SMTPD(8) SMTPD(8)
NAME
smtpd - Postfix SMTP server
SYNOPSIS
smtpd [generic Postfix daemon options]
DESCRIPTION
The SMTP server accepts network connection requests and performs zero
or more SMTP transactions per connection. Each received message is
piped through the cleanup(8) daemon, and is placed into the incoming
queue as one single queue file. For this mode of operation, the pro-
gram expects to be run from the master(8) process manager.
Alternatively, the SMTP server takes an established connection on stan-
dard input and deposits messages directly into the maildrop queue. In
this so-called stand-alone mode, the SMTP server can accept mail even
while the mail system is not running.
The SMTP server implements a variety of policies for connection
requests, and for parameters given to HELO, ETRN, MAIL FROM, VRFY and
RCPT TO commands. They are detailed below and in the main.cf configura-
tion file.
SECURITY
The SMTP server is moderately security-sensitive. It talks to SMTP
clients and to DNS servers on the network. The SMTP server can be run
chrooted at fixed low privilege.
STANDARDS
RFC 821 (SMTP protocol)
RFC 1123 (Host requirements)
RFC 1652 (8bit-MIME transport)
RFC 1869 (SMTP service extensions)
RFC 1870 (Message Size Declaration)
RFC 1985 (ETRN command)
RFC 2554 (AUTH command)
RFC 2821 (SMTP protocol)
RFC 2920 (SMTP Pipelining)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
Depending on the setting of the notify_classes parameter, the postmas-
ter is notified of bounces, protocol problems, policy violations, and
of other trouble.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant to this pro-
gram. See the Postfix main.cf file for syntax details and for default
values. Use the postfix reload command after a configuration change.
Compatibility controls
strict_rfc821_envelopes
Disallow non-RFC 821 style addresses in SMTP commands. For exam-
ple, the RFC822-style address forms with comments that Sendmail
allows.
broken_sasl_auth_clients
Support Microsoft clients that implement an older version of the
AUTH protocol, and that expect an EHLO response of "250
AUTH=list" instead of "250 AUTH list".
smtpd_sasl_exceptions_networks
Don't offer AUTH in the response to EHLO when talking to clients
in the specified networks. This is a workaround for clients
that that demand a login and password from the user whenever
AUTH is offered by an SMTP server.
smtpd_noop_commands
List of commands that are treated as NOOP (no operation) com-
mands, without any parameter syntax checking and without any
state change. This list overrides built-in command definitions.
Content inspection controls
Optionally, Postfix can be configured to send new mail to external con-
tent filter software AFTER the mail is queued.
content_filter
The name of a mail delivery transport that filters mail and that
either bounces mail or re-injects the result back into Postfix.
This parameter uses the same syntax as the right-hand side of a
Postfix transport table.
receive_override_options
The following options override main.cf settings. The options
are either implemented by the SMTP server or are passed on to
the downstream cleanup server.
no_unknown_recipient_checks
Do not try to reject unknown recipients. This is typi-
cally specified with the SMTP server after an external
content filter.
no_address_mappings
Disable canonical address mapping, virtual alias map
expansion, address masquerading, and automatic BCC recip-
ients. This is typically specified with the SMTP server
before an external content filter.
no_header_body_checks
Disable header/body_checks. This is typically specified
with the SMTP server after an external content filter.
Pass-through proxy
Optionally, the Postfix SMTP server can be configured to forward all
mail to a proxy server, for example a real-time content filter, BEFORE
mail is queued.
smtpd_proxy_filter
The host:port of the SMTP proxy server. The host or host: por-
tion is optional.
smtpd_proxy_timeout
Timeout for connecting to, sending to and receiving from the
SMTP proxy server.
smtpd_proxy_ehlo
The hostname to use when sending an EHLO command to the SMTP
proxy server.
Authentication controls
smtpd_sasl_auth_enable
Enable per-session authentication as per RFC 2554 (SASL). This
functionality is available only when explicitly selected at pro-
gram build time and explicitly enabled at runtime.
smtpd_sasl_local_domain
The name of the local authentication realm.
smtpd_sasl_security_options
Zero or more of the following.
noplaintext
Disallow authentication methods that use plaintext pass-
words.
noactive
Disallow authentication methods that are vulnerable to
non-dictionary active attacks.
nodictionary
Disallow authentication methods that are vulnerable to
passive dictionary attack.
noanonymous
Disallow anonymous logins.
smtpd_sender_login_maps
Maps that specify the SASL login name that owns a MAIL FROM
sender address. Used by the reject_sender_login_mismatch sender
anti-spoofing restriction.
Miscellaneous
smtpd_authorized_verp_clients
Hostnames, domain names and/or addresses of clients that are
authorized to use the XVERP extension.
smtpd_authorized_xaddr_clients
Hostnames, domain names and/or addresses of clients that are
authorized to use the "XADDR client-address client-name" com-
mand. This changes Postfix's idea of the SMTP client IP address
and hostname for access control and for logging purposes.
smtpd_authorized_xloginfo_clients
Hostnames, domain names and/or addresses of clients that are
authorized to use the "XLOGINFO client-address client-name" com-
mand. This changes the client name and address that are used
for logging, without affecting the client IP address and host-
name that are used for access control. XLOGINFO is typically
used to propagate remote client information through an SMTP-
based content filter to the after-filter SMTP server.
debug_peer_level
Increment in verbose logging level when a remote host matches a
pattern in the debug_peer_list parameter.
debug_peer_list
List of domain or network patterns. When a remote host matches a
pattern, increase the verbose logging level by the amount speci-
fied in the debug_peer_level parameter.
default_verp_delimiters
The default VERP delimiter characters that are used when the
XVERP command is specified without explicit delimiters.
error_notice_recipient
Recipient of protocol/policy/resource/software error notices.
hopcount_limit
Limit the number of Received: message headers.
notify_classes
List of error classes. Of special interest are:
policy When a client violates any policy, mail a transcript of
the entire SMTP session to the postmaster.
protocol
When a client violates the SMTP protocol or issues an
unimplemented command, mail a transcript of the entire
SMTP session to the postmaster.
smtpd_banner
Text that follows the 220 status code in the SMTP greeting ban-
ner.
smtpd_expansion_filter
Controls what characters are allowed in $name expansion of rbl
template responses and other text.
smtpd_recipient_limit
Restrict the number of recipients that the SMTP server accepts
per message delivery.
smtpd_timeout
Limit the time to send a server response and to receive a client
request.
soft_bounce
Change hard (5xx) reject responses into soft (4xx) reject
responses. This can be useful for testing purposes.
verp_delimiter_filter
The characters that Postfix accepts as VERP delimiter charac-
ters.
Known versus unknown recipients
show_user_unknown_table_name
Whether or not to reveal the table name in the "User unknown"
responses. The extra detail makes trouble shooting easier but
also reveals information that is nobody elses business.
unknown_local_recipient_reject_code
The response code when a client specifies a recipient whose
domain matches $mydestination or $inet_interfaces, while
$local_recipient_maps is non-empty and does not list the recipi-
ent address or address local-part.
unknown_relay_recipient_reject_code
The response code when a client specifies a recipient whose
domain matches $relay_domains, while $relay_recipient_maps is
non-empty and does not list the recipient address.
unknown_virtual_alias_reject_code
The response code when a client specifies a recipient whose
domain matches $virtual_alias_domains, while the recipient is
not listed in $virtual_alias_maps.
unknown_virtual_mailbox_reject_code
The response code when a client specifies a recipient whose
domain matches $virtual_mailbox_domains, while the recipient is
not listed in $virtual_mailbox_maps.
Resource controls
line_length_limit
Limit the amount of memory in bytes used for the handling of
partial input lines.
message_size_limit
Limit the total size in bytes of a message, including on-disk
storage for envelope information.
queue_minfree
Minimal amount of free space in bytes in the queue file system
for the SMTP server to accept any mail at all (default: twice
the message_size_limit value).
smtpd_history_flush_threshold
Flush the command history to postmaster after receipt of RSET
etc. only if the number of history lines exceeds the given
threshold.
Tarpitting
smtpd_error_sleep_time
Time to wait in seconds before sending a 4xx or 5xx server error
response.
smtpd_soft_error_limit
When an SMTP client has made this number of errors, wait
error_count seconds before responding to any client request.
smtpd_hard_error_limit
Disconnect after a client has made this number of errors.
smtpd_junk_command_limit
Limit the number of times a client can issue a junk command such
as NOOP, VRFY, ETRN or RSET in one SMTP session before it is
penalized with tarpit delays.
