<html> <head> </head> <body> <pre> SMTPD(8) SMTPD(8) <b>NAME</b> smtpd - Postfix SMTP server <b>SYNOPSIS</b> <b>smtpd</b> [generic Postfix daemon options] <b>DESCRIPTION</b> The SMTP server accepts network connection requests and performs zero or more SMTP transactions per connection. Each received message is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> dae- mon, and is placed into the <b>incoming</b> queue as one single queue file. For this mode of operation, the program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. Alternatively, the SMTP server takes an established con- nection on standard input and deposits messages directly into the <b>maildrop</b> queue. In this so-called stand-alone mode, the SMTP server can accept mail even while the mail system is not running. The SMTP server implements a variety of policies for con- nection requests, and for parameters given to <b>HELO,</b> <b>ETRN,</b> <b>MAIL</b> <b>FROM,</b> <b>VRFY</b> and <b>RCPT</b> <b>TO</b> commands. They are detailed below and in the <b>main.cf</b> configuration file. <b>SECURITY</b> The SMTP server is moderately security-sensitive. It talks to SMTP clients and to DNS servers on the network. The SMTP server can be run chrooted at fixed low privilege. <b>STANDARDS</b> <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol) <a href="http://www.faqs.org/rfcs/rfc1123.html">RFC 1123</a> (Host requirements) <a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport) <a href="http://www.faqs.org/rfcs/rfc1869.html">RFC 1869</a> (SMTP service extensions) <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration) <a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> (ETRN command) <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command) <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol) <a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining) <b>DIAGNOSTICS</b> Problems and transactions are logged to <b>syslogd</b>(8). Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter, the postmaster is notified of bounces, protocol problems, policy violations, and of other trouble. <b>CONFIGURATION</b> <b>PARAMETERS</b> The following <b>main.cf</b> parameters are especially relevant to this program. See the Postfix <b>main.cf</b> file for syntax details and for default values. Use the <b>postfix</b> <b>reload</b> command after a configuration change. <b>Compatibility</b> <b>controls</b> <b>strict</b><i>_</i><b>rfc821</b><i>_</i><b>envelopes</b> Disallow non-<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> style addresses in SMTP com- mands. For example, the RFC822-style address forms with comments that Sendmail allows. <b>broken</b><i>_</i><b>sasl</b><i>_</i><b>auth</b><i>_</i><b>clients</b> Support older Microsoft clients that mis-implement the AUTH protocol, and that expect an EHLO response of "250 AUTH=list" instead of "250 AUTH list". <b>smtpd</b><i>_</i><b>noop</b><i>_</i><b>commands</b> List of commands that are treated as NOOP (no oper- ation) commands, without any parameter syntax checking and without any state change. This list overrides built-in command definitions. <b>Content</b> <b>inspection</b> <b>controls</b> <b>content</b><i>_</i><b>filter</b> The name of a mail delivery transport that filters mail and that either bounces mail or re-injects the result back into Postfix. This parameter uses the same syntax as the right-hand side of a Postfix transport table. <b>Authentication</b> <b>controls</b> <b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b> Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (SASL). This functionality is available only when explicitly selected at program build time and explicitly enabled at runtime. <b>smtpd</b><i>_</i><b>sasl</b><i>_</i><b>local</b><i>_</i><b>domain</b> The name of the local authentication realm. <b>smtpd</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b> Zero or more of the following. <b>noplaintext</b> Disallow authentication methods that use plaintext passwords. <b>noactive</b> Disallow authentication methods that are vulnerable to non-dictionary active attacks. <b>nodictionary</b> Disallow authentication methods that are vulnerable to passive dictionary attack. <b>noanonymous</b> Disallow anonymous logins. <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>maps</b> Maps that specify the SASL login name that owns a MAIL FROM sender address. Used by the <b>reject</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>mismatch</b> sender anti-spoofing restriction. <b>Miscellaneous</b> <b>always</b><i>_</i><b>bcc</b> Address to send a copy of each message that enters the system. <b>authorized</b><i>_</i><b>verp</b><i>_</i><b>clients</b> Hostnames, domain names and/or addresses of clients that are authorized to use the XVERP extension. <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> Increment in verbose logging level when a remote host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> parameter. <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> List of domain or network patterns. When a remote host matches a pattern, increase the verbose log- ging level by the amount specified in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter. <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> The default VERP delimiter characters that are used when the XVERP command is specified without explicit delimiters. <b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b> Recipient of protocol/policy/resource/software error notices. <b>hopcount</b><i>_</i><b>limit</b> Limit the number of <b>Received:</b> message headers. <b>notify</b><i>_</i><b>classes</b> List of error classes. Of special interest are: <b>policy</b> When a client violates any policy, mail a transcript of the entire SMTP session to the postmaster. <b>protocol</b> When a client violates the SMTP protocol or issues an unimplemented command, mail a transcript of the entire SMTP session to the postmaster. <b>smtpd</b><i>_</i><b>banner</b> Text that follows the <b>220</b> status code in the SMTP greeting banner. <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b> Controls what characters are allowed in $name expansion of rbl template responses and other text. <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> Restrict the number of recipients that the SMTP server accepts per message delivery. <b>smtpd</b><i>_</i><b>timeout</b> Limit the time to send a server response and to receive a client request. <b>soft</b><i>_</i><b>bounce</b> Change hard (5xx) reject responses into soft (4xx) reject responses. This can be useful for testing purposes. <b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b> The characters that Postfix accepts as VERP delim- iter characters. <b>Known</b> <b>versus</b> <b>unknown</b> <b>recipients</b> <b>show</b><i>_</i><b>user</b><i>_</i><b>unknown</b><i>_</i><b>table</b><i>_</i><b>name</b> Whether or not to reveal the table name in the "User unknown" responses. The extra detail makes trouble shooting easier but also reveals informa- tion that is nobody elses business. <b>unknown</b><i>_</i><b>local</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b> The response code when a