<html> <head> <title> Postfix Configuration - UCE Controls</title> </head> <body> <h1><a href="big-picture.html"><img src="small-picture.gif" width="115" height="45"></a> Postfix Configuration - UCE Controls</h1> <hr> <a href="index.html">Up one level</a> | <a href="basic.html">Basic Configuration</a> | UCE Controls | <a href="rate.html">Rate Controls</a> | <a href="resource.html">Resource Controls</a> | <a href="rewrite.html">Address Manipulation </a> <h2> Introduction</h2> Postfix offers a variety of parameters that limit the delivery of unsolicited commercial email (UCE). <p> By default, the Postfix <a href="smtpd.8.html">SMTP server</a> will accept mail only from or to the local network or domain, or to domains that are hosted by Postfix, so that your system can't be used as a mail relay to forward bulk mail from random strangers. <p> The text in this document describes how you can set up more detailed anti-UCE policies that prevent delivery of unwanted email altogether, for example with sendmail-style <b>access</b> lists or with <b>RBL</b> (real-time blackhole list) name servers. <p> Unless indicated otherwise, all parameters described here are in the <b>main.cf</b> file. If you change parameters of a running Postfix system, don't forget to issue a <b>postfix reload</b> command. <ul> <li> <a href="#header_checks">Header filtering</a> <p> <li> <a href="#body_checks">Body filtering</a> <p> <li> <a href="#smtpd_client_restrictions">Client hostname/address restrictions</a> <p> <li> <a href="#smtpd_helo_required">Require HELO (EHLO) command </a> <p> <li> <a href="#smtpd_helo_restrictions">HELO (EHLO) hostname restrictions</a> <p> <li> <a href="#strict_rfc821_envelopes">Require strict RFC 821-style envelope addresses </a> <p> <li> <a href="#smtpd_sender_restrictions">Sender address restrictions </a> <p> <li> <a href="#smtpd_recipient_restrictions">Recipient address restrictions</a> <p> <li> <a href="#smtpd_etrn_restrictions">ETRN command restrictions</a> <p> <li> <a href="#generic">Generic restrictions</a> <p> <li> <a href="#additional">Additional UCE control parameters</a> </ul> <a name="header_checks"> <h2> Header filtering</h2> The <b>header_checks</b> parameter restricts what is allowed in message headers. Patterns are applied to entire logical message headers, even when a header spans multiple lines of text. <p> By default, the same <b>header_checks</b> patterns are used for primary message headers, for MIME headers (including headers at the start of multipart body parts), and for the headers at the beginning of attached email messages. <p> <dl> <dt>Default: <dd>Allow anything in message headers. <p> <dt>Syntax: <dd>Specify a list of zero or more lookup tables. Whenever a header matches a table, the action depends on the lookup result: <p> <dl> <dt>REJECT <dd> <dt>REJECT text... <dd> Reject the message, log the header and the optional text, and send the optional text to the originator. <dt>IGNORE <dd> Delete the header from the message. <dt>WARN <dd> <dt>WARN text... <dd> Log (but do not reject) the header with a warning, and log the optional text. <dt>HOLD <dd> <dt>HOLD text... <dd> Place the message on the <b>hold</b> queue. Mail on hold can be inspected with the <a href="postcat.1.html">postcat</a> command, and can be destroyed or taken off hold with the <a href="postsuper.1.html">postsuper</a> command. The optional text is logged together with the matched text. <dt>DISCARD <dd> <dt>DISCARD text... <dd> Claim successful delivery and silently discard the message. The optional text is logged together with the matched text. <dt>FILTER <i>transport</i>:<i>nexthop</i> <dd> After the message is queued, send the entire message through a content filter. This requires different cleanup servers before and after the filter, with header/body checks turned off in the second cleanup server. More details about content filtering are in the Postfix FILTER_README file. This feature overrides the main.cf <b>content_filter</b> setting. </dl> <p> <i>At present, specifying a header pattern with OK serves no useful purpose. A rule ending in OK affects only the header being matched. The next header may still result in a REJECT match, causing the mail still to be rejected.