.TH SMTPD 8 .ad .fi .SH NAME smtpd \- Postfix SMTP server .SH SYNOPSIS .na .nf \fBsmtpd\fR [generic Postfix daemon options] .SH DESCRIPTION .ad .fi The SMTP server accepts network connection requests and performs zero or more SMTP transactions per connection. Each received message is piped through the \fBcleanup\fR(8) daemon, and is placed into the \fBincoming\fR queue as one single queue file. For this mode of operation, the program expects to be run from the \fBmaster\fR(8) process manager. Alternatively, the SMTP server takes an established connection on standard input and deposits messages directly into the \fBmaildrop\fR queue. In this so-called stand-alone mode, the SMTP server can accept mail even while the mail system is not running. The SMTP server implements a variety of policies for connection requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR and \fBRCPT TO\fR commands. They are detailed below and in the \fBmain.cf\fR configuration file. .SH SECURITY .na .nf .ad .fi The SMTP server is moderately security-sensitive. It talks to SMTP clients and to DNS servers on the network. The SMTP server can be run chrooted at fixed low privilege. .SH STANDARDS .na .nf RFC 821 (SMTP protocol) RFC 1123 (Host requirements) RFC 1652 (8bit-MIME transport) RFC 1869 (SMTP service extensions) RFC 1870 (Message Size Declaration) RFC 1985 (ETRN command) RFC 2554 (AUTH command) RFC 2821 (SMTP protocol) RFC 2920 (SMTP Pipelining) .SH DIAGNOSTICS .ad .fi Problems and transactions are logged to \fBsyslogd\fR(8). Depending on the setting of the \fBnotify_classes\fR parameter, the postmaster is notified of bounces, protocol problems, policy violations, and of other trouble. .SH CONFIGURATION PARAMETERS .na .nf .ad .fi The following \fBmain.cf\fR parameters are especially relevant to this program. See the Postfix \fBmain.cf\fR file for syntax details and for default values. Use the \fBpostfix reload\fR command after a configuration change. .SH "Compatibility controls" .ad .fi .IP \fBstrict_rfc821_envelopes\fR Disallow non-RFC 821 style addresses in SMTP commands. For example, the RFC822-style address forms with comments that Sendmail allows. .IP \fBbroken_sasl_auth_clients\fR Support older Microsoft clients that mis-implement the AUTH protocol, and that expect an EHLO response of "250 AUTH=list" instead of "250 AUTH list". .IP \fBsmtpd_noop_commands\fR List of commands that are treated as NOOP (no operation) commands, without any parameter syntax checking and without any state change. This list overrides built-in command definitions. .SH "Content inspection controls" .IP \fBcontent_filter\fR The name of a mail delivery transport that filters mail and that either bounces mail or re-injects the result back into Postfix. This parameter uses the same syntax as the right-hand side of a Postfix transport table. .SH "Authentication controls" .IP \fBenable_sasl_authentication\fR Enable per-session authentication as per RFC 2554 (SASL). This functionality is available only when explicitly selected at program build time and explicitly enabled at runtime. .IP \fBsmtpd_sasl_local_domain\fR The name of the local authentication realm. .IP \fBsmtpd_sasl_security_options\fR Zero or more of the following. .RS .IP \fBnoplaintext\fR Disallow authentication methods that use plaintext passwords. .IP \fBnoactive\fR Disallow authentication methods that are vulnerable to non-dictionary active attacks. .IP \fBnodictionary\fR Disallow authentication methods that are vulnerable to passive dictionary attack. .IP \fBnoanonymous\fR Disallow anonymous logins. .RE .IP \fBsmtpd_sender_login_maps\fR Maps that specify the SASL login name that owns a MAIL FROM sender address. Used by the \fBreject_sender_login_mismatch\fR sender anti-spoofing restriction. .SH Miscellaneous .ad .fi .IP \fBalways_bcc\fR Address to send a copy of each message that enters the system. .IP \fBauthorized_verp_clients\fR Hostnames, domain names and/or addresses of clients that are