user (no) 
-              Allow a sender or recipient address to have `-' as the first character. 
- 
-ADDRESS REWRITING CONTROLS 
-       myorigin ($myhostname) 
-              The  domain  name  that  locally-posted mail appears to come from, and that 
-              locally posted mail is delivered to. 
-       allow_percent_hack (yes) 
-              Enable the rewriting of the form "user%domain" to "user@domain". 
- 
-       append_at_myorigin (yes) 
-              With locally  submitted  mail,  append  the  string  "@$myorigin"  to  mail 
-              addresses without domain information. 
- 
-       append_dot_mydomain (yes) 
-              With  locally  submitted  mail, append the string ".$mydomain" to addresses 
-              that have no ".domain" information. 
- 
-       recipient_delimiter (empty) 
-              The set of characters that can separate a  user  name  from  its  extension 
-              (example:  user+foo),  or a .forward file name from its extension (example: 
-              .forward+foo). 
- 
-       swap_bangpath (yes) 
-              Enable the rewriting of "site!user" into "user@site". 
- 
-       Available in Postfix 2.2 and later: 
- 
-       remote_header_rewrite_domain (empty) 
-              Don't rewrite message headers from remote clients at all when this  parame‐ 
-              ter  is  empty; otherwise, rewrite message headers and append the specified 
-              domain name to incomplete addresses. 
- 
-ROUTING CONTROLS 
-       The following is applicable to Postfix version 2.0 and later.  Earlier versions do 
-       not  have  support for: virtual_transport, relay_transport, virtual_alias_domains, 
-       virtual_mailbox_domains or proxy_interfaces. 
- 
-       local_transport (local:$myhostname) 
-              The default mail delivery transport  and  next-hop  destination  for  final 
-              delivery to domains listed with mydestination, and for [ipaddress] destina‐ 
-              tions that match $inet_interfaces or $proxy_interfaces. 
- 
-       virtual_transport (virtual) 
-              The default mail delivery transport  and  next-hop  destination  for  final 
-              delivery to domains listed with $virtual_mailbox_domains. 
- 
-       relay_transport (relay) 
-              The  default  mail  delivery  transport and next-hop destination for remote 
-              delivery to domains listed with $relay_domains. 
- 
-       default_transport (smtp) 
-              The default mail delivery transport and next-hop destination  for  destina‐ 
-              tions  that  do  not  match $mydestination, $inet_interfaces, $proxy_inter‐ 
-              faces, $virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. 
- 
-       parent_domain_matches_subdomains (see 'postconf -d' output) 
-              What Postfix  features  match  subdomains  of  "domain.tld"  automatically, 
-              instead of requiring an explicit ".domain.tld" pattern. 
- 
-       relayhost (empty) 
-              The  next-hop destination of non-local mail; overrides non-local domains in 
-              recipient addresses. 
- 
-       transport_maps (empty) 
-              Optional lookup tables with mappings from  recipient  address  to  (message 
-              delivery transport, next-hop destination). 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       sender_dependent_relayhost_maps (empty) 
-              A sender-dependent override for the global relayhost parameter setting. 
-       Available in Postfix version 2.5 and later: 
- 
-       empty_address_relayhost_maps_lookup_key (<>) 
-              The sender_dependent_relayhost_maps search string that will be used instead 
-              of the null sender address. 
- 
-       Available in Postfix version 2.7 and later: 
- 
-       empty_address_default_transport_maps_lookup_key (<>) 
-              The sender_dependent_default_transport_maps search string that will be used 
-              instead of the null sender address. 
- 
-       sender_dependent_default_transport_maps (empty) 
-              A sender-dependent override for the global default_transport parameter set‐ 
-              ting. 
- 
-ADDRESS VERIFICATION CONTROLS 
-       Postfix version 2.1 introduces sender and recipient  address  verification.   This 
-       feature  is  implemented  by  sending  probe  email messages that are not actually 
-       delivered.  By default, address verification probes use the same route as  regular 
-       mail.  To  override  specific  aspects of message routing for address verification 
-       probes, specify one or more of the following: 
- 
-       address_verify_local_transport ($local_transport) 
-              Overrides the local_transport parameter setting  for  address  verification 
-              probes. 