</i> </dl> <p> <dt>Examples (main.cf): <dd> <b>header_checks = regexp:/etc/postfix/header_checks</b> <dd> <b>header_checks = pcre:/etc/postfix/header_checks</b> <p> <dt>Example (header_checks): <dd> <tt>/^to: *friend@public\.com$/ REJECT</tt> <p> <a name="body_checks"> <h2> Body filtering</h2> The <b>body_checks</b> parameter restricts what text is is allowed in message body lines. <p> Note: the message body is matched one line at a time. There is no multi-line concept as with message headers. <p> <dl> <dt>Default: <dd>Allow anything in message body lines. <p> <dt>Syntax: <dd>Specify a list of zero or more lookup tables. Whenever a body line matches a table, the action depends on the lookup result: <p> <dl> <dt>REJECT <dd> <dt>REJECT text... <dd> Reject the message, log the body line and the optional text, and send the optional text to the originator. <dt>WARN <dd> <dt>WARN text... <dd> Log (but do not reject) the body line with a warning, and log the optional text. <dt>IGNORE <dd> Delete the matched line from the message. <dt>HOLD <dd> <dt>HOLD text... <dd> Place the message on the <b>hold</b> queue. Mail on hold can be inspected with the <a href="postcat.1.html">postcat</a> command, and can be destroyed or taken off hold with the <a href="postsuper.1.html">postsuper</a> command. The optional text is logged together with the matched text. <dt>DISCARD <dd> <dt>DISCARD text... <dd> Claim successful delivery and silently discard the message. The optional text is logged together with the matched text. <dt>FILTER <i>transport</i>:<i>nexthop</i> <dd> After the message is queued, send the entire message through a content filter. This requires different cleanup servers before and after the filter, with header/body checks turned off in the second cleanup server. More details about content filtering are in the Postfix FILTER_README file. This feature overrides the main.cf <b>content_filter</b> setting. </dl> <p> <i>At present, specifying a pattern with OK serves no useful purpose. A rule ending in OK affects only the line being matched. The next line may still result in a REJECT match, causing the mail still to be rejected.</i> </dl> <p> <dt>Examples (main.cf): <dd> <b>body_checks = regexp:/etc/postfix/body_checks</b> <dd> <b>body_checks = pcre:/etc/postfix/body_checks</b> <p> <a name="smtpd_client_restrictions"> <h2> Client hostname/address restrictions</h2> The <b>smtpd_client_restrictions</b> parameter restricts what clients this system accepts SMTP connections from. <p> By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify <b>smtpd_delay_reject = no</b> in the Postfix <b>main.cf</b> configuration file. Doing so may cause unexpected results with poorly implemented client software. <p> <dl> <dt>Default: <dd><b>smtpd_client_restrictions =</b> <p> <dd>Allow SMTP connections from any client. <p> <dt>Syntax: <dd>Specify a list of zero or more restrictions, separated by whitespace or commas. Restrictions are applied in the order as specified; the first restriction that matches wins. <p> In addition to restrictions that are specific to the client hostname or IP address, you may list here any restrictions based on the information passed with the <a href="#smtpd_helo_restrictions"> HELO/EHLO command</a>, on the <a href="#smtpd_sender_restrictions"> sender address </a> or on the <a href="#smtpd_recipient_restrictions"> recipient address</a>. The HELO/EHLO, sender or recipient restrictions take effect only if <b>smtpd_delay_reject = yes</b> so that all restrictions are evaluated after the RCPT TO command. <p> <dt>Examples: <dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client relays.mail-abuse.org</b> (paid service) <dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client relays.ordb.org</b> (free service) <dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access, reject_rhsbl_client dsn.rfc-ignorant.org</b> (free service) <dd> <b>smtpd_client_restrictions = permit_mynetworks, reject_unknown_client</b> <p> <dt> Restrictions: <p> <dl> <a name="reject_unknown_client"> <dt> <b>reject_unknown_client</b> <dd> Reject the request when the client IP address has no PTR (address to name) record in the DNS, or when the PTR record does not have a matching A (name to address) record. The <b>unknown_client_reject_code</b> parameter specifies the response code to rejected requests (default: <b>450</b>). <p> <a name="permit_mynetworks"> <dt> <b>permit_mynetworks</b> <dd> Permit the request when the client IP address matches any network listed in <a href="basic.html#mynetworks"> $mynetworks</a>. <p> <a