authorized to use the XVERP extension. .IP \fBdebug_peer_level\fR Increment in verbose logging level when a remote host matches a pattern in the \fBdebug_peer_list\fR parameter. .IP \fBdebug_peer_list\fR List of domain or network patterns. When a remote host matches a pattern, increase the verbose logging level by the amount specified in the \fBdebug_peer_level\fR parameter. .IP \fBdefault_verp_delimiters\fR The default VERP delimiter characters that are used when the XVERP command is specified without explicit delimiters. .IP \fBerror_notice_recipient\fR Recipient of protocol/policy/resource/software error notices. .IP \fBhopcount_limit\fR Limit the number of \fBReceived:\fR message headers. .IP \fBnotify_classes\fR List of error classes. Of special interest are: .RS .IP \fBpolicy\fR When a client violates any policy, mail a transcript of the entire SMTP session to the postmaster. .IP \fBprotocol\fR When a client violates the SMTP protocol or issues an unimplemented command, mail a transcript of the entire SMTP session to the postmaster. .RE .IP \fBsmtpd_banner\fR Text that follows the \fB220\fR status code in the SMTP greeting banner. .IP \fBsmtpd_expansion_filter\fR Controls what characters are allowed in $name expansion of rbl template responses and other text. .IP \fBsmtpd_recipient_limit\fR Restrict the number of recipients that the SMTP server accepts per message delivery. .IP \fBsmtpd_timeout\fR Limit the time to send a server response and to receive a client request. .IP \fBsoft_bounce\fR Change hard (5xx) reject responses into soft (4xx) reject responses. This can be useful for testing purposes. .IP \fBverp_delimiter_filter\fR The characters that Postfix accepts as VERP delimiter characters. .SH "Known versus unknown recipients" .ad .fi .IP \fBshow_user_unknown_table_name\fR Whether or not to reveal the table name in the "User unknown" responses. The extra detail makes trouble shooting easier but also reveals information that is nobody elses business. .IP \fBunknown_local_recipient_reject_code\fR The response code when a client specifies a recipient whose domain matches \fB$mydestination\fR or \fB$inet_interfaces\fR, while \fB$local_recipient_maps\fR is non-empty and does not list the recipient address or address local-part. .IP \fBunknown_relay_recipient_reject_code\fR The response code when a client specifies a recipient whose domain matches \fB$relay_domains\fR, while \fB$relay_recipient_maps\fR is non-empty and does not list the recipient address. .IP \fBunknown_virtual_alias_reject_code\fR The response code when a client specifies a recipient whose domain matches \fB$virtual_alias_domains\fR, while the recipient is not listed in \fB$virtual_alias_maps\fR. .IP \fBunknown_virtual_mailbox_reject_code\fR The response code when a client specifies a recipient whose domain matches \fB$virtual_mailbox_domains\fR, while the recipient is not listed in \fB$virtual_mailbox_maps\fR. .SH "Resource controls" .ad .fi .IP \fBline_length_limit\fR Limit the amount of memory in bytes used for the handling of partial input lines. .IP \fBmessage_size_limit\fR Limit the total size in bytes of a message, including on-disk storage for envelope information. .IP \fBqueue_minfree\fR Minimal amount of free space in bytes in the queue file system for the SMTP server to accept any mail at all. .IP \fBsmtpd_history_flush_threshold\fR Flush the command history to postmaster after receipt of RSET etc. only if the number of history lines exceeds the given threshold. .SH Tarpitting .ad .fi .IP \fBsmtpd_error_sleep_time\fR Time to wait in seconds before sending a 4xx or 5xx server error response. .IP \fBsmtpd_soft_error_limit\fR When an SMTP client has made this number of errors, wait \fIerror_count\fR seconds before responding to any client request. .IP \fBsmtpd_hard_error_limit\fR Disconnect after a client has made this number of errors. .IP \fBsmtpd_junk_command_limit\fR Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. .SH "UCE control restrictions" .ad .fi .IP \fBparent_domain_matches_subdomains\fR List of Postfix features that use \fIdomain.tld\fR patterns to match \fIsub.domain.tld\fR (as opposed to requiring \fI.domain.tld\fR patterns). .IP \fBsmtpd_client_restrictions\fR Restrict what clients may connect to this mail system. .IP \fBsmtpd_helo_required\fR Require that clients introduce themselves at the beginning of an SMTP session. .IP \fBsmtpd_helo_restrictions\fR Restrict what client hostnames are allowed in \fBHELO\fR and \fBEHLO\fR commands. .IP \fBsmtpd_sender_restrictions\fR Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands. .IP \fBsmtpd_recipient_restrictions\fR Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands. .IP \fBsmtpd_etrn_restrictions\fR Restrict what domain names can be used in \fBETRN\fR commands, and what clients may issue \fBETRN\fR commands. .IP \fBsmtpd_data_restrictions\fR Restrictions on the \fBDATA\fR command. Currently, the only restriction that makes sense here is \fBreject_unauth_pipelining\fR. .IP \fBallow_untrusted_routing\fR Allow untrusted clients to specify addresses with sender-specified routing. Enabling this opens up nasty relay loopholes involving trusted backup MX hosts. .IP \fBsmtpd_restriction_classes\fR Declares the name of zero or more parameters that contain a list of UCE restrictions. The names of these parameters can then be used instead of the restriction lists that they represent. .IP \fBsmtpd_null_access_lookup_key\fR The lookup key to be used in SMTPD access tables instead of the null sender address. A null sender address cannot be looked up. .IP "\fBmaps_rbl_domains\fR (deprecated)" List of DNS domains that publish the addresses of blacklisted hosts. This is used with the deprecated \fBreject_maps_rbl\fR restriction. .IP \fBpermit_mx_backup_networks\fR Only domains whose primary MX hosts match the listed networks are eligible for the \fBpermit_mx_backup\fR feature. .IP \fBrelay_domains\fR Restrict what domains this mail system will relay mail to. The domains are routed to the delivery agent specified with the \fBrelay_transport\fR setting. .SH "UCE control responses" .ad .fi .IP \fBaccess_map_reject_code\fR Response code when a client violates an access database restriction. .IP \fBdefault_rbl_reply\fR Default template reply when a request is RBL blacklisted. This template is used by the \fBreject_rbl_*\fR and \fBreject_rhsbl_*\fR restrictions. See also: \fBrbl_reply_maps\fR and \fBsmtpd_expansion_filter\fR. .IP \fBdefer_code\fR Response code when a client request is rejected by the \fBdefer\fR restriction. .IP \fBinvalid_hostname_reject_code\fR Response code when a client violates the \fBreject_invalid_hostname\fR restriction. .IP \fBmaps_rbl_reject_code\fR Response code when a request is RBL blacklisted. .IP \fBrbl_reply_maps\fR Table with template responses for RBL blacklisted requests, indexed by RBL domain name. These templates are used by the \fBreject_rbl_*\fR and \fBreject_rhsbl_*\fR restrictions. See also: \fBdefault_rbl_reply\fR and \fBsmtpd_expansion_filter\fR. .IP \fBreject_code\fR Response code when the client matches a \fBreject\fR restriction. .IP \fBrelay_domains_reject_code\fR Response code when a client attempts to violate the mail relay policy. .IP \fBunknown_address_reject_code\fR Response code when a client violates the \fBreject_unknown_address\fR restriction. .IP \fBunknown_client_reject_code\fR Response code when a client without address to name mapping violates the \fBreject_unknown_client\fR restriction. .IP \fBunknown_hostname_reject_code\fR Response code when a client violates the \fBreject_unknown_hostname\fR restriction. .SH SEE ALSO .na .nf trivial-rewrite(8) address resolver cleanup(8) message canonicalization master(8) process manager syslogd(8) system logging .SH LICENSE .na .nf .ad .fi The Secure Mailer license must be distributed with this software. .SH AUTHOR(S) .na .nf Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA