<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <title> Postfix manual - verify(8) </title> </head> <body> <pre> VERIFY(8) VERIFY(8) <b>NAME</b> verify - Postfix address verification server <b>SYNOPSIS</b> <b>verify</b> [generic Postfix daemon options] <b>DESCRIPTION</b> The <a href="verify.8.html"><b>verify</b>(8)</a> address verification server maintains a record of what recipient addresses are known to be deliv- erable or undeliverable. Addresses are verified by injecting probe messages into the Postfix queue. Probe messages are run through all the routing and rewriting machinery except for final delivery, and are discarded rather than being deferred or bounced. Address verification relies on the answer from the nearest MTA for the specified address, and will therefore not detect all undeliverable addresses. The <a href="verify.8.html"><b>verify</b>(8)</a> server is designed to run under control by the Postfix master server. It maintains an optional per- sistent database. To avoid being interrupted by "postfix stop" in the middle of a database update, the process runs in a separate process group. The <a href="verify.8.html"><b>verify</b>(8)</a> server implements the following requests: <b>update</b> <i>address status text</i> Update the status and text of the specified address. <b>query</b> <i>address</i> Look up the <i>status</i> and <i>text</i> for the specified <i>address</i>. If the status is unknown, a probe is sent and an "in progress" status is returned. <b>SECURITY</b> The address verification server is not security-sensitive. It does not talk to the network, and it does not talk to local users. The verify server can run chrooted at fixed low privilege. The address verification server can be coerced to store unlimited amounts of garbage. Limiting the cache expiry time trades one problem (disk space exhaustion) for another one (poor response time to client requests). With Postfix version 2.5 and later, the <a href="verify.8.html"><b>verify</b>(8)</a> server no longer uses root privileges when opening the <b><a href="postconf.5.html#address_verify_map">address_verify_map</a></b> cache file. The file should now be stored under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a migration aid, an attempt to open a cache file under a non-Postfix directory is redirected to the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged. <b>DIAGNOSTICS</b> Problems and transactions are logged to <b>syslogd</b>(8). <b>BUGS</b> Address verification probe messages add additional traffic to the mail queue. Recipient verification may cause an increased load on down-stream servers in the case of a dictionary attack or a flood of backscatter bounces. Sender address verification may cause your site to be blacklisted by some providers. If the persistent database ever gets corrupted then the world comes to an end and human intervention is needed. This violates a basic Postfix principle. <b>CONFIGURATION PARAMETERS</b> Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="verify.8.html"><b>verify</b>(8)</a> processes are long-lived. Use the command "<b>post-</b> <b>fix reload</b>" after a configuration change. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples. <b>CACHE CONTROLS</b> <b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (see 'postconf -d' output)</b> Lookup table for persistent address verification status storage. <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b> The sender address to use in address verification probes; prior to Postfix 2.5 the default was "post- master". <b><a href="postconf.5.html#address_verify_positive_expire_time">address_verify_positive_expire_time</a> (31d)</b> The time after which a successful probe expires from the address verification cache. <b><a href="postconf.5.html#address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> (7d)</b> The time after which a successful address verifica- tion probe needs to be refreshed. <b><a href="postconf.5.html#address_verify_negative_cache">address_verify_negative_cache</a> (yes)</b> Enable caching of failed address verification probe results. <b><a href="postconf.5.html#address_verify_negative_expire_time">address_verify_negative_expire_time</a> (3d)</b> The time after which a failed probe expires from the address verification cache. <b><a href="postconf.5.html#address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> (3h)</b> The time after which a failed address verification probe needs to be refreshed. Available with Postfix 2.7 and later: <b><a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> (12h)</b> The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address veri- fication database cleanup runs. <b>PROBE MESSAGE ROUTING CONTROLS</b> By default, probe messages are delivered via the same route as regular messages. The following parameters can be used to override specific message routing mechanisms. <b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b> Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification probes. <b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b> Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address verification probes. <b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b> Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address verification probes. <b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b> Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address verification probes. <b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b> Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address verification probes. <b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b> Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address verification probes. Available in Postfix 2.3 and later: <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a></b> <b>($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b> Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address verification probes. Available in Postfix 2.7 and later: <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a></b> <b>($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_trans</a>- <a href="postconf.5.html#sender_dependent_default_transport_maps">port_maps</a> parameter setting for address verifica- tion probes. <b>MISCELLANEOUS CONTROLS</b> <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> configuration files. <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> The time limit for sending or receiving information over an internal communication channel. <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> The process ID of a Postfix command or daemon process. <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> The process name of a Postfix command or daemon process. <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b> The location of the Postfix top-level queue direc- tory. <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> The syslog facility of Postfix logging. <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". <b>SEE ALSO</b> <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server <a href="cleanup.8.html">cleanup(8)</a>, enqueue Postfix message <a href="postconf.5.html">postconf(5)</a>, configuration parameters syslogd(5), system logging <b>README FILES</b> <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, address verification howto <b>LICENSE</b> The Secure Mailer license must be distributed with this software. <b>HISTORY</b> This service was introduced with Postfix version 2.1. <b>AUTHOR(S)</b> Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA VERIFY(8) </pre> </body> </html>