- 
-       address_verify_virtual_transport ($virtual_transport) 
-              Overrides  the virtual_transport parameter setting for address verification 
-              probes. 
- 
-       address_verify_relay_transport ($relay_transport) 
-              Overrides the relay_transport parameter setting  for  address  verification 
-              probes. 
- 
-       address_verify_default_transport ($default_transport) 
-              Overrides  the default_transport parameter setting for address verification 
-              probes. 
- 
-       address_verify_relayhost ($relayhost) 
-              Overrides the relayhost parameter setting for address verification probes. 
- 
-       address_verify_transport_maps ($transport_maps) 
-              Overrides the transport_maps parameter  setting  for  address  verification 
-              probes. 
- 
-       Available in Postfix version 2.3 and later: 
- 
-       address_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps) 
-              Overrides the sender_dependent_relayhost_maps parameter setting for address 
-              verification probes. 
- 
-       Available in Postfix version 2.7 and later: 
- 
-       address_verify_sender_dependent_default_transport_maps             ($sender_depen‐ 
-       dent_default_transport_maps) 
-              Overrides the sender_dependent_default_transport_maps parameter setting for 
-              address verification probes. 
- 
-MISCELLANEOUS CONTROLS 
-       config_directory (see 'postconf -d' output) 
-              The default location of the Postfix  main.cf  and  master.cf  configuration 
-              files. 
- 
-       daemon_timeout (18000s) 
-              How  much time a Postfix daemon process may take to handle a request before 
-              it is terminated by a built-in watchdog timer. 
- 
-       empty_address_recipient (MAILER-DAEMON) 
-              The recipient of mail addressed to the null address. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal commu‐ 
-              nication channel. 
- 
-       max_idle (100s) 
-              The maximum amount of time that an idle Postfix daemon process waits for an 
-              incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The maximal number of incoming connections that a  Postfix  daemon  process 
-              will service before terminating voluntarily. 
- 
-       relocated_maps (empty) 
-              Optional  lookup  tables  with new contact information for users or domains 
-              that no longer exist. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       show_user_unknown_table_name (yes) 
-              Display the name of the recipient table in the "User unknown" responses. 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The mail system name that is  prepended  to  the  process  name  in  syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-       Available in Postfix version 2.0 and later: 
- 
-       helpful_warnings (yes) 
-              Log  warnings about problematic configuration settings, and provide helpful 
-              suggestions. 
- 
-SEE ALSO 
-       postconf(5), configuration parameters 
-       transport(5), transport table format 
-       relocated(5), format of the "user has moved" table 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-README FILES 
-       Use "postconf readme_directory" or "postconf html_directory" to locate this infor‐ 
-       mation. 
-       ADDRESS_CLASS_README, Postfix address classes howto 
-       ADDRESS_VERIFICATION_README, Postfix address verification 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                       TRIVIAL-REWRITE(8) 
-</code> 
-==== bounce, defer, trace ==== 
-Die drei Daemons **bounce**, **defer** und **trace** bilden zwei wesentliche Funktionen des MTA ab. Zum einen verständigen diese bei Bedarf einen Absender, sofern seine eMail zugestellt wurde, verzögert zugestellt oder eben nicht zugestellt werden konnte. Dazu stehen diese Daemons in direktem Kontakt mit dem **[[centos:mail_c7:mta_1?&#qmgr|qmgr]]**-Daemon damit diese die vorgenannten Statusberichte versenden oder Nachrichten, die nicht zugestellt worden sind, in die //deferred//-Queue verschieben können. 
- 
-Weitere Hinweise findet man zu den drei Daemons in der **manpage** von **bounce**. 
-   # man 8 bounce 
- 
-<code>BOUNCE(8)                        System Manager's Manual                        BOUNCE(8) 
- 
-NAME 
-       bounce - Postfix delivery status reports 
- 
-SYNOPSIS 
-       bounce [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The bounce(8) daemon maintains per-message log files with delivery status informa‐ 
-       tion. Each log file is named after the queue file that it corresponds to,  and  is 
-       kept  in  a  queue subdirectory named after the service name in the master.cf file 
-       (either bounce, defer or trace).  This program expects to be  run  from  the  mas‐ 
-       ter(8) process manager. 
