postfix-2.5-20070531-tls-nonprod

/*++ /* NAME /* smtpd 8 /* SUMMARY /* Postfix SMTP server /* SYNOPSIS /* \fBsmtpd\fR [generic Postfix daemon options] /* DESCRIPTION /* The SMTP server accepts network connection requests /* and performs zero or more SMTP transactions per connection. /* Each received message is piped through the \fBcleanup\fR(8) /* daemon, and is placed into the \fBincoming\fR queue as one /* single queue file. For this mode of operation, the program /* expects to be run from the \fBmaster\fR(8) process manager. /* /* Alternatively, the SMTP server be can run in stand-alone /* mode; this is traditionally obtained with "\fBsendmail /* -bs\fR". When the SMTP server runs stand-alone with non /* $\fBmail_owner\fR privileges, it receives mail even while /* the mail system is not running, deposits messages directly /* into the \fBmaildrop\fR queue, and disables the SMTP server's /* access policies. As of Postfix version 2.3, the SMTP server /* refuses to receive mail from the network when it runs with /* non $\fBmail_owner\fR privileges. /* /* The SMTP server implements a variety of policies for connection /* requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR /* and \fBRCPT TO\fR commands. They are detailed below and in the /* \fBmain.cf\fR configuration file. /* SECURITY /* .ad /* .fi /* The SMTP server is moderately security-sensitive. It talks to SMTP /* clients and to DNS servers on the network. The SMTP server can be /* run chrooted at fixed low privilege. /* STANDARDS /* RFC 821 (SMTP protocol) /* RFC 1123 (Host requirements) /* RFC 1652 (8bit-MIME transport) /* RFC 1869 (SMTP service extensions) /* RFC 1870 (Message Size Declaration) /* RFC 1985 (ETRN command) /* RFC 2034 (SMTP Enhanced Error Codes) /* RFC 2554 (AUTH command) /* RFC 2821 (SMTP protocol) /* RFC 2920 (SMTP Pipelining) /* RFC 3207 (STARTTLS command) /* RFC 3461 (SMTP DSN Extension) /* RFC 3463 (Enhanced Status Codes) /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8). /* /* Depending on the setting of the \fBnotify_classes\fR parameter, /* the postmaster is notified of bounces, protocol problems, /* policy violations, and of other trouble. /* CONFIGURATION PARAMETERS /* .ad /* .fi /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtpd\fR(8) /* processes run for only a limited amount of time. Use the command /* "\fBpostfix reload\fR" to speed up a change. /* /* The text below provides only a parameter summary. See /* \fBpostconf\fR(5) for more details including examples. /* COMPATIBILITY CONTROLS /* .ad /* .fi /* The following parameters work around implementation errors in other /* software, and/or allow you to override standards in order to prevent /* undesirable use. /* .ad /* .fi /* .IP "\fBbroken_sasl_auth_clients (no)\fR" /* Enable inter-operability with SMTP clients that implement an obsolete /* version of the AUTH command (RFC 2554). /* .IP "\fBdisable_vrfy_command (no)\fR" /* Disable the SMTP VRFY command. /* .IP "\fBsmtpd_noop_commands (empty)\fR" /* List of commands that the Postfix SMTP server replies to with "250 /* Ok", without doing any syntax checks and without changing state. /* .IP "\fBstrict_rfc821_envelopes (no)\fR" /* Require that addresses received in SMTP MAIL FROM and RCPT TO /* commands are enclosed with <>, and that those addresses do /* not contain RFC 822 style comments or phrases. /* .PP /* Available in Postfix version 2.1 and later: /* .IP "\fBresolve_null_domain (no)\fR" /* Resolve an address that ends in the "@" null domain as if the /* local hostname were specified, instead of rejecting the address as /* invalid. /* .IP "\fBsmtpd_reject_unlisted_sender (no)\fR" /* Request that the Postfix SMTP server rejects mail from unknown /* sender addresses, even when no explicit reject_unlisted_sender /* access restriction is specified. /* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR" /* What remote SMTP clients the Postfix SMTP server will not offer /* AUTH support to. /* .PP /* Available in Postfix version 2.2 and later: /* .IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR" /* Lookup tables, indexed by the remote SMTP client address, with /* case insensitive lists of EHLO keywords (pipelining, starttls, auth, /* etc.) that the SMTP server will not send in the EHLO response to a /* remote SMTP client. /* .IP "\fBsmtpd_discard_ehlo_keywords (empty)\fR" /* A case insensitive list of EHLO keywords (pipelining, starttls, /* auth, etc.) that the SMTP server will not send in the EHLO response /* to a remote SMTP client. /* .IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR" /* Postpone the start of an SMTP mail transaction until a valid /* RCPT TO command is received. /* .PP /* Available in Postfix version 2.3 and later: /* .IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" /* Force the Postfix SMTP server to issue a TLS session id, even /* when TLS session caching is turned off (smtpd_tls_session_cache_database /* is empty). /* ADDRESS REWRITING CONTROLS /* .ad /* .fi /* See the ADDRESS_REWRITING_README document for a detailed /* discussion of Postfix address rewriting. /* .IP "\fBreceive_override_options (empty)\fR" /* Enable or disable recipient validation, built-in content /* filtering, or address mapping. /* .PP /* Available in Postfix version 2.2 and later: /* .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" /* Rewrite message header addresses in mail from these clients and /* update incomplete addresses with the domain name in $myorigin or /* $mydomain; either don't rewrite message headers from other clients /* at all, or rewrite message headers and update incomplete addresses /* with the domain specified in the remote_header_rewrite_domain /* parameter. /* AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS /* .ad /* .fi /* As of version 1.0, Postfix can be configured to send new mail to /* an external content filter AFTER the mail is queued. This content /* filter is expected to inject mail back into a (Postfix or other) /* MTA for further delivery. See the FILTER_README document for details. /* .IP "\fBcontent_filter (empty)\fR" /* The name of a mail delivery transport that filters mail after /* it is queued. /* BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS /* .ad /* .fi /* As of version 2.1, the Postfix SMTP server can be configured /* to send incoming mail to a real-time SMTP-based content filter /* BEFORE mail is queued. This content filter is expected to inject /* mail back into Postfix. See the SMTPD_PROXY_README document for /* details on how to configure and operate this feature. /* .IP "\fBsmtpd_proxy_filter (empty)\fR" /* The hostname and TCP port of the mail filtering proxy server. /* .IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR" /* How the Postfix SMTP server announces itself to the proxy filter. /* .IP "\fBsmtpd_proxy_timeout (100s)\fR" /* The time limit for connecting to a proxy filter and for sending or /* receiving information. /* BEFORE QUEUE MILTER CONTROLS /* .ad /* .fi /* As of version 2.3, Postfix supports the Sendmail version 8 /* Milter (mail filter) protocol. These content filters run /* outside Postfix. They can inspect the SMTP command stream /* and the message content, and can request modifications before /* mail is queued. For details see the MILTER_README document. /* .IP "\fBsmtpd_milters (empty)\fR" /* A list of Milter (mail filter) applications for new mail that /* arrives via the Postfix \fBsmtpd\fR(8) server. /* .IP "\fBmilter_protocol (2)\fR" /* The mail filter protocol version and optional protocol extensions /* for communication with a Milter (mail filter) application. /* .IP "\fBmilter_default_action (tempfail)\fR" /* The default action when a Milter (mail filter) application is /* unavailable or mis-configured. /* .IP "\fBmilter_macro_daemon_name ($myhostname)\fR" /* The {daemon_name} macro value for Milter (mail filter) applications. /* .IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" /* The {v} macro value for Milter (mail filter) applicat