1 /* $NetBSD: mail_params.h,v 1.21 2026/05/09 18:49:16 christos Exp $ */ 2 3 #ifndef _MAIL_PARAMS_H_INCLUDED_ 4 #define _MAIL_PARAMS_H_INCLUDED_ 5 6 /*++ 7 /* NAME 8 /* mail_params 3h 9 /* SUMMARY 10 /* globally configurable parameters 11 /* SYNOPSIS 12 /* #include <mail_params.h> 13 /* DESCRIPTION 14 /* .nf 15 16 /* 17 * Needed for version-dependent default settings. 18 */ 19 #ifdef USE_TLS 20 #include <openssl/opensslv.h> /* OPENSSL_VERSION_NUMBER */ 21 #include <openssl/objects.h> /* SN_* and NID_* macros */ 22 #if OPENSSL_VERSION_NUMBER < 0x1010100fUL 23 #error "OpenSSL releases prior to 1.1.1 are no longer supported" 24 #endif 25 #endif 26 #ifndef OPENSSL_VERSION_PREREQ 27 #define OPENSSL_VERSION_PREREQ(m,n) 0 28 #endif 29 30 /* 31 * Name used when this mail system announces itself. 32 */ 33 #define VAR_MAIL_NAME "mail_name" 34 #define DEF_MAIL_NAME "Postfix" 35 extern char *var_mail_name; 36 37 /* 38 * You want to be helped or not. 39 */ 40 #define VAR_HELPFUL_WARNINGS "helpful_warnings" 41 #define DEF_HELPFUL_WARNINGS 1 42 extern bool var_helpful_warnings; 43 44 /* 45 * You want to be helped or not. 46 */ 47 #define VAR_SHOW_UNK_RCPT_TABLE "show_user_unknown_table_name" 48 #define DEF_SHOW_UNK_RCPT_TABLE 1 49 extern bool var_show_unk_rcpt_table; 50 51 /* 52 * Compatibility level and migration support. Update postconf(5), 53 * COMPATIBILITY_README, global/mail_params.[hc] and conf/main.cf when 54 * updating the current compatibility level. 55 */ 56 #define COMPAT_LEVEL_0 "0" 57 #define COMPAT_LEVEL_1 "1" /* Introduced: Postfix 3.0 */ 58 #define COMPAT_LEVEL_2 "2" /* Introduced: Postfix 3.0 */ 59 #define COMPAT_LEVEL_3_6 "3.6" 60 #define COMPAT_LEVEL_3_11 "3.11" 61 #define LAST_COMPAT_LEVEL COMPAT_LEVEL_3_11 62 63 #define VAR_COMPAT_LEVEL "compatibility_level" 64 #define DEF_COMPAT_LEVEL COMPAT_LEVEL_0 65 extern char *var_compatibility_level; 66 67 /* 68 * See comment in mail_params.c. 69 */ 70 extern int warn_compat_break_app_dot_mydomain; 71 extern int warn_compat_break_smtputf8_enable; 72 extern int warn_compat_break_chroot; 73 extern int warn_compat_break_relay_restrictions; /* Postfix 2.10. */ 74 75 extern int warn_compat_break_relay_domains; 76 extern int warn_compat_break_flush_domains; 77 extern int warn_compat_break_mynetworks_style; 78 79 extern int warn_compat_break_smtpd_tls_fpt_dgst; 80 extern int warn_compat_break_smtp_tls_fpt_dgst; 81 extern int warn_compat_break_lmtp_tls_fpt_dgst; 82 extern int warn_compat_relay_before_rcpt_checks; 83 extern int warn_compat_respectful_logging; 84 85 extern int warn_compat_break_smtp_tlsrpt_skip_reused_hs; 86 extern int warn_compat_break_smtp_tls_level; 87 extern int warn_compat_break_tlsp_clnt_level; 88 89 extern long compat_level; 90 91 /* 92 * What problem classes should be reported to the postmaster via email. 93 * Default is bad problems only. See mail_error(3). Even when mail notices 94 * are disabled, problems are still logged to the syslog daemon. 95 * 96 * Do not add "protocol" to the default setting. It gives Postfix a bad 97 * reputation: people get mail whenever spam software makes a mistake. 98 */ 99 #define VAR_NOTIFY_CLASSES "notify_classes" 100 #define DEF_NOTIFY_CLASSES "resource, software" /* Not: "protocol" */ 101 extern char *var_notify_classes; 102 103 /* 104 * What do I turn <> into? Sendmail defaults to mailer-daemon. 105 */ 106 #define VAR_EMPTY_ADDR "empty_address_recipient" 107 #define DEF_EMPTY_ADDR MAIL_ADDR_MAIL_DAEMON 108 extern char *var_empty_addr; 109 110 /* 111 * Privileges used by the mail system: the owner of files and commands, and 112 * the rights to be used when running external commands. 113 */ 114 #define VAR_MAIL_OWNER "mail_owner" 115 #define DEF_MAIL_OWNER "postfix" 116 extern char *var_mail_owner; 117 extern uid_t var_owner_uid; 118 extern gid_t var_owner_gid; 119 120 #define VAR_SGID_GROUP "setgid_group" 121 #define DEF_SGID_GROUP "maildrop" 122 extern char *var_sgid_group; 123 extern gid_t var_sgid_gid; 124 125 #define VAR_DEFAULT_PRIVS "default_privs" 126 #define DEF_DEFAULT_PRIVS "nobody" 127 extern char *var_default_privs; 128 extern uid_t var_default_uid; 129 extern gid_t var_default_gid; 130 131 /* 132 * Access control for local privileged operations: 133 */ 134 #define STATIC_ANYONE_ACL "static:anyone" 135 136 #define VAR_FLUSH_ACL "authorized_flush_users" 137 #define DEF_FLUSH_ACL STATIC_ANYONE_ACL 138 extern char *var_flush_acl; 139 140 #define VAR_SHOWQ_ACL "authorized_mailq_users" 141 #define DEF_SHOWQ_ACL STATIC_ANYONE_ACL 142 extern char *var_showq_acl; 143 144 #define VAR_SUBMIT_ACL "authorized_submit_users" 145 #define DEF_SUBMIT_ACL STATIC_ANYONE_ACL 146 extern char *var_submit_acl; 147 148 /* 149 * Local submission, envelope sender ownership. 150 */ 151 #define VAR_LOCAL_LOGIN_SND_MAPS "local_login_sender_maps" 152 #define DEF_LOCAL_LOGIN_SND_MAPS "static:*" 153 extern char *var_local_login_snd__maps; 154 155 #define VAR_NULL_LOCAL_LOGIN_SND_MAPS_KEY "empty_address_local_login_sender_maps_lookup_key" 156 #define DEF_NULL_LOCAL_LOGIN_SND_MAPS_KEY "<>" 157 extern char *var_null_local_login_snd_maps_key; 158 159 /* 160 * What goes on the right-hand side of addresses of mail sent from this 161 * machine. 162 */ 163 #define VAR_MYORIGIN "myorigin" 164 #define DEF_MYORIGIN "$myhostname" 165 extern char *var_myorigin; 166 167 /* 168 * What domains I will receive mail for. Not to be confused with transit 169 * mail to other destinations. 170 */ 171 #define VAR_MYDEST "mydestination" 172 #define DEF_MYDEST "$myhostname, localhost.$mydomain, localhost" 173 extern char *var_mydest; 174 175 /* 176 * These are by default taken from the name service. 177 */ 178 #define VAR_MYHOSTNAME "myhostname" /* my hostname (fqdn) */ 179 extern char *var_myhostname; 180 181 #define VAR_MYDOMAIN "mydomain" /* my domain name */ 182 #define DEF_MYDOMAIN "localdomain" 183 extern char *var_mydomain; 184 185 /* 186 * The default local delivery transport. 187 */ 188 #define VAR_LOCAL_TRANSPORT "local_transport" 189 #define DEF_LOCAL_TRANSPORT MAIL_SERVICE_LOCAL ":$myhostname" 190 extern char *var_local_transport; 191 192 /* 193 * Where to send postmaster copies of bounced mail, and other notices. 194 */ 195 #define VAR_BOUNCE_RCPT "bounce_notice_recipient" 196 #define DEF_BOUNCE_RCPT "postmaster" 197 extern char *var_bounce_rcpt; 198 199 #define VAR_2BOUNCE_RCPT "2bounce_notice_recipient" 200 #define DEF_2BOUNCE_RCPT "postmaster" 201 extern char *var_2bounce_rcpt; 202 203 #define VAR_DELAY_RCPT "delay_notice_recipient" 204 #define DEF_DELAY_RCPT "postmaster" 205 extern char *var_delay_rcpt; 206 207 #define VAR_ERROR_RCPT "error_notice_recipient" 208 #define DEF_ERROR_RCPT "postmaster" 209 extern char *var_error_rcpt; 210 211 /* 212 * Virtual host support. Default is to listen on all machine interfaces. 213 */ 214 #define VAR_INET_INTERFACES "inet_interfaces" /* listen addresses */ 215 #define INET_INTERFACES_ALL "all" 216 #define INET_INTERFACES_LOCAL "loopback-only" 217 #define DEF_INET_INTERFACES INET_INTERFACES_ALL 218 extern char *var_inet_interfaces; 219 220 #define VAR_PROXY_INTERFACES "proxy_interfaces" /* proxies, NATs */ 221 #define DEF_PROXY_INTERFACES "" 222 extern char *var_proxy_interfaces; 223 224 /* 225 * Masquerading (i.e. subdomain stripping). 226 */ 227 #define VAR_MASQ_DOMAINS "masquerade_domains" 228 #define DEF_MASQ_DOMAINS "" 229 extern char *var_masq_domains; 230 231 #define VAR_MASQ_EXCEPTIONS "masquerade_exceptions" 232 #define DEF_MASQ_EXCEPTIONS "" 233 extern char *var_masq_exceptions; 234 235 #define MASQ_CLASS_ENV_FROM "envelope_sender" 236 #define MASQ_CLASS_ENV_RCPT "envelope_recipient" 237 #define MASQ_CLASS_HDR_FROM "header_sender" 238 #define MASQ_CLASS_HDR_RCPT "header_recipient" 239 240 #define VAR_MASQ_CLASSES "masquerade_classes" 241 #define DEF_MASQ_CLASSES MASQ_CLASS_ENV_FROM ", " \ 242 MASQ_CLASS_HDR_FROM ", " \ 243 MASQ_CLASS_HDR_RCPT 244 extern char *var_masq_classes; 245 246 /* 247 * Intranet versus internet. 248 */ 249 #define VAR_RELAYHOST "relayhost" 250 #define DEF_RELAYHOST "" 251 extern char *var_relayhost; 252 253 #define VAR_SND_RELAY_MAPS "sender_dependent_relayhost_maps" 254 #define DEF_SND_RELAY_MAPS "" 255 extern char *var_snd_relay_maps; 256 257 #define VAR_NULL_RELAY_MAPS_KEY "empty_address_relayhost_maps_lookup_key" 258 #define DEF_NULL_RELAY_MAPS_KEY "<>" 259 extern char *var_null_relay_maps_key; 260 261 #define VAR_SMTP_FALLBACK "smtp_fallback_relay" 262 #define DEF_SMTP_FALLBACK "$fallback_relay" 263 #define VAR_LMTP_FALLBACK "lmtp_fallback_relay" 264 #define DEF_LMTP_FALLBACK "" 265 #define DEF_FALLBACK_RELAY "" 266 extern char *var_fallback_relay; 267 268 #define VAR_DISABLE_DNS "disable_dns_lookups" 269 #define DEF_DISABLE_DNS 0 270 extern bool var_disable_dns; 271 272 #define SMTP_DNS_SUPPORT_DISABLED "disabled" 273 #define SMTP_DNS_SUPPORT_ENABLED "enabled" 274 #define SMTP_DNS_SUPPORT_DNSSEC "dnssec" 275 276 #define VAR_SMTP_DNS_SUPPORT "smtp_dns_support_level" 277 #define DEF_SMTP_DNS_SUPPORT "" 278 #define VAR_LMTP_DNS_SUPPORT "lmtp_dns_support_level" 279 #define DEF_LMTP_DNS_SUPPORT "" 280 extern char *var_smtp_dns_support; 281 282 #define SMTP_HOST_LOOKUP_DNS "dns" 283 #define SMTP_HOST_LOOKUP_NATIVE "native" 284 285 #define VAR_SMTP_HOST_LOOKUP "smtp_host_lookup" 286 #define DEF_SMTP_HOST_LOOKUP SMTP_HOST_LOOKUP_DNS 287 #define VAR_LMTP_HOST_LOOKUP "lmtp_host_lookup" 288 #define DEF_LMTP_HOST_LOOKUP SMTP_HOST_LOOKUP_DNS 289 extern char *var_smtp_host_lookup; 290 291 #define SMTP_DNS_RES_OPT_DEFNAMES "res_defnames" 292 #define SMTP_DNS_RES_OPT_DNSRCH "res_dnsrch" 293 294 #define VAR_SMTP_DNS_RES_OPT "smtp_dns_resolver_options" 295 #define DEF_SMTP_DNS_RES_OPT "" 296 #define VAR_LMTP_DNS_RES_OPT "lmtp_dns_resolver_options" 297 #define DEF_LMTP_DNS_RES_OPT "" 298 extern char *var_smtp_dns_res_opt; 299 300 #define VAR_SMTP_MXADDR_LIMIT "smtp_mx_address_limit" 301 #define DEF_SMTP_MXADDR_LIMIT 5 302 #define VAR_LMTP_MXADDR_LIMIT "lmtp_mx_address_limit" 303 #define DEF_LMTP_MXADDR_LIMIT 5 304 extern int var_smtp_mxaddr_limit; 305 306 #define VAR_SMTP_MXSESS_LIMIT "smtp_mx_session_limit" 307 #define DEF_SMTP_MXSESS_LIMIT 2 308 #define VAR_LMTP_MXSESS_LIMIT "lmtp_mx_session_limit" 309 #define DEF_LMTP_MXSESS_LIMIT 2 310 extern int var_smtp_mxsess_limit; 311 312 /* 313 * Location of the mail queue directory tree. 314 */ 315 #define VAR_QUEUE_DIR "queue_directory" 316 #ifndef DEF_QUEUE_DIR 317 #define DEF_QUEUE_DIR "/var/spool/postfix" 318 #endif 319 extern char *var_queue_dir; 320 321 /* 322 * Location of command and daemon programs. 323 */ 324 #define VAR_DAEMON_DIR "daemon_directory" 325 #ifndef DEF_DAEMON_DIR 326 #define DEF_DAEMON_DIR "/usr/libexec/postfix" 327 #endif 328 extern char *var_daemon_dir; 329 330 #define VAR_COMMAND_DIR "command_directory" 331 #ifndef DEF_COMMAND_DIR 332 #define DEF_COMMAND_DIR "/usr/sbin" 333 #endif 334 extern char *var_command_dir; 335 336 /* 337 * Location of PID files. 338 */ 339 #define VAR_PID_DIR "process_id_directory" 340 #ifndef DEF_PID_DIR 341 #define DEF_PID_DIR "pid" 342 #endif 343 extern char *var_pid_dir; 344 345 /* 346 * Location of writable data files. 347 */ 348 #define VAR_DATA_DIR "data_directory" 349 #ifndef DEF_DATA_DIR 350 #define DEF_DATA_DIR "/var/db/postfix" 351 #endif 352 extern char *var_data_dir; 353 354 /* 355 * Program startup time. 356 */ 357 extern time_t var_starttime; 358 359 /* 360 * Location of configuration files. 361 */ 362 #define VAR_CONFIG_DIR "config_directory" 363 #ifndef DEF_CONFIG_DIR 364 #define DEF_CONFIG_DIR "/etc/postfix" 365 #endif 366 extern char *var_config_dir; 367 368 #define VAR_CONFIG_DIRS "alternate_config_directories" 369 #define DEF_CONFIG_DIRS "" 370 extern char *var_config_dirs; 371 372 #define MAIN_CONF_FILE "main.cf" 373 #define MASTER_CONF_FILE "master.cf" 374 375 /* 376 * Preferred type of indexed files. The DEF_DB_TYPE macro value is system 377 * dependent. It is defined in <sys_defs.h>. 378 */ 379 #define VAR_DB_TYPE "default_database_type" 380 extern char *var_db_type; 381 382 /* 383 * Preferred type of cache database files. The DEF_CACHE_DB_TYPE macro value 384 * is system dependent. It is defined in <sys_defs.h>. 385 */ 386 #define VAR_CACHE_DB_TYPE "default_cache_db_type" 387 extern char *var_cache_db_type; 388 389 /* 390 * What syslog facility to use. Unfortunately, something may have to be 391 * logged before parameters are read from the main.cf file. This logging 392 * will go the LOG_FACILITY facility specified below. 393 */ 394 #define VAR_SYSLOG_FACILITY "syslog_facility" 395 extern char *var_syslog_facility; 396 397 #ifndef DEF_SYSLOG_FACILITY 398 #define DEF_SYSLOG_FACILITY "mail" 399 #endif 400 401 #ifndef LOG_FACILITY 402 #define LOG_FACILITY LOG_MAIL 403 #endif 404 405 /* 406 * Big brother: who receives a blank-carbon copy of all mail that enters 407 * this mail system. 408 */ 409 #define VAR_ALWAYS_BCC "always_bcc" 410 #define DEF_ALWAYS_BCC "" 411 extern char *var_always_bcc; 412 413 /* 414 * What to put in the To: header when no recipients were disclosed. 415 * 416 * XXX 2822: When no recipient headers remain, a system should insert a Bcc: 417 * header without additional information. That is not so great given that 418 * MTAs routinely strip Bcc: headers from message headers. 419 */ 420 #define VAR_RCPT_WITHELD "undisclosed_recipients_header" 421 #define DEF_RCPT_WITHELD "" 422 extern char *var_rcpt_witheld; 423 424 /* 425 * Add missing headers. Postfix 2.6 no longer adds headers to remote mail by 426 * default. 427 */ 428 #define VAR_ALWAYS_ADD_HDRS "always_add_missing_headers" 429 #define DEF_ALWAYS_ADD_HDRS 0 430 extern bool var_always_add_hdrs; 431 432 /* 433 * Dropping message headers. 434 */ 435 #define VAR_DROP_HDRS "message_drop_headers" 436 #define DEF_DROP_HDRS "bcc, content-length, resent-bcc, return-path" 437 extern char *var_drop_hdrs; 438 439 /* 440 * From: header format: we provide canned versions only, no Sendmail-style 441 * macro expansions. 442 */ 443 #define HFROM_FORMAT_NAME_STD "standard" /* From: name <address> */ 444 #define HFROM_FORMAT_NAME_OBS "obsolete" /* From: address (name) */ 445 #define VAR_HFROM_FORMAT "header_from_format" 446 #define DEF_HFROM_FORMAT HFROM_FORMAT_NAME_STD 447 extern char *var_hfrom_format; 448 449 /* 450 * How to handle malformed header ending. 451 */ 452 #define NON_EMPTY_EOH_NAME_FIX_QUIETLY "fix_quietly" 453 #define NON_EMPTY_EOH_NAME_ADD_HDR "add_header" 454 #define NON_EMPTY_EOH_NAME_REJECT "reject" 455 456 #define VAR_NON_EMPTY_EOH_ACTION "non_empty_end_of_header_action" 457 #define DEF_NON_EMPTY_EOH_ACTION NON_EMPTY_EOH_NAME_FIX_QUIETLY 458 extern char *var_non_empty_eoh_action; 459 460 /* 461 * Standards violation: allow/permit RFC 822-style addresses in SMTP 462 * commands. 463 */ 464 #define VAR_STRICT_RFC821_ENV "strict_rfc821_envelopes" 465 #define DEF_STRICT_RFC821_ENV 0 466 extern bool var_strict_rfc821_env; 467 468 /* 469 * Standards violation: send "250 AUTH=list" in order to accommodate clients 470 * that implement an old version of the protocol. 471 */ 472 #define VAR_BROKEN_AUTH_CLNTS "broken_sasl_auth_clients" 473 #define DEF_BROKEN_AUTH_CLNTS 0 474 extern bool var_broken_auth_clients; 475 476 /* 477 * Standards violation: disable VRFY. 478 */ 479 #define VAR_DISABLE_VRFY_CMD "disable_vrfy_command" 480 #define DEF_DISABLE_VRFY_CMD 0 481 extern bool var_disable_vrfy_cmd; 482 483 /* 484 * trivial rewrite/resolve service: mapping tables. 485 */ 486 #define VAR_VIRT_ALIAS_MAPS "virtual_alias_maps" 487 #define DEF_VIRT_ALIAS_MAPS "$virtual_maps" /* Compatibility! */ 488 extern char *var_virt_alias_maps; 489 490 #define VAR_VIRT_ALIAS_DOMS "virtual_alias_domains" 491 #define DEF_VIRT_ALIAS_DOMS "$virtual_alias_maps" 492 extern char *var_virt_alias_doms; 493 494 #define VAR_VIRT_ALIAS_CODE "unknown_virtual_alias_reject_code" 495 #define DEF_VIRT_ALIAS_CODE 550 496 extern int var_virt_alias_code; 497 498 #define VAR_CANONICAL_MAPS "canonical_maps" 499 #define DEF_CANONICAL_MAPS "" 500 extern char *var_canonical_maps; 501 502 #define VAR_SEND_CANON_MAPS "sender_canonical_maps" 503 #define DEF_SEND_CANON_MAPS "" 504 extern char *var_send_canon_maps; 505 506 #define VAR_RCPT_CANON_MAPS "recipient_canonical_maps" 507 #define DEF_RCPT_CANON_MAPS "" 508 extern char *var_rcpt_canon_maps; 509 510 #define CANON_CLASS_ENV_FROM "envelope_sender" 511 #define CANON_CLASS_ENV_RCPT "envelope_recipient" 512 #define CANON_CLASS_HDR_FROM "header_sender" 513 #define CANON_CLASS_HDR_RCPT "header_recipient" 514 515 #define VAR_CANON_CLASSES "canonical_classes" 516 #define DEF_CANON_CLASSES CANON_CLASS_ENV_FROM ", " \ 517 CANON_CLASS_ENV_RCPT ", " \ 518 CANON_CLASS_HDR_FROM ", " \ 519 CANON_CLASS_HDR_RCPT 520 extern char *var_canon_classes; 521 522 #define VAR_SEND_CANON_CLASSES "sender_canonical_classes" 523 #define DEF_SEND_CANON_CLASSES CANON_CLASS_ENV_FROM ", " \ 524 CANON_CLASS_HDR_FROM 525 extern char *var_send_canon_classes; 526 527 #define VAR_RCPT_CANON_CLASSES "recipient_canonical_classes" 528 #define DEF_RCPT_CANON_CLASSES CANON_CLASS_ENV_RCPT ", " \ 529 CANON_CLASS_HDR_RCPT 530 extern char *var_rcpt_canon_classes; 531 532 #define VAR_SEND_BCC_MAPS "sender_bcc_maps" 533 #define DEF_SEND_BCC_MAPS "" 534 extern char *var_send_bcc_maps; 535 536 #define VAR_RCPT_BCC_MAPS "recipient_bcc_maps" 537 #define DEF_RCPT_BCC_MAPS "" 538 extern char *var_rcpt_bcc_maps; 539 540 #define VAR_TRANSPORT_MAPS "transport_maps" 541 #define DEF_TRANSPORT_MAPS "" 542 extern char *var_transport_maps; 543 544 #define VAR_DEF_TRANSPORT "default_transport" 545 #define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP 546 extern char *var_def_transport; 547 548 #define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps" 549 #define DEF_SND_DEF_XPORT_MAPS "" 550 extern char *var_snd_def_xport_maps; 551 552 #define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key" 553 #define DEF_NULL_DEF_XPORT_MAPS_KEY "<>" 554 extern char *var_null_def_xport_maps_key; 555 556 /* 557 * trivial rewrite/resolve service: rewriting controls. 558 */ 559 #define VAR_SWAP_BANGPATH "swap_bangpath" 560 #define DEF_SWAP_BANGPATH 1 561 extern bool var_swap_bangpath; 562 563 #define VAR_APP_AT_MYORIGIN "append_at_myorigin" 564 #define DEF_APP_AT_MYORIGIN 1 565 extern bool var_append_at_myorigin; 566 567 #define VAR_APP_DOT_MYDOMAIN "append_dot_mydomain" 568 #define DEF_APP_DOT_MYDOMAIN "${{$compatibility_level} <level {1} ? " \ 569 "{yes} : {no}}" 570 extern bool var_append_dot_mydomain; 571 572 #define VAR_PERCENT_HACK "allow_percent_hack" 573 #define DEF_PERCENT_HACK 1 574 extern bool var_percent_hack; 575 576 /* 577 * Local delivery: alias databases. 578 */ 579 #define VAR_ALIAS_MAPS "alias_maps" 580 #ifdef HAS_NIS 581 #define DEF_ALIAS_MAPS ALIAS_DB_MAP ", nis:mail.aliases" 582 #else 583 #define DEF_ALIAS_MAPS ALIAS_DB_MAP 584 #endif 585 extern char *var_alias_maps; 586 587 /* 588 * Local delivery: to BIFF or not to BIFF. 589 */ 590 #define VAR_BIFF "biff" 591 #define DEF_BIFF 1 592 extern bool var_biff; 593 594 /* 595 * Local delivery: mail to files/commands. 