- 
-       The bounce(8) daemon processes two types of service requests: 
- 
-       ·      Append a recipient (non-)delivery status record to a per-message log file. 
- 
-       ·      Enqueue  a  delivery status notification message, with a copy of a per-mes‐ 
-              sage log file and of the corresponding message.  When the  delivery  status 
-              notification  message is enqueued successfully, the per-message log file is 
-              deleted. 
- 
-       The software does a best notification effort. A non-delivery notification is  sent 
-       even when the log file or the original message cannot be read. 
- 
-       Optionally,  a  bounce  (defer, trace) client can request that the per-message log 
-       file be deleted when the requested operation fails.  This is used by clients  that 
-       cannot  retry  transactions by themselves, and that depend on retry logic in their 
-       own client. 
- 
-STANDARDS 
-       RFC 822 (ARPA Internet Text Messages) 
-       RFC 2045 (Format of Internet Message Bodies) 
-       RFC 2822 (Internet Message Format) 
-       RFC 3462 (Delivery Status Notifications) 
-       RFC 3464 (Delivery Status Notifications) 
-       RFC 3834 (Auto-Submitted: message header) 
-       RFC 5322 (Internet Message Format) 
- 
-DIAGNOSTICS 
-       Problems and transactions are logged to syslogd(8). 
- 
-CONFIGURATION PARAMETERS 
-       Changes to main.cf are picked up automatically, as  bounce(8)  processes  run  for 
-       only  a  limited  amount  of  time. Use the command "postfix reload" to speed up a 
-       change. 
- 
-       The text below provides only a parameter summary. See postconf(5) for more details 
-       including examples. 
- 
-       2bounce_notice_recipient (postmaster) 
-              The recipient of undeliverable mail that cannot be returned to the sender. 
- 
-       backwards_bounce_logfile_compatibility (yes) 
-              Produce  additional  bounce(8)  logfile records that can be read by Postfix 
-              versions before 2.0. 
- 
-       bounce_notice_recipient (postmaster) 
-              The recipient of postmaster notifications with the message headers of  mail 
-              that  Postfix  did not deliver and of SMTP conversation transcripts of mail 
-              that Postfix did not receive. 
- 
-       bounce_size_limit (50000) 
-              The maximal amount of original message text that is sent in a  non-delivery 
-              notification. 
- 
-       bounce_template_file (empty) 
-              Pathname of a configuration file with bounce message templates. 
- 
-       config_directory (see 'postconf -d' output) 
-              The  default  location  of  the Postfix main.cf and master.cf configuration 
-              files. 
-       daemon_timeout (18000s) 
-              How much time a Postfix daemon process may take to handle a request  before 
-              it is terminated by a built-in watchdog timer. 
- 
-       delay_notice_recipient (postmaster) 
-              The  recipient of postmaster notifications with the message headers of mail 
-              that cannot be delivered within $delay_warning_time time units. 
- 
-       deliver_lock_attempts (20) 
-              The maximal number of attempts to acquire an exclusive lock  on  a  mailbox 
-              file or bounce(8) logfile. 
- 
-       deliver_lock_delay (1s) 
-              The time between attempts to acquire an exclusive lock on a mailbox file or 
-              bounce(8) logfile. 
- 
-       ipc_timeout (3600s) 
-              The time limit for sending or receiving information over an internal commu‐ 
-              nication channel. 
- 
-       internal_mail_filter_classes (empty) 
-              What  categories of Postfix-generated mail are subject to before-queue con‐ 
-              tent inspection by non_smtpd_milters, header_checks and body_checks. 
- 
-       mail_name (Postfix) 
-              The mail system name that is displayed in Received: headers,  in  the  SMTP 
-              greeting banner, and in bounced mail. 
- 
-       max_idle (100s) 
-              The maximum amount of time that an idle Postfix daemon process waits for an 
-              incoming connection before terminating voluntarily. 
- 
-       max_use (100) 
-              The maximal number of incoming connections that a  Postfix  daemon  process 
-              will service before terminating voluntarily. 