name="reject_rbl_client"> <dt> <b>reject_rbl_client</b> <i>domain.tld</i> <dd> Reject the request when the reversed client network address is listed with an A record under <i>domain.tld</i>. The <b> maps_rbl_reject_code</b> parameter specifies the response code for rejected requests (default: <b>554</b>), the <b><a href="#default_rbl_reply"> default_rbl_reply </a></b> parameter specifies the default server reply, and the <b><a href="#rbl_reply_maps"> rbl_reply_maps </a></b> parameter specifies tables with server replies indexed by RBL domain. <p> <a name="reject_rhsbl_client"> <dt> <b>reject_rhsbl_client</b> <i>domain.tld</i> <dd> Reject the request when the client hostname is listed with an A record under <i>domain.tld</i>. See above for additional RBL related configuration parameters. <p> <a name="check_client_access"> <dt> <b>check_client_access</b> <i>maptype</i>:<i>mapname</i> <dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a href="access.5.html">access database</a> for the client hostname, parent domains, client IP address, or networks obtained by stripping least significant octets. <p> <dt> <b><a href="#permit">permit</a></b> <dt> <b><a href="#defer">defer</a></b> <dt> <b><a href="#reject">reject</a></b> <dt> <b><a href="#warn_if_reject">warn_if_reject</a></b> <dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b> <dd> See generic restrictions. </dl> </dl> <a name="smtpd_helo_required"> <h2> Require HELO (EHLO) command</h2> The <b>smtpd_helo_required</b> parameter determines if clients must send a <b>HELO</b> (or <b>EHLO</b>) command at the beginning of an SMTP session. Requiring this will stop some UCE software. <p> <dl> <dt>Default: <dd><b>smtpd_helo_required = no</b> <p> <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a> does not require the use of <b>HELO</b> (<b>EHLO</b>). <p> <dt>Syntax: <dd>Specify <b>yes</b> or <b>no</b>. <p> <dt>Example: <dd> <b>smtpd_helo_required = yes</b> </dl> <a name="smtpd_helo_restrictions"> <h2> HELO (EHLO) hostname restrictions</h2> The <b>smtpd_helo_restrictions</b> parameter restricts what hostnames clients may send with the <b>HELO</b> (<b>EHLO</b>) command. Some UCE software can be stopped by being strict here. <p> By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify <b>smtpd_delay_reject = no</b> in the Postfix <b>main.cf</b> configuration file. Doing so may cause unexpected results with poorly implemented client software. <dl> <dt>Default: <dd><b>smtpd_helo_restrictions =</b> <p> <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a> accepts any garbage in the <b>HELO</b> (<b>EHLO</b>) command. There is a lot of broken or misconfigured software on the Internet. <p> <dt>Syntax: <dd>Specify a list of zero or more restrictions, separated by whitespace or commas. Restrictions are applied in the order as specified; the first restriction that matches wins. <p> In addition to restrictions that are specific to HELO (EHLO) command parameters, you may list here any restrictions on the <a href="#smtpd_client_restrictions"> client hostname </a>, <a href="#smtpd_client_restrictions"> client address </a>, <a href="#smtpd_sender_restrictions"> sender address </a> or <a href="#smtpd_recipient_restrictions"> recipient address</a>. The sender or recipient restrictions take effect only if <b>smtpd_delay_reject = yes</b> so that all restrictions are evaluated after the RCPT TO command. <p> <dt>Example: <dd> <b>smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname</b> <p> <dt> Restrictions: <p> <dl> <a name="reject_invalid_hostname"> <dt> <b>reject_invalid_hostname</b> <dd> Reject the request when the client HELO or EHLO parameter has a bad hostname syntax. The <b>invalid_hostname_reject_code</b> specifies the response code to rejected requests (default: 501). <p> <a name="reject_unknown_hostname"> <dt> <b>reject_unknown_hostname</b> <dd> Reject the request when the hostname in the client HELO (EHLO) command has no DNS A or MX record. The <b>unknown_hostname_reject_code</b> specifies the response code to rejected requests (default: <b>450</b>). <p> <a name="reject_non_fqdn_hostname"> <dt> <b>reject_non_fqdn_hostname</b> <dd> Reject the request when the hostname in the client HELO (EHLO) command is not in fully-qualified domain form, as required by the RFC. The <b>non_fqdn_reject_code</b> specifies the response code to rejected requests (default: <b>504</b>). <p> <a