Delegated policy
smtpd_policy_service_timeout
Time limit for connecting to, writing to and receiving from a
delegated SMTPD policy server.
smtpd_policy_service_max_idle
Time after which an unused SMTPD policy service connection is
closed.
smtpd_policy_service_timeout
Time after which an active SMTPD policy service connection is
closed.
UCE control restrictions
parent_domain_matches_subdomains
List of Postfix features that use domain.tld patterns to match
sub.domain.tld (as opposed to requiring .domain.tld patterns).
smtpd_client_restrictions
Restrict what clients may connect to this mail system.
smtpd_helo_required
Require that clients introduce themselves at the beginning of an
SMTP session.
smtpd_helo_restrictions
Restrict what client hostnames are allowed in HELO and EHLO com-
mands.
smtpd_sender_restrictions
Restrict what sender addresses are allowed in MAIL FROM com-
mands.
smtpd_recipient_restrictions
Restrict what recipient addresses are allowed in RCPT TO com-
mands.
smtpd_etrn_restrictions
Restrict what domain names can be used in ETRN commands, and
what clients may issue ETRN commands.
smtpd_data_restrictions
Restrictions on the DATA command. Currently, the only restric-
tion that makes sense here is reject_unauth_pipelining.
allow_untrusted_routing
Allow untrusted clients to specify addresses with sender-speci-
fied routing. Enabling this opens up nasty relay loopholes
involving trusted backup MX hosts.
smtpd_restriction_classes
Declares the name of zero or more parameters that contain a list
of UCE restrictions. The names of these parameters can then be
used instead of the restriction lists that they represent.
smtpd_null_access_lookup_key
The lookup key to be used in SMTPD access tables instead of the
null sender address. A null sender address cannot be looked up.
maps_rbl_domains (deprecated)
List of DNS domains that publish the addresses of blacklisted
hosts. This is used with the deprecated reject_maps_rbl restric-
tion.
permit_mx_backup_networks
Only domains whose primary MX hosts match the listed networks
are eligible for the permit_mx_backup feature.
relay_domains
Restrict what domains this mail system will relay mail to. The
domains are routed to the delivery agent specified with the
relay_transport setting.
Sender/recipient address verification
Address verification is implemented by sending probe email messages
that are not actually delivered, and is enabled via the reject_unveri-
fied_{sender,recipient} access restriction. The status of verification
probes is maintained by the address verification service.
address_verify_poll_count
How many times to query the address verification service for
completion of an address verification request. Specify 1 to
implement a simple form of greylisting, that is, always defer
the request for a new sender or recipient address.
address_verify_poll_delay
Time to wait after querying the address verification service for
completion of an address verification request.
UCE control responses
access_map_reject_code
Response code when a client violates an access database restric-
tion.
default_rbl_reply
Default template reply when a request is RBL blacklisted. This
template is used by the reject_rbl_* and reject_rhsbl_* restric-
tions. See also: rbl_reply_maps and smtpd_expansion_filter.
defer_code
Response code when a client request is rejected by the defer
restriction.
invalid_hostname_reject_code
Response code when a client violates the reject_invalid_hostname
restriction.
maps_rbl_reject_code
Response code when a request is RBL blacklisted.
multi_recipient_bounce_reject_code
Response code when a multi-recipient bounce is blocked.
rbl_reply_maps
Table with template responses for RBL blacklisted requests,
indexed by RBL domain name. These templates are used by the
reject_rbl_* and reject_rhsbl_* restrictions. See also:
default_rbl_reply and smtpd_expansion_filter.
reject_code
Response code when the client matches a reject restriction.
relay_domains_reject_code
Response code when a client attempts to violate the mail relay
policy.
unknown_address_reject_code
Response code when a client violates the reject_unknown_address
restriction.
unknown_client_reject_code
Response code when a client without address to name mapping vio-
lates the reject_unknown_client restriction.
unknown_hostname_reject_code
Response code when a client violates the reject_unknown_hostname
restriction.
unverified_sender_reject_code
Response code when a sender address is known to be undeliver-
able.
unverified_recipient_reject_code
Response code when a recipient address is known to be undeliver-
able.
SEE ALSO
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging
trivial-rewrite(8) address resolver
verify(8) address verification service
LICENSE
The Secure Mailer license must be distributed with this software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
SMTPD(8)