client specifies a recipi- ent whose domain matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>interfaces</b>, while <b>$local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not list the recipient address or address local-part. <b>unknown</b><i>_</i><b>relay</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b> The response code when a client specifies a recipi- ent whose domain matches <b>$relay</b><i>_</i><b>domains</b>, while <b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not list the recipient address. <b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>alias</b><i>_</i><b>reject</b><i>_</i><b>code</b> The response code when a client specifies a recipi- ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>, while the recipient is not listed in <b>$vir-</b> <b>tual</b><i>_</i><b>alias</b><i>_</i><b>maps</b>. <b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>reject</b><i>_</i><b>code</b> The response code when a client specifies a recipi- ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>, while the recipient is not listed in <b>$virtual</b><i>_</i><b>mail-</b> <b>box</b><i>_</i><b>maps</b>. <b>Resource</b> <b>controls</b> <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b> Limit the amount of memory in bytes used for the handling of partial input lines. <b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b> Limit the total size in bytes of a message, includ- ing on-disk storage for envelope information. <b>queue</b><i>_</i><b>minfree</b> Minimal amount of free space in bytes in the queue file system for the SMTP server to accept any mail at all. <b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b> Flush the command history to postmaster after receipt of RSET etc. only if the number of history lines exceeds the given threshold. <b>Tarpitting</b> <b>smtpd</b><i>_</i><b>error</b><i>_</i><b>sleep</b><i>_</i><b>time</b> Time to wait in seconds before sending a 4xx or 5xx server error response. <b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b> When an SMTP client has made this number of errors, wait <i>error_count</i> seconds before responding to any client request. <b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b> Disconnect after a client has made this number of errors. <b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b> Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. <b>UCE</b> <b>control</b> <b>restrictions</b> <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> List of Postfix features that use <i>domain.tld</i> pat- terns to match <i>sub.domain.tld</i> (as opposed to requiring <i>.domain.tld</i> patterns). <b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b> Restrict what clients may connect to this mail sys- tem. <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b> Require that clients introduce themselves at the beginning of an SMTP session. <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b> Restrict what client hostnames are allowed in <b>HELO</b> and <b>EHLO</b> commands. <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b> Restrict what sender addresses are allowed in <b>MAIL</b> <b>FROM</b> commands. <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b> Restrict what recipient addresses are allowed in <b>RCPT</b> <b>TO</b> commands. <b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b> Restrict what domain names can be used in <b>ETRN</b> com- mands, and what clients may issue <b>ETRN</b> commands. <b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b> Restrictions on the <b>DATA</b> command. Currently, the only restriction that makes sense here is <b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>. <b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b> Allow untrusted clients to specify addresses with sender-specified routing. Enabling this opens up nasty relay loopholes involving trusted backup MX hosts. <b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b> Declares the name of zero or more parameters that contain a list of UCE restrictions. The names of these parameters can then be used instead of the restriction lists that they represent. <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> The lookup key to be used in SMTPD access tables instead of the null sender address. A null sender address cannot be looked up. <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated) List of DNS domains that publish the addresses of blacklisted hosts. This is used with the deprecated <b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction. <b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b> Only domains whose primary MX hosts match the listed networks are eligible for the <b>per-</b> <b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature. <b>relay</b><i>_</i><b>domains</b> Restrict what domains this mail system will relay mail to. The domains are routed to the delivery agent specified with the <b>relay</b><i>_</i><b>transport</b> setting. <b>UCE</b> <b>control</b> <b>responses</b> <b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b> Response code when a client violates an access database restriction. <b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> Default template reply when a request is RBL black- listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also: <b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>. <b>defer</b><i>_</i><b>code</b> Response code when a client request is rejected by the <b>defer</b> restriction. <b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b> Response code when a client violates the <b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction. <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b> Response code when a request is RBL blacklisted. <b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> Table with template responses for RBL blacklisted requests, indexed by RBL domain name. These tem- plates are used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also: <b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>. <b>reject</b><i>_</i><b>code</b> Response code when the client matches a <b>reject</b> restriction. <b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b> Response code when a client attempts to violate the mail relay policy. <b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b> Response code when a client violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction. <b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b> Response code when a client without address to name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>client</b> restric- tion. <b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b> Response code when a client violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction. <b>SEE</b> <b>ALSO</b> <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address resolver <a href="cleanup.8.html">cleanup(8)</a> message canonicalization <a href="master.8.html">master(8)</a> process manager syslogd(8) system logging <b>LICENSE</b> The Secure Mailer license must be distributed with this software. <b>AUTHOR(S)</b> Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA SMTPD(8) </pre> </body> </html>