name="check_helo_access"> <dt> <b>check_helo_access</b> <i>maptype</i>:<i>mapname</i> <dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a href="access.5.html">access database</a> for the <b>HELO</b> hostname or parent domains. <p> <dt> <b><a href="#permit">permit</a></b> <dt> <b><a href="#defer">defer</a></b> <dt> <b><a href="#reject">reject</a></b> <dt> <b><a href="#warn_if_reject">warn_if_reject</a></b> <dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b> <dd> See generic restrictions. </dl> </dl> <a name="strict_rfc821_envelopes"> <h2> Require strict RFC 821-style envelope addresses </h2> The <b>strict_rfc821_envelopes</b> parameter controls how tolerant Postfix is with respect to addresses given in MAIL FROM or RCPT TO commands. Unfortunately, the widely-used Sendmail program tolerates lots of non-standard behavior, so a lot of software expects to get away with it. Being strict to the RFC not only stops unwanted mail, it also blocks legitimate mail from poorly-written mail applications. <p> <dl> <dt> Default: <dd><b>strict_rfc821_envelopes = no</b> <p> <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a> accepts any address form that it can make sense of, including address forms that contain RFC 822-style comments, or addresses not enclosed in <>. There is a lot of broken or misconfigured software out there on the Internet. <p> <dt> Example: <dd><b>strict_rfc821_envelopes = yes</b> </dl> <a name="smtpd_sender_restrictions"> <h2> Sender address restrictions</h2> The <b>smtpd_sender_restrictions</b> parameter restricts what sender addresses this system accepts in MAIL FROM commands. <p> By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify <b>smtpd_delay_reject = no</b> in the Postfix <b>main.cf</b> configuration file. Doing so may cause unexpected results with poorly implemented client software. <p> <dl> <dt> Default: <dd><b>smtpd_sender_restrictions =</b> <p> <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a> accepts any sender address. <p> <dt>Syntax: <dd>Specify a list of zero or more restrictions, separated by whitespace or commas. Restrictions are applied in the order as specified; the first restriction that matches wins. <p> In addition to restrictions that are specific to sender mail addresses, you can also specify restrictions based on the information passed with the <a href="#smtpd_helo_restrictions"> HELO/EHLO command </a>, on the <a href="#smtpd_client_restrictions"> client hostname </a> or <a href="#smtpd_client_restrictions"> network address </a>, or on the <a href="#smtpd_recipient_restrictions"> recipient address </a>. The recipient restrictions take effect only if <b>smtpd_delay_reject = yes</b> so that all restrictions are evaluated after the RCPT TO command. <p> <dt> Example: <dd> <b>smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain</b> <p> <dt> Restrictions: <dl compact> <a name="reject_unknown_sender_domain"> <dt> <b>reject_unknown_sender_domain</b> <dd> Reject the request when the sender mail address has no DNS A or MX record. The <b>unknown_address_reject_code </b> parameter specifies the response code for rejected requests (default: <b>450</b>). The response is always <b>450</b> in case of a temporary DNS error. <p> <a name="reject_rhsbl_sender"> <dt> <b>reject_rhsbl_sender</b> <i>domain.tld</i> <dd> Reject the request when the sender mail address domain is listed with an A record under <i>domain.tld</i>. The <b> maps_rbl_reject_code</b> parameter specifies the response code for rejected requests (default: <b>554</b>), the <b><a href="#default_rbl_reply"> default_rbl_reply </a></b> parameter specifies the default server reply, and the <b><a href="#rbl_reply_maps"> rbl_reply_maps </a></b> parameter specifies tables with server replies indexed by RBL domain. <p> <a name="check_sender_access"> <dt> <b>check_sender_access</b> <i>maptype</i>:<i>mapname</i> <dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a href="access.5.html">access database</a> for the sender mail address, sender domain and parent domain, or <i>localpart</i>@. <p> <a name="reject_non_fqdn_sender"> <dt> <b>reject_non_fqdn_sender</b> <dd> Reject the request when the address in the client MAIL FROM command is not in fully-qualified domain form. The <b>non_fqdn_reject_code</b> specifies the response code to rejected requests (default: <b>504</b>). <p> <a name="reject_sender_login_mismatch"> <dt> <b>reject_sender_login_mismatch</b> <dd> Reject the request when <a href="#smtpd_sender_login_maps"> $smtpd_sender_owner_maps</a> specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to <a href="#smtpd_sender_login_maps"> $smtpd_sender_login_maps</a>. <p> <dt> <b><a href="#permit">permit</a></b> <dt> <b><a href="#defer">defer</a></b> <dt> <b><a href="#reject">reject</a></b> <dt> <b><a href="#warn_if_reject">warn_if_reject</a></b> <dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b> <dd> See generic restrictions. </dl> </dl> <a name="smtpd_recipient_restrictions"> <h2> Recipient address restrictions</h2> The <b>smtpd_recipient_restrictions</b> parameter restricts what recipient addresses this system accepts in RCPT TO commands. <dl> <dt>Default: <dd><b>smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination</b> <p> <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a> relays mail: <p> <ul> <li>from trusted clients whose IP address matches <a href="basic.html#mynetworks">$mynetworks</a> to any destination, <li>from untrusted clients to destinations that match <a href="#relay_domains"> $relay_domains</a> or a subdomain thereof, except for addresses that contain sender-specified routing (<i>user@elsewhere@domain</i>). </ul> <p> In addition to the above, the Postfix <a href="smtpd.8.html">SMTP server</a> by default accepts mail for which Postfix is the final destination: <p> <ul> <li>to destinations that match <a href="basic.html#inet_interfaces">$inet_interfaces</a>, <li>to destinations that match <a href="basic.html#mydestination">$mydestination</a>, <li>to destinations that match <a href="virtual.5.html">$virtual_alias_domains</a>, <li>to destinations that match <a href="virtual.8.html">$virtual_mailbox_domains</a>. </ul> <p> <dt>Syntax: <dd>Specify a list of zero or more restrictions, separated by whitespace or commas. Restrictions are applied in the order as specified; the first restriction that matches wins. <p> In addition to restrictions that are specific to recipient mail addresses, you can also specify restrictions based on the <a href="#smtpd_sender_restrictions"> sender mail address</a>, on the information passed with the <a href="#smtpd_helo_restrictions"> HELO/EHLO command </a>, and on the <a href="#smtpd_client_restrictions"> client hostname </a> or <a href="#smtpd_client_restrictions"> network address </a>. <p> <dt> Example: <dd> <b>smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination</b> <p> <dd><i>Note: you must specify at least one of the following restrictions: </i><b>reject</b>, <b>defer</b>, <b>defer_if_permit</b>, <i>or</i> <b>reject_unauth_destination</b>. <i>Postfix will refuse to receive mail otherwise. </i> <p> <dt> Restrictions: <dl> <a name="permit_auth_destination"> <dt> <b>permit_auth_destination</b> <dd> Permit the request when one of the following is true: <ul> <li>the resolved destination address matches <a href="#relay_domains">$relay_domains</a> or a subdomain thereof, and the address contains no sender-specified routing (<i>user@elsewhere@domain</i>), <li>Postfix is the final destination: any destination that matches <a href="basic.html#mydestination">$mydestination</a>, <a href="basic.html#inet_interfaces">$inet_interfaces</a>, <a href="virtual.5.html">$virtual_alias_domains</a>, or <a href="virtual.8.html">$virtual_mailbox_domains</a>. </ul> <p> <a name="reject_unauth_destination"> <dt> <b>reject_unauth_destination</b> <dd> Reject the request unless one of the following is true: <ul> <li>the resolved destination address matches <a href="#relay_domains">$relay_domains</a> or a subdomain thereof, and the address contains no sender-specified routing (<i>user@elsewhere@domain</i>), <li>Postfix is the final destination: any destination that matches <a href="basic.html#mydestination">$mydestination</a>, <a href="basic.html#inet_interfaces">$inet_interfaces</a>, <a href="virtual.5.html">$virtual_alias_domains</a>, or <a href="virtual.8.html">$virtual_mailbox_domains</a>. </ul> The <b>relay_domains_reject_code</b> parameter specifies the response code for rejected requests (default: <b>554</b>). <p> <a name="permit_mx_backup"> <dt> <b>permit_mx_backup</b> <dd> Permit the request when the local mail system is MX host for the resolved destination. This includes the case that the local mail system is the final destination. However, the SMTP server will not forward mail with addresses that have sender-specified routing information (example: <i>user@elsewhere@domain</i>), <p> Use the optional <a href="#permit_mx_backup_networks"> permit_mx_backup_networks</a> parameter to also require that the primary MX hosts match a list of network blocks. <p> Relevant configuration parameters: <a href="#permit_mx_backup_networks">permit_mx_backup_networks</a>, <a href="basic.html#mydestination"> $mydestination</a>, <a href="basic.html#inet_interfaces"> $inet_interfaces</a>. <p> <dt> <b>check_recipient_access</b> <i>maptype</i>:<i>mapname</i> <dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a href="access.5.html">access database</a> for the resolved destination address, recipient domain or parent domain, or <i>localpart</i>@. <p> <a name="check_recipient_maps"> <dt> <b>check_recipient_maps</b> <dd> Reject the request when the recipient address is not listed in one of the following lookup tables: <blockquote> <table border="1"> <tr><th>Recipient domain matches <th>Recipient lookup table <tr><td><a href="basic.html#mydestination"> $mydestination</a> or <a href="basic.html#inet_interfaces">$inet_interfaces</a> <td>$local_recipient_maps <tr><td>$virtual_alias_domains <td>$virtual_alias_maps <tr><td>$virtual_mailbox_domains <td>$virtual_mailbox_maps <tr><td>$relay_domains <td>$relay_recipient_maps </table> </blockquote> Note 1: a null $local_recipient_maps or $relay_recipient_maps setting means that no recipient check is done for the corresponding domains. <p> Note 2: Postfix applies an implicit <b>check_recipient_maps</b> restriction at the end of all recipient restrictions. <p> <a name="reject_unknown_recipient_domain"> <dt> <b>reject_unknown_recipient_domain</b> <dd> Reject the request when the recipient mail address has no DNS A or MX record. The <b>unknown_address_reject_code </b> parameter specifies the response code for rejected requests (default: <b>450</b>). The response is always <b>450</b> in case of a temporary DNS error. <p> <a name="reject_rhsbl_recipient"> <dt> <b>reject_rhsbl_recipient</b> <i>domain.tld</i> <dd> Reject the request when the recipient mail address domain is listed with an A record under <i>domain.tld</i>. The <b> maps_rbl_reject_code</b> parameter specifies the response code for rejected requests (default: <b>554</b>), the <b><a href="#default_rbl_reply"> default_rbl_reply </a></b> parameter specifies the default server reply, and the <b><a href="#rbl_reply_maps"> rbl_reply_maps </a></b> parameter specifies tables with server replies indexed by RBL domain. <p> <a name="reject_non_fqdn_recipient"> <dt> <b>reject_non_fqdn_recipient</b> <dd> Reject the request when the address in the client RCPT TO command is not in fully-qualified domain form. The <b>non_fqdn_reject_code</b> specifies the response code to rejected requests (default: <b>504</b>). <p> <dt> <b><a href="#permit">permit</a></b> <dt> <b><a href="#defer">defer</a></b> <dt> <b><a href="#reject">reject</a></b> <dt> <b><a href="#warn_if_reject">warn_if_reject</a></b> <dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b> <dd> See generic restrictions. </dl> </dl> <a name="smtpd_etrn_restrictions"> <h2> ETRN command restrictions</h2> Not really an UCE restriction, the <b>smtpd_etrn_restrictions</b> parameter restricts what domains can be specified in ETRN commands, and what clients can issue ETRN commands. <dl> <dt>Default: <dd><b>smtpd_etrn_restrictions =</b> <p> <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a> accepts any ETRN command from any client. <p> <dt>Syntax: <dd>Specify a list of zero or more restrictions, separated by whitespace or commas. Restrictions are applied in the order as specified; the first restriction that matches wins. <p> In addition to restrictions that are specific to ETRN domain names, you can also specify restrictions based on the information passed with the <a href="#smtpd_helo_restrictions"> HELO/EHLO command </a>, and on the <a href="#smtpd_client_restrictions"> client hostname </a> or <a href="#smtpd_client_restrictions"> network address </a>. <p> <dt> Example: <dd> <b>smtpd_etrn_restrictions = permit_mynetworks, hash:/etc/postfix/etrn_access, reject</b> <p> <dt> Restrictions: <dl> <a name="check_etrn_access"> <dt> <b>check_etrn_access</b> <i>maptype</i>:<i>mapname</i> <dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a href="access.5.html">access database</a> for the domain specified in the ETRN command, or its parent domains. Reject the request if the result is <b>REJECT</b> <i>text...</i> or "[<b>45</b>]<i>XX text</i>". Permit the request if the result is <b>OK</b> or <b>RELAY</b> or all-numerical. Otherwise, treat the result as another list of UCE restrictions. The <b>access_map_reject_code </b> parameter specifies the result code for rejected requests (default: <b>554</b>). <p> <dt> <b><a href="#permit">permit</a></b> <dt> <b><a href="#defer">defer</a></b> <dt> <b><a href="#reject">reject</a></b> <dt> <b><a href="#warn_if_reject">warn_if_reject</a></b> <dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b> <dd> See generic restrictions. </dl> </dl> <a name="generic"> <h2> Generic restrictions</h2> The following restrictions can use used for client hostnames or addresses, for HELO (EHLO) hostnames, for sender mail addresses and for recipient mail addresses. <dl> Restrictions: <p> <dl> <a name="permit"> <dt> <b>permit</b> <dd> Permit the request. This restriction is useful at the end of a restriction list, to make the default policy explicit. <p> <a name="defer"> <dt> <b>defer</b> <dd> Defer the request. The client is told to try again later. This restriction is useful at the end of a restriction list, to make the default policy explicit. <p> <a name="reject"> <dt> <b>reject</b> <dd> Reject the request. This restriction is useful at the end of a restriction list, to make the default policy explicit. The <b>reject_code</b> configuration parameter specifies the response code to rejected requests (default: <b>554</b>). <p> <a name="warn_if_reject"> <dt> <b>warn_if_reject</b> <dd> Change the meaning of the next restriction, so that it logs a warning instead of rejecting a request (look for logfile records that contain "reject_warning"). This is useful for testing new restrictions in a "live" environment without risking unnecessary loss of mail. <p> <a name="reject_unauth_pipelining"> <dt> <b>reject_unauth_pipelining</b> <dd> Reject the request when the client sends SMTP commands ahead of time without knowing that Postfix actually supports SMTP command pipelining. This stops mail from bulk mail software that improperly uses SMTP command pipelining to speed up deliveries. </dl> </dl> <a name="additional"> <h2> Additional UCE control parameters</h2> <dl> <a name="default_rbl_reply"> <dt> <b>default_rbl_reply</b> <dd>The default reply template that is used when an SMTP client request is blocked by a <b>reject_rbl</b> or <b>reject_rhsbl</b> restriction. The reply template is subjected to exactly one level of $name macro substitution as described below. The <b>smtpd_expansion_filter</b> configuration parameter specifies the set of characters that are allowed in $name macro expansions. Characters outside the allowed set are replaced by "_". <p> <dl> <dt>Default: <dd><b> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} </b> <p> Instead of the form $<i>name</i> you can also specify ${<i>name</i>} or $(<i>name</i>). <p> <dt>Macro expansion syntax: <dl> <dt> $client <dd> The client hostname and IP address, formatted as <i>name</i>[<i>address</i>]. <dt> $client_name <dd> The client hostname, or <b>unknown</b>. <dt> $client_address <dd> The client IP address. <dt> $helo_name <dd> The hostname given in the HELO or EHLO command, or the empty string when no HELO or EHLO command was given. <dt> $sender <dd> The sender address, or <> in case of the null address. <dt> $sender_name <dd> The sender address localpart, or <> in case of the null address. <dt> $sender_domain <dd> The sender address domain, or the empty string when no domain is available. <dt> $recipient <dd> The recipient address, or <> in case of the null address. <dt> $recipient_name <dd> The recipient address localpart, or <> in case of the null address. <dt> $recipient_domain <dd> The recipient address domain, or the empty string when no domain is available. <dt> $rbl_what <dd> The blacklisted entity: an IP address, a hostname, a domain name, or an email address whose domain is blacklisted. <dt> $rbl_domain <dd> The RBL domain where $rbl_what is blacklisted with an A record. <dt> $rbl_reason <dd> The reason why $rbl_what is blacklisted, or the empty string when no information is available. <dt> $rbl_class <dd> The blacklisted entity type: Client host, Helo command, Sender address, or Recipient address. <dt> $rbl_code <dd> The numerical server reply code, as specified with the <b>maps_rbl_reject_code</b> configuration parameter (default: 554). <dt> All other text <dd> Copied without change, with the exception of conditional macro expansion as described below. </dl> <p> Conditional macro expansion syntax: <dl> <dt> ${<i>name</i>?<i>text</i>} <dd> expands to <i>text</i> if $<i>name</i> is not empty. <dt> ${<i>name</i>:<i>text</i>} <dd> expands to <i>text</i> if $<i>name</i> is empty. </dl> </dl> </dl> <p> <dl> <a name="permit_mx_backup_networks"> <dt> <b>permit_mx_backup_networks</b> <dd>Restrict the use of the <a href="#permit_mx_backup"> permit_mx_backup</a> relay control feature to destinations whose primary MX hosts match a list of network blocks. <p> <dl> <dt>Default: <dd><b>permit_mx_backup_networks = </b> <p> That is, all networks are authorized by default. <p> <dt>Syntax: <dd> Specify a list of network blocks in CIDR (network/mask) notation, for example: <p> <dl> <dd> <b>permit_mx_backup_networks = 168.100.0.0/16</b> </dl> <p> You can also specify the absolute pathname of a pattern file instead of listing the patterns in the <b>main.cf</b> file. </dl> </dl> <p> <dl> <a name="rbl_reply_maps"> <dt> <b>rbl_reply_maps</b> <dd> This parameter specifies lookup tables with RBL reply templates indexed by RBL domain name. If no template is found, the <a href="#default_rbl_reply"> default_rbl_reply </a> template is used instead. <p> <dl> <dt>Default: <dd><b>rbl_reply_maps = </b> <p> By default, Postfix always uses the <a href="#default_rbl_reply"> default_rbl_reply </a> template. <p> <dt>Syntax: <dd> Specify zero or more <i>type</i>:<i>name</i> lookup tables, separated by whitespace and/or commas. For the syntax of the template reply strings, see the <a href="#default_rbl_reply"> default_rbl_reply </a> parameter description. </dl> </dl> <dl> <a name="relay_domains"> <dt> <b>relay_domains</b> <dd> This parameter controls the behavior of the <a href="#reject_unauth_destination"> reject_unauth_destination</a> and <a href="#permit_auth_destination"> permit_auth_destination</a> restrictions that can appear as part of a recipient address restriction list. <p> <dl> <dt>Default: <dd><b>relay_domains = <a href="basic.html#mydestination"> $mydestination</a></b> <p> <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a> relays mail: <p> <ul> <li>from trusted clients whose IP address matches <a href="basic.html#mynetworks">$mynetworks</a>, <li>from untrusted clients to destinations that match <a href="#relay_domains"> $relay_domains</a> or a subdomain thereof, except for addresses that contain sender-specified routing (<i>user@elsewhere@domain</i>). </ul> <p> <dt>Syntax: <dd> Specify zero or more domain names, <i>/file/name</i> patterns and/or <i>type</i>:<i>name</i> lookup tables, separated by whitespace and/or commas. A <i>/file/name</i> is replaced by its contents; <i>type</i>:<i>name</i> requests that table lookup is done instead of string comparison. </dl> <p> A host or destination address matches <b>$relay_domains</b> when its name or parent domain matches any of the names, files or lookup tables listed in <b>$relay_domains.</b> </dl> <dl> <a name="smtpd_sender_login_maps"> <dt> <b>smtpd_sender_login_maps</b> <dd>This parameter specifies ownership of MAIL FROM addresses, as used by the <a href="#reject_sender_login_mismatch"> reject_sender_login_mismatch</a> sender address restriction. <p> <dl> <dt>Default: <dd><b>smtpd_sender_login_maps = </b> <p> <dt>Syntax: <dd> Specify zero or more type:name lookup tables, separated by whitespace and/or commas. The maps are searched in the specified order. Regexp tables are allowed. <p> Each map entry specifies a sender address and the login name that owns the address. The search order is: <p> <dl> <dt><i>user@domain owner</i> <dd>This form has the highest precedence. <p> <dt><i>user owner</i> <dd>This matches <i>user@site</i> when <i>site</i> is equal to <a href="basic.html#myorigin"> $myorigin</a>, when <i>site</i> is listed in <a href="basic.html#mydestination"> $mydestination</a>, or when it is listed in <a href="basic.html#inet_interfaces"> $inet_interfaces</a>. <p> <dt><i>@domain owner</i> <dd>This matches every address in the specified domain, and has the lowest precedence. </dl> </dl> </dl> <hr> <a href="index.html">Up one level</a> | <a href="basic.html">Basic Configuration</a> | UCE Controls | <a href="rate.html">Rate Controls</a> | <a href="resource.html">Resource Controls</a> | <a href="rewrite.html">Address Manipulation </a> </body> </html>