- 
-       notify_classes (resource, software) 
-              The list of error classes that are reported to the postmaster. 
- 
-       process_id (read-only) 
-              The process ID of a Postfix command or daemon process. 
- 
-       process_name (read-only) 
-              The process name of a Postfix command or daemon process. 
- 
-       queue_directory (see 'postconf -d' output) 
-              The location of the Postfix top-level queue directory. 
- 
-       syslog_facility (mail) 
-              The syslog facility of Postfix logging. 
- 
-       syslog_name (see 'postconf -d' output) 
-              The  mail  system  name  that  is  prepended  to the process name in syslog 
-              records, so that "smtpd" becomes, for example, "postfix/smtpd". 
- 
-FILES 
-       /var/spool/postfix/bounce/* non-delivery records 
-       /var/spool/postfix/defer/* non-delivery records 
-       /var/spool/postfix/trace/* delivery status records 
- 
-SEE ALSO 
-       bounce(5), bounce message template format 
-       qmgr(8), queue manager 
-       postconf(5), configuration parameters 
-       master(5), generic daemon options 
-       master(8), process manager 
-       syslogd(8), system logging 
- 
-LICENSE 
-       The Secure Mailer license must be distributed with this software. 
- 
-AUTHOR(S) 
-       Wietse Venema 
-       IBM T.J. Watson Research 
-       P.O. Box 704 
-       Yorktown Heights, NY 10598, USA 
- 
-                                                                                BOUNCE(8) 
-</code> 
- 
-==== verify ==== 
-Der **verify**-Daemon erstellt und verwaltet eine Liste aller Empfängeradressen und vermerkt dabei, ob diese zustellbar bzw. unzustellbar sind. Dabei werden alle Routing und Rewrite-Mechanismen in der Mailzustellung bewertet. Das Prüfungsergebnis, ob eine Empfängeradresse als grundsätzlich erreichbar oder nicht erreichbar vermerkt wird, basieren auf dem nächsten MTA-Hop!  
- 
-Weitere Informationen zum **verify**-Daemon findet man in dessen **manpage**. 
-   # man 8 verify 
- 
-<code>VERIFY(8)                        System Manager's Manual                        VERIFY(8) 
- 
-NAME 
-       verify - Postfix address verification server 
- 
-SYNOPSIS 
-       verify [generic Postfix daemon options] 
- 
-DESCRIPTION 
-       The  verify(8)  address  verification  server maintains a record of what recipient 
-       addresses are known to be deliverable or undeliverable. 
- 
-       Addresses are verified by injecting probe messages into the Postfix  queue.  Probe 
-       messages  are run through all the routing and rewriting machinery except for final 
-       delivery, and are discarded rather than being deferred or bounced. 
- 
-       Address verification relies on the answer from the nearest MTA for  the  specified 
-       address, and will therefore not detect all undeliverable addresses. 
- 
-       The  verify(8)  server  is  designed  to  run  under control by the Postfix master 
-       server. It maintains an optional persistent database.  To avoid being  interrupted 
-       by  "postfix stop" in the middle of a database update, the process runs in a sepa‐ 
-       rate process group. 
- 
-       The verify(8) server implements the following requests: 
- 
-       update address status text 
-              Update the status and text of the specified address. 
- 
-       query address 
-              Look up the status and text for the specified address.  If  the  status  is 
-              unknown, a probe is sent and an "in progress" status is returned. 
- 
-SECURITY 
-       The address verification server is not security-sensitive. It does not talk to the 
-       network, and it does not talk to local users.  The verify server can run  chrooted 
-       at fixed low privilege. 
- 
-       The  address  verification  server  can  be  coerced to store unlimited amounts of 
-       garbage. Limiting the cache expiry time trades one problem (disk space exhaustion) 
-       for another one (poor response time to client requests). 
- 
-       With Postfix version 2.5 and later, the verify(8) server no longer uses root priv‐ 
-       ileges when opening the address_verify_map cache file.  The  file  should  now  be 
-       stored  under the Postfix-owned data_directory.  As a migration aid, an attempt to 
-       open a cache file under a non-Postfix directory is redirected to the Postfix-owned 
-       data_directory, and a warning is logged. 
-