596 */ 597 #define VAR_ALLOW_COMMANDS "allow_mail_to_commands" 598 #define DEF_ALLOW_COMMANDS "alias, forward" 599 extern char *var_allow_commands; 600 601 #define VAR_COMMAND_MAXTIME "command_time_limit" 602 #define _MAXTIME "_time_limit" 603 #define DEF_COMMAND_MAXTIME "1000s" 604 extern int var_command_maxtime; 605 606 #define VAR_ALLOW_FILES "allow_mail_to_files" 607 #define DEF_ALLOW_FILES "alias, forward" 608 extern char *var_allow_files; 609 610 #define VAR_LOCAL_CMD_SHELL "local_command_shell" 611 #define DEF_LOCAL_CMD_SHELL "" 612 extern char *var_local_cmd_shell; 613 614 #define VAR_ALIAS_DB_MAP "alias_database" 615 #define DEF_ALIAS_DB_MAP ALIAS_DB_MAP /* sys_defs.h */ 616 extern char *var_alias_db_map; 617 618 #define VAR_LUSER_RELAY "luser_relay" 619 #define DEF_LUSER_RELAY "" 620 extern char *var_luser_relay; 621 622 /* 623 * Local delivery: mailbox delivery. 624 */ 625 #define VAR_MAIL_SPOOL_DIR "mail_spool_directory" 626 #ifndef DEF_MAIL_SPOOL_DIR 627 #define DEF_MAIL_SPOOL_DIR _PATH_MAILDIR 628 #endif 629 extern char *var_mail_spool_dir; 630 631 #define VAR_HOME_MAILBOX "home_mailbox" 632 #define DEF_HOME_MAILBOX "" 633 extern char *var_home_mailbox; 634 635 #define VAR_MAILBOX_COMMAND "mailbox_command" 636 #define DEF_MAILBOX_COMMAND "" 637 extern char *var_mailbox_command; 638 639 #define VAR_MAILBOX_CMD_MAPS "mailbox_command_maps" 640 #define DEF_MAILBOX_CMD_MAPS "" 641 extern char *var_mailbox_cmd_maps; 642 643 #define VAR_MAILBOX_TRANSP "mailbox_transport" 644 #define DEF_MAILBOX_TRANSP "" 645 extern char *var_mailbox_transport; 646 647 #define VAR_MBOX_TRANSP_MAPS "mailbox_transport_maps" 648 #define DEF_MBOX_TRANSP_MAPS "" 649 extern char *var_mbox_transp_maps; 650 651 #define VAR_FALLBACK_TRANSP "fallback_transport" 652 #define DEF_FALLBACK_TRANSP "" 653 extern char *var_fallback_transport; 654 655 #define VAR_FBCK_TRANSP_MAPS "fallback_transport_maps" 656 #define DEF_FBCK_TRANSP_MAPS "" 657 extern char *var_fbck_transp_maps; 658 659 /* 660 * Local delivery: path to per-user forwarding file. 661 */ 662 #define VAR_FORWARD_PATH "forward_path" 663 #define DEF_FORWARD_PATH "$home/.forward${recipient_delimiter}${extension}, $home/.forward" 664 extern char *var_forward_path; 665 666 /* 667 * Local delivery: external command execution directory. 668 */ 669 #define VAR_EXEC_DIRECTORY "command_execution_directory" 670 #define DEF_EXEC_DIRECTORY "" 671 extern char *var_exec_directory; 672 673 #define VAR_EXEC_EXP_FILTER "execution_directory_expansion_filter" 674 #define DEF_EXEC_EXP_FILTER "1234567890!@%-_=+:,./\ 675 abcdefghijklmnopqrstuvwxyz\ 676 ABCDEFGHIJKLMNOPQRSTUVWXYZ" 677 extern char *var_exec_exp_filter; 678 679 /* 680 * Mailbox locking. DEF_MAILBOX_LOCK is defined in sys_defs.h. 681 */ 682 #define VAR_MAILBOX_LOCK "mailbox_delivery_lock" 683 extern char *var_mailbox_lock; 684 685 /* 686 * Mailbox size limit. This used to be enforced as a side effect of the way 687 * the message size limit is implemented, but that is not clean. 688 */ 689 #define VAR_MAILBOX_LIMIT "mailbox_size_limit" 690 #define DEF_MAILBOX_LIMIT (DEF_MESSAGE_LIMIT * 5) 691 extern long var_mailbox_limit; 692 693 /* 694 * Miscellaneous. 695 */ 696 #define VAR_PROP_EXTENSION "propagate_unmatched_extensions" 697 #define DEF_PROP_EXTENSION "canonical, virtual" 698 extern char *var_prop_extension; 699 700 #define VAR_RCPT_DELIM "recipient_delimiter" 701 #define DEF_RCPT_DELIM "" 702 extern char *var_rcpt_delim; 703 704 #define VAR_CMD_EXP_FILTER "command_expansion_filter" 705 #define DEF_CMD_EXP_FILTER "1234567890!@%-_=+:,./\ 706 abcdefghijklmnopqrstuvwxyz\ 707 ABCDEFGHIJKLMNOPQRSTUVWXYZ" 708 extern char *var_cmd_exp_filter; 709 710 #define VAR_FWD_EXP_FILTER "forward_expansion_filter" 711 #define DEF_FWD_EXP_FILTER "1234567890!@%-_=+:,./\ 712 abcdefghijklmnopqrstuvwxyz\ 713 ABCDEFGHIJKLMNOPQRSTUVWXYZ" 714 extern char *var_fwd_exp_filter; 715 716 #define VAR_DELIVER_HDR "prepend_delivered_header" 717 #define DEF_DELIVER_HDR "command, file, forward" 718 extern char *var_deliver_hdr; 719 720 /* 721 * Cleanup: enable support for X-Original-To message headers, which are 722 * needed for multi-recipient mailboxes. When this is turned on, perform 723 * duplicate elimination on (original rcpt, rewritten rcpt) pairs, and 724 * generating non-empty original recipient records in the queue file. 725 */ 726 #define VAR_ENABLE_ORCPT "enable_original_recipient" 727 #define DEF_ENABLE_ORCPT 1 728 extern bool var_enable_orcpt; 729 730 #define VAR_EXP_OWN_ALIAS "expand_owner_alias" 731 #define DEF_EXP_OWN_ALIAS 0 732 extern bool var_exp_own_alias; 733 734 #define VAR_STAT_HOME_DIR "require_home_directory" 735 #define DEF_STAT_HOME_DIR 0 736 extern bool var_stat_home_dir; 737 738 /* 739 * Cleanup server: maximal size of the duplicate expansion filter. By 740 * default, we do graceful degradation with huge mailing lists. 741 */ 742 #define VAR_DUP_FILTER_LIMIT "duplicate_filter_limit" 743 #define DEF_DUP_FILTER_LIMIT 1000 744 extern int var_dup_filter_limit; 745 746 /* 747 * Transport Layer Security (TLS) protocol support. 748 */ 749 #define VAR_TLS_MGR_SERVICE "tlsmgr_service_name" 750 #define DEF_TLS_MGR_SERVICE "tlsmgr" 751 extern char *var_tls_mgr_service; 752 753 #define VAR_TLS_APPEND_DEF_CA "tls_append_default_CA" 754 #define DEF_TLS_APPEND_DEF_CA 0 /* Postfix < 2.8 BC break */ 755 extern bool var_tls_append_def_CA; 756 757 #define VAR_TLS_RAND_EXCH_NAME "tls_random_exchange_name" 758 #define DEF_TLS_RAND_EXCH_NAME "${data_directory}/prng_exch" 759 extern char *var_tls_rand_exch_name; 760 761 #define VAR_TLS_RAND_SOURCE "tls_random_source" 762 #ifdef PREFERRED_RAND_SOURCE 763 #define DEF_TLS_RAND_SOURCE PREFERRED_RAND_SOURCE 764 #else 765 #define DEF_TLS_RAND_SOURCE "" 766 #endif 767 extern char *var_tls_rand_source; 768 769 #define VAR_TLS_RAND_BYTES "tls_random_bytes" 770 #define DEF_TLS_RAND_BYTES 32 771 extern int var_tls_rand_bytes; 772 773 #define VAR_TLS_DAEMON_RAND_BYTES "tls_daemon_random_bytes" 774 #define DEF_TLS_DAEMON_RAND_BYTES 32 775 extern int var_tls_daemon_rand_bytes; 776 777 #define VAR_TLS_RESEED_PERIOD "tls_random_reseed_period" 778 #define DEF_TLS_RESEED_PERIOD "3600s" 779 extern int var_tls_reseed_period; 780 781 #define VAR_TLS_PRNG_UPD_PERIOD "tls_random_prng_update_period" 782 #define DEF_TLS_PRNG_UPD_PERIOD "3600s" 783 extern int var_tls_prng_upd_period; 784 785 /* 786 * Queue manager: relocated databases. 787 */ 788 #define VAR_RELOCATED_MAPS "relocated_maps" 789 #define DEF_RELOCATED_MAPS "" 790 extern char *var_relocated_maps; 791 792 #define VAR_ENB_RELOCATED_PFX "relocated_prefix_enable" 793 #define DEF_ENB_RELOCATED_PFX "yes" 794 extern bool var_enb_relocated_pfx; 795 796 /* 797 * Queue manager: after each failed attempt the backoff time (how long we 798 * won't try this host in seconds) is doubled until it reaches the maximum. 799 * MAX_QUEUE_TIME limits the amount of time a message may spend in the mail 800 * queue before it is sent back. 801 */ 802 #define VAR_QUEUE_RUN_DELAY "queue_run_delay" 803 #define DEF_QUEUE_RUN_DELAY "300s" 804 805 #define VAR_MIN_BACKOFF_TIME "minimal_backoff_time" 806 #define DEF_MIN_BACKOFF_TIME DEF_QUEUE_RUN_DELAY 807 extern int var_min_backoff_time; 808 809 #define VAR_MAX_BACKOFF_TIME "maximal_backoff_time" 810 #define DEF_MAX_BACKOFF_TIME "4000s" 811 extern int var_max_backoff_time; 812 813 #define VAR_MAX_QUEUE_TIME "maximal_queue_lifetime" 814 #define DEF_MAX_QUEUE_TIME "5d" 815 extern int var_max_queue_time; 816 817 /* 818 * XXX The default can't be $maximal_queue_lifetime, because that panics 819 * when a non-default maximal_queue_lifetime setting contains no time unit. 820 */ 821 #define VAR_DSN_QUEUE_TIME "bounce_queue_lifetime" 822 #define DEF_DSN_QUEUE_TIME "5d" 823 extern int var_dsn_queue_time; 824 825 #define VAR_DELAY_WARN_TIME "delay_warning_time" 826 #define DEF_DELAY_WARN_TIME "0h" 827 extern int var_delay_warn_time; 828 829 #define VAR_DSN_DELAY_CLEARED "confirm_delay_cleared" 830 #define DEF_DSN_DELAY_CLEARED 0 831 extern bool var_dsn_delay_cleared; 832 833 /* 834 * Queue manager: various in-core message and recipient limits. 835 */ 836 #define VAR_QMGR_ACT_LIMIT "qmgr_message_active_limit" 837 #define DEF_QMGR_ACT_LIMIT 20000 838 extern int var_qmgr_active_limit; 839 840 #define VAR_QMGR_RCPT_LIMIT "qmgr_message_recipient_limit" 841 #define DEF_QMGR_RCPT_LIMIT 20000 842 extern int var_qmgr_rcpt_limit; 843 844 #define VAR_QMGR_MSG_RCPT_LIMIT "qmgr_message_recipient_minimum" 845 #define DEF_QMGR_MSG_RCPT_LIMIT 10 846 extern int var_qmgr_msg_rcpt_limit; 847 848 #define VAR_XPORT_RCPT_LIMIT "default_recipient_limit" 849 #define _XPORT_RCPT_LIMIT "_recipient_limit" 850 #define DEF_XPORT_RCPT_LIMIT 20000 851 extern int var_xport_rcpt_limit; 852 853 #define VAR_STACK_RCPT_LIMIT "default_extra_recipient_limit" 854 #define _STACK_RCPT_LIMIT "_extra_recipient_limit" 855 #define DEF_STACK_RCPT_LIMIT 1000 856 extern int var_stack_rcpt_limit; 857 858 #define VAR_XPORT_REFILL_LIMIT "default_recipient_refill_limit" 859 #define _XPORT_REFILL_LIMIT "_recipient_refill_limit" 860 #define DEF_XPORT_REFILL_LIMIT 100 861 extern int var_xport_refill_limit; 862 863 #define VAR_XPORT_REFILL_DELAY "default_recipient_refill_delay" 864 #define _XPORT_REFILL_DELAY "_recipient_refill_delay" 865 #define DEF_XPORT_REFILL_DELAY "5s" 866 extern int var_xport_refill_delay; 867 868 /* 869 * Queue manager: default job scheduler parameters. 870 */ 871 #define VAR_DELIVERY_SLOT_COST "default_delivery_slot_cost" 872 #define _DELIVERY_SLOT_COST "_delivery_slot_cost" 873 #define DEF_DELIVERY_SLOT_COST 5 874 extern int var_delivery_slot_cost; 875 876 #define VAR_DELIVERY_SLOT_LOAN "default_delivery_slot_loan" 877 #define _DELIVERY_SLOT_LOAN "_delivery_slot_loan" 878 #define DEF_DELIVERY_SLOT_LOAN 3 879 extern int var_delivery_slot_loan; 880 881 #define VAR_DELIVERY_SLOT_DISCOUNT "default_delivery_slot_discount" 882 #define _DELIVERY_SLOT_DISCOUNT "_delivery_slot_discount" 883 #define DEF_DELIVERY_SLOT_DISCOUNT 50 884 extern int var_delivery_slot_discount; 885 886 #define VAR_MIN_DELIVERY_SLOTS "default_minimum_delivery_slots" 887 #define _MIN_DELIVERY_SLOTS "_minimum_delivery_slots" 888 #define DEF_MIN_DELIVERY_SLOTS 3 889 extern int var_min_delivery_slots; 890 891 #define VAR_QMGR_FUDGE "qmgr_fudge_factor" 892 #define DEF_QMGR_FUDGE 100 893 extern int var_qmgr_fudge; 894 895 /* 896 * Queue manager: default destination concurrency levels. 897 */ 898 #define VAR_INIT_DEST_CON "initial_destination_concurrency" 899 #define _INIT_DEST_CON "_initial_destination_concurrency" 900 #define DEF_INIT_DEST_CON 5 901 extern int var_init_dest_concurrency; 902 903 #define VAR_DEST_CON_LIMIT "default_destination_concurrency_limit" 904 #define _DEST_CON_LIMIT "_destination_concurrency_limit" 905 #define DEF_DEST_CON_LIMIT 20 906 extern int var_dest_con_limit; 907 908 #define VAR_LOCAL_CON_LIMIT "local" _DEST_CON_LIMIT 909 #define DEF_LOCAL_CON_LIMIT 2 910 extern int var_local_con_lim; 911 912 /* 913 * Queue manager: default number of recipients per transaction. 914 */ 915 #define VAR_DEST_RCPT_LIMIT "default_destination_recipient_limit" 916 #define _DEST_RCPT_LIMIT "_destination_recipient_limit" 917 #define DEF_DEST_RCPT_LIMIT 50 918 extern int var_dest_rcpt_limit; 919 920 #define VAR_LOCAL_RCPT_LIMIT "local" _DEST_RCPT_LIMIT /* XXX */ 921 #define DEF_LOCAL_RCPT_LIMIT 1 /* XXX */ 922 extern int var_local_rcpt_lim; 923 924 /* 925 * Queue manager: default delay before retrying a dead transport. 926 */ 927 #define VAR_XPORT_RETRY_TIME "transport_retry_time" 928 #define DEF_XPORT_RETRY_TIME "60s" 929 extern int var_transport_retry_time; 930 931 /* 932 * Queue manager: what transports to defer delivery to. 933 */ 934 #define VAR_DEFER_XPORTS "defer_transports" 935 #define DEF_DEFER_XPORTS "" 936 extern char *var_defer_xports; 937 938 /* 939 * Queue manager: how often to warn that a destination is clogging the 940 * active queue. 941 */ 942 #define VAR_QMGR_CLOG_WARN_TIME "qmgr_clog_warn_time" 943 #define DEF_QMGR_CLOG_WARN_TIME "300s" 944 extern int var_qmgr_clog_warn_time; 945 946 /* 947 * Master: default process count limit per mail subsystem. 948 */ 949 #define VAR_PROC_LIMIT "default_process_limit" 950 #define DEF_PROC_LIMIT 100 951 extern int var_proc_limit; 952 953 /* 954 * Master: default time to wait after service is throttled. 955 */ 956 #define VAR_THROTTLE_TIME "service_throttle_time" 957 #define DEF_THROTTLE_TIME "60s" 958 extern int var_throttle_time; 959 960 /* 961 * Master: what master.cf services are turned off. 962 */ 963 #define VAR_MASTER_DISABLE "master_service_disable" 964 #define DEF_MASTER_DISABLE "" 965 extern char *var_master_disable; 966 967 /* 968 * Any subsystem: default maximum number of clients serviced before a mail 969 * subsystem terminates (except queue manager). 970 */ 971 #define VAR_MAX_USE "max_use" 972 #define DEF_MAX_USE 100 973 extern int var_use_limit; 974 975 /* 976 * Any subsystem: default amount of time a mail subsystem waits for a client 977 * connection (except queue manager). 978 */ 979 #define VAR_MAX_IDLE "max_idle" 980 #define DEF_MAX_IDLE "100s" 981 extern int var_idle_limit; 982 983 /* 984 * Any subsystem: default amount of time a mail subsystem waits for 985 * application events to drain. 986 */ 987 #define VAR_EVENT_DRAIN "application_event_drain_time" 988 #define DEF_EVENT_DRAIN "100s" 989 extern int var_event_drain; 990 991 /* 992 * Any subsystem: default amount of time a mail subsystem keeps an internal 993 * IPC connection before closing it because it is idle for too much time. 994 */ 995 #define VAR_IPC_IDLE "ipc_idle" 996 #define DEF_IPC_IDLE "5s" 997 extern int var_ipc_idle_limit; 998 999 /* 1000 * Any subsystem: default amount of time a mail subsystem keeps an internal 1001 * IPC connection before closing it because the connection has existed for 1002 * too much time. 1003 */ 1004 #define VAR_IPC_TTL "ipc_ttl" 1005 #define DEF_IPC_TTL "1000s" 1006 extern int var_ipc_ttl_limit; 1007 1008 /* 1009 * Any front-end subsystem: avoid running out of memory when someone sends 1010 * infinitely-long requests or replies. 1011 */ 1012 #define VAR_LINE_LIMIT "line_length_limit" 1013 #define DEF_LINE_LIMIT 2048 1014 extern int var_line_limit; 1015 1016 /* 1017 * Specify what SMTP peers need verbose logging. 1018 */ 1019 #define VAR_DEBUG_PEER_LIST "debug_peer_list" 1020 #define DEF_DEBUG_PEER_LIST "" 1021 extern char *var_debug_peer_list; 1022 1023 #define VAR_DEBUG_PEER_LEVEL "debug_peer_level" 1024 #define DEF_DEBUG_PEER_LEVEL 2 1025 extern int var_debug_peer_level; 1026 1027 /* 1028 * Queue management: what queues are hashed behind a forest of 1029 * subdirectories, and how deep the forest is. 1030 */ 1031 #define VAR_HASH_QUEUE_NAMES "hash_queue_names" 1032 #define DEF_HASH_QUEUE_NAMES "deferred, defer" 1033 extern char *var_hash_queue_names; 1034 1035 #define VAR_HASH_QUEUE_DEPTH "hash_queue_depth" 1036 #define DEF_HASH_QUEUE_DEPTH 1 1037 extern int var_hash_queue_depth; 1038 1039 /* 1040 * Short queue IDs contain the time in microseconds and file inode number. 1041 * Long queue IDs also contain the time in seconds. 1042 */ 1043 #define VAR_LONG_QUEUE_IDS "enable_long_queue_ids" 1044 #define DEF_LONG_QUEUE_IDS 0 1045 extern bool var_long_queue_ids; 1046 1047 /* 1048 * Multi-protocol support. 1049 */ 1050 #define INET_PROTO_NAME_IPV4 "ipv4" 1051 #define INET_PROTO_NAME_IPV6 "ipv6" 1052 #define INET_PROTO_NAME_ALL "all" 1053 #define INET_PROTO_NAME_ANY "any" 1054 #define VAR_INET_PROTOCOLS "inet_protocols" 1055 extern char *var_inet_protocols; 1056 1057 /* 1058 * SMTP client. Timeouts inspired by RFC 1123. The SMTP recipient limit 1059 * determines how many recipient addresses the SMTP client sends along with 1060 * each message. Unfortunately, some mailers misbehave and disconnect (smap) 1061 * when given more recipients than they are willing to handle. 1062 * 1063 * XXX 2821: A mail system is supposed to use EHLO instead of HELO, and to fall 1064 * back to HELO if EHLO is not supported. 1065 */ 1066 #define VAR_BESTMX_TRANSP "best_mx_transport" 1067 #define DEF_BESTMX_TRANSP "" 1068 extern char *var_bestmx_transp; 1069 1070 #define VAR_SMTP_CACHE_CONNT "smtp_connection_cache_time_limit" 1071 #define DEF_SMTP_CACHE_CONNT "2s" 1072 #define VAR_LMTP_CACHE_CONNT "lmtp_connection_cache_time_limit" 1073 #define DEF_LMTP_CACHE_CONNT "2s" 1074 extern int var_smtp_cache_conn; 1075 1076 #define VAR_SMTP_REUSE_COUNT "smtp_connection_reuse_count_limit" 1077 #define DEF_SMTP_REUSE_COUNT 0 1078 #define VAR_LMTP_REUSE_COUNT "lmtp_connection_reuse_count_limit" 1079 #define DEF_LMTP_REUSE_COUNT 0 1080 extern int var_smtp_reuse_count; 1081 1082 #define VAR_SMTP_REUSE_TIME "smtp_connection_reuse_time_limit" 1083 #define DEF_SMTP_REUSE_TIME "300s" 1084 #define VAR_LMTP_REUSE_TIME "lmtp_connection_reuse_time_limit" 1085 #define DEF_LMTP_REUSE_TIME "300s" 1086 extern int var_smtp_reuse_time; 1087 1088 #define VAR_SMTP_CACHE_DEST "smtp_connection_cache_destinations" 1089 #define DEF_SMTP_CACHE_DEST "" 1090 #define VAR_LMTP_CACHE_DEST "lmtp_connection_cache_destinations" 1091 #define DEF_LMTP_CACHE_DEST "" 1092 extern char *var_smtp_cache_dest; 1093 1094 #define VAR_SMTP_CACHE_DEMAND "smtp_connection_cache_on_demand" 1095 #ifndef DEF_SMTP_CACHE_DEMAND 1096 #define DEF_SMTP_CACHE_DEMAND 1 1097 #endif 1098 #define VAR_LMTP_CACHE_DEMAND "lmtp_connection_cache_on_demand" 1099 #ifndef DEF_LMTP_CACHE_DEMAND 1100 #define DEF_LMTP_CACHE_DEMAND 1 1101 #endif 1102 extern bool var_smtp_cache_demand; 1103 1104 #define VAR_SMTP_CONN_TMOUT "smtp_connect_timeout" 1105 #define DEF_SMTP_CONN_TMOUT "30s" 1106 extern int var_smtp_conn_tmout; 1107 1108 #define VAR_SMTP_HELO_TMOUT "smtp_helo_timeout" 1109 #define DEF_SMTP_HELO_TMOUT "300s" 1110 #define VAR_LMTP_HELO_TMOUT "lmtp_lhlo_timeout" 1111 #define DEF_LMTP_HELO_TMOUT "300s" 1112 extern int var_smtp_helo_tmout; 1113 1114 #define VAR_SMTP_XFWD_TMOUT "smtp_xforward_timeout" 1115 #define DEF_SMTP_XFWD_TMOUT "300s" 1116 extern int var_smtp_xfwd_tmout; 1117 1118 #define VAR_SMTP_STARTTLS_TMOUT "smtp_starttls_timeout" 1119 #define DEF_SMTP_STARTTLS_TMOUT "300s" 1120 #define VAR_LMTP_STARTTLS_TMOUT "lmtp_starttls_timeout" 1121 #define DEF_LMTP_STARTTLS_TMOUT "300s" 1122 extern int var_smtp_starttls_tmout; 1123 1124 #define VAR_SMTP_MAIL_TMOUT "smtp_mail_timeout" 1125 #define DEF_SMTP_MAIL_TMOUT "300s" 1126 extern int var_smtp_mail_tmout; 1127 1128 #define VAR_SMTP_RCPT_TMOUT "smtp_rcpt_timeout" 1129 #define DEF_SMTP_RCPT_TMOUT "300s" 1130 extern int var_smtp_rcpt_tmout; 1131 1132 #define VAR_SMTP_DATA0_TMOUT "smtp_data_init_timeout" 1133 #define DEF_SMTP_DATA0_TMOUT "120s" 1134 extern int var_smtp_data0_tmout; 1135 1136 #define VAR_SMTP_DATA1_TMOUT "smtp_data_xfer_timeout" 1137 #define DEF_SMTP_DATA1_TMOUT "180s" 1138 extern int var_smtp_data1_tmout; 1139 1140 #define VAR_SMTP_DATA2_TMOUT "smtp_data_done_timeout" 1141 #define DEF_SMTP_DATA2_TMOUT "600s" 1142 extern int var_smtp_data2_tmout; 1143 1144 #define VAR_SMTP_RSET_TMOUT "smtp_rset_timeout" 1145 #define DEF_SMTP_RSET_TMOUT "20s" 1146 extern int var_smtp_rset_tmout; 1147 1148 #define VAR_SMTP_QUIT_TMOUT "smtp_quit_timeout" 1149 #define DEF_SMTP_QUIT_TMOUT "300s" 1150 extern int var_smtp_quit_tmout; 1151 1152 #define VAR_SMTP_QUOTE_821_ENV "smtp_quote_rfc821_envelope" 1153 #define DEF_SMTP_QUOTE_821_ENV 1 1154 #define VAR_LMTP_QUOTE_821_ENV "lmtp_quote_rfc821_envelope" 1155 #define DEF_LMTP_QUOTE_821_ENV 1 1156 extern bool var_smtp_quote_821_env; 1157 1158 #define VAR_SMTP_SKIP_5XX "smtp_skip_5xx_greeting" 1159 #define DEF_SMTP_SKIP_5XX 1 1160 #define VAR_LMTP_SKIP_5XX "lmtp_skip_5xx_greeting" 1161 #define DEF_LMTP_SKIP_5XX 1 1162 extern bool var_smtp_skip_5xx_greeting; 1163 1164 #define VAR_IGN_MX_LOOKUP_ERR "ignore_mx_lookup_error" 1165 #define DEF_IGN_MX_LOOKUP_ERR 0 1166 extern bool var_ign_mx_lookup_err; 1167 1168 #define VAR_SMTP_SKIP_QUIT_RESP "smtp_skip_quit_response" 1169 #define DEF_SMTP_SKIP_QUIT_RESP 1 1170 extern bool var_skip_quit_resp; 1171 1172 #define VAR_SMTP_ALWAYS_EHLO "smtp_always_send_ehlo" 1173 #ifdef RFC821_SYNTAX 1174 #define DEF_SMTP_ALWAYS_EHLO 0 1175 #else 1176 #define DEF_SMTP_ALWAYS_EHLO 1 1177 #endif 1178 extern bool var_smtp_always_ehlo; 1179 1180 #define VAR_SMTP_NEVER_EHLO "smtp_never_send_ehlo" 1181 #define DEF_SMTP_NEVER_EHLO 0 1182 extern bool var_smtp_never_ehlo; 1183 1184 #define VAR_SMTP_RESP_FILTER "smtp_reply_filter" 1185 #define DEF_SMTP_RESP_FILTER "" 1186 #define VAR_LMTP_RESP_FILTER "lmtp_reply_filter" 1187 #define DEF_LMTP_RESP_FILTER "" 1188 extern char *var_smtp_resp_filter; 1189 1190 #define VAR_SMTP_BIND_ADDR "smtp_bind_address" 1191 #define DEF_SMTP_BIND_ADDR "" 1192 #define VAR_LMTP_BIND_ADDR "lmtp_bind_address" 1193 #define DEF_LMTP_BIND_ADDR "" 1194 extern char *var_smtp_bind_addr; 1195 1196 #define VAR_SMTP_BIND_ADDR6 "smtp_bind_address6" 1197 #define DEF_SMTP_BIND_ADDR6 "" 1198 #define VAR_LMTP_BIND_ADDR6 "lmtp_bind_address6" 1199 #define DEF_LMTP_BIND_ADDR6 "" 1200 extern char *var_smtp_bind_addr6; 1201 1202 #define VAR_SMTP_BIND_ADDR_ENFORCE "smtp_bind_address_enforce" 1203 #define DEF_SMTP_BIND_ADDR_ENFORCE 0 1204 #define VAR_LMTP_BIND_ADDR_ENFORCE "lmtp_bind_address_enforce" 1205 #define DEF_LMTP_BIND_ADDR_ENFORCE 0 1206 extern bool var_smtp_bind_addr_enforce; 1207 1208 #define VAR_SMTP_HELO_NAME "smtp_helo_name" 1209 #define DEF_SMTP_HELO_NAME "$myhostname" 1210 #define VAR_LMTP_HELO_NAME "lmtp_lhlo_name" 1211 #define DEF_LMTP_HELO_NAME "$myhostname" 1212 extern char *var_smtp_helo_name; 1213 1214 #define VAR_SMTP_RAND_ADDR "smtp_randomize_addresses" 1215 #define DEF_SMTP_RAND_ADDR 1 1216 #define VAR_LMTP_RAND_ADDR "lmtp_randomize_addresses" 1217 #define DEF_LMTP_RAND_ADDR 1 1218 extern bool var_smtp_rand_addr; 1219 1220 #define VAR_SMTP_LINE_LIMIT "smtp_line_length_limit" 1221 #define DEF_SMTP_LINE_LIMIT 998 1222 #define VAR_LMTP_LINE_LIMIT "lmtp_line_length_limit" 1223 #define DEF_LMTP_LINE_LIMIT 998 1224 extern int var_smtp_line_limit; 1225 1226 #define VAR_SMTP_PIX_THRESH "smtp_pix_workaround_threshold_time" 1227 #define DEF_SMTP_PIX_THRESH "500s" 1228 #define VAR_LMTP_PIX_THRESH "lmtp_pix_workaround_threshold_time" 1229 #define DEF_LMTP_PIX_THRESH "500s" 1230 extern int var_smtp_pix_thresh; 1231 1232 #define VAR_SMTP_PIX_DELAY "smtp_pix_workaround_delay_time" 1233 #define DEF_SMTP_PIX_DELAY "10s" 1234 #define VAR_LMTP_PIX_DELAY "lmtp_pix_workaround_delay_time" 1235 #define DEF_LMTP_PIX_DELAY "10s" 1236 extern int var_smtp_pix_delay; 1237 1238 /* 1239 * Courageous people may want to turn off PIX bug workarounds. 1240 */ 1241 #define PIX_BUG_DISABLE_ESMTP "disable_esmtp" 1242 #define PIX_BUG_DELAY_DOTCRLF "delay_dotcrlf" 1243 #define VAR_SMTP_PIX_BUG_WORDS "smtp_pix_workarounds" 1244 #define DEF_SMTP_PIX_BUG_WORDS PIX_BUG_DISABLE_ESMTP "," \ 1245 PIX_BUG_DELAY_DOTCRLF 1246 #define VAR_LMTP_PIX_BUG_WORDS "lmtp_pix_workarounds" 1247 #define DEF_LMTP_PIX_BUG_WORDS DEF_SMTP_PIX_BUG_WORDS 1248 extern char *var_smtp_pix_bug_words; 1249 1250 #define VAR_SMTP_PIX_BUG_MAPS "smtp_pix_workaround_maps" 1251 #define DEF_SMTP_PIX_BUG_MAPS "" 1252 #define VAR_LMTP_PIX_BUG_MAPS "lmtp_pix_workaround_maps" 1253 #define DEF_LMTP_PIX_BUG_MAPS "" 1254 extern char *var_smtp_pix_bug_maps; 1255 1256 #define VAR_SMTP_DEFER_MXADDR "smtp_defer_if_no_mx_address_found" 1257 #define DEF_SMTP_DEFER_MXADDR 0 1258 #define VAR_LMTP_DEFER_MXADDR "lmtp_defer_if_no_mx_address_found" 1259 #define DEF_LMTP_DEFER_MXADDR 0 1260 extern bool var_smtp_defer_mxaddr; 1261 1262 #define VAR_SMTP_SEND_XFORWARD "smtp_send_xforward_command" 1263 #define DEF_SMTP_SEND_XFORWARD 0 1264 extern bool var_smtp_send_xforward; 1265 1266 #define VAR_SMTP_GENERIC_MAPS "smtp_generic_maps" 1267 #define DEF_SMTP_GENERIC_MAPS "" 1268 #define VAR_LMTP_GENERIC_MAPS "lmtp_generic_maps" 1269 #define DEF_LMTP_GENERIC_MAPS "" 1270 extern char *var_smtp_generic_maps; 1271 1272 /* 1273 * SMTP server. The soft error limit determines how many errors an SMTP 1274 * client may make before we start to slow down; the hard error limit 1275 * determines after how many client errors we disconnect. 1276 */ 1277 #define VAR_SMTPD_BANNER "smtpd_banner" 1278 #define DEF_SMTPD_BANNER "$myhostname ESMTP $mail_name" 1279 extern char *var_smtpd_banner; 1280 1281 #define VAR_SMTPD_TMOUT "smtpd_timeout" 1282 #define DEF_SMTPD_TMOUT "${stress?{10}:{300}}s" 1283 extern int var_smtpd_tmout; 1284 1285 #define VAR_SMTPD_STARTTLS_TMOUT "smtpd_starttls_timeout" 1286 #define DEF_SMTPD_STARTTLS_TMOUT "${stress?{10}:{300}}s" 1287 extern int var_smtpd_starttls_tmout; 1288 1289 #define VAR_SMTPD_RCPT_LIMIT "smtpd_recipient_limit" 1290 #define DEF_SMTPD_RCPT_LIMIT 1000 1291 extern int var_smtpd_rcpt_limit; 1292 1293 #define VAR_SMTPD_SOFT_ERLIM "smtpd_soft_error_limit" 1294 #define DEF_SMTPD_SOFT_ERLIM "10" 1295 extern int var_smtpd_soft_erlim; 1296 1297 #define VAR_SMTPD_HARD_ERLIM "smtpd_hard_error_limit" 1298 #define DEF_SMTPD_HARD_ERLIM "${stress?{1}:{20}}" 1299 extern int var_smtpd_hard_erlim; 1300 1301 #define VAR_SMTPD_ERR_SLEEP "smtpd_error_sleep_time" 1302 #define DEF_SMTPD_ERR_SLEEP "1s" 1303 extern int var_smtpd_err_sleep; 1304 1305 #define VAR_SMTPD_JUNK_CMD "smtpd_junk_command_limit" 1306 #define DEF_SMTPD_JUNK_CMD "${stress?{1}:{100}}" 1307 extern int var_smtpd_junk_cmd_limit; 1308 1309 #define VAR_SMTPD_RCPT_OVERLIM "smtpd_recipient_overshoot_limit" 1310 #define DEF_SMTPD_RCPT_OVERLIM 1000 1311 extern int var_smtpd_rcpt_overlim; 1312 1313 #define VAR_SMTPD_HIST_THRSH "smtpd_history_flush_threshold" 1314 #define DEF_SMTPD_HIST_THRSH 100 1315 extern int var_smtpd_hist_thrsh; 1316 1317 #define VAR_SMTPD_NOOP_CMDS "smtpd_noop_commands" 1318 #define DEF_SMTPD_NOOP_CMDS "" 1319 extern char *var_smtpd_noop_cmds; 1320 1321 #define VAR_SMTPD_FORBID_CMDS "smtpd_forbidden_commands" 1322 #define DEF_SMTPD_FORBID_CMDS "CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}}" 1323 extern char *var_smtpd_forbid_cmds; 1324 1325 #define VAR_SMTPD_CMD_FILTER "smtpd_command_filter" 1326 #define DEF_SMTPD_CMD_FILTER "" 1327 extern char *var_smtpd_cmd_filter; 1328 1329 #define VAR_SMTPD_TLS_WRAPPER "smtpd_tls_wrappermode" 1330 #define DEF_SMTPD_TLS_WRAPPER 0 1331 extern bool var_smtpd_tls_wrappermode; 1332 1333 #define VAR_SMTPD_TLS_LEVEL "smtpd_tls_security_level" 1334 #define DEF_SMTPD_TLS_LEVEL "" 1335 extern char *var_smtpd_tls_level; 1336 1337 #define VAR_SMTPD_USE_TLS "smtpd_use_tls" 1338 #define DEF_SMTPD_USE_TLS 0 1339 extern bool var_smtpd_use_tls; 1340 1341 #define VAR_SMTPD_ENFORCE_TLS "smtpd_enforce_tls" 1342 #define DEF_SMTPD_ENFORCE_TLS 0 1343 extern bool var_smtpd_enforce_tls; 1344 1345 #define VAR_SMTPD_TLS_AUTH_ONLY "smtpd_tls_auth_only" 1346 #define DEF_SMTPD_TLS_AUTH_ONLY 0 1347 extern bool var_smtpd_tls_auth_only; 1348 1349 #define VAR_SMTPD_TLS_ACERT "smtpd_tls_ask_ccert" 1350 #define DEF_SMTPD_TLS_ACERT 0 1351 extern bool var_smtpd_tls_ask_ccert; 1352 1353 #define VAR_SMTPD_TLS_RCERT "smtpd_tls_req_ccert" 1354 #define DEF_SMTPD_TLS_RCERT 0 1355 extern bool var_smtpd_tls_req_ccert; 1356 1357 #define VAR_SMTPD_TLS_ENABLE_RPK "smtpd_tls_enable_rpk" 1358 #define DEF_SMTPD_TLS_ENABLE_RPK 0 1359 extern bool var_smtpd_tls_enable_rpk; 1360 1361 #define VAR_SMTPD_TLS_CCERT_VD "smtpd_tls_ccert_verifydepth" 1362 #define DEF_SMTPD_TLS_CCERT_VD 9 1363 extern int var_smtpd_tls_ccert_vd; 1364 1365 #define VAR_SMTPD_TLS_CHAIN_FILES "smtpd_tls_chain_files" 1366 #define DEF_SMTPD_TLS_CHAIN_FILES "" 1367 extern char *var_smtpd_tls_chain_files; 1368 1369 #define VAR_SMTPD_TLS_CERT_FILE "smtpd_tls_cert_file" 1370 #define DEF_SMTPD_TLS_CERT_FILE "" 1371 extern char *var_smtpd_tls_cert_file; 1372 1373 #define VAR_SMTPD_TLS_KEY_FILE "smtpd_tls_key_file" 1374 #define DEF_SMTPD_TLS_KEY_FILE "$smtpd_tls_cert_file" 1375 extern char *var_smtpd_tls_key_file; 1376 1377 #define VAR_SMTPD_TLS_DCERT_FILE "smtpd_tls_dcert_file" 1378 #define DEF_SMTPD_TLS_DCERT_FILE "" 1379 extern char *var_smtpd_tls_dcert_file; 1380 1381 #define VAR_SMTPD_TLS_DKEY_FILE "smtpd_tls_dkey_file" 1382 #define DEF_SMTPD_TLS_DKEY_FILE "$smtpd_tls_dcert_file" 1383 extern char *var_smtpd_tls_dkey_file; 1384 1385 #define VAR_SMTPD_TLS_ECCERT_FILE "smtpd_tls_eccert_file" 1386 #define DEF_SMTPD_TLS_ECCERT_FILE "" 1387 extern char *var_smtpd_tls_eccert_file; 1388 1389 #define VAR_SMTPD_TLS_ECKEY_FILE "smtpd_tls_eckey_file" 1390 #define DEF_SMTPD_TLS_ECKEY_FILE "$smtpd_tls_eccert_file" 1391 extern char *var_smtpd_tls_eckey_file; 1392 1393 #define VAR_SMTPD_TLS_CA_FILE "smtpd_tls_CAfile" 1394 #define DEF_SMTPD_TLS_CA_FILE "" 1395 extern char *var_smtpd_tls_CAfile; 1396 1397 #define VAR_SMTPD_TLS_CA_PATH "smtpd_tls_CApath" 1398 #define DEF_SMTPD_TLS_CA_PATH "" 1399 extern char *var_smtpd_tls_CApath; 1400 1401 #define VAR_SMTPD_TLS_PROTO "smtpd_tls_protocols" 1402 #define DEF_SMTPD_TLS_PROTO ">=TLSv1" 1403 extern char *var_smtpd_tls_proto; 1404 1405 #define VAR_SMTPD_TLS_MAND_PROTO "smtpd_tls_mandatory_protocols" 1406 #define DEF_SMTPD_TLS_MAND_PROTO ">=TLSv1" 1407 extern char *var_smtpd_tls_mand_proto; 1408 1409 #define VAR_SMTPD_TLS_CIPH "smtpd_tls_ciphers" 1410 #define DEF_SMTPD_TLS_CIPH "medium" 1411 extern char *var_smtpd_tls_ciph; 1412 1413 #define VAR_SMTPD_TLS_MAND_CIPH "smtpd_tls_mandatory_ciphers" 1414 #define DEF_SMTPD_TLS_MAND_CIPH "medium" 1415 extern char *var_smtpd_tls_mand_ciph; 1416 1417 #define VAR_SMTPD_TLS_EXCL_CIPH "smtpd_tls_exclude_ciphers" 1418 #define DEF_SMTPD_TLS_EXCL_CIPH "" 1419 extern char *var_smtpd_tls_excl_ciph; 1420 1421 #define VAR_SMTPD_TLS_MAND_EXCL "smtpd_tls_mandatory_exclude_ciphers" 1422 #define DEF_SMTPD_TLS_MAND_EXCL "" 1423 extern char *var_smtpd_tls_mand_excl; 1424 1425 #define VAR_SMTPD_TLS_FPT_DGST "smtpd_tls_fingerprint_digest" 1426 #define DEF_SMTPD_TLS_FPT_DGST "${{$compatibility_level} <level {3.6} ? " \ 1427 "{md5} : {sha256}}" 1428 extern char *var_smtpd_tls_fpt_dgst; 1429 1430 #define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file" 1431 #define DEF_SMTPD_TLS_512_FILE "" 1432 extern char *var_smtpd_tls_dh512_param_file; 1433 1434 #define VAR_SMTPD_TLS_1024_FILE "smtpd_tls_dh1024_param_file" 1435 #define DEF_SMTPD_TLS_1024_FILE "" 1436 extern char *var_smtpd_tls_dh1024_param_file; 1437 1438 #define VAR_SMTPD_TLS_EECDH "smtpd_tls_eecdh_grade" 1439 #define DEF_SMTPD_TLS_EECDH "auto" 1440 extern char *var_smtpd_tls_eecdh; 1441 1442 #define VAR_SMTPD_TLS_LOGLEVEL "smtpd_tls_loglevel" 1443 #define DEF_SMTPD_TLS_LOGLEVEL "0" 1444 extern char *var_smtpd_tls_loglevel; 1445 1446 #define VAR_SMTPD_TLS_RECHEAD "smtpd_tls_received_header" 1447 #define DEF_SMTPD_TLS_RECHEAD 0 1448 extern bool var_smtpd_tls_received_header; 1449 1450 #define VAR_SMTPD_TLS_SCACHE_DB "smtpd_tls_session_cache_database" 1451 #define DEF_SMTPD_TLS_SCACHE_DB "" 1452 extern char *var_smtpd_tls_scache_db; 1453 1454 #define MAX_SMTPD_TLS_SCACHETIME 8640000 1455 #define VAR_SMTPD_TLS_SCACHTIME "smtpd_tls_session_cache_timeout" 1456 #define DEF_SMTPD_TLS_SCACHTIME "3600s" 1457 extern int var_smtpd_tls_scache_timeout; 1458 1459 #define VAR_SMTPD_TLS_SET_SESSID "smtpd_tls_always_issue_session_ids" 1460 #define DEF_SMTPD_TLS_SET_SESSID 1 1461 extern bool var_smtpd_tls_set_sessid; 1462 1463 #define VAR_SMTPD_DELAY_OPEN "smtpd_delay_open_until_valid_rcpt" 1464 #define DEF_SMTPD_DELAY_OPEN 1 1465 extern bool var_smtpd_delay_open; 1466 1467 #define VAR_SMTP_TLS_PER_SITE "smtp_tls_per_site" 1468 #define DEF_SMTP_TLS_PER_SITE "" 1469 #define VAR_LMTP_TLS_PER_SITE "lmtp_tls_per_site" 1470 #define DEF_LMTP_TLS_PER_SITE "" 1471 extern char *var_smtp_tls_per_site; 1472 1473 #define VAR_SMTP_USE_TLS "smtp_use_tls" 1474 #define DEF_SMTP_USE_TLS 0 1475 #define VAR_LMTP_USE_TLS "lmtp_use_tls" 1476 #define DEF_LMTP_USE_TLS 0 1477 extern bool var_smtp_use_tls; 1478 1479 #define VAR_SMTP_ENFORCE_TLS "smtp_enforce_tls" 1480 #define DEF_SMTP_ENFORCE_TLS 0 1481 #define VAR_LMTP_ENFORCE_TLS "lmtp_enforce_tls" 1482 #define DEF_LMTP_ENFORCE_TLS 0 1483 extern bool var_smtp_enforce_tls; 1484 1485 #define VAR_SMTP_TLS_ENFORCE_PN "smtp_tls_enforce_peername" 1486 #define DEF_SMTP_TLS_ENFORCE_PN 1 1487 #define VAR_LMTP_TLS_ENFORCE_PN "lmtp_tls_enforce_peername" 1488 #define DEF_LMTP_TLS_ENFORCE_PN 1 1489 extern bool var_smtp_tls_enforce_peername; 1490 1491 #define VAR_SMTP_TLS_WRAPPER "smtp_tls_wrappermode" 1492 #define DEF_SMTP_TLS_WRAPPER 0 1493 #define VAR_LMTP_TLS_WRAPPER "lmtp_tls_wrappermode" 1494 #define DEF_LMTP_TLS_WRAPPER 0 1495 extern bool var_smtp_tls_wrappermode; 1496 1497 #define VAR_SMTP_TLS_LEVEL "smtp_tls_security_level" 1498 #define VAR_LMTP_TLS_LEVEL "lmtp_tls_security_level" 1499 #ifdef USE_TLS 1500 #define DEF_SMTP_TLS_LEVEL "${{$compatibility_level} <level {3.11} ?" \ 1501 " {} : {may}}" 1502 #define DEF_LMTP_TLS_LEVEL "" 1503 #else 1504 #define DEF_SMTP_TLS_LEVEL "" 1505 #define DEF_LMTP_TLS_LEVEL "" 1506 #endif 1507 extern char *var_smtp_tls_level; 1508 1509 #define VAR_SMTP_TLS_SCERT_VD "smtp_tls_scert_verifydepth" 1510 #define DEF_SMTP_TLS_SCERT_VD 9 1511 #define VAR_LMTP_TLS_SCERT_VD "lmtp_tls_scert_verifydepth" 1512 #define DEF_LMTP_TLS_SCERT_VD 9 1513 extern int var_smtp_tls_scert_vd; 1514 1515 #define VAR_SMTP_TLS_CHAIN_FILES "smtp_tls_chain_files" 1516 #define DEF_SMTP_TLS_CHAIN_FILES "" 1517 #define VAR_LMTP_TLS_CHAIN_FILES "lmtp_tls_chain_files" 1518 #define DEF_LMTP_TLS_CHAIN_FILES "" 1519 extern char *var_smtp_tls_chain_files; 1520 1521 #define VAR_SMTP_TLS_CERT_FILE "smtp_tls_cert_file" 1522 #define DEF_SMTP_TLS_CERT_FILE "" 1523 #define VAR_LMTP_TLS_CERT_FILE "lmtp_tls_cert_file" 1524 #define DEF_LMTP_TLS_CERT_FILE "" 1525 extern char *var_smtp_tls_cert_file; 1526 1527 #define VAR_SMTP_TLS_KEY_FILE "smtp_tls_key_file" 1528 #define DEF_SMTP_TLS_KEY_FILE "$smtp_tls_cert_file" 1529 #define VAR_LMTP_TLS_KEY_FILE "lmtp_tls_key_file" 1530 #define DEF_LMTP_TLS_KEY_FILE "$lmtp_tls_cert_file" 1531 extern char *var_smtp_tls_key_file; 1532 1533 #define VAR_SMTP_TLS_DCERT_FILE "smtp_tls_dcert_file" 1534 #define DEF_SMTP_TLS_DCERT_FILE "" 1535 #define VAR_LMTP_TLS_DCERT_FILE "lmtp_tls_dcert_file" 1536 #define DEF_LMTP_TLS_DCERT_FILE "" 1537 extern char *var_smtp_tls_dcert_file; 1538 1539 #define VAR_SMTP_TLS_DKEY_FILE "smtp_tls_dkey_file" 1540 #define DEF_SMTP_TLS_DKEY_FILE "$smtp_tls_dcert_file" 1541 #define VAR_LMTP_TLS_DKEY_FILE "lmtp_tls_dkey_file" 1542 #define DEF_LMTP_TLS_DKEY_FILE "$lmtp_tls_dcert_file" 1543 extern char *var_smtp_tls_dkey_file; 1544 1545 #define VAR_SMTP_TLS_ECCERT_FILE "smtp_tls_eccert_file" 1546 #define DEF_SMTP_TLS_ECCERT_FILE "" 1547 #define VAR_LMTP_TLS_ECCERT_FILE "lmtp_tls_eccert_file" 1548 #define DEF_LMTP_TLS_ECCERT_FILE "" 1549 extern char *var_smtp_tls_eccert_file; 1550 1551 #define VAR_SMTP_TLS_ECKEY_FILE "smtp_tls_eckey_file" 1552 #define DEF_SMTP_TLS_ECKEY_FILE "$smtp_tls_eccert_file" 1553 #define VAR_LMTP_TLS_ECKEY_FILE "lmtp_tls_eckey_file" 1554 #define DEF_LMTP_TLS_ECKEY_FILE "$lmtp_tls_eccert_file" 1555 extern char *var_smtp_tls_eckey_file; 1556 1557 #define VAR_SMTP_TLS_CA_FILE "smtp_tls_CAfile" 1558 #define DEF_SMTP_TLS_CA_FILE "" 1559 #define VAR_LMTP_TLS_CA_FILE "lmtp_tls_CAfile" 1560 #define DEF_LMTP_TLS_CA_FILE "" 1561 extern char *var_smtp_tls_CAfile; 1562 1563 #define VAR_SMTP_TLS_CA_PATH "smtp_tls_CApath" 1564 #define DEF_SMTP_TLS_CA_PATH "" 1565 #define VAR_LMTP_TLS_CA_PATH "lmtp_tls_CApath" 1566 #define DEF_LMTP_TLS_CA_PATH "" 1567 extern char *var_smtp_tls_CApath; 1568 1569 #define VAR_SMTP_TLS_CIPH "smtp_tls_ciphers" 1570 #define DEF_SMTP_TLS_CIPH "medium" 1571 #define VAR_LMTP_TLS_CIPH "lmtp_tls_ciphers" 1572 #define DEF_LMTP_TLS_CIPH "medium" 1573 extern char *var_smtp_tls_ciph; 1574 1575 #define VAR_SMTP_TLS_MAND_CIPH "smtp_tls_mandatory_ciphers" 1576 #define DEF_SMTP_TLS_MAND_CIPH "medium" 1577 #define VAR_LMTP_TLS_MAND_CIPH "lmtp_tls_mandatory_ciphers" 1578 #define DEF_LMTP_TLS_MAND_CIPH "medium" 1579 extern char *var_smtp_tls_mand_ciph; 1580 1581 #define VAR_SMTP_TLS_EXCL_CIPH "smtp_tls_exclude_ciphers" 1582 #define DEF_SMTP_TLS_EXCL_CIPH "" 1583 #define VAR_LMTP_TLS_EXCL_CIPH "lmtp_tls_exclude_ciphers" 1584 #define DEF_LMTP_TLS_EXCL_CIPH "" 1585 extern char *var_smtp_tls_excl_ciph; 1586 1587 #define VAR_SMTP_TLS_MAND_EXCL "smtp_tls_mandatory_exclude_ciphers" 1588 #define DEF_SMTP_TLS_MAND_EXCL "" 1589 #define VAR_LMTP_TLS_MAND_EXCL "lmtp_tls_mandatory_exclude_ciphers" 1590 #define DEF_LMTP_TLS_MAND_EXCL "" 1591 extern char *var_smtp_tls_mand_excl; 1592 1593 #define VAR_SMTP_TLS_FPT_DGST "smtp_tls_fingerprint_digest" 1594 #define DEF_SMTP_TLS_FPT_DGST "${{$compatibility_level} <level {3.6} ? " \ 1595 "{md5} : {sha256}}" 1596 #define VAR_LMTP_TLS_FPT_DGST "lmtp_tls_fingerprint_digest" 1597 #define DEF_LMTP_TLS_FPT_DGST "${{$compatibility_level} <level {3.6} ? " \ 1598 "{md5} : {sha256}}" 1599 extern char *var_smtp_tls_fpt_dgst; 1600 1601 #define VAR_SMTP_TLS_ENABLE_RPK "smtp_tls_enable_rpk" 1602 #define DEF_SMTP_TLS_ENABLE_RPK 0 1603 #define VAR_LMTP_TLS_ENABLE_RPK "lmtp_tls_enable_rpk" 1604 #define DEF_LMTP_TLS_ENABLE_RPK 0 1605 extern bool var_smtp_tls_enable_rpk; 1606 1607 #define VAR_SMTP_TLS_TAFILE "smtp_tls_trust_anchor_file" 1608 #define DEF_SMTP_TLS_TAFILE "" 1609 #define VAR_LMTP_TLS_TAFILE "lmtp_tls_trust_anchor_file" 1610 #define DEF_LMTP_TLS_TAFILE "" 1611 extern char *var_smtp_tls_tafile; 1612 1613 #define VAR_SMTP_TLS_LOGLEVEL "smtp_tls_loglevel" 1614 #define DEF_SMTP_TLS_LOGLEVEL "0" 1615 #define VAR_LMTP_TLS_LOGLEVEL "lmtp_tls_loglevel" 1616 #define DEF_LMTP_TLS_LOGLEVEL "0" 1617 extern char *var_smtp_tls_loglevel; /* In smtp(8) and tlsmgr(8) */ 1618 extern char *var_lmtp_tls_loglevel; /* In tlsmgr(8) */ 1619 1620 #define VAR_SMTP_TLS_NOTEOFFER "smtp_tls_note_starttls_offer" 1621 #define DEF_SMTP_TLS_NOTEOFFER 0 1622 #define VAR_LMTP_TLS_NOTEOFFER "lmtp_tls_note_starttls_offer" 1623 #define DEF_LMTP_TLS_NOTEOFFER 0 1624 extern bool var_smtp_tls_note_starttls_offer; 1625 1626 #define VAR_SMTP_TLS_SCACHE_DB "smtp_tls_session_cache_database" 1627 #define DEF_SMTP_TLS_SCACHE_DB "" 1628 #define VAR_LMTP_TLS_SCACHE_DB "lmtp_tls_session_cache_database" 1629 #define DEF_LMTP_TLS_SCACHE_DB "" 1630 extern char *var_smtp_tls_scache_db; 1631 extern char *var_lmtp_tls_scache_db; 1632 1633 #define MAX_SMTP_TLS_SCACHETIME 8640000 1634 #define VAR_SMTP_TLS_SCACHTIME "smtp_tls_session_cache_timeout" 1635 #define DEF_SMTP_TLS_SCACHTIME "3600s" 1636 #define MAX_LMTP_TLS_SCACHETIME 8640000 1637 #define VAR_LMTP_TLS_SCACHTIME "lmtp_tls_session_cache_timeout" 1638 #define DEF_LMTP_TLS_SCACHTIME "3600s" 1639 extern int var_smtp_tls_scache_timeout; 1640 extern int var_lmtp_tls_scache_timeout; 1641 1642 #define VAR_SMTP_TLS_POLICY "smtp_tls_policy_maps" 1643 #define DEF_SMTP_TLS_POLICY "" 1644 #define VAR_LMTP_TLS_POLICY "lmtp_tls_policy_maps" 1645 #define DEF_LMTP_TLS_POLICY "" 1646 extern char *var_smtp_tls_policy; 1647 1648 #define VAR_SMTP_TLS_PROTO "smtp_tls_protocols" 1649 #define DEF_SMTP_TLS_PROTO ">=TLSv1" 1650 #define VAR_LMTP_TLS_PROTO "lmtp_tls_protocols" 1651 #define DEF_LMTP_TLS_PROTO ">=TLSv1" 1652 extern char *var_smtp_tls_proto; 1653 1654 #define VAR_SMTP_TLS_MAND_PROTO "smtp_tls_mandatory_protocols" 1655 #define DEF_SMTP_TLS_MAND_PROTO ">=TLSv1" 1656 #define VAR_LMTP_TLS_MAND_PROTO "lmtp_tls_mandatory_protocols" 1657 #define DEF_LMTP_TLS_MAND_PROTO ">=TLSv1" 1658 extern char *var_smtp_tls_mand_proto; 1659 1660 #define VAR_SMTP_TLS_VFY_CMATCH "smtp_tls_verify_cert_match" 1661 #define DEF_SMTP_TLS_VFY_CMATCH "hostname" 1662 #define VAR_LMTP_TLS_VFY_CMATCH "lmtp_tls_verify_cert_match" 1663 #define DEF_LMTP_TLS_VFY_CMATCH "hostname" 1664 extern char *var_smtp_tls_vfy_cmatch; 1665 1666 /* 1667 * There are no MX lookups for LMTP, so verify == secure 1668 */ 1669 #define VAR_SMTP_TLS_SEC_CMATCH "smtp_tls_secure_cert_match" 1670 #define DEF_SMTP_TLS_SEC_CMATCH "nexthop, dot-nexthop" 1671 #define VAR_LMTP_TLS_SEC_CMATCH "lmtp_tls_secure_cert_match" 1672 #define DEF_LMTP_TLS_SEC_CMATCH "nexthop" 1673 extern char *var_smtp_tls_sec_cmatch; 1674 1675 1676 #define VAR_SMTP_TLS_FPT_CMATCH "smtp_tls_fingerprint_cert_match" 1677 #define DEF_SMTP_TLS_FPT_CMATCH "" 1678 #define VAR_LMTP_TLS_FPT_CMATCH "lmtp_tls_fingerprint_cert_match" 1679 #define DEF_LMTP_TLS_FPT_CMATCH "" 1680 extern char *var_smtp_tls_fpt_cmatch; 1681 1682 #define VAR_SMTP_TLS_SNI "smtp_tls_servername" 1683 #define DEF_SMTP_TLS_SNI "" 1684 #define VAR_LMTP_TLS_SNI "lmtp_tls_servername" 1685 #define DEF_LMTP_TLS_SNI "" 1686 extern char *var_smtp_tls_sni; 1687 1688 #define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply" 1689 #define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0 1690 #define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply" 1691 #define DEF_LMTP_TLS_BLK_EARLY_MAIL_REPLY 0 1692 extern bool var_smtp_tls_blk_early_mail_reply; 1693 1694 #define VAR_SMTP_TLS_FORCE_TLSA "smtp_tls_force_insecure_host_tlsa_lookup" 1695 #define DEF_SMTP_TLS_FORCE_TLSA 0 1696 #define VAR_LMTP_TLS_FORCE_TLSA "lmtp_tls_force_insecure_host_tlsa_lookup" 1697 #define DEF_LMTP_TLS_FORCE_TLSA 0 1698 extern bool var_smtp_tls_force_tlsa; 1699 1700 /* SMTP only */ 1701 #define VAR_SMTP_TLS_INSECURE_MX_POLICY "smtp_tls_dane_insecure_mx_policy" 1702 #define DEF_SMTP_TLS_INSECURE_MX_POLICY "dane" 1703 extern char *var_smtp_tls_insecure_mx_policy; 1704 1705 /* 1706 * SASL authentication support, SMTP server side. 1707 */ 1708 #define VAR_SMTPD_SASL_ENABLE "smtpd_sasl_auth_enable" 1709 #define DEF_SMTPD_SASL_ENABLE 0 1710 extern bool var_smtpd_sasl_enable; 1711 1712 #define VAR_SMTPD_SASL_AUTH_HDR "smtpd_sasl_authenticated_header" 1713 #define DEF_SMTPD_SASL_AUTH_HDR 0 1714 extern bool var_smtpd_sasl_auth_hdr; 1715 1716 #define VAR_SMTPD_SASL_OPTS "smtpd_sasl_security_options" 1717 #define DEF_SMTPD_SASL_OPTS "noanonymous" 1718 extern char *var_smtpd_sasl_opts; 1719 1720 #define VAR_SMTPD_SASL_PATH "smtpd_sasl_path" 1721 #define DEF_SMTPD_SASL_PATH "smtpd" 1722 extern char *var_smtpd_sasl_path; 1723 1724 #define VAR_SMTPD_SASL_SERVICE "smtpd_sasl_service" 1725 #define DEF_SMTPD_SASL_SERVICE "smtp" 1726 extern char *var_smtpd_sasl_service; 1727 1728 #define VAR_CYRUS_CONF_PATH "cyrus_sasl_config_path" 1729 #define DEF_CYRUS_CONF_PATH "" 1730 extern char *var_cyrus_conf_path; 1731 1732 #define VAR_SMTPD_SASL_TLS_OPTS "smtpd_sasl_tls_security_options" 1733 #define DEF_SMTPD_SASL_TLS_OPTS "$" VAR_SMTPD_SASL_OPTS 1734 extern char *var_smtpd_sasl_tls_opts; 1735 1736 #define VAR_SMTPD_SASL_REALM "smtpd_sasl_local_domain" 1737 #define DEF_SMTPD_SASL_REALM "" 1738 extern char *var_smtpd_sasl_realm; 1739 1740 #define VAR_SMTPD_SASL_EXCEPTIONS_NETWORKS "smtpd_sasl_exceptions_networks" 1741 #define DEF_SMTPD_SASL_EXCEPTIONS_NETWORKS "" 1742 extern char *var_smtpd_sasl_exceptions_networks; 1743 1744 #ifndef DEF_SERVER_SASL_TYPE 1745 #define DEF_SERVER_SASL_TYPE "cyrus" 1746 #endif 1747 1748 #define VAR_SMTPD_SASL_TYPE "smtpd_sasl_type" 1749 #define DEF_SMTPD_SASL_TYPE DEF_SERVER_SASL_TYPE 1750 extern char *var_smtpd_sasl_type; 1751 1752 #define VAR_SMTPD_SND_AUTH_MAPS "smtpd_sender_login_maps" 1753 #define DEF_SMTPD_SND_AUTH_MAPS "" 1754 extern char *var_smtpd_snd_auth_maps; 1755 1756 #define REJECT_SENDER_LOGIN_MISMATCH "reject_sender_login_mismatch" 1757 #define REJECT_AUTH_SENDER_LOGIN_MISMATCH \ 1758 "reject_authenticated_sender_login_mismatch" 1759 #define REJECT_KNOWN_SENDER_LOGIN_MISMATCH \ 1760 "reject_known_sender_login_mismatch" 1761 #define REJECT_UNAUTH_SENDER_LOGIN_MISMATCH \ 1762 "reject_unauthenticated_sender_login_mismatch" 1763 1764 /* 1765 * https://tools.ietf.org/html/rfc4954#page-5 1766 * 1767 * (At the time of writing of this document, 12288 octets is considered to be a 1768 * sufficient line length limit for handling of deployed authentication 1769 * mechanisms.) 1770 * 1771 * The default value is also the minimum permissible value for this parameter. 1772 */ 1773 #define VAR_SMTPD_SASL_RESP_LIMIT "smtpd_sasl_response_limit" 1774 #define DEF_SMTPD_SASL_RESP_LIMIT 12288 1775 extern int var_smtpd_sasl_resp_limit; 1776 1777 /* 1778 * Some backends claim to support EXTERNAL authentication, but Postfix does 1779 * not have code to provide the backend with such credentials. To avoid 1780 * confusing errors, do not announce the EXTERNAL mechanism. 1781 */ 1782 #define VAR_SMTPD_SASL_MECH_FILTER "smtpd_sasl_mechanism_filter" 1783 #define DEF_SMTPD_SASL_MECH_FILTER "!external, static:rest" 1784 extern char *var_smtpd_sasl_mech_filter; 1785 1786 /* 1787 * SASL authentication support, SMTP client side. 1788 */ 1789 #define VAR_SMTP_SASL_ENABLE "smtp_sasl_auth_enable" 1790 #define DEF_SMTP_SASL_ENABLE 0 1791 extern bool var_smtp_sasl_enable; 1792 1793 #define VAR_SMTP_SASL_PASSWD "smtp_sasl_password_maps" 1794 #define DEF_SMTP_SASL_PASSWD "" 1795 extern char *var_smtp_sasl_passwd; 1796 1797 #define VAR_SMTP_SASL_PASSWD_RES_DELIM "smtp_sasl_password_result_delimiter" 1798 #define DEF_SMTP_SASL_PASSWD_RES_DELIM ":" 1799 #define VAR_LMTP_SASL_PASSWD_RES_DELIM "lmtp_sasl_password_result_delimiter" 1800 #define DEF_LMTP_SASL_PASSWD_RES_DELIM DEF_SMTP_SASL_PASSWD_RES_DELIM 1801 extern char *var_smtp_sasl_passwd_res_delim; 1802 1803 #define VAR_SMTP_SASL_OPTS "smtp_sasl_security_options" 1804 #define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous" 1805 extern char *var_smtp_sasl_opts; 1806 1807 #define VAR_SMTP_SASL_PATH "smtp_sasl_path" 1808 #define DEF_SMTP_SASL_PATH "" 1809 extern char *var_smtp_sasl_path; 1810 1811 #define VAR_SMTP_SASL_MECHS "smtp_sasl_mechanism_filter" 1812 #define DEF_SMTP_SASL_MECHS "" 1813 #define VAR_LMTP_SASL_MECHS "lmtp_sasl_mechanism_filter" 1814 #define DEF_LMTP_SASL_MECHS "" 1815 extern char *var_smtp_sasl_mechs; 1816 1817 #ifndef DEF_CLIENT_SASL_TYPE 1818 #define DEF_CLIENT_SASL_TYPE "cyrus" 1819 #endif 1820 1821 #define VAR_SMTP_SASL_TYPE "smtp_sasl_type" 1822 #define DEF_SMTP_SASL_TYPE DEF_CLIENT_SASL_TYPE 1823 #define VAR_LMTP_SASL_TYPE "lmtp_sasl_type" 1824 #define DEF_LMTP_SASL_TYPE DEF_CLIENT_SASL_TYPE 1825 extern char *var_smtp_sasl_type; 1826 1827 #define VAR_SMTP_SASL_TLS_OPTS "smtp_sasl_tls_security_options" 1828 #define DEF_SMTP_SASL_TLS_OPTS "$" VAR_SMTP_SASL_OPTS 1829 #define VAR_LMTP_SASL_TLS_OPTS "lmtp_sasl_tls_security_options" 1830 #define DEF_LMTP_SASL_TLS_OPTS "$" VAR_LMTP_SASL_OPTS 1831 extern char *var_smtp_sasl_tls_opts; 1832 1833 #define VAR_SMTP_SASL_TLSV_OPTS "smtp_sasl_tls_verified_security_options" 1834 #define DEF_SMTP_SASL_TLSV_OPTS "$" VAR_SMTP_SASL_TLS_OPTS 1835 #define VAR_LMTP_SASL_TLSV_OPTS "lmtp_sasl_tls_verified_security_options" 1836 #define DEF_LMTP_SASL_TLSV_OPTS "$" VAR_LMTP_SASL_TLS_OPTS 1837 extern char *var_smtp_sasl_tlsv_opts; 1838 1839 #define VAR_SMTP_DUMMY_MAIL_AUTH "smtp_send_dummy_mail_auth" 1840 #define DEF_SMTP_DUMMY_MAIL_AUTH 0 1841 extern bool var_smtp_dummy_mail_auth; 1842 1843 #define VAR_LMTP_BALANCE_INET_PROTO "lmtp_balance_inet_protocols" 1844 #define DEF_LMTP_BALANCE_INET_PROTO DEF_SMTP_BALANCE_INET_PROTO 1845 #define VAR_SMTP_BALANCE_INET_PROTO "smtp_balance_inet_protocols" 1846 #define DEF_SMTP_BALANCE_INET_PROTO 1 1847 extern bool var_smtp_balance_inet_proto; 1848 1849 /* 1850 * LMTP server. The soft error limit determines how many errors an LMTP 1851 * client may make before we start to slow down; the hard error limit 1852 * determines after how many client errors we disconnect. 1853 */ 1854 #define VAR_LMTPD_BANNER "lmtpd_banner" 1855 #define DEF_LMTPD_BANNER "$myhostname $mail_name" 1856 extern char *var_lmtpd_banner; 1857 1858 #define VAR_LMTPD_TMOUT "lmtpd_timeout" 1859 #define DEF_LMTPD_TMOUT "300s" 1860 extern int var_lmtpd_tmout; 1861 1862 #define VAR_LMTPD_RCPT_LIMIT "lmtpd_recipient_limit" 1863 #define DEF_LMTPD_RCPT_LIMIT 1000 1864 extern int var_lmtpd_rcpt_limit; 1865 1866 #define VAR_LMTPD_SOFT_ERLIM "lmtpd_soft_error_limit" 1867 #define DEF_LMTPD_SOFT_ERLIM 10 1868 extern int var_lmtpd_soft_erlim; 1869 1870 #define VAR_LMTPD_HARD_ERLIM "lmtpd_hard_error_limit" 1871 #define DEF_LMTPD_HARD_ERLIM 100 1872 extern int var_lmtpd_hard_erlim; 1873 1874 #define VAR_LMTPD_ERR_SLEEP "lmtpd_error_sleep_time" 1875 #define DEF_LMTPD_ERR_SLEEP "5s" 1876 extern int var_lmtpd_err_sleep; 1877 1878 #define VAR_LMTPD_JUNK_CMD "lmtpd_junk_command_limit" 1879 #define DEF_LMTPD_JUNK_CMD 1000 1880 extern int var_lmtpd_junk_cmd_limit; 1881 1882 /* 1883 * SASL authentication support, LMTP server side. 1884 */ 1885 #define VAR_LMTPD_SASL_ENABLE "lmtpd_sasl_auth_enable" 1886 #define DEF_LMTPD_SASL_ENABLE 0 1887 extern bool var_lmtpd_sasl_enable; 1888 1889 #define VAR_LMTPD_SASL_OPTS "lmtpd_sasl_security_options" 1890 #define DEF_LMTPD_SASL_OPTS "noanonymous" 1891 extern char *var_lmtpd_sasl_opts; 1892 1893 #define VAR_LMTPD_SASL_REALM "lmtpd_sasl_local_domain" 1894 #define DEF_LMTPD_SASL_REALM "$myhostname" 1895 extern char *var_lmtpd_sasl_realm; 1896 1897 /* 1898 * SASL authentication support, LMTP client side. 1899 */ 1900 #define VAR_LMTP_SASL_ENABLE "lmtp_sasl_auth_enable" 1901 #define DEF_LMTP_SASL_ENABLE 0 1902 extern bool var_lmtp_sasl_enable; 1903 1904 #define VAR_LMTP_SASL_PASSWD "lmtp_sasl_password_maps" 1905 #define DEF_LMTP_SASL_PASSWD "" 1906 extern char *var_lmtp_sasl_passwd; 1907 1908 #define VAR_LMTP_SASL_OPTS "lmtp_sasl_security_options" 1909 #define DEF_LMTP_SASL_OPTS "noplaintext, noanonymous" 1910 extern char *var_lmtp_sasl_opts; 1911 1912 #define VAR_LMTP_SASL_PATH "lmtp_sasl_path" 1913 #define DEF_LMTP_SASL_PATH "" 1914 extern char *var_lmtp_sasl_path; 1915 1916 #define VAR_LMTP_DUMMY_MAIL_AUTH "lmtp_send_dummy_mail_auth" 1917 #define DEF_LMTP_DUMMY_MAIL_AUTH 0 1918 extern bool var_lmtp_dummy_mail_auth; 1919 1920 /* 1921 * SASL-based relay etc. control. 1922 */ 1923 #define PERMIT_SASL_AUTH "permit_sasl_authenticated" 1924 1925 #define VAR_CYRUS_SASL_AUTHZID "send_cyrus_sasl_authzid" 1926 #define DEF_CYRUS_SASL_AUTHZID 0 1927 extern bool var_cyrus_sasl_authzid; 1928 1929 /* 1930 * Special handling of AUTH 535 failures. 1931 */ 1932 #define VAR_SMTP_SASL_AUTH_SOFT_BOUNCE "smtp_sasl_auth_soft_bounce" 1933 #define DEF_SMTP_SASL_AUTH_SOFT_BOUNCE 1 1934 #define VAR_LMTP_SASL_AUTH_SOFT_BOUNCE "lmtp_sasl_auth_soft_bounce" 1935 #define DEF_LMTP_SASL_AUTH_SOFT_BOUNCE 1 1936 extern bool var_smtp_sasl_auth_soft_bounce; 1937 1938 #define VAR_SMTP_SASL_AUTH_CACHE_NAME "smtp_sasl_auth_cache_name" 1939 #define DEF_SMTP_SASL_AUTH_CACHE_NAME "" 1940 #define VAR_LMTP_SASL_AUTH_CACHE_NAME "lmtp_sasl_auth_cache_name" 1941 #define DEF_LMTP_SASL_AUTH_CACHE_NAME "" 1942 extern char *var_smtp_sasl_auth_cache_name; 1943 1944 #define VAR_SMTP_SASL_AUTH_CACHE_TIME "smtp_sasl_auth_cache_time" 1945 #define DEF_SMTP_SASL_AUTH_CACHE_TIME "90d" 1946 #define VAR_LMTP_SASL_AUTH_CACHE_TIME "lmtp_sasl_auth_cache_time" 1947 #define DEF_LMTP_SASL_AUTH_CACHE_TIME "90d" 1948 extern int var_smtp_sasl_auth_cache_time; 1949 1950 #define VAR_SMTP_TCP_PORT "smtp_tcp_port" 1951 #define DEF_SMTP_TCP_PORT "smtp" 1952 extern char *var_smtp_tcp_port; 1953 1954 /* 1955 * LMTP client. Timeouts inspired by RFC 1123. The LMTP recipient limit 1956 * determines how many recipient addresses the LMTP client sends along with 1957 * each message. Unfortunately, some mailers misbehave and disconnect (smap) 1958 * when given more recipients than they are willing to handle. 1959 */ 1960 #define VAR_LMTP_TCP_PORT "lmtp_tcp_port" 1961 #define DEF_LMTP_TCP_PORT "24" 1962 extern char *var_lmtp_tcp_port; 1963 1964 #define VAR_LMTP_ASSUME_FINAL "lmtp_assume_final" 1965 #define DEF_LMTP_ASSUME_FINAL 0 1966 extern bool var_lmtp_assume_final; 1967 1968 #define VAR_LMTP_CACHE_CONN "lmtp_cache_connection" 1969 #define DEF_LMTP_CACHE_CONN 1 1970 extern bool var_lmtp_cache_conn; 1971 1972 #define VAR_LMTP_SKIP_QUIT_RESP "lmtp_skip_quit_response" 1973 #define DEF_LMTP_SKIP_QUIT_RESP 0 1974 extern bool var_lmtp_skip_quit_resp; 1975 1976 #define VAR_LMTP_CONN_TMOUT "lmtp_connect_timeout" 1977 #define DEF_LMTP_CONN_TMOUT "0s" 1978 extern int var_lmtp_conn_tmout; 1979 1980 #define VAR_LMTP_RSET_TMOUT "lmtp_rset_timeout" 1981 #define DEF_LMTP_RSET_TMOUT "20s" 1982 extern int var_lmtp_rset_tmout; 1983 1984 #define VAR_LMTP_LHLO_TMOUT "lmtp_lhlo_timeout" 1985 #define DEF_LMTP_LHLO_TMOUT "300s" 1986 extern int var_lmtp_lhlo_tmout; 1987 1988 #define VAR_LMTP_XFWD_TMOUT "lmtp_xforward_timeout" 1989 #define DEF_LMTP_XFWD_TMOUT "300s" 1990 extern int var_lmtp_xfwd_tmout; 1991 1992 #define VAR_LMTP_MAIL_TMOUT "lmtp_mail_timeout" 1993 #define DEF_LMTP_MAIL_TMOUT "300s" 1994 extern int var_lmtp_mail_tmout; 1995 1996 #define VAR_LMTP_RCPT_TMOUT "lmtp_rcpt_timeout" 1997 #define DEF_LMTP_RCPT_TMOUT "300s" 1998 extern int var_lmtp_rcpt_tmout; 1999 2000 #define VAR_LMTP_DATA0_TMOUT "lmtp_data_init_timeout" 2001 #define DEF_LMTP_DATA0_TMOUT "120s" 2002 extern int var_lmtp_data0_tmout; 2003 2004 #define VAR_LMTP_DATA1_TMOUT "lmtp_data_xfer_timeout" 2005 #define DEF_LMTP_DATA1_TMOUT "180s" 2006 extern int var_lmtp_data1_tmout; 2007 2008 #define VAR_LMTP_DATA2_TMOUT "lmtp_data_done_timeout" 2009 #define DEF_LMTP_DATA2_TMOUT "600s" 2010 extern int var_lmtp_data2_tmout; 2011 2012 #define VAR_LMTP_QUIT_TMOUT "lmtp_quit_timeout" 2013 #define DEF_LMTP_QUIT_TMOUT "300s" 2014 extern int var_lmtp_quit_tmout; 2015 2016 #define VAR_LMTP_SEND_XFORWARD "lmtp_send_xforward_command" 2017 #define DEF_LMTP_SEND_XFORWARD 0 2018 extern bool var_lmtp_send_xforward; 2019 2020 /* 2021 * Cleanup service. Header info that exceeds $header_size_limit bytes or 2022 * $header_address_token_limit tokens is discarded. 2023 */ 2024 #define VAR_HOPCOUNT_LIMIT "hopcount_limit" 2025 #define DEF_HOPCOUNT_LIMIT 50 2026 extern int var_hopcount_limit; 2027 2028 #define VAR_HEADER_LIMIT "header_size_limit" 2029 #define DEF_HEADER_LIMIT 102400 2030 extern int var_header_limit; 2031 2032 #define VAR_TOKEN_LIMIT "header_address_token_limit" 2033 #define DEF_TOKEN_LIMIT 10240 2034 extern int var_token_limit; 2035 2036 #define VAR_VIRT_RECUR_LIMIT "virtual_alias_recursion_limit" 2037 #define DEF_VIRT_RECUR_LIMIT 1000 2038 extern int var_virt_recur_limit; 2039 2040 #define VAR_VIRT_EXPAN_LIMIT "virtual_alias_expansion_limit" 2041 #define DEF_VIRT_EXPAN_LIMIT 1000 2042 extern int var_virt_expan_limit; 2043 2044 #define VAR_VIRT_ADDRLEN_LIMIT "virtual_alias_address_length_limit" 2045 #define DEF_VIRT_ADDRLEN_LIMIT 1000 2046 extern int var_virt_addrlen_limit; 2047 2048 /* 2049 * Message/queue size limits. 2050 */ 2051 #define VAR_MESSAGE_LIMIT "message_size_limit" 2052 #define DEF_MESSAGE_LIMIT 10240000 2053 extern long var_message_limit; 2054 2055 #define VAR_QUEUE_MINFREE "queue_minfree" 2056 #define DEF_QUEUE_MINFREE 0 2057 extern long var_queue_minfree; 2058 2059 /* 2060 * Light-weight content inspection. 2061 */ 2062 #define VAR_HEADER_CHECKS "header_checks" 2063 #define DEF_HEADER_CHECKS "" 2064 extern char *var_header_checks; 2065 2066 #define VAR_MIMEHDR_CHECKS "mime_header_checks" 2067 #define DEF_MIMEHDR_CHECKS "$header_checks" 2068 extern char *var_mimehdr_checks; 2069 2070 #define VAR_NESTHDR_CHECKS "nested_header_checks" 2071 #define DEF_NESTHDR_CHECKS "$header_checks" 2072 extern char *var_nesthdr_checks; 2073 2074 #define VAR_BODY_CHECKS "body_checks" 2075 #define DEF_BODY_CHECKS "" 2076 extern char *var_body_checks; 2077 2078 #define VAR_BODY_CHECK_LEN "body_checks_size_limit" 2079 #define DEF_BODY_CHECK_LEN (50*1024) 2080 extern int var_body_check_len; 2081 2082 /* 2083 * Bounce service: truncate bounce message that exceed $bounce_size_limit. 2084 */ 2085 #define VAR_BOUNCE_LIMIT "bounce_size_limit" 2086 #define DEF_BOUNCE_LIMIT 50000 2087 extern int var_bounce_limit; 2088 2089 /* 2090 * Bounce service: reserved sender address for double bounces. The local 2091 * delivery service discards undeliverable double bounces. 2092 */ 2093 #define VAR_DOUBLE_BOUNCE "double_bounce_sender" 2094 #define DEF_DOUBLE_BOUNCE "double-bounce" 2095 extern char *var_double_bounce_sender; 2096 2097 /* 2098 * Bounce service: enable threaded bounces, with References: and 2099 * In-Reply-To:. 2100 */ 2101 #define VAR_THREADED_BOUNCE "enable_threaded_bounces" 2102 #define DEF_THREADED_BOUNCE CONFIG_BOOL_NO 2103 extern bool var_threaded_bounce; 2104 2105 /* 2106 * When forking a process, how often to try and how long to wait. 2107 */ 2108 #define VAR_FORK_TRIES "fork_attempts" 2109 #define DEF_FORK_TRIES 5 2110 extern int var_fork_tries; 2111 2112 #define VAR_FORK_DELAY "fork_delay" 2113 #define DEF_FORK_DELAY "1s" 2114 extern int var_fork_delay; 2115 2116 /* 2117 * When locking a mailbox, how often to try and how long to wait. 2118 */ 2119 #define VAR_FLOCK_TRIES "deliver_lock_attempts" 2120 #define DEF_FLOCK_TRIES 20 2121 extern int var_flock_tries; 2122 2123 #define VAR_FLOCK_DELAY "deliver_lock_delay" 2124 #define DEF_FLOCK_DELAY "1s" 2125 extern int var_flock_delay; 2126 2127 #define VAR_FLOCK_STALE "stale_lock_time" 2128 #define DEF_FLOCK_STALE "500s" 2129 extern int var_flock_stale; 2130 2131 #define VAR_MAILTOOL_COMPAT "sun_mailtool_compatibility" 2132 #define DEF_MAILTOOL_COMPAT 0 2133 extern bool var_mailtool_compat; 2134 2135 /* 2136 * How long a daemon command may take to receive or deliver a message etc. 2137 * before we assume it is wedged (should never happen). 2138 */ 2139 #define VAR_DAEMON_TIMEOUT "daemon_timeout" 2140 #define DEF_DAEMON_TIMEOUT "18000s" 2141 extern int var_daemon_timeout; 2142 2143 #define VAR_QMGR_DAEMON_TIMEOUT "qmgr_daemon_timeout" 2144 #define DEF_QMGR_DAEMON_TIMEOUT "1000s" 2145 extern int var_qmgr_daemon_timeout; 2146 2147 /* 2148 * How long an intra-mail command may take before we assume the mail system 2149 * is in deadlock (should never happen). 2150 */ 2151 #define VAR_IPC_TIMEOUT "ipc_timeout" 2152 #define DEF_IPC_TIMEOUT "3600s" 2153 extern int var_ipc_timeout; 2154 2155 #define VAR_QMGR_IPC_TIMEOUT "qmgr_ipc_timeout" 2156 #define DEF_QMGR_IPC_TIMEOUT "60s" 2157 extern int var_qmgr_ipc_timeout; 2158 2159 /* 2160 * Time limit on intra-mail triggers. 2161 */ 2162 #define VAR_TRIGGER_TIMEOUT "trigger_timeout" 2163 #define DEF_TRIGGER_TIMEOUT "10s" 2164 extern int var_trigger_timeout; 2165 2166 /* 2167 * SMTP server restrictions. What networks I am willing to relay from, what 2168 * domains I am willing to forward mail from or to, what clients I refuse to 2169 * talk to, and what domains I never want to see in the sender address. 2170 */ 2171 #define VAR_MYNETWORKS "mynetworks" 2172 extern char *var_mynetworks; 2173 2174 #define VAR_MYNETWORKS_STYLE "mynetworks_style" 2175 #define DEF_MYNETWORKS_STYLE "${{$compatibility_level} <level {2} ? " \ 2176 "{" MYNETWORKS_STYLE_SUBNET "} : " \ 2177 "{" MYNETWORKS_STYLE_HOST "}}" 2178 extern char *var_mynetworks_style; 2179 2180 #define MYNETWORKS_STYLE_CLASS "class" 2181 #define MYNETWORKS_STYLE_SUBNET "subnet" 2182 #define MYNETWORKS_STYLE_HOST "host" 2183 2184 #define VAR_RELAY_DOMAINS "relay_domains" 2185 #define DEF_RELAY_DOMAINS "${{$compatibility_level} <level {2} ? " \ 2186 "{$mydestination} : {}}" 2187 extern char *var_relay_domains; 2188 2189 #define VAR_RELAY_TRANSPORT "relay_transport" 2190 #define DEF_RELAY_TRANSPORT MAIL_SERVICE_RELAY 2191 extern char *var_relay_transport; 2192 2193 #define VAR_RELAY_RCPT_MAPS "relay_recipient_maps" 2194 #define DEF_RELAY_RCPT_MAPS "" 2195 extern char *var_relay_rcpt_maps; 2196 2197 #define VAR_RELAY_RCPT_CODE "unknown_relay_recipient_reject_code" 2198 #define DEF_RELAY_RCPT_CODE 550 2199 extern int var_relay_rcpt_code; 2200 2201 #define VAR_RELAY_CCERTS "relay_clientcerts" 2202 #define DEF_RELAY_CCERTS "" 2203 extern char *var_smtpd_relay_ccerts; 2204 2205 #define VAR_CLIENT_CHECKS "smtpd_client_restrictions" 2206 #define DEF_CLIENT_CHECKS "" 2207 extern char *var_client_checks; 2208 2209 #define VAR_HELO_REQUIRED "smtpd_helo_required" 2210 #define DEF_HELO_REQUIRED 0 2211 extern bool var_helo_required; 2212 2213 #define VAR_HELO_CHECKS "smtpd_helo_restrictions" 2214 #define DEF_HELO_CHECKS "" 2215 extern char *var_helo_checks; 2216 2217 #define VAR_MAIL_CHECKS "smtpd_sender_restrictions" 2218 #define DEF_MAIL_CHECKS "" 2219 extern char *var_mail_checks; 2220 2221 #define VAR_RELAY_CHECKS "smtpd_relay_restrictions" 2222 #define DEF_RELAY_CHECKS "${{$compatibility_level} <level {1} ? " \ 2223 "{} : {" PERMIT_MYNETWORKS ", " \ 2224 PERMIT_SASL_AUTH ", " \ 2225 DEFER_UNAUTH_DEST "}}" 2226 extern char *var_relay_checks; 2227 2228 /* 2229 * For warn_compat_break_relay_domains check. Same as DEF_RELAY_CHECKS 2230 * except that it evaluates to DUNNO instead of REJECT. 2231 */ 2232 #define FAKE_RELAY_CHECKS PERMIT_MYNETWORKS ", " \ 2233 PERMIT_SASL_AUTH ", " \ 2234 PERMIT_AUTH_DEST 2235 2236 #define VAR_RCPT_CHECKS "smtpd_recipient_restrictions" 2237 #define DEF_RCPT_CHECKS "" 2238 extern char *var_rcpt_checks; 2239 2240 #define VAR_RELAY_BEFORE_RCPT_CHECKS "smtpd_relay_before_recipient_restrictions" 2241 #define DEF_RELAY_BEFORE_RCPT_CHECKS "${{$compatibility_level} <level {3.6} ?" \ 2242 " {no} : {yes}}" 2243 extern bool var_relay_before_rcpt_checks; 2244 2245 #define VAR_ETRN_CHECKS "smtpd_etrn_restrictions" 2246 #define DEF_ETRN_CHECKS "" 2247 extern char *var_etrn_checks; 2248 2249 #define VAR_DATA_CHECKS "smtpd_data_restrictions" 2250 #define DEF_DATA_CHECKS "" 2251 extern char *var_data_checks; 2252 2253 #define VAR_EOD_CHECKS "smtpd_end_of_data_restrictions" 2254 #define DEF_EOD_CHECKS "" 2255 extern char *var_eod_checks; 2256 2257 #define VAR_REST_CLASSES "smtpd_restriction_classes" 2258 #define DEF_REST_CLASSES "" 2259 extern char *var_rest_classes; 2260 2261 #define VAR_ALLOW_UNTRUST_ROUTE "allow_untrusted_routing" 2262 #define DEF_ALLOW_UNTRUST_ROUTE 0 2263 extern bool var_allow_untrust_route; 2264 2265 /* 2266 * Names of specific restrictions, and the corresponding configuration 2267 * parameters that control the status codes sent in response to rejected 2268 * requests. 2269 */ 2270 #define PERMIT_ALL "permit" 2271 #define REJECT_ALL "reject" 2272 #define VAR_REJECT_CODE "reject_code" 2273 #define DEF_REJECT_CODE 554 2274 extern int var_reject_code; 2275 2276 #define DEFER_ALL "defer" 2277 #define VAR_DEFER_CODE "defer_code" 2278 #define DEF_DEFER_CODE 450 2279 extern int var_defer_code; 2280 2281 #define DEFER_IF_PERMIT "defer_if_permit" 2282 #define DEFER_IF_REJECT "defer_if_reject" 2283 2284 #define VAR_REJECT_TMPF_ACT "reject_tempfail_action" 2285 #define DEF_REJECT_TMPF_ACT DEFER_IF_PERMIT 2286 extern char *var_reject_tmpf_act; 2287 2288 #define SLEEP "sleep" 2289 2290 #define REJECT_PLAINTEXT_SESSION "reject_plaintext_session" 2291 #define VAR_PLAINTEXT_CODE "plaintext_reject_code" 2292 #define DEF_PLAINTEXT_CODE 450 2293 extern int var_plaintext_code; 2294 2295 #define REJECT_UNKNOWN_CLIENT "reject_unknown_client" 2296 #define REJECT_UNKNOWN_CLIENT_HOSTNAME "reject_unknown_client_hostname" 2297 #define REJECT_UNKNOWN_REVERSE_HOSTNAME "reject_unknown_reverse_client_hostname" 2298 #define REJECT_UNKNOWN_FORWARD_HOSTNAME "reject_unknown_forward_client_hostname" 2299 #define VAR_UNK_CLIENT_CODE "unknown_client_reject_code" 2300 #define DEF_UNK_CLIENT_CODE 450 2301 extern int var_unk_client_code; 2302 2303 #define PERMIT_INET_INTERFACES "permit_inet_interfaces" 2304 2305 #define PERMIT_MYNETWORKS "permit_mynetworks" 2306 2307 #define PERMIT_NAKED_IP_ADDR "permit_naked_ip_address" 2308 2309 #define REJECT_INVALID_HELO_HOSTNAME "reject_invalid_helo_hostname" 2310 #define REJECT_INVALID_HOSTNAME "reject_invalid_hostname" 2311 #define VAR_BAD_NAME_CODE "invalid_hostname_reject_code" 2312 #define DEF_BAD_NAME_CODE 501 /* SYNTAX */ 2313 extern int var_bad_name_code; 2314 2315 #define REJECT_UNKNOWN_HELO_HOSTNAME "reject_unknown_helo_hostname" 2316 #define REJECT_UNKNOWN_HOSTNAME "reject_unknown_hostname" 2317 #define VAR_UNK_NAME_CODE "unknown_hostname_reject_code" 2318 #define DEF_UNK_NAME_CODE 450 2319 extern int var_unk_name_code; 2320 2321 #define VAR_UNK_NAME_TF_ACT "unknown_helo_hostname_tempfail_action" 2322 #define DEF_UNK_NAME_TF_ACT "$" VAR_REJECT_TMPF_ACT 2323 extern char *var_unk_name_tf_act; 2324 2325 #define REJECT_NON_FQDN_HELO_HOSTNAME "reject_non_fqdn_helo_hostname" 2326 #define REJECT_NON_FQDN_HOSTNAME "reject_non_fqdn_hostname" 2327 #define REJECT_NON_FQDN_SENDER "reject_non_fqdn_sender" 2328 #define REJECT_NON_FQDN_RCPT "reject_non_fqdn_recipient" 2329 #define VAR_NON_FQDN_CODE "non_fqdn_reject_code" 2330 #define DEF_NON_FQDN_CODE 504 /* POLICY */ 2331 extern int var_non_fqdn_code; 2332 2333 #define REJECT_UNKNOWN_SENDDOM "reject_unknown_sender_domain" 2334 #define REJECT_UNKNOWN_RCPTDOM "reject_unknown_recipient_domain" 2335 #define REJECT_UNKNOWN_ADDRESS "reject_unknown_address" 2336 #define REJECT_UNLISTED_SENDER "reject_unlisted_sender" 2337 #define REJECT_UNLISTED_RCPT "reject_unlisted_recipient" 2338 #define CHECK_RCPT_MAPS "check_recipient_maps" 2339 2340 #define VAR_UNK_ADDR_CODE "unknown_address_reject_code" 2341 #define DEF_UNK_ADDR_CODE 450 2342 extern int var_unk_addr_code; 2343 2344 #define VAR_UNK_ADDR_TF_ACT "unknown_address_tempfail_action" 2345 #define DEF_UNK_ADDR_TF_ACT "$" VAR_REJECT_TMPF_ACT 2346 extern char *var_unk_addr_tf_act; 2347 2348 #define VAR_SMTPD_REJ_UNL_FROM "smtpd_reject_unlisted_sender" 2349 #define DEF_SMTPD_REJ_UNL_FROM 0 2350 extern bool var_smtpd_rej_unl_from; 2351 2352 #define VAR_SMTPD_REJ_UNL_RCPT "smtpd_reject_unlisted_recipient" 2353 #define DEF_SMTPD_REJ_UNL_RCPT 1 2354 extern bool var_smtpd_rej_unl_rcpt; 2355 2356 #define REJECT_UNVERIFIED_RECIP "reject_unverified_recipient" 2357 #define VAR_UNV_RCPT_RCODE "unverified_recipient_reject_code" 2358 #define DEF_UNV_RCPT_RCODE 450 2359 extern int var_unv_rcpt_rcode; 2360 2361 #define REJECT_UNVERIFIED_SENDER "reject_unverified_sender" 2362 #define VAR_UNV_FROM_RCODE "unverified_sender_reject_code" 2363 #define DEF_UNV_FROM_RCODE 450 2364 extern int var_unv_from_rcode; 2365 2366 #define VAR_UNV_RCPT_DCODE "unverified_recipient_defer_code" 2367 #define DEF_UNV_RCPT_DCODE 450 2368 extern int var_unv_rcpt_dcode; 2369 2370 #define VAR_UNV_FROM_DCODE "unverified_sender_defer_code" 2371 #define DEF_UNV_FROM_DCODE 450 2372 extern int var_unv_from_dcode; 2373 2374 #define VAR_UNV_RCPT_TF_ACT "unverified_recipient_tempfail_action" 2375 #define DEF_UNV_RCPT_TF_ACT "$" VAR_REJECT_TMPF_ACT 2376 extern char *var_unv_rcpt_tf_act; 2377 2378 #define VAR_UNV_FROM_TF_ACT "unverified_sender_tempfail_action" 2379 #define DEF_UNV_FROM_TF_ACT "$" VAR_REJECT_TMPF_ACT 2380 extern char *var_unv_from_tf_act; 2381 2382 #define VAR_UNV_RCPT_WHY "unverified_recipient_reject_reason" 2383 #define DEF_UNV_RCPT_WHY "" 2384 extern char *var_unv_rcpt_why; 2385 2386 #define VAR_UNV_FROM_WHY "unverified_sender_reject_reason" 2387 #define DEF_UNV_FROM_WHY "" 2388 extern char *var_unv_from_why; 2389 2390 #define REJECT_MUL_RCPT_BOUNCE "reject_multi_recipient_bounce" 2391 #define VAR_MUL_RCPT_CODE "multi_recipient_bounce_reject_code" 2392 #define DEF_MUL_RCPT_CODE 550 2393 extern int var_mul_rcpt_code; 2394 2395 #define PERMIT_AUTH_DEST "permit_auth_destination" 2396 #define REJECT_UNAUTH_DEST "reject_unauth_destination" 2397 #define DEFER_UNAUTH_DEST "defer_unauth_destination" 2398 #define CHECK_RELAY_DOMAINS "check_relay_domains" 2399 #define PERMIT_TLS_CLIENTCERTS "permit_tls_clientcerts" 2400 #define PERMIT_TLS_ALL_CLIENTCERTS "permit_tls_all_clientcerts" 2401 #define VAR_RELAY_CODE "relay_domains_reject_code" 2402 #define DEF_RELAY_CODE 554 2403 extern int var_relay_code; 2404 2405 #define PERMIT_MX_BACKUP "permit_mx_backup" 2406 2407 #define VAR_PERM_MX_NETWORKS "permit_mx_backup_networks" 2408 #define DEF_PERM_MX_NETWORKS "" 2409 extern char *var_perm_mx_networks; 2410 2411 #define VAR_MAP_REJECT_CODE "access_map_reject_code" 2412 #define DEF_MAP_REJECT_CODE 554 2413 extern int var_map_reject_code; 2414 2415 #define VAR_MAP_DEFER_CODE "access_map_defer_code" 2416 #define DEF_MAP_DEFER_CODE 450 2417 extern int var_map_defer_code; 2418 2419 #define CHECK_CLIENT_ACL "check_client_access" 2420 #define CHECK_REVERSE_CLIENT_ACL "check_reverse_client_hostname_access" 2421 #define CHECK_CCERT_ACL "check_ccert_access" 2422 #define CHECK_SASL_ACL "check_sasl_access" 2423 #define CHECK_HELO_ACL "check_helo_access" 2424 #define CHECK_SENDER_ACL "check_sender_access" 2425 #define CHECK_RECIP_ACL "check_recipient_access" 2426 #define CHECK_ETRN_ACL "check_etrn_access" 2427 2428 #define CHECK_CLIENT_MX_ACL "check_client_mx_access" 2429 #define CHECK_REVERSE_CLIENT_MX_ACL "check_reverse_client_hostname_mx_access" 2430 #define CHECK_HELO_MX_ACL "check_helo_mx_access" 2431 #define CHECK_SENDER_MX_ACL "check_sender_mx_access" 2432 #define CHECK_RECIP_MX_ACL "check_recipient_mx_access" 2433 #define CHECK_CLIENT_NS_ACL "check_client_ns_access" 2434 #define CHECK_REVERSE_CLIENT_NS_ACL "check_reverse_client_hostname_ns_access" 2435 #define CHECK_HELO_NS_ACL "check_helo_ns_access" 2436 #define CHECK_SENDER_NS_ACL "check_sender_ns_access" 2437 #define CHECK_RECIP_NS_ACL "check_recipient_ns_access" 2438 #define CHECK_CLIENT_A_ACL "check_client_a_access" 2439 #define CHECK_REVERSE_CLIENT_A_ACL "check_reverse_client_hostname_a_access" 2440 #define CHECK_HELO_A_ACL "check_helo_a_access" 2441 #define CHECK_SENDER_A_ACL "check_sender_a_access" 2442 #define CHECK_RECIP_A_ACL "check_recipient_a_access" 2443 2444 #define WARN_IF_REJECT "warn_if_reject" 2445 2446 #define REJECT_RBL "reject_rbl" /* LaMont compatibility */ 2447 #define REJECT_RBL_CLIENT "reject_rbl_client" 2448 #define REJECT_RHSBL_CLIENT "reject_rhsbl_client" 2449 #define REJECT_RHSBL_REVERSE_CLIENT "reject_rhsbl_reverse_client" 2450 #define REJECT_RHSBL_HELO "reject_rhsbl_helo" 2451 #define REJECT_RHSBL_SENDER "reject_rhsbl_sender" 2452 #define REJECT_RHSBL_RECIPIENT "reject_rhsbl_recipient" 2453 2454 #define PERMIT_DNSWL_CLIENT "permit_dnswl_client" 2455 #define PERMIT_RHSWL_CLIENT "permit_rhswl_client" 2456 2457 #define VAR_RBL_REPLY_MAPS "rbl_reply_maps" 2458 #define DEF_RBL_REPLY_MAPS "" 2459 extern char *var_rbl_reply_maps; 2460 2461 #define VAR_DEF_RBL_REPLY "default_rbl_reply" 2462 #define DEF_DEF_RBL_REPLY "$rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}" 2463 extern char *var_def_rbl_reply; 2464 2465 #define REJECT_MAPS_RBL "reject_maps_rbl" /* backwards compat */ 2466 #define VAR_MAPS_RBL_CODE "maps_rbl_reject_code" 2467 #define DEF_MAPS_RBL_CODE 554 2468 extern int var_maps_rbl_code; 2469 2470 #define VAR_MAPS_RBL_DOMAINS "maps_rbl_domains" /* backwards compat */ 2471 #define DEF_MAPS_RBL_DOMAINS "" 2472 extern char *var_maps_rbl_domains; 2473 2474 #define VAR_SMTPD_DELAY_REJECT "smtpd_delay_reject" 2475 #define DEF_SMTPD_DELAY_REJECT 1 2476 extern bool var_smtpd_delay_reject; 2477 2478 #define REJECT_UNAUTH_PIPE "reject_unauth_pipelining" 2479 2480 #define VAR_SMTPD_NULL_KEY "smtpd_null_access_lookup_key" 2481 #define DEF_SMTPD_NULL_KEY "<>" 2482 extern char *var_smtpd_null_key; 2483 2484 #define VAR_SMTPD_EXP_FILTER "smtpd_expansion_filter" 2485 #define DEF_SMTPD_EXP_FILTER "\\t\\40!\"#$%&'()*+,-./0123456789:;<=>?@\ 2486 ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`\ 2487 abcdefghijklmnopqrstuvwxyz{|}~" 2488 extern char *var_smtpd_exp_filter; 2489 2490 #define VAR_SMTPD_PEERNAME_LOOKUP "smtpd_peername_lookup" 2491 #define DEF_SMTPD_PEERNAME_LOOKUP 1 2492 extern bool var_smtpd_peername_lookup; 2493 2494 #define VAR_SMTPD_FORBID_UNAUTH_PIPE "smtpd_forbid_unauth_pipelining" 2495 #define DEF_SMTPD_FORBID_UNAUTH_PIPE 1 2496 extern bool var_smtpd_forbid_unauth_pipe; 2497 2498 /* 2499 * Heuristic to reject unknown local recipients at the SMTP port. 2500 */ 2501 #define VAR_LOCAL_RCPT_MAPS "local_recipient_maps" 2502 #define DEF_LOCAL_RCPT_MAPS "proxy:unix:passwd.byname $" VAR_ALIAS_MAPS 2503 extern char *var_local_rcpt_maps; 2504 2505 #define VAR_LOCAL_RCPT_CODE "unknown_local_recipient_reject_code" 2506 #define DEF_LOCAL_RCPT_CODE 550 2507 extern int var_local_rcpt_code; 2508 2509 /* 2510 * List of pre-approved maps that are OK to open with the proxymap service. 2511 */ 2512 #define VAR_PROXY_READ_MAPS "proxy_read_maps" 2513 #define DEF_PROXY_READ_MAPS "$" VAR_LOCAL_RCPT_MAPS \ 2514 " $" VAR_MYDEST \ 2515 " $" VAR_VIRT_ALIAS_MAPS \ 2516 " $" VAR_VIRT_ALIAS_DOMS \ 2517 " $" VAR_VIRT_MAILBOX_MAPS \ 2518 " $" VAR_VIRT_MAILBOX_DOMS \ 2519 " $" VAR_RELAY_RCPT_MAPS \ 2520 " $" VAR_RELAY_DOMAINS \ 2521 " $" VAR_CANONICAL_MAPS \ 2522 " $" VAR_SEND_CANON_MAPS \ 2523 " $" VAR_RCPT_CANON_MAPS \ 2524 " $" VAR_RELOCATED_MAPS \ 2525 " $" VAR_TRANSPORT_MAPS \ 2526 " $" VAR_MYNETWORKS \ 2527 " $" VAR_SMTPD_SND_AUTH_MAPS \ 2528 " $" VAR_SEND_BCC_MAPS \ 2529 " $" VAR_RCPT_BCC_MAPS \ 2530 " $" VAR_SMTP_GENERIC_MAPS \ 2531 " $" VAR_LMTP_GENERIC_MAPS \ 2532 " $" VAR_ALIAS_MAPS \ 2533 " $" VAR_CLIENT_CHECKS \ 2534 " $" VAR_HELO_CHECKS \ 2535 " $" VAR_MAIL_CHECKS \ 2536 " $" VAR_RELAY_CHECKS \ 2537 " $" VAR_RCPT_CHECKS \ 2538 " $" VAR_VRFY_SND_DEF_XPORT_MAPS \ 2539 " $" VAR_VRFY_RELAY_MAPS \ 2540 " $" VAR_VRFY_XPORT_MAPS \ 2541 " $" VAR_FBCK_TRANSP_MAPS \ 2542 " $" VAR_LMTP_EHLO_DIS_MAPS \ 2543 " $" VAR_LMTP_PIX_BUG_MAPS \ 2544 " $" VAR_LMTP_SASL_PASSWD \ 2545 " $" VAR_LMTP_TLS_POLICY \ 2546 " $" VAR_MAILBOX_CMD_MAPS \ 2547 " $" VAR_MBOX_TRANSP_MAPS \ 2548 " $" VAR_PSC_EHLO_DIS_MAPS \ 2549 " $" VAR_RBL_REPLY_MAPS \ 2550 " $" VAR_SND_DEF_XPORT_MAPS \ 2551 " $" VAR_SND_RELAY_MAPS \ 2552 " $" VAR_SMTP_EHLO_DIS_MAPS \ 2553 " $" VAR_SMTP_PIX_BUG_MAPS \ 2554 " $" VAR_SMTP_SASL_PASSWD \ 2555 " $" VAR_SMTP_TLS_POLICY \ 2556 " $" VAR_SMTPD_EHLO_DIS_MAPS \ 2557 " $" VAR_SMTPD_MILTER_MAPS \ 2558 " $" VAR_VIRT_GID_MAPS \ 2559 " $" VAR_VIRT_UID_MAPS \ 2560 " $" VAR_LOCAL_LOGIN_SND_MAPS \ 2561 " $" VAR_PSC_REJ_FTR_MAPS \ 2562 " $" VAR_SMTPD_REJ_FTR_MAPS \ 2563 " $" VAR_TLS_SERVER_SNI_MAPS \ 2564 " $" VAR_TLSP_CLNT_POLICY \ 2565 " $" VAR_DSN_FILTER \ 2566 " $" VAR_LMTP_DSN_FILTER \ 2567 " $" VAR_LMTP_DNS_RE_FILTER \ 2568 " $" VAR_LMTP_RESP_FILTER \ 2569 " $" VAR_LOCAL_DSN_FILTER \ 2570 " $" VAR_PIPE_DSN_FILTER \ 2571 " $" VAR_PSC_CMD_FILTER \ 2572 " $" VAR_SMTP_DSN_FILTER \ 2573 " $" VAR_SMTP_DNS_RE_FILTER \ 2574 " $" VAR_SMTP_RESP_FILTER \ 2575 " $" VAR_SMTPD_CMD_FILTER \ 2576 " $" VAR_SMTPD_DNS_RE_FILTER \ 2577 " $" VAR_VIRT_DSN_FILTER \ 2578 " $" VAR_BODY_CHECKS \ 2579 " $" VAR_HEADER_CHECKS \ 2580 " $" VAR_LMTP_BODY_CHKS \ 2581 " $" VAR_LMTP_HEAD_CHKS \ 2582 " $" VAR_LMTP_MIME_CHKS \ 2583 " $" VAR_LMTP_NEST_CHKS \ 2584 " $" VAR_MILT_HEAD_CHECKS \ 2585 " $" VAR_MIMEHDR_CHECKS \ 2586 " $" VAR_NESTHDR_CHECKS \ 2587 " $" VAR_SMTP_BODY_CHKS \ 2588 " $" VAR_SMTP_HEAD_CHKS \ 2589 " $" VAR_SMTP_MIME_CHKS \ 2590 " $" VAR_SMTP_NEST_CHKS \ 2591 " $" VAR_SMTPD_REJECT_FILTER_MAPS \ 2592 " $" VAR_DEBUG_PEER_LIST \ 2593 " $" VAR_ETRN_CHECKS \ 2594 " $" VAR_FFLUSH_DOMAINS \ 2595 " $" VAR_FLUSH_ACL \ 2596 " $" VAR_LMTP_CACHE_DEST \ 2597 " $" VAR_LOC_RWR_CLIENTS \ 2598 " $" VAR_MASQ_EXCEPTIONS \ 2599 " $" VAR_PSC_ACL \ 2600 " $" VAR_PSC_ALLIST_IF \ 2601 " $" VAR_PSC_FORBID_CMDS \ 2602 " $" VAR_QMQPD_CLIENTS \ 2603 " $" VAR_SHOWQ_ACL \ 2604 " $" VAR_SMTP_CACHE_DEST \ 2605 " $" VAR_SMTPD_ACL_PERM_LOG \ 2606 " $" VAR_SMTPD_FORBID_CMDS \ 2607 " $" VAR_SMTPD_HOGGERS \ 2608 " $" VAR_SMTPD_SASL_EXCEPTIONS_NETWORKS \ 2609 " $" VAR_SMTPD_SASL_MECH_FILTER \ 2610 " $" VAR_SMTP_REQTLS_POLICY \ 2611 " $" VAR_SMTP_SASL_MECHS \ 2612 " $" VAR_SUBMIT_ACL \ 2613 " $" VAR_VERP_CLIENTS \ 2614 " $" VAR_XCLIENT_HOSTS \ 2615 " $" VAR_XFORWARD_HOSTS \ 2616 2617 extern char *var_proxy_read_maps; 2618 2619 #define VAR_PROXY_WRITE_MAPS "proxy_write_maps" 2620 #define DEF_PROXY_WRITE_MAPS "$" VAR_SMTP_SASL_AUTH_CACHE_NAME \ 2621 " $" VAR_LMTP_SASL_AUTH_CACHE_NAME \ 2622 " $" VAR_VERIFY_MAP \ 2623 " $" VAR_PSC_CACHE_MAP 2624 extern char *var_proxy_write_maps; 2625 2626 #define VAR_PROXY_READ_ACL "proxy_read_access_list" 2627 #define DEF_PROXY_READ_ACL "reject" 2628 extern char *var_proxy_read_acl; 2629 2630 #define VAR_PROXY_WRITE_ACL "proxy_write_access_list" 2631 #define DEF_PROXY_WRITE_ACL "reject" 2632 extern char *var_proxy_write_acl; 2633 2634 /* 2635 * Other. 2636 */ 2637 #define VAR_PROCNAME "process_name" 2638 extern char *var_procname; 2639 2640 #define VAR_SERVNAME "service_name" 2641 #define DEF_SERVNAME "amnesiac" 2642 extern char *var_servname; 2643 2644 #define VAR_PID "process_id" 2645 extern int var_pid; 2646 2647 #define VAR_DEBUG_COMMAND "debugger_command" 2648 2649 /* 2650 * Paranoia: save files instead of deleting them. 2651 */ 2652 #define VAR_DONT_REMOVE "dont_remove" 2653 #define DEF_DONT_REMOVE 0 2654 extern int var_dont_remove; 2655 2656 /* 2657 * Paranoia: defer messages instead of bouncing them. 2658 */ 2659 #define VAR_SOFT_BOUNCE "soft_bounce" 2660 #define DEF_SOFT_BOUNCE 0 2661 extern bool var_soft_bounce; 2662 2663 /* 2664 * Give special treatment to owner- and -request. 2665 */ 2666 #define VAR_OWNREQ_SPECIAL "owner_request_special" 2667 #define DEF_OWNREQ_SPECIAL 1 2668 extern bool var_ownreq_special; 2669 2670 /* 2671 * Allow/disallow recipient addresses starting with `-'. 2672 */ 2673 #define VAR_ALLOW_MIN_USER "allow_min_user" 2674 #define DEF_ALLOW_MIN_USER 0 2675 extern bool var_allow_min_user; 2676 2677 extern void mail_params_init(void); 2678 2679 /* 2680 * Content inspection and filtering. 2681 */ 2682 #define VAR_FILTER_XPORT "content_filter" 2683 #define DEF_FILTER_XPORT "" 2684 extern char *var_filter_xport; 2685 2686 #define VAR_DEF_FILTER_NEXTHOP "default_filter_nexthop" 2687 #define DEF_DEF_FILTER_NEXTHOP "" 2688 extern char *var_def_filter_nexthop; 2689 2690 /* 2691 * Fast flush service support. 2692 */ 2693 #define VAR_FFLUSH_DOMAINS "fast_flush_domains" 2694 #define DEF_FFLUSH_DOMAINS "$relay_domains" 2695 extern char *var_fflush_domains; 2696 2697 #define VAR_FFLUSH_PURGE "fast_flush_purge_time" 2698 #define DEF_FFLUSH_PURGE "7d" 2699 extern int var_fflush_purge; 2700 2701 #define VAR_FFLUSH_REFRESH "fast_flush_refresh_time" 2702 #define DEF_FFLUSH_REFRESH "12h" 2703 extern int var_fflush_refresh; 2704 2705 /* 2706 * Environmental management - what Postfix imports from the external world, 2707 * and what Postfix exports to the external world. 2708 */ 2709 #define VAR_IMPORT_ENVIRON "import_environment" 2710 #define DEF_IMPORT_ENVIRON "MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG " \ 2711 "TZ XAUTHORITY DISPLAY LANG=C " \ 2712 "POSTLOG_SERVICE POSTLOG_HOSTNAME " \ 2713 "XDG_RUNTIME_DIR" 2714 extern char *var_import_environ; 2715 2716 #define VAR_EXPORT_ENVIRON "export_environment" 2717 #define DEF_EXPORT_ENVIRON "TZ MAIL_CONFIG LANG" 2718 extern char *var_export_environ; 2719 2720 /* 2721 * Tunables for the "virtual" local delivery agent 2722 */ 2723 #define VAR_VIRT_TRANSPORT "virtual_transport" 2724 #define DEF_VIRT_TRANSPORT MAIL_SERVICE_VIRTUAL 2725 extern char *var_virt_transport; 2726 2727 #define VAR_VIRT_MAILBOX_MAPS "virtual_mailbox_maps" 2728 #define DEF_VIRT_MAILBOX_MAPS "" 2729 extern char *var_virt_mailbox_maps; 2730 2731 #define VAR_VIRT_MAILBOX_DOMS "virtual_mailbox_domains" 2732 #define DEF_VIRT_MAILBOX_DOMS "$virtual_mailbox_maps" 2733 extern char *var_virt_mailbox_doms; 2734 2735 #define VAR_VIRT_MAILBOX_CODE "unknown_virtual_mailbox_reject_code" 2736 #define DEF_VIRT_MAILBOX_CODE 550 2737 extern int var_virt_mailbox_code; 2738 2739 #define VAR_VIRT_UID_MAPS "virtual_uid_maps" 2740 #define DEF_VIRT_UID_MAPS "" 2741 extern char *var_virt_uid_maps; 2742 2743 #define VAR_VIRT_GID_MAPS "virtual_gid_maps" 2744 #define DEF_VIRT_GID_MAPS "" 2745 extern char *var_virt_gid_maps; 2746 2747 #define VAR_VIRT_MINUID "virtual_minimum_uid" 2748 #define DEF_VIRT_MINUID 100 2749 extern int var_virt_minimum_uid; 2750 2751 #define VAR_VIRT_MAILBOX_BASE "virtual_mailbox_base" 2752 #define DEF_VIRT_MAILBOX_BASE "" 2753 extern char *var_virt_mailbox_base; 2754 2755 #define VAR_VIRT_MAILBOX_LIMIT "virtual_mailbox_limit" 2756 #define DEF_VIRT_MAILBOX_LIMIT (5 * DEF_MESSAGE_LIMIT) 2757 extern long var_virt_mailbox_limit; 2758 2759 #define VAR_VIRT_MAILBOX_LOCK "virtual_mailbox_lock" 2760 #define DEF_VIRT_MAILBOX_LOCK "fcntl, dotlock" 2761 extern char *var_virt_mailbox_lock; 2762 2763 /* 2764 * Distinct logging tag for multiple Postfix instances. 2765 */ 2766 #define VAR_SYSLOG_NAME "syslog_name" 2767 #if 1 2768 #define DEF_SYSLOG_NAME \ 2769 "${" VAR_MULTI_NAME "?{$" VAR_MULTI_NAME "}:{postfix}}" 2770 #else 2771 #define DEF_SYSLOG_NAME "postfix" 2772 #endif 2773 extern char *var_syslog_name; 2774 2775 /* 2776 * QMQPD 2777 */ 2778 #define VAR_QMQPD_CLIENTS "qmqpd_authorized_clients" 2779 #define DEF_QMQPD_CLIENTS "" 2780 extern char *var_qmqpd_clients; 2781 2782 #define VAR_QMTPD_TMOUT "qmqpd_timeout" 2783 #define DEF_QMTPD_TMOUT "300s" 2784 extern int var_qmqpd_timeout; 2785 2786 #define VAR_QMTPD_ERR_SLEEP "qmqpd_error_delay" 2787 #define DEF_QMTPD_ERR_SLEEP "1s" 2788 extern int var_qmqpd_err_sleep; 2789 2790 /* 2791 * VERP, more DJB intellectual cross-pollination. However, we prefer + as 2792 * the default recipient delimiter. 2793 */ 2794 #define VAR_VERP_DELIMS "default_verp_delimiters" 2795 #define DEF_VERP_DELIMS "+=" 2796 extern char *var_verp_delims; 2797 2798 #define VAR_VERP_FILTER "verp_delimiter_filter" 2799 #define DEF_VERP_FILTER "-=+" 2800 extern char *var_verp_filter; 2801 2802 #define VAR_VERP_BOUNCE_OFF "disable_verp_bounces" 2803 #define DEF_VERP_BOUNCE_OFF 0 2804 extern bool var_verp_bounce_off; 2805 2806 #define VAR_VERP_CLIENTS "smtpd_authorized_verp_clients" 2807 #define DEF_VERP_CLIENTS "$authorized_verp_clients" 2808 extern char *var_verp_clients; 2809 2810 /* 2811 * XCLIENT, for rule testing and fetchmail like apps. 2812 */ 2813 #define VAR_XCLIENT_HOSTS "smtpd_authorized_xclient_hosts" 2814 #define DEF_XCLIENT_HOSTS "" 2815 extern char *var_xclient_hosts; 2816 2817 /* 2818 * XFORWARD, for improved post-filter logging. 2819 */ 2820 #define VAR_XFORWARD_HOSTS "smtpd_authorized_xforward_hosts" 2821 #define DEF_XFORWARD_HOSTS "" 2822 extern char *var_xforward_hosts; 2823 2824 /* 2825 * Inbound mail flow control. This allows for a stiffer coupling between 2826 * receiving mail and sending mail. A sending process produces one token for 2827 * each message that it takes from the incoming queue; a receiving process 2828 * consumes one token for each message that it adds to the incoming queue. 2829 * When no token is available (Postfix receives more mail than it is able to 2830 * deliver) a receiving process pauses for $in_flow_delay seconds so that 2831 * the sending processes get a chance to access the disk. 2832 */ 2833 #define VAR_IN_FLOW_DELAY "in_flow_delay" 2834 #ifdef PIPES_CANT_FIONREAD 2835 #define DEF_IN_FLOW_DELAY "0s" 2836 #else 2837 #define DEF_IN_FLOW_DELAY "1s" 2838 #endif 2839 extern int var_in_flow_delay; 2840 2841 /* 2842 * Backwards compatibility: foo.com matches itself and names below foo.com. 2843 */ 2844 #define VAR_PAR_DOM_MATCH "parent_domain_matches_subdomains" 2845 #define DEF_PAR_DOM_MATCH VAR_DEBUG_PEER_LIST "," \ 2846 VAR_FFLUSH_DOMAINS "," \ 2847 VAR_MYNETWORKS "," \ 2848 VAR_PERM_MX_NETWORKS "," \ 2849 VAR_QMQPD_CLIENTS "," \ 2850 VAR_RELAY_DOMAINS "," \ 2851 SMTPD_ACCESS_MAPS 2852 extern char *var_par_dom_match; 2853 2854 #define SMTPD_ACCESS_MAPS "smtpd_access_maps" 2855 2856 /* 2857 * Run-time fault injection. 2858 */ 2859 #define VAR_FAULT_INJ_CODE "fault_injection_code" 2860 #define DEF_FAULT_INJ_CODE 0 2861 extern int var_fault_inj_code; 2862 2863 /* 2864 * Install/upgrade information. 2865 */ 2866 #define VAR_SENDMAIL_PATH "sendmail_path" 2867 #ifndef DEF_SENDMAIL_PATH 2868 #define DEF_SENDMAIL_PATH "/usr/sbin/sendmail" 2869 #endif 2870 2871 #define VAR_MAILQ_PATH "mailq_path" 2872 #ifndef DEF_MAILQ_PATH 2873 #define DEF_MAILQ_PATH "/usr/bin/mailq" 2874 #endif 2875 2876 #define VAR_NEWALIAS_PATH "newaliases_path" 2877 #ifndef DEF_NEWALIAS_PATH 2878 #define DEF_NEWALIAS_PATH "/usr/bin/newaliases" 2879 #endif 2880 2881 #define VAR_OPENSSL_PATH "openssl_path" 2882 #ifndef DEF_OPENSSL_PATH 2883 #define DEF_OPENSSL_PATH "openssl" 2884 #endif 2885 extern char *var_openssl_path; 2886 2887 #define VAR_MANPAGE_DIR "manpage_directory" 2888 #ifndef DEF_MANPAGE_DIR 2889 #define DEF_MANPAGE_DIR "/usr/local/man" 2890 #endif 2891 2892 #define VAR_SAMPLE_DIR "sample_directory" 2893 #ifndef DEF_SAMPLE_DIR 2894 #define DEF_SAMPLE_DIR DEF_CONFIG_DIR 2895 #endif 2896 2897 #define VAR_README_DIR "readme_directory" 2898 #ifndef DEF_README_DIR 2899 #define DEF_README_DIR "no" 2900 #endif 2901 2902 #define VAR_HTML_DIR "html_directory" 2903 #ifndef DEF_HTML_DIR 2904 #define DEF_HTML_DIR "no" 2905 #endif 2906 2907 /* 2908 * Safety: resolve the address with unquoted localpart (default, but 2909 * technically incorrect), instead of resolving the address with quoted 2910 * localpart (technically correct, but unsafe). The default prevents mail 2911 * relay loopholes with "user@domain"@domain when relaying mail to a 2912 * Sendmail system. 2913 */ 2914 #define VAR_RESOLVE_DEQUOTED "resolve_dequoted_address" 2915 #define DEF_RESOLVE_DEQUOTED 1 2916 extern bool var_resolve_dequoted; 2917 2918 #define VAR_RESOLVE_NULLDOM "resolve_null_domain" 2919 #define DEF_RESOLVE_NULLDOM 0 2920 extern bool var_resolve_nulldom; 2921 2922 #define VAR_RESOLVE_NUM_DOM "resolve_numeric_domain" 2923 #define DEF_RESOLVE_NUM_DOM 0 2924 extern bool var_resolve_num_dom; 2925 2926 /* 2927 * Service names. The transport (TCP, FIFO or UNIX-domain) type is frozen 2928 * because you cannot simply mix them, and accessibility (private/public) is 2929 * frozen for security reasons. We list only the internal services, not the 2930 * externally visible SMTP server, or the delivery agents that can already 2931 * be chosen via transport mappings etc. 2932 */ 2933 #define VAR_BOUNCE_SERVICE "bounce_service_name" 2934 #define DEF_BOUNCE_SERVICE MAIL_SERVICE_BOUNCE 2935 extern char *var_bounce_service; 2936 2937 #define VAR_CLEANUP_SERVICE "cleanup_service_name" 2938 #define DEF_CLEANUP_SERVICE MAIL_SERVICE_CLEANUP 2939 extern char *var_cleanup_service; 2940 2941 #define VAR_DEFER_SERVICE "defer_service_name" 2942 #define DEF_DEFER_SERVICE MAIL_SERVICE_DEFER 2943 extern char *var_defer_service; 2944 2945 #define VAR_PICKUP_SERVICE "pickup_service_name" 2946 #define DEF_PICKUP_SERVICE MAIL_SERVICE_PICKUP 2947 extern char *var_pickup_service; 2948 2949 #define VAR_QUEUE_SERVICE "queue_service_name" 2950 #define DEF_QUEUE_SERVICE MAIL_SERVICE_QUEUE 2951 extern char *var_queue_service; 2952 2953 /* XXX resolve does not exist as a separate service */ 2954 2955 #define VAR_REWRITE_SERVICE "rewrite_service_name" 2956 #define DEF_REWRITE_SERVICE MAIL_SERVICE_REWRITE 2957 extern char *var_rewrite_service; 2958 2959 #define VAR_SHOWQ_SERVICE "showq_service_name" 2960 #define DEF_SHOWQ_SERVICE MAIL_SERVICE_SHOWQ 2961 extern char *var_showq_service; 2962 2963 #define VAR_ERROR_SERVICE "error_service_name" 2964 #define DEF_ERROR_SERVICE MAIL_SERVICE_ERROR 2965 extern char *var_error_service; 2966 2967 #define VAR_FLUSH_SERVICE "flush_service_name" 2968 #define DEF_FLUSH_SERVICE MAIL_SERVICE_FLUSH 2969 extern char *var_flush_service; 2970 2971 /* 2972 * Session cache service. 2973 */ 2974 #define VAR_SCACHE_SERVICE "connection_cache_service_name" 2975 #define DEF_SCACHE_SERVICE "scache" 2976 extern char *var_scache_service; 2977 2978 #define VAR_SCACHE_PROTO_TMOUT "connection_cache_protocol_timeout" 2979 #define DEF_SCACHE_PROTO_TMOUT "5s" 2980 extern int var_scache_proto_tmout; 2981 2982 #define VAR_SCACHE_TTL_LIM "connection_cache_ttl_limit" 2983 #define DEF_SCACHE_TTL_LIM "2s" 2984 extern int var_scache_ttl_lim; 2985 2986 #define VAR_SCACHE_STAT_TIME "connection_cache_status_update_time" 2987 #define DEF_SCACHE_STAT_TIME "600s" 2988 extern int var_scache_stat_time; 2989 2990 #define VAR_VRFY_PEND_LIMIT "address_verify_pending_request_limit" 2991 #define DEF_VRFY_PEND_LIMIT (DEF_QMGR_ACT_LIMIT / 4) 2992 extern int var_vrfy_pend_limit; 2993 2994 /* 2995 * Address verification service. 2996 */ 2997 #define VAR_VERIFY_SERVICE "address_verify_service_name" 2998 #define DEF_VERIFY_SERVICE MAIL_SERVICE_VERIFY 2999 extern char *var_verify_service; 3000 3001 #define VAR_VERIFY_MAP "address_verify_map" 3002 #define DEF_VERIFY_MAP "$" VAR_CACHE_DB_TYPE ":$data_directory/verify_cache" 3003 extern char *var_verify_map; 3004 3005 #define VAR_VERIFY_POS_EXP "address_verify_positive_expire_time" 3006 #define DEF_VERIFY_POS_EXP "31d" 3007 extern int var_verify_pos_exp; 3008 3009 #define VAR_VERIFY_POS_TRY "address_verify_positive_refresh_time" 3010 #define DEF_VERIFY_POS_TRY "7d" 3011 extern int var_verify_pos_try; 3012 3013 #define VAR_VERIFY_NEG_EXP "address_verify_negative_expire_time" 3014 #define DEF_VERIFY_NEG_EXP "3d" 3015 extern int var_verify_neg_exp; 3016 3017 #define VAR_VERIFY_NEG_TRY "address_verify_negative_refresh_time" 3018 #define DEF_VERIFY_NEG_TRY "3h" 3019 extern int var_verify_neg_try; 3020 3021 #define VAR_VERIFY_NEG_CACHE "address_verify_negative_cache" 3022 #define DEF_VERIFY_NEG_CACHE 1 3023 extern bool var_verify_neg_cache; 3024 3025 #define VAR_VERIFY_SCAN_CACHE "address_verify_cache_cleanup_interval" 3026 #define DEF_VERIFY_SCAN_CACHE "12h" 3027 extern int var_verify_scan_cache; 3028 3029 #define VAR_VERIFY_SENDER "address_verify_sender" 3030 #define DEF_VERIFY_SENDER "$" VAR_DOUBLE_BOUNCE 3031 extern char *var_verify_sender; 3032 3033 #define VAR_VERIFY_SENDER_TTL "address_verify_sender_ttl" 3034 #define DEF_VERIFY_SENDER_TTL "0s" 3035 extern int var_verify_sender_ttl; 3036 3037 #define VAR_VERIFY_POLL_COUNT "address_verify_poll_count" 3038 #define DEF_VERIFY_POLL_COUNT "${stress?{1}:{3}}" 3039 extern int var_verify_poll_count; 3040 3041 #define VAR_VERIFY_POLL_DELAY "address_verify_poll_delay" 3042 #define DEF_VERIFY_POLL_DELAY "3s" 3043 extern int var_verify_poll_delay; 3044 3045 #define VAR_VRFY_LOCAL_XPORT "address_verify_local_transport" 3046 #define DEF_VRFY_LOCAL_XPORT "$" VAR_LOCAL_TRANSPORT 3047 extern char *var_vrfy_local_xport; 3048 3049 #define VAR_VRFY_VIRT_XPORT "address_verify_virtual_transport" 3050 #define DEF_VRFY_VIRT_XPORT "$" VAR_VIRT_TRANSPORT 3051 extern char *var_vrfy_virt_xport; 3052 3053 #define VAR_VRFY_RELAY_XPORT "address_verify_relay_transport" 3054 #define DEF_VRFY_RELAY_XPORT "$" VAR_RELAY_TRANSPORT 3055 extern char *var_vrfy_relay_xport; 3056 3057 #define VAR_VRFY_DEF_XPORT "address_verify_default_transport" 3058 #define DEF_VRFY_DEF_XPORT "$" VAR_DEF_TRANSPORT 3059 extern char *var_vrfy_def_xport; 3060 3061 #define VAR_VRFY_SND_DEF_XPORT_MAPS "address_verify_" VAR_SND_DEF_XPORT_MAPS 3062 #define DEF_VRFY_SND_DEF_XPORT_MAPS "$" VAR_SND_DEF_XPORT_MAPS 3063 extern char *var_snd_def_xport_maps; 3064 3065 #define VAR_VRFY_RELAYHOST "address_verify_relayhost" 3066 #define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST 3067 extern char *var_vrfy_relayhost; 3068 3069 #define VAR_VRFY_RELAY_MAPS "address_verify_sender_dependent_relayhost_maps" 3070 #define DEF_VRFY_RELAY_MAPS "$" VAR_SND_RELAY_MAPS 3071 extern char *var_vrfy_relay_maps; 3072 3073 #define VAR_VRFY_XPORT_MAPS "address_verify_transport_maps" 3074 #define DEF_VRFY_XPORT_MAPS "$" VAR_TRANSPORT_MAPS 3075 extern char *var_vrfy_xport_maps; 3076 3077 #define SMTP_VRFY_TGT_RCPT "rcpt" 3078 #define SMTP_VRFY_TGT_DATA "data" 3079 #define VAR_LMTP_VRFY_TGT "lmtp_address_verify_target" 3080 #define DEF_LMTP_VRFY_TGT SMTP_VRFY_TGT_RCPT 3081 #define VAR_SMTP_VRFY_TGT "smtp_address_verify_target" 3082 #define DEF_SMTP_VRFY_TGT SMTP_VRFY_TGT_RCPT 3083 extern char *var_smtp_vrfy_tgt; 3084 3085 /* 3086 * Message delivery trace service. 3087 */ 3088 #define VAR_TRACE_SERVICE "trace_service_name" 3089 #define DEF_TRACE_SERVICE MAIL_SERVICE_TRACE 3090 extern char *var_trace_service; 3091 3092 /* 3093 * Proxymappers. 3094 */ 3095 #define VAR_PROXYMAP_SERVICE "proxymap_service_name" 3096 #define DEF_PROXYMAP_SERVICE MAIL_SERVICE_PROXYMAP 3097 extern char *var_proxymap_service; 3098 3099 #define VAR_PROXYWRITE_SERVICE "proxywrite_service_name" 3100 #define DEF_PROXYWRITE_SERVICE MAIL_SERVICE_PROXYWRITE 3101 extern char *var_proxywrite_service; 3102 3103 /* 3104 * Mailbox/maildir delivery errors that cause delivery to be tried again. 3105 */ 3106 #define VAR_MBX_DEFER_ERRS "mailbox_defer_errors" 3107 #define DEF_MBX_DEFER_ERRS "eagain, enospc, estale" 3108 extern char *var_mbx_defer_errs; 3109 3110 #define VAR_MDR_DEFER_ERRS "maildir_defer_errors" 3111 #define DEF_MDR_DEFER_ERRS "enospc, estale" 3112 extern char *var_mdr_defer_errs; 3113 3114 /* 3115 * Berkeley DB memory pool sizes. 3116 */ 3117 #define VAR_DB_CREATE_BUF "berkeley_db_create_buffer_size" 3118 #define DEF_DB_CREATE_BUF (16 * 1024 *1024) 3119 extern int var_db_create_buf; 3120 3121 #define VAR_DB_READ_BUF "berkeley_db_read_buffer_size" 3122 #define DEF_DB_READ_BUF (128 *1024) 3123 extern int var_db_read_buf; 3124 3125 /* 3126 * OpenLDAP LMDB settings. 3127 */ 3128 #define VAR_LMDB_MAP_SIZE "lmdb_map_size" 3129 #define DEF_LMDB_MAP_SIZE (16 * 1024 *1024) 3130 extern long var_lmdb_map_size; 3131 3132 /* 3133 * Named queue file attributes. 3134 */ 3135 #define VAR_QATTR_COUNT_LIMIT "queue_file_attribute_count_limit" 3136 #define DEF_QATTR_COUNT_LIMIT 100 3137 extern int var_qattr_count_limit; 3138 3139 /* 3140 * MIME support. 3141 */ 3142 #define VAR_MIME_MAXDEPTH "mime_nesting_limit" 3143 #define DEF_MIME_MAXDEPTH 100 3144 extern int var_mime_maxdepth; 3145 3146 #define VAR_MIME_BOUND_LEN "mime_boundary_length_limit" 3147 #define DEF_MIME_BOUND_LEN 2048 3148 extern int var_mime_bound_len; 3149 3150 #define VAR_DISABLE_MIME_INPUT "disable_mime_input_processing" 3151 #define DEF_DISABLE_MIME_INPUT 0 3152 extern bool var_disable_mime_input; 3153 3154 #define VAR_DISABLE_MIME_OCONV "disable_mime_output_conversion" 3155 #define DEF_DISABLE_MIME_OCONV 0 3156 extern bool var_disable_mime_oconv; 3157 3158 #define VAR_FORCE_MIME_ICONV "force_mime_input_conversion" 3159 #define DEF_FORCE_MIME_ICONV 0 3160 extern bool var_force_mime_iconv; 3161 3162 #define VAR_STRICT_8BITMIME "strict_8bitmime" 3163 #define DEF_STRICT_8BITMIME 0 3164 extern bool var_strict_8bitmime; 3165 3166 #define VAR_STRICT_7BIT_HDRS "strict_7bit_headers" 3167 #define DEF_STRICT_7BIT_HDRS 0 3168 extern bool var_strict_7bit_hdrs; 3169 3170 #define VAR_STRICT_8BIT_BODY "strict_8bitmime_body" 3171 #define DEF_STRICT_8BIT_BODY 0 3172 extern bool var_strict_8bit_body; 3173 3174 #define VAR_STRICT_ENCODING "strict_mime_encoding_domain" 3175 #define DEF_STRICT_ENCODING 0 3176 extern bool var_strict_encoding; 3177 3178 #define VAR_AUTO_8BIT_ENC_HDR "detect_8bit_encoding_header" 3179 #define DEF_AUTO_8BIT_ENC_HDR 1 3180 extern bool var_auto_8bit_enc_hdr; 3181 3182 /* 3183 * Bizarre. 3184 */ 3185 #define VAR_SENDER_ROUTING "sender_based_routing" 3186 #define DEF_SENDER_ROUTING 0 3187 extern bool var_sender_routing; 3188 3189 #define VAR_XPORT_NULL_KEY "transport_null_address_lookup_key" 3190 #define DEF_XPORT_NULL_KEY "<>" 3191 extern char *var_xport_null_key; 3192 3193 /* 3194 * Bounce service controls. 3195 */ 3196 #define VAR_OLDLOG_COMPAT "backwards_bounce_logfile_compatibility" 3197 #define DEF_OLDLOG_COMPAT 1 3198 extern bool var_oldlog_compat; 3199 3200 /* 3201 * SMTPD content proxy. 3202 */ 3203 #define VAR_SMTPD_PROXY_FILT "smtpd_proxy_filter" 3204 #define DEF_SMTPD_PROXY_FILT "" 3205 extern char *var_smtpd_proxy_filt; 3206 3207 #define VAR_SMTPD_PROXY_EHLO "smtpd_proxy_ehlo" 3208 #define DEF_SMTPD_PROXY_EHLO "$" VAR_MYHOSTNAME 3209 extern char *var_smtpd_proxy_ehlo; 3210 3211 #define VAR_SMTPD_PROXY_TMOUT "smtpd_proxy_timeout" 3212 #define DEF_SMTPD_PROXY_TMOUT "100s" 3213 extern int var_smtpd_proxy_tmout; 3214 3215 #define VAR_SMTPD_PROXY_OPTS "smtpd_proxy_options" 3216 #define DEF_SMTPD_PROXY_OPTS "" 3217 extern char *var_smtpd_proxy_opts; 3218 3219 /* 3220 * Transparency options for mail input interfaces and for the cleanup server 3221 * behind them. These should turn off stuff we don't want to happen, because 3222 * the default is to do a lot of things. 3223 */ 3224 #define VAR_INPUT_TRANSP "receive_override_options" 3225 #define DEF_INPUT_TRANSP "" 3226 extern char *var_smtpd_input_transp; 3227 3228 /* 3229 * SMTP server policy delegation. 3230 */ 3231 #define VAR_SMTPD_POLICY_TMOUT "smtpd_policy_service_timeout" 3232 #define DEF_SMTPD_POLICY_TMOUT "100s" 3233 extern int var_smtpd_policy_tmout; 3234 3235 #define VAR_SMTPD_POLICY_REQ_LIMIT "smtpd_policy_service_request_limit" 3236 #define DEF_SMTPD_POLICY_REQ_LIMIT 0 3237 extern int var_smtpd_policy_req_limit; 3238 3239 #define VAR_SMTPD_POLICY_IDLE "smtpd_policy_service_max_idle" 3240 #define DEF_SMTPD_POLICY_IDLE "300s" 3241 extern int var_smtpd_policy_idle; 3242 3243 #define VAR_SMTPD_POLICY_TTL "smtpd_policy_service_max_ttl" 3244 #define DEF_SMTPD_POLICY_TTL "1000s" 3245 extern int var_smtpd_policy_ttl; 3246 3247 #define VAR_SMTPD_POLICY_TRY_LIMIT "smtpd_policy_service_try_limit" 3248 #define DEF_SMTPD_POLICY_TRY_LIMIT 2 3249 extern int var_smtpd_policy_try_limit; 3250 3251 #define VAR_SMTPD_POLICY_TRY_DELAY "smtpd_policy_service_retry_delay" 3252 #define DEF_SMTPD_POLICY_TRY_DELAY "1s" 3253 extern int var_smtpd_policy_try_delay; 3254 3255 #define VAR_SMTPD_POLICY_DEF_ACTION "smtpd_policy_service_default_action" 3256 #define DEF_SMTPD_POLICY_DEF_ACTION "451 4.3.5 Server configuration problem" 3257 extern char *var_smtpd_policy_def_action; 3258 3259 #define VAR_SMTPD_POLICY_CONTEXT "smtpd_policy_service_policy_context" 3260 #define DEF_SMTPD_POLICY_CONTEXT "" 3261 extern char *var_smtpd_policy_context; 3262 3263 #define CHECK_POLICY_SERVICE "check_policy_service" 3264 3265 /* 3266 * Client rate control. 3267 */ 3268 #define VAR_SMTPD_CRATE_LIMIT "smtpd_client_connection_rate_limit" 3269 #define DEF_SMTPD_CRATE_LIMIT 0 3270 extern int var_smtpd_crate_limit; 3271 3272 #define VAR_SMTPD_CCONN_LIMIT "smtpd_client_connection_count_limit" 3273 #define DEF_SMTPD_CCONN_LIMIT ((DEF_PROC_LIMIT + 1) / 2) 3274 extern int var_smtpd_cconn_limit; 3275 3276 #define VAR_SMTPD_CMAIL_LIMIT "smtpd_client_message_rate_limit" 3277 #define DEF_SMTPD_CMAIL_LIMIT 0 3278 extern int var_smtpd_cmail_limit; 3279 3280 #define VAR_SMTPD_CRCPT_LIMIT "smtpd_client_recipient_rate_limit" 3281 #define DEF_SMTPD_CRCPT_LIMIT 0 3282 extern int var_smtpd_crcpt_limit; 3283 3284 #define VAR_SMTPD_CNTLS_LIMIT "smtpd_client_new_tls_session_rate_limit" 3285 #define DEF_SMTPD_CNTLS_LIMIT 0 3286 extern int var_smtpd_cntls_limit; 3287 3288 #define VAR_SMTPD_CAUTH_LIMIT "smtpd_client_auth_rate_limit" 3289 #define DEF_SMTPD_CAUTH_LIMIT 0 3290 extern int var_smtpd_cauth_limit; 3291 3292 #define VAR_SMTPD_CIPV4_PREFIX "smtpd_client_ipv4_prefix_length" 3293 #define DEF_SMTPD_CIPV4_PREFIX 32 3294 #define MAX_SMTPD_CIPV4_PREFIX 32 3295 extern int var_smtpd_cipv4_prefix; 3296 3297 #define VAR_SMTPD_CIPV6_PREFIX "smtpd_client_ipv6_prefix_length" 3298 #define DEF_SMTPD_CIPV6_PREFIX 84 3299 #define MAX_SMTPD_CIPV6_PREFIX 128 3300 extern int var_smtpd_cipv6_prefix; 3301 3302 #define VAR_SMTPD_HOGGERS "smtpd_client_event_limit_exceptions" 3303 #define DEF_SMTPD_HOGGERS "${smtpd_client_connection_limit_exceptions:$" VAR_MYNETWORKS "}" 3304 extern char *var_smtpd_hoggers; 3305 3306 #define VAR_ANVIL_TIME_UNIT "anvil_rate_time_unit" 3307 #define DEF_ANVIL_TIME_UNIT "60s" 3308 extern int var_anvil_time_unit; 3309 3310 #define VAR_ANVIL_STAT_TIME "anvil_status_update_time" 3311 #define DEF_ANVIL_STAT_TIME "600s" 3312 extern int var_anvil_stat_time; 3313 3314 /* 3315 * Temporary stop gap. 3316 */ 3317 #if 0 3318 #include <anvil_clnt.h> 3319 3320 #define VAR_ANVIL_SERVICE "client_connection_rate_service_name" 3321 #define DEF_ANVIL_SERVICE "local:" ANVIL_CLASS "/" ANVIL_SERVICE 3322 extern char *var_anvil_service; 3323 3324 #endif 3325 3326 /* 3327 * What domain names to assume when no valid domain context exists. 3328 */ 3329 #define VAR_REM_RWR_DOMAIN "remote_header_rewrite_domain" 3330 #define DEF_REM_RWR_DOMAIN "" 3331 extern char *var_remote_rwr_domain; 3332 3333 #define CHECK_ADDR_MAP "check_address_map" 3334 3335 #define VAR_LOC_RWR_CLIENTS "local_header_rewrite_clients" 3336 #define DEF_LOC_RWR_CLIENTS PERMIT_INET_INTERFACES 3337 extern char *var_local_rwr_clients; 3338 3339 /* 3340 * EHLO keyword filter. 3341 */ 3342 #define VAR_SMTPD_EHLO_DIS_WORDS "smtpd_discard_ehlo_keywords" 3343 #define DEF_SMTPD_EHLO_DIS_WORDS "" 3344 extern char *var_smtpd_ehlo_dis_words; 3345 3346 #define VAR_SMTPD_EHLO_DIS_MAPS "smtpd_discard_ehlo_keyword_address_maps" 3347 #define DEF_SMTPD_EHLO_DIS_MAPS "" 3348 extern char *var_smtpd_ehlo_dis_maps; 3349 3350 #define VAR_SMTP_EHLO_DIS_WORDS "smtp_discard_ehlo_keywords" 3351 #define DEF_SMTP_EHLO_DIS_WORDS "" 3352 #define VAR_LMTP_EHLO_DIS_WORDS "lmtp_discard_lhlo_keywords" 3353 #define DEF_LMTP_EHLO_DIS_WORDS "" 3354 extern char *var_smtp_ehlo_dis_words; 3355 3356 #define VAR_SMTP_EHLO_DIS_MAPS "smtp_discard_ehlo_keyword_address_maps" 3357 #define DEF_SMTP_EHLO_DIS_MAPS "" 3358 #define VAR_LMTP_EHLO_DIS_MAPS "lmtp_discard_lhlo_keyword_address_maps" 3359 #define DEF_LMTP_EHLO_DIS_MAPS "" 3360 extern char *var_smtp_ehlo_dis_maps; 3361 3362 /* 3363 * gcc workaround for warnings about empty or null format strings. 3364 */ 3365 extern const char null_format_string[1]; 3366 3367 /* 3368 * Characters to reject or strip. 3369 */ 3370 #define VAR_MSG_REJECT_CHARS "message_reject_characters" 3371 #define DEF_MSG_REJECT_CHARS "" 3372 extern char *var_msg_reject_chars; 3373 3374 #define VAR_MSG_STRIP_CHARS "message_strip_characters" 3375 #define DEF_MSG_STRIP_CHARS "" 3376 extern char *var_msg_strip_chars; 3377 3378 /* 3379 * Local forwarding complexity controls. 3380 */ 3381 #define VAR_FROZEN_DELIVERED "frozen_delivered_to" 3382 #define DEF_FROZEN_DELIVERED 1 3383 extern bool var_frozen_delivered; 3384 3385 #define VAR_RESET_OWNER_ATTR "reset_owner_alias" 3386 #define DEF_RESET_OWNER_ATTR 0 3387 extern bool var_reset_owner_attr; 3388 3389 /* 3390 * Delay logging time roundup. 3391 */ 3392 #define VAR_DELAY_MAX_RES "delay_logging_resolution_limit" 3393 #define MAX_DELAY_MAX_RES 6 3394 #define DEF_DELAY_MAX_RES 2 3395 #define MIN_DELAY_MAX_RES 0 3396 extern int var_delay_max_res; 3397 3398 /* 3399 * Bounce message templates. 3400 */ 3401 #define VAR_BOUNCE_TMPL "bounce_template_file" 3402 #define DEF_BOUNCE_TMPL "" 3403 extern char *var_bounce_tmpl; 3404 3405 /* 3406 * Sender-dependent authentication. 3407 */ 3408 #define VAR_SMTP_SENDER_AUTH "smtp_sender_dependent_authentication" 3409 #define DEF_SMTP_SENDER_AUTH 0 3410 #define VAR_LMTP_SENDER_AUTH "lmtp_sender_dependent_authentication" 3411 #define DEF_LMTP_SENDER_AUTH 0 3412 extern bool var_smtp_sender_auth; 3413 3414 /* 3415 * Allow CNAME lookup result to override the server hostname. 3416 */ 3417 #define VAR_SMTP_CNAME_OVERR "smtp_cname_overrides_servername" 3418 #define DEF_SMTP_CNAME_OVERR 0 3419 #define VAR_LMTP_CNAME_OVERR "lmtp_cname_overrides_servername" 3420 #define DEF_LMTP_CNAME_OVERR 0 3421 extern bool var_smtp_cname_overr; 3422 3423 /* 3424 * TLS library settings 3425 */ 3426 #define VAR_TLS_CNF_FILE "tls_config_file" 3427 #define DEF_TLS_CNF_FILE "default" 3428 extern char *var_tls_cnf_file; 3429 3430 #define VAR_TLS_CNF_NAME "tls_config_name" 3431 #define DEF_TLS_CNF_NAME "" 3432 extern char *var_tls_cnf_name; 3433 3434 /* 3435 * Deprecated and unused cipher, key exchange and public key algorithms 3436 */ 3437 #define TLS_EXCL_CIPHS ":!SEED:!IDEA:!3DES:!RC2:!RC4:!RC5" 3438 #define TLS_EXCL_KEXCH ":!kDH:!kECDH" 3439 #define TLS_EXCL_PKEYS ":!aDSS" 3440 #define TLS_EXCL_DGSTS ":!MD5" 3441 #define TLS_EXCL TLS_EXCL_CIPHS TLS_EXCL_REST 3442 #define TLS_EXCL_REST TLS_EXCL_KEXCH TLS_EXCL_PKEYS TLS_EXCL_DGSTS 3443 3444 #define VAR_TLS_HIGH_CLIST "tls_high_cipherlist" 3445 #define DEF_TLS_HIGH_CLIST "aNULL:-aNULL:HIGH" TLS_EXCL ":@STRENGTH" 3446 extern char *var_tls_high_clist; 3447 3448 #define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist" 3449 #define DEF_TLS_MEDIUM_CLIST "aNULL:-aNULL:HIGH:MEDIUM" TLS_EXCL ":+RC4:@STRENGTH" 3450 extern char *var_tls_medium_clist; 3451 3452 #define VAR_TLS_LOW_CLIST "tls_low_cipherlist" 3453 #define DEF_TLS_LOW_CLIST "" 3454 extern char *var_tls_low_ignored; 3455 3456 #define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist" 3457 #define DEF_TLS_EXPORT_CLIST "" 3458 extern char *var_tls_export_ignored; 3459 3460 #define VAR_TLS_NULL_CLIST "tls_null_cipherlist" 3461 #define DEF_TLS_NULL_CLIST "eNULL" TLS_EXCL_REST ":!aNULL" 3462 extern char *var_tls_null_clist; 3463 3464 #define VAR_TLS_EECDH_AUTO "tls_eecdh_auto_curves" 3465 #if OPENSSL_VERSION_PREREQ(3,5) 3466 #define DEF_TLS_EECDH_AUTO "?X25519MLKEM768:DEFAULT" 3467 #else 3468 #if defined(SN_X25519) && defined(NID_X25519) 3469 #define DEF_TLS_EECDH_AUTO_1 SN_X25519 " " 3470 #else 3471 #define DEF_TLS_EECDH_AUTO_1 "" 3472 #endif 3473 3474 #if defined(SN_X448) && defined(NID_X448) 3475 #define DEF_TLS_EECDH_AUTO_2 SN_X448 " " 3476 #else 3477 #define DEF_TLS_EECDH_AUTO_2 "" 3478 #endif 3479 3480 #if defined(SN_X9_62_prime256v1) && defined(NID_X9_62_prime256v1) 3481 #define DEF_TLS_EECDH_AUTO_3 SN_X9_62_prime256v1 " " 3482 #else 3483 #define DEF_TLS_EECDH_AUTO_3 "" 3484 #endif 3485 3486 #if defined(SN_secp384r1) && defined(NID_secp384r1) 3487 #define DEF_TLS_EECDH_AUTO_4 SN_secp384r1 " " 3488 #else 3489 #define DEF_TLS_EECDH_AUTO_4 "" 3490 #endif 3491 3492 #if defined(SN_secp521r1) && defined(NID_secp521r1) 3493 #define DEF_TLS_EECDH_AUTO_5 SN_secp521r1 " " 3494 #else 3495 #define DEF_TLS_EECDH_AUTO_5 "" 3496 #endif 3497 3498 #define DEF_TLS_EECDH_AUTO DEF_TLS_EECDH_AUTO_1 \ 3499 DEF_TLS_EECDH_AUTO_2 \ 3500 DEF_TLS_EECDH_AUTO_3 \ 3501 DEF_TLS_EECDH_AUTO_4 \ 3502 DEF_TLS_EECDH_AUTO_5 3503 #endif 3504 extern char *var_tls_eecdh_auto; 3505 3506 #define VAR_TLS_EECDH_STRONG "tls_eecdh_strong_curve" 3507 #define DEF_TLS_EECDH_STRONG "prime256v1" 3508 extern char *var_tls_eecdh_strong; 3509 3510 #define VAR_TLS_EECDH_ULTRA "tls_eecdh_ultra_curve" 3511 #define DEF_TLS_EECDH_ULTRA "secp384r1" 3512 extern char *var_tls_eecdh_ultra; 3513 3514 #define VAR_TLS_FFDHE_AUTO "tls_ffdhe_auto_groups" 3515 #if OPENSSL_VERSION_PREREQ(3,5) 3516 #define DEF_TLS_FFDHE_AUTO "" 3517 #else 3518 #if defined(SN_ffdhe2048) && defined(NID_ffdhe2048) 3519 #define DEF_TLS_FFDHE_AUTO_1 SN_ffdhe2048 " " 3520 #else 3521 #define DEF_TLS_FFDHE_AUTO_1 "" 3522 #endif 3523 #if defined(SN_ffdhe3072) && defined(NID_ffdhe3072) 3524 #define DEF_TLS_FFDHE_AUTO_2 SN_ffdhe3072 " " 3525 #else 3526 #define DEF_TLS_FFDHE_AUTO_2 "" 3527 #endif 3528 3529 #define DEF_TLS_FFDHE_AUTO DEF_TLS_FFDHE_AUTO_1 \ 3530 DEF_TLS_FFDHE_AUTO_2 3531 #endif 3532 extern char *var_tls_ffdhe_auto; 3533 3534 #define VAR_TLS_PREEMPT_CLIST "tls_preempt_cipherlist" 3535 #define DEF_TLS_PREEMPT_CLIST 0 3536 extern bool var_tls_preempt_clist; 3537 3538 #define VAR_TLS_MULTI_WILDCARD "tls_wildcard_matches_multiple_labels" 3539 #define DEF_TLS_MULTI_WILDCARD 1 3540 extern bool var_tls_multi_wildcard; 3541 3542 #define VAR_TLS_BUG_TWEAKS "tls_disable_workarounds" 3543 #define DEF_TLS_BUG_TWEAKS "" 3544 extern char *var_tls_bug_tweaks; 3545 3546 #define VAR_TLS_SSL_OPTIONS "tls_ssl_options" 3547 #define DEF_TLS_SSL_OPTIONS "" 3548 extern char *var_tls_ssl_options; 3549 3550 #define VAR_TLS_TKT_CIPHER "tls_session_ticket_cipher" 3551 #define DEF_TLS_TKT_CIPHER "aes-256-cbc" 3552 extern char *var_tls_tkt_cipher; 3553 3554 #define VAR_TLS_SERVER_SNI_MAPS "tls_server_sni_maps" 3555 #define DEF_TLS_SERVER_SNI_MAPS "" 3556 extern char *var_tls_server_sni_maps; 3557 3558 /* 3559 * Ordered list of DANE digest algorithms. 3560 */ 3561 #define VAR_TLS_DANE_DIGESTS "tls_dane_digests" 3562 #define DEF_TLS_DANE_DIGESTS "sha512 sha256" 3563 extern char *var_tls_dane_digests; 3564 3565 /* 3566 * The default is incompatible with pre-TLSv1.0 protocols. 3567 */ 3568 #define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown_enable" 3569 #define DEF_TLS_FAST_SHUTDOWN 1 3570 extern bool var_tls_fast_shutdown; 3571 3572 /* 3573 * Sendmail-style mail filter support. 3574 */ 3575 #define VAR_SMTPD_MILTERS "smtpd_milters" 3576 #define DEF_SMTPD_MILTERS "" 3577 extern char *var_smtpd_milters; 3578 3579 #define VAR_SMTPD_MILTER_MAPS "smtpd_milter_maps" 3580 #define DEF_SMTPD_MILTER_MAPS "" 3581 extern char *var_smtpd_milter_maps; 3582 3583 #define SMTPD_MILTERS_DISABLE "DISABLE" 3584 3585 #define VAR_CLEANUP_MILTERS "non_smtpd_milters" 3586 #define DEF_CLEANUP_MILTERS "" 3587 extern char *var_cleanup_milters; 3588 3589 #define VAR_MILT_DEF_ACTION "milter_default_action" 3590 #define DEF_MILT_DEF_ACTION "shutdown" 3591 extern char *var_milt_def_action; 3592 3593 #define VAR_MILT_CONN_MACROS "milter_connect_macros" 3594 #define DEF_MILT_CONN_MACROS "j {daemon_name} {daemon_addr} v _" 3595 extern char *var_milt_conn_macros; 3596 3597 #define VAR_MILT_HELO_MACROS "milter_helo_macros" 3598 #define DEF_MILT_HELO_MACROS "{tls_version} {cipher} {cipher_bits}" \ 3599 " {cert_subject} {cert_issuer}" 3600 extern char *var_milt_helo_macros; 3601 3602 #define VAR_MILT_MAIL_MACROS "milter_mail_macros" 3603 #define DEF_MILT_MAIL_MACROS "i {auth_type} {auth_authen}" \ 3604 " {auth_author} {mail_addr}" \ 3605 " {mail_host} {mail_mailer}" 3606 extern char *var_milt_mail_macros; 3607 3608 #define VAR_MILT_RCPT_MACROS "milter_rcpt_macros" 3609 #define DEF_MILT_RCPT_MACROS "i {rcpt_addr} {rcpt_host}" \ 3610 " {rcpt_mailer}" 3611 extern char *var_milt_rcpt_macros; 3612 3613 #define VAR_MILT_DATA_MACROS "milter_data_macros" 3614 #define DEF_MILT_DATA_MACROS "i" 3615 extern char *var_milt_data_macros; 3616 3617 #define VAR_MILT_UNK_MACROS "milter_unknown_command_macros" 3618 #define DEF_MILT_UNK_MACROS "" 3619 extern char *var_milt_unk_macros; 3620 3621 #define VAR_MILT_EOH_MACROS "milter_end_of_header_macros" 3622 #define DEF_MILT_EOH_MACROS "i" 3623 extern char *var_milt_eoh_macros; 3624 3625 #define VAR_MILT_EOD_MACROS "milter_end_of_data_macros" 3626 #define DEF_MILT_EOD_MACROS "i" 3627 extern char *var_milt_eod_macros; 3628 3629 #define VAR_MILT_CONN_TIME "milter_connect_timeout" 3630 #define DEF_MILT_CONN_TIME "30s" 3631 extern int var_milt_conn_time; 3632 3633 #define VAR_MILT_CMD_TIME "milter_command_timeout" 3634 #define DEF_MILT_CMD_TIME "30s" 3635 extern int var_milt_cmd_time; 3636 3637 #define VAR_MILT_MSG_TIME "milter_content_timeout" 3638 #define DEF_MILT_MSG_TIME "300s" 3639 extern int var_milt_msg_time; 3640 3641 #define VAR_MILT_PROTOCOL "milter_protocol" 3642 #define DEF_MILT_PROTOCOL "6" 3643 extern char *var_milt_protocol; 3644 3645 #define VAR_MILT_DAEMON_NAME "milter_macro_daemon_name" 3646 #define DEF_MILT_DAEMON_NAME "$" VAR_MYHOSTNAME 3647 extern char *var_milt_daemon_name; 3648 3649 #define VAR_MILT_V "milter_macro_v" 3650 #define DEF_MILT_V "$" VAR_MAIL_NAME " $" VAR_MAIL_VERSION 3651 extern char *var_milt_v; 3652 3653 #define VAR_MILT_HEAD_CHECKS "milter_header_checks" 3654 #define DEF_MILT_HEAD_CHECKS "" 3655 extern char *var_milt_head_checks; 3656 3657 #define VAR_MILT_MACRO_DEFLTS "milter_macro_defaults" 3658 #define DEF_MILT_MACRO_DEFLTS "" 3659 extern char *var_milt_macro_deflts; 3660 3661 /* 3662 * What internal mail do we inspect/stamp/etc.? This is not yet safe enough 3663 * to enable world-wide. 3664 */ 3665 #define INT_FILT_CLASS_NONE "" 3666 #define INT_FILT_CLASS_NOTIFY "notify" 3667 #define INT_FILT_CLASS_BOUNCE "bounce" 3668 3669 #define VAR_INT_FILT_CLASSES "internal_mail_filter_classes" 3670 #define DEF_INT_FILT_CLASSES INT_FILT_CLASS_NONE 3671 extern char *var_int_filt_classes; 3672 3673 /* 3674 * This could break logfile processors, so it's off by default. 3675 */ 3676 #define VAR_SMTPD_CLIENT_PORT_LOG "smtpd_client_port_logging" 3677 #define DEF_SMTPD_CLIENT_PORT_LOG 0 3678 extern bool var_smtpd_client_port_log; 3679 3680 #define VAR_QMQPD_CLIENT_PORT_LOG "qmqpd_client_port_logging" 3681 #define DEF_QMQPD_CLIENT_PORT_LOG 0 3682 extern bool var_qmqpd_client_port_log; 3683 3684 /* 3685 * Header/body checks in delivery agents. 3686 */ 3687 #define VAR_SMTP_HEAD_CHKS "smtp_header_checks" 3688 #define DEF_SMTP_HEAD_CHKS "" 3689 extern char *var_smtp_head_chks; 3690 3691 #define VAR_SMTP_MIME_CHKS "smtp_mime_header_checks" 3692 #define DEF_SMTP_MIME_CHKS "" 3693 extern char *var_smtp_mime_chks; 3694 3695 #define VAR_SMTP_NEST_CHKS "smtp_nested_header_checks" 3696 #define DEF_SMTP_NEST_CHKS "" 3697 extern char *var_smtp_nest_chks; 3698 3699 #define VAR_SMTP_BODY_CHKS "smtp_body_checks" 3700 #define DEF_SMTP_BODY_CHKS "" 3701 extern char *var_smtp_body_chks; 3702 3703 #define VAR_LMTP_HEAD_CHKS "lmtp_header_checks" 3704 #define DEF_LMTP_HEAD_CHKS "" 3705 #define VAR_LMTP_MIME_CHKS "lmtp_mime_header_checks" 3706 #define DEF_LMTP_MIME_CHKS "" 3707 #define VAR_LMTP_NEST_CHKS "lmtp_nested_header_checks" 3708 #define DEF_LMTP_NEST_CHKS "" 3709 #define VAR_LMTP_BODY_CHKS "lmtp_body_checks" 3710 #define DEF_LMTP_BODY_CHKS "" 3711 3712 #define VAR_SMTP_ADDR_PREF "smtp_address_preference" 3713 #ifdef HAS_IPV6 3714 #define DEF_SMTP_ADDR_PREF INET_PROTO_NAME_ANY 3715 #else 3716 #define DEF_SMTP_ADDR_PREF INET_PROTO_NAME_IPV4 3717 #endif 3718 extern char *var_smtp_addr_pref; 3719 3720 #define VAR_LMTP_ADDR_PREF "lmtp_address_preference" 3721 #define DEF_LMTP_ADDR_PREF DEF_SMTP_ADDR_PREF 3722 3723 /* 3724 * Scheduler concurrency feedback algorithms. 3725 */ 3726 #define VAR_CONC_POS_FDBACK "default_destination_concurrency_positive_feedback" 3727 #define _CONC_POS_FDBACK "_destination_concurrency_positive_feedback" 3728 #define DEF_CONC_POS_FDBACK "1" 3729 extern char *var_conc_pos_feedback; 3730 3731 #define VAR_CONC_NEG_FDBACK "default_destination_concurrency_negative_feedback" 3732 #define _CONC_NEG_FDBACK "_destination_concurrency_negative_feedback" 3733 #define DEF_CONC_NEG_FDBACK "1" 3734 extern char *var_conc_neg_feedback; 3735 3736 #define CONC_FDBACK_NAME_WIN "concurrency" 3737 #define CONC_FDBACK_NAME_SQRT_WIN "sqrt_concurrency" 3738 3739 #define VAR_CONC_COHORT_LIM "default_destination_concurrency_failed_cohort_limit" 3740 #define _CONC_COHORT_LIM "_destination_concurrency_failed_cohort_limit" 3741 #define DEF_CONC_COHORT_LIM 1 3742 extern int var_conc_cohort_limit; 3743 3744 #define VAR_CONC_FDBACK_DEBUG "destination_concurrency_feedback_debug" 3745 #define DEF_CONC_FDBACK_DEBUG 0 3746 extern bool var_conc_feedback_debug; 3747 3748 #define VAR_DEST_RATE_DELAY "default_destination_rate_delay" 3749 #define _DEST_RATE_DELAY "_destination_rate_delay" 3750 #define DEF_DEST_RATE_DELAY "0s" 3751 extern int var_dest_rate_delay; 3752 3753 #define VAR_XPORT_RATE_DELAY "default_transport_rate_delay" 3754 #define _XPORT_RATE_DELAY "_transport_rate_delay" 3755 #define DEF_XPORT_RATE_DELAY "0s" 3756 extern int var_xport_rate_delay; 3757 3758 /* 3759 * Stress handling. 3760 */ 3761 #define VAR_STRESS "stress" 3762 #define DEF_STRESS "" 3763 extern char *var_stress; 3764 3765 /* 3766 * Mailbox ownership. 3767 */ 3768 #define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership" 3769 #define DEF_STRICT_MBOX_OWNER 1 3770 extern bool var_strict_mbox_owner; 3771 3772 /* 3773 * Window scaling workaround. 3774 */ 3775 #define VAR_INET_WINDOW "tcp_windowsize" 3776 #define DEF_INET_WINDOW 0 3777 extern int var_inet_windowsize; 3778 3779 /* 3780 * Plug-in multi-instance support. Only the first two parameters are used by 3781 * Postfix itself; the other ones are reserved for the instance manager. 3782 */ 3783 #define VAR_MULTI_CONF_DIRS "multi_instance_directories" 3784 #define DEF_MULTI_CONF_DIRS "" 3785 extern char *var_multi_conf_dirs; 3786 3787 #define VAR_MULTI_WRAPPER "multi_instance_wrapper" 3788 #define DEF_MULTI_WRAPPER "" 3789 extern char *var_multi_wrapper; 3790 3791 #define VAR_MULTI_NAME "multi_instance_name" 3792 #define DEF_MULTI_NAME "" 3793 extern char *var_multi_name; 3794 3795 #define VAR_MULTI_GROUP "multi_instance_group" 3796 #define DEF_MULTI_GROUP "" 3797 extern char *var_multi_group; 3798 3799 #define VAR_MULTI_ENABLE "multi_instance_enable" 3800 #define DEF_MULTI_ENABLE 0 3801 extern bool var_multi_enable; 3802 3803 /* 3804 * postmulti(1) instance manager 3805 */ 3806 #define VAR_MULTI_START_CMDS "postmulti_start_commands" 3807 #define DEF_MULTI_START_CMDS "start" 3808 extern char *var_multi_start_cmds; 3809 3810 #define VAR_MULTI_STOP_CMDS "postmulti_stop_commands" 3811 #define DEF_MULTI_STOP_CMDS "stop abort drain quick-stop" 3812 extern char *var_multi_stop_cmds; 3813 3814 #define VAR_MULTI_CNTRL_CMDS "postmulti_control_commands" 3815 #define DEF_MULTI_CNTRL_CMDS "reload flush" 3816 extern char *var_multi_cntrl_cmds; 3817 3818 /* 3819 * postscreen(8) 3820 */ 3821 #define VAR_PSC_CACHE_MAP "postscreen_cache_map" 3822 #define DEF_PSC_CACHE_MAP "$" VAR_CACHE_DB_TYPE ":$data_directory/postscreen_cache" 3823 extern char *var_psc_cache_map; 3824 3825 #define VAR_SMTPD_SERVICE "smtpd_service_name" 3826 #define DEF_SMTPD_SERVICE "smtpd" 3827 extern char *var_smtpd_service; 3828 3829 #define VAR_PSC_POST_QLIMIT "postscreen_post_queue_limit" 3830 #define DEF_PSC_POST_QLIMIT "$" VAR_PROC_LIMIT 3831 extern int var_psc_post_queue_limit; 3832 3833 #define VAR_PSC_PRE_QLIMIT "postscreen_pre_queue_limit" 3834 #define DEF_PSC_PRE_QLIMIT "$" VAR_PROC_LIMIT 3835 extern int var_psc_pre_queue_limit; 3836 3837 #define VAR_PSC_CACHE_RET "postscreen_cache_retention_time" 3838 #define DEF_PSC_CACHE_RET "7d" 3839 extern int var_psc_cache_ret; 3840 3841 #define VAR_PSC_CACHE_SCAN "postscreen_cache_cleanup_interval" 3842 #define DEF_PSC_CACHE_SCAN "12h" 3843 extern int var_psc_cache_scan; 3844 3845 #define VAR_PSC_GREET_WAIT "postscreen_greet_wait" 3846 #define DEF_PSC_GREET_WAIT "${stress?{2}:{6}}s" 3847 extern int var_psc_greet_wait; 3848 3849 #define VAR_PSC_PREGR_BANNER "postscreen_greet_banner" 3850 #define DEF_PSC_PREGR_BANNER "$" VAR_SMTPD_BANNER 3851 extern char *var_psc_pregr_banner; 3852 3853 #define VAR_PSC_PREGR_ENABLE "postscreen_greet_enable" 3854 #define DEF_PSC_PREGR_ENABLE no 3855 extern char *var_psc_pregr_enable; 3856 3857 #define VAR_PSC_PREGR_ACTION "postscreen_greet_action" 3858 #define DEF_PSC_PREGR_ACTION "ignore" 3859 extern char *var_psc_pregr_action; 3860 3861 #define VAR_PSC_PREGR_TTL "postscreen_greet_ttl" 3862 #define DEF_PSC_PREGR_TTL "1d" 3863 extern int var_psc_pregr_ttl; 3864 3865 #define VAR_PSC_DNSBL_SITES "postscreen_dnsbl_sites" 3866 #define DEF_PSC_DNSBL_SITES "" 3867 extern char *var_psc_dnsbl_sites; 3868 3869 #define VAR_PSC_DNSBL_THRESH "postscreen_dnsbl_threshold" 3870 #define DEF_PSC_DNSBL_THRESH 1 3871 extern int var_psc_dnsbl_thresh; 3872 3873 #define VAR_PSC_DNSBL_WTHRESH "postscreen_dnsbl_whitelist_threshold" 3874 #define DEF_PSC_DNSBL_WTHRESH 0 3875 3876 #define VAR_PSC_DNSBL_ALTHRESH "postscreen_dnsbl_allowlist_threshold" 3877 #define DEF_PSC_DNSBL_ALTHRESH \ 3878 "${" VAR_PSC_DNSBL_WTHRESH "?{$" VAR_PSC_DNSBL_WTHRESH "}:{0}}" 3879 extern int var_psc_dnsbl_althresh; 3880 3881 #define VAR_PSC_DNSBL_ENABLE "postscreen_dnsbl_enable" 3882 #define DEF_PSC_DNSBL_ENABLE 0 3883 extern char *var_psc_dnsbl_enable; 3884 3885 #define VAR_PSC_DNSBL_ACTION "postscreen_dnsbl_action" 3886 #define DEF_PSC_DNSBL_ACTION "ignore" 3887 extern char *var_psc_dnsbl_action; 3888 3889 #define VAR_PSC_DNSBL_MIN_TTL "postscreen_dnsbl_min_ttl" 3890 #define DEF_PSC_DNSBL_MIN_TTL "60s" 3891 extern int var_psc_dnsbl_min_ttl; 3892 3893 #define VAR_PSC_DNSBL_MAX_TTL "postscreen_dnsbl_max_ttl" 3894 #define DEF_PSC_DNSBL_MAX_TTL "${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h" 3895 extern int var_psc_dnsbl_max_ttl; 3896 3897 #define VAR_PSC_DNSBL_REPLY "postscreen_dnsbl_reply_map" 3898 #define DEF_PSC_DNSBL_REPLY "" 3899 extern char *var_psc_dnsbl_reply; 3900 3901 #define VAR_PSC_DNSBL_TMOUT "postscreen_dnsbl_timeout" 3902 #define DEF_PSC_DNSBL_TMOUT "10s" 3903 extern int var_psc_dnsbl_tmout; 3904 3905 #define VAR_PSC_PIPEL_ENABLE "postscreen_pipelining_enable" 3906 #define DEF_PSC_PIPEL_ENABLE 0 3907 extern bool var_psc_pipel_enable; 3908 3909 #define VAR_PSC_PIPEL_ACTION "postscreen_pipelining_action" 3910 #define DEF_PSC_PIPEL_ACTION "enforce" 3911 extern char *var_psc_pipel_action; 3912 3913 #define VAR_PSC_PIPEL_TTL "postscreen_pipelining_ttl" 3914 #define DEF_PSC_PIPEL_TTL "30d" 3915 extern int var_psc_pipel_ttl; 3916 3917 #define VAR_PSC_NSMTP_ENABLE "postscreen_non_smtp_command_enable" 3918 #define DEF_PSC_NSMTP_ENABLE 0 3919 extern bool var_psc_nsmtp_enable; 3920 3921 #define VAR_PSC_NSMTP_ACTION "postscreen_non_smtp_command_action" 3922 #define DEF_PSC_NSMTP_ACTION "drop" 3923 extern char *var_psc_nsmtp_action; 3924 3925 #define VAR_PSC_NSMTP_TTL "postscreen_non_smtp_command_ttl" 3926 #define DEF_PSC_NSMTP_TTL "30d" 3927 extern int var_psc_nsmtp_ttl; 3928 3929 #define VAR_PSC_BARLF_ENABLE "postscreen_bare_newline_enable" 3930 #define DEF_PSC_BARLF_ENABLE 0 3931 extern bool var_psc_barlf_enable; 3932 3933 #define VAR_PSC_BARLF_ACTION "postscreen_bare_newline_action" 3934 #define DEF_PSC_BARLF_ACTION "ignore" 3935 extern char *var_psc_barlf_action; 3936 3937 #define VAR_PSC_BARLF_TTL "postscreen_bare_newline_ttl" 3938 #define DEF_PSC_BARLF_TTL "30d" 3939 extern int var_psc_barlf_ttl; 3940 3941 #define VAR_PSC_BLIST_ACTION "postscreen_blacklist_action" 3942 #define DEF_PSC_BLIST_ACTION "ignore" 3943 3944 #define VAR_PSC_DNLIST_ACTION "postscreen_denylist_action" 3945 #define DEF_PSC_DNLIST_ACTION \ 3946 "${" VAR_PSC_BLIST_ACTION "?{$" VAR_PSC_BLIST_ACTION "}:{" DEF_PSC_BLIST_ACTION "}}" 3947 extern char *var_psc_dnlist_nets; 3948 3949 #define VAR_PSC_CMD_COUNT "postscreen_command_count_limit" 3950 #define DEF_PSC_CMD_COUNT 20 3951 extern int var_psc_cmd_count; 3952 3953 #define VAR_PSC_CMD_TIME "postscreen_command_time_limit" 3954 #define DEF_PSC_CMD_TIME DEF_SMTPD_TMOUT 3955 extern int var_psc_cmd_time; 3956 3957 #define VAR_PSC_WATCHDOG "postscreen_watchdog_timeout" 3958 #define DEF_PSC_WATCHDOG "10s" 3959 extern int var_psc_watchdog; 3960 3961 #define VAR_PSC_EHLO_DIS_WORDS "postscreen_discard_ehlo_keywords" 3962 #define DEF_PSC_EHLO_DIS_WORDS "$" VAR_SMTPD_EHLO_DIS_WORDS 3963 extern char *var_psc_ehlo_dis_words; 3964 3965 #define VAR_PSC_EHLO_DIS_MAPS "postscreen_discard_ehlo_keyword_address_maps" 3966 #define DEF_PSC_EHLO_DIS_MAPS "$" VAR_SMTPD_EHLO_DIS_MAPS 3967 extern char *var_psc_ehlo_dis_maps; 3968 3969 #define VAR_PSC_TLS_LEVEL "postscreen_tls_security_level" 3970 #define DEF_PSC_TLS_LEVEL "$" VAR_SMTPD_TLS_LEVEL 3971 extern char *var_psc_tls_level; 3972 3973 #define VAR_PSC_USE_TLS "postscreen_use_tls" 3974 #define DEF_PSC_USE_TLS "$" VAR_SMTPD_USE_TLS 3975 extern bool var_psc_use_tls; 3976 3977 #define VAR_PSC_ENFORCE_TLS "postscreen_enforce_tls" 3978 #define DEF_PSC_ENFORCE_TLS "$" VAR_SMTPD_ENFORCE_TLS 3979 extern bool var_psc_enforce_tls; 3980 3981 #define VAR_PSC_FORBID_CMDS "postscreen_forbidden_commands" 3982 #define DEF_PSC_FORBID_CMDS "$" VAR_SMTPD_FORBID_CMDS 3983 extern char *var_psc_forbid_cmds; 3984 3985 #define VAR_PSC_HELO_REQUIRED "postscreen_helo_required" 3986 #define DEF_PSC_HELO_REQUIRED "$" VAR_HELO_REQUIRED 3987 extern bool var_psc_helo_required; 3988 3989 #define VAR_PSC_DISABLE_VRFY "postscreen_disable_vrfy_command" 3990 #define DEF_PSC_DISABLE_VRFY "$" VAR_DISABLE_VRFY_CMD 3991 extern bool var_psc_disable_vrfy; 3992 3993 #define VAR_PSC_CCONN_LIMIT "postscreen_client_connection_count_limit" 3994 #define DEF_PSC_CCONN_LIMIT "$" VAR_SMTPD_CCONN_LIMIT 3995 extern int var_psc_cconn_limit; 3996 3997 #define VAR_PSC_REJ_FOOTER "postscreen_reject_footer" 3998 #define DEF_PSC_REJ_FOOTER "$" VAR_SMTPD_REJ_FOOTER 3999 extern char *var_psc_rej_footer; 4000 4001 #define VAR_PSC_REJ_FTR_MAPS "postscreen_reject_footer_maps" 4002 #define DEF_PSC_REJ_FTR_MAPS "$" VAR_SMTPD_REJ_FTR_MAPS 4003 extern char *var_psc_rej_ftr_maps; 4004 4005 #define VAR_PSC_EXP_FILTER "postscreen_expansion_filter" 4006 #define DEF_PSC_EXP_FILTER "$" VAR_SMTPD_EXP_FILTER 4007 extern char *var_psc_exp_filter; 4008 4009 #define VAR_PSC_CMD_FILTER "postscreen_command_filter" 4010 #define DEF_PSC_CMD_FILTER "" 4011 extern char *var_psc_cmd_filter; 4012 4013 #define VAR_PSC_ACL "postscreen_access_list" 4014 #define DEF_PSC_ACL SERVER_ACL_NAME_WL_MYNETWORKS 4015 extern char *var_psc_acl; 4016 4017 #define VAR_PSC_WLIST_IF "postscreen_whitelist_interfaces" 4018 #define DEF_PSC_WLIST_IF "static:all" 4019 4020 #define VAR_PSC_ALLIST_IF "postscreen_allowlist_interfaces" 4021 #define DEF_PSC_ALLIST_IF \ 4022 "${" VAR_PSC_WLIST_IF "?{$" VAR_PSC_WLIST_IF "}:{" DEF_PSC_WLIST_IF "}}" 4023 extern char *var_psc_allist_if; 4024 4025 #define NOPROXY_PROTO_NAME "" 4026 4027 #define VAR_PSC_UPROXY_PROTO "postscreen_upstream_proxy_protocol" 4028 #define DEF_PSC_UPROXY_PROTO NOPROXY_PROTO_NAME 4029 extern char *var_psc_uproxy_proto; 4030 4031 #define VAR_PSC_UPROXY_TMOUT "postscreen_upstream_proxy_timeout" 4032 #define DEF_PSC_UPROXY_TMOUT "5s" 4033 extern int var_psc_uproxy_tmout; 4034 4035 #define VAR_RESPECTFUL_LOGGING "respectful_logging" 4036 #define DEF_RESPECTFUL_LOGGING \ 4037 "${{$compatibility_level} <level {3.6} ?" " {no} : {yes}}" 4038 extern bool var_respectful_logging; 4039 4040 #define VAR_DNSBLOG_SERVICE "dnsblog_service_name" 4041 #define DEF_DNSBLOG_SERVICE MAIL_SERVICE_DNSBLOG 4042 extern char *var_dnsblog_service; 4043 4044 #define VAR_DNSBLOG_DELAY "dnsblog_reply_delay" 4045 #define DEF_DNSBLOG_DELAY "0s" 4046 extern int var_dnsblog_delay; 4047 4048 #define VAR_TLSPROXY_SERVICE "tlsproxy_service_name" 4049 #define DEF_TLSPROXY_SERVICE MAIL_SERVICE_TLSPROXY 4050 extern char *var_tlsproxy_service; 4051 4052 #define VAR_TLSP_WATCHDOG "tlsproxy_watchdog_timeout" 4053 #define DEF_TLSP_WATCHDOG "10s" 4054 extern int var_tlsp_watchdog; 4055 4056 #define VAR_TLSP_TLS_LEVEL "tlsproxy_tls_security_level" 4057 #define DEF_TLSP_TLS_LEVEL "$" VAR_SMTPD_TLS_LEVEL 4058 extern char *var_tlsp_tls_level; 4059 4060 #define VAR_TLSP_USE_TLS "tlsproxy_use_tls" 4061 #define DEF_TLSP_USE_TLS "$" VAR_SMTPD_USE_TLS 4062 extern bool var_tlsp_use_tls; 4063 4064 #define VAR_TLSP_ENFORCE_TLS "tlsproxy_enforce_tls" 4065 #define DEF_TLSP_ENFORCE_TLS "$" VAR_SMTPD_ENFORCE_TLS 4066 extern bool var_tlsp_enforce_tls; 4067 4068 #define VAR_TLSP_TLS_ACERT "tlsproxy_tls_ask_ccert" 4069 #define DEF_TLSP_TLS_ACERT "$" VAR_SMTPD_TLS_ACERT 4070 extern bool var_tlsp_tls_ask_ccert; 4071 4072 #define VAR_TLSP_TLS_RCERT "tlsproxy_tls_req_ccert" 4073 #define DEF_TLSP_TLS_RCERT "$" VAR_SMTPD_TLS_RCERT 4074 extern bool var_tlsp_tls_req_ccert; 4075 4076 #define VAR_TLSP_TLS_ENABLE_RPK "tlsproxy_tls_enable_rpk" 4077 #define DEF_TLSP_TLS_ENABLE_RPK "$" VAR_SMTPD_TLS_ENABLE_RPK 4078 extern bool var_tlsp_tls_enable_rpk; 4079 4080 #define VAR_TLSP_TLS_CCERT_VD "tlsproxy_tls_ccert_verifydepth" 4081 #define DEF_TLSP_TLS_CCERT_VD "$" VAR_SMTPD_TLS_CCERT_VD 4082 extern int var_tlsp_tls_ccert_vd; 4083 4084 #define VAR_TLSP_TLS_CHAIN_FILES "tlsproxy_tls_chain_files" 4085 #define DEF_TLSP_TLS_CHAIN_FILES "$" VAR_SMTPD_TLS_CHAIN_FILES 4086 extern char *var_tlsp_tls_chain_files; 4087 4088 #define VAR_TLSP_TLS_CERT_FILE "tlsproxy_tls_cert_file" 4089 #define DEF_TLSP_TLS_CERT_FILE "$" VAR_SMTPD_TLS_CERT_FILE 4090 extern char *var_tlsp_tls_cert_file; 4091 4092 #define VAR_TLSP_TLS_KEY_FILE "tlsproxy_tls_key_file" 4093 #define DEF_TLSP_TLS_KEY_FILE "$" VAR_SMTPD_TLS_KEY_FILE 4094 extern char *var_tlsp_tls_key_file; 4095 4096 #define VAR_TLSP_TLS_DCERT_FILE "tlsproxy_tls_dcert_file" 4097 #define DEF_TLSP_TLS_DCERT_FILE "$" VAR_SMTPD_TLS_DCERT_FILE 4098 extern char *var_tlsp_tls_dcert_file; 4099 4100 #define VAR_TLSP_TLS_DKEY_FILE "tlsproxy_tls_dkey_file" 4101 #define DEF_TLSP_TLS_DKEY_FILE "$" VAR_SMTPD_TLS_DKEY_FILE 4102 extern char *var_tlsp_tls_dkey_file; 4103 4104 #define VAR_TLSP_TLS_ECCERT_FILE "tlsproxy_tls_eccert_file" 4105 #define DEF_TLSP_TLS_ECCERT_FILE "$" VAR_SMTPD_TLS_ECCERT_FILE 4106 extern char *var_tlsp_tls_eccert_file; 4107 4108 #define VAR_TLSP_TLS_ECKEY_FILE "tlsproxy_tls_eckey_file" 4109 #define DEF_TLSP_TLS_ECKEY_FILE "$" VAR_SMTPD_TLS_ECKEY_FILE 4110 extern char *var_tlsp_tls_eckey_file; 4111 4112 #define DEF_TLSP_TLS_ECKEY_FILE "$" VAR_SMTPD_TLS_ECKEY_FILE 4113 extern char *var_tlsp_tls_eckey_file; 4114 4115 #define VAR_TLSP_TLS_CA_FILE "tlsproxy_tls_CAfile" 4116 #define DEF_TLSP_TLS_CA_FILE "$" VAR_SMTPD_TLS_CA_FILE 4117 extern char *var_tlsp_tls_CAfile; 4118 4119 #define VAR_TLSP_TLS_CA_PATH "tlsproxy_tls_CApath" 4120 #define DEF_TLSP_TLS_CA_PATH "$" VAR_SMTPD_TLS_CA_PATH 4121 extern char *var_tlsp_tls_CApath; 4122 4123 #define VAR_TLSP_TLS_PROTO "tlsproxy_tls_protocols" 4124 #define DEF_TLSP_TLS_PROTO "$" VAR_SMTPD_TLS_PROTO 4125 extern char *var_tlsp_tls_proto; 4126 4127 #define VAR_TLSP_TLS_MAND_PROTO "tlsproxy_tls_mandatory_protocols" 4128 #define DEF_TLSP_TLS_MAND_PROTO "$" VAR_SMTPD_TLS_MAND_PROTO 4129 extern char *var_tlsp_tls_mand_proto; 4130 4131 #define VAR_TLSP_TLS_CIPH "tlsproxy_tls_ciphers" 4132 #define DEF_TLSP_TLS_CIPH "$" VAR_SMTPD_TLS_CIPH 4133 extern char *var_tlsp_tls_ciph; 4134 4135 #define VAR_TLSP_TLS_MAND_CIPH "tlsproxy_tls_mandatory_ciphers" 4136 #define DEF_TLSP_TLS_MAND_CIPH "$" VAR_SMTPD_TLS_MAND_CIPH 4137 extern char *var_tlsp_tls_mand_ciph; 4138 4139 #define VAR_TLSP_TLS_EXCL_CIPH "tlsproxy_tls_exclude_ciphers" 4140 #define DEF_TLSP_TLS_EXCL_CIPH "$" VAR_SMTPD_TLS_EXCL_CIPH 4141 extern char *var_tlsp_tls_excl_ciph; 4142 4143 #define VAR_TLSP_TLS_MAND_EXCL "tlsproxy_tls_mandatory_exclude_ciphers" 4144 #define DEF_TLSP_TLS_MAND_EXCL "$" VAR_SMTPD_TLS_MAND_EXCL 4145 extern char *var_tlsp_tls_mand_excl; 4146 4147 #define VAR_TLSP_TLS_FPT_DGST "tlsproxy_tls_fingerprint_digest" 4148 #define DEF_TLSP_TLS_FPT_DGST "$" VAR_SMTPD_TLS_FPT_DGST 4149 extern char *var_tlsp_tls_fpt_dgst; 4150 4151 #define VAR_TLSP_TLS_512_FILE "tlsproxy_tls_dh512_param_file" 4152 #define DEF_TLSP_TLS_512_FILE "$" VAR_SMTPD_TLS_512_FILE 4153 extern char *var_tlsp_tls_dh512_param_file; 4154 4155 #define VAR_TLSP_TLS_1024_FILE "tlsproxy_tls_dh1024_param_file" 4156 #define DEF_TLSP_TLS_1024_FILE "$" VAR_SMTPD_TLS_1024_FILE 4157 extern char *var_tlsp_tls_dh1024_param_file; 4158 4159 #define VAR_TLSP_TLS_EECDH "tlsproxy_tls_eecdh_grade" 4160 #define DEF_TLSP_TLS_EECDH "$" VAR_SMTPD_TLS_EECDH 4161 extern char *var_tlsp_tls_eecdh; 4162 4163 #define VAR_TLSP_TLS_LOGLEVEL "tlsproxy_tls_loglevel" 4164 #define DEF_TLSP_TLS_LOGLEVEL "$" VAR_SMTPD_TLS_LOGLEVEL 4165 extern char *var_tlsp_tls_loglevel; 4166 4167 #define VAR_TLSP_TLS_RECHEAD "tlsproxy_tls_received_header" 4168 #define DEF_TLSP_TLS_RECHEAD "$" VAR_SMTPD_TLS_RECHEAD 4169 extern bool var_tlsp_tls_received_header; 4170 4171 #define VAR_TLSP_TLS_SET_SESSID "tlsproxy_tls_always_issue_session_ids" 4172 #define DEF_TLSP_TLS_SET_SESSID "$" VAR_SMTPD_TLS_SET_SESSID 4173 extern bool var_tlsp_tls_set_sessid; 4174 4175 /* 4176 * Workaround for tlsproxy(8) pre-jail client certs/keys access. 4177 */ 4178 #define VAR_TLSP_CLNT_LOGLEVEL "tlsproxy_client_loglevel" 4179 #define DEF_TLSP_CLNT_LOGLEVEL "$" VAR_SMTP_TLS_LOGLEVEL 4180 extern char *var_tlsp_clnt_loglevel; 4181 4182 #define VAR_TLSP_CLNT_LOGPARAM "tlsproxy_client_loglevel_parameter" 4183 #define DEF_TLSP_CLNT_LOGPARAM VAR_SMTP_TLS_LOGLEVEL 4184 extern char *var_tlsp_clnt_logparam; 4185 4186 #define VAR_TLSP_CLNT_SCERT_VD "tlsproxy_client_scert_verifydepth" 4187 #define DEF_TLSP_CLNT_SCERT_VD "$" VAR_SMTP_TLS_SCERT_VD 4188 extern int var_tlsp_clnt_scert_vd; 4189 4190 #define VAR_TLSP_CLNT_CHAIN_FILES "tlsproxy_client_chain_files" 4191 #define DEF_TLSP_CLNT_CHAIN_FILES "$" VAR_SMTP_TLS_CHAIN_FILES 4192 extern char *var_tlsp_clnt_chain_files; 4193 4194 #define VAR_TLSP_CLNT_CERT_FILE "tlsproxy_client_cert_file" 4195 #define DEF_TLSP_CLNT_CERT_FILE "$" VAR_SMTP_TLS_CERT_FILE 4196 extern char *var_tlsp_clnt_cert_file; 4197 4198 #define VAR_TLSP_CLNT_KEY_FILE "tlsproxy_client_key_file" 4199 #define DEF_TLSP_CLNT_KEY_FILE "$" VAR_SMTP_TLS_KEY_FILE 4200 extern char *var_tlsp_clnt_key_file; 4201 4202 #define VAR_TLSP_CLNT_DCERT_FILE "tlsproxy_client_dcert_file" 4203 #define DEF_TLSP_CLNT_DCERT_FILE "$" VAR_SMTP_TLS_DCERT_FILE 4204 extern char *var_tlsp_clnt_dcert_file; 4205 4206 #define VAR_TLSP_CLNT_DKEY_FILE "tlsproxy_client_dkey_file" 4207 #define DEF_TLSP_CLNT_DKEY_FILE "$" VAR_SMTP_TLS_DKEY_FILE 4208 extern char *var_tlsp_clnt_dkey_file; 4209 4210 #define VAR_TLSP_CLNT_ECCERT_FILE "tlsproxy_client_eccert_file" 4211 #define DEF_TLSP_CLNT_ECCERT_FILE "$" VAR_SMTP_TLS_ECCERT_FILE 4212 extern char *var_tlsp_clnt_eccert_file; 4213 4214 #define VAR_TLSP_CLNT_ECKEY_FILE "tlsproxy_client_eckey_file" 4215 #define DEF_TLSP_CLNT_ECKEY_FILE "$" VAR_SMTP_TLS_ECKEY_FILE 4216 extern char *var_tlsp_clnt_eckey_file; 4217 4218 #define VAR_TLSP_CLNT_CAFILE "tlsproxy_client_CAfile" 4219 #define DEF_TLSP_CLNT_CAFILE "$" VAR_SMTP_TLS_CA_FILE 4220 extern char *var_tlsp_clnt_CAfile; 4221 4222 #define VAR_TLSP_CLNT_CAPATH "tlsproxy_client_CApath" 4223 #define DEF_TLSP_CLNT_CAPATH "$" VAR_SMTP_TLS_CA_PATH 4224 extern char *var_tlsp_clnt_CApath; 4225 4226 #define VAR_TLSP_CLNT_FPT_DGST "tlsproxy_client_fingerprint_digest" 4227 #define DEF_TLSP_CLNT_FPT_DGST "$" VAR_SMTP_TLS_FPT_DGST 4228 extern char *var_tlsp_clnt_fpt_dgst; 4229 4230 #define VAR_TLSP_CLNT_USE_TLS "tlsproxy_client_use_tls" 4231 #define DEF_TLSP_CLNT_USE_TLS "$" VAR_SMTP_USE_TLS 4232 extern bool var_tlsp_clnt_use_tls; 4233 4234 #define VAR_TLSP_CLNT_ENFORCE_TLS "tlsproxy_client_enforce_tls" 4235 #define DEF_TLSP_CLNT_ENFORCE_TLS "$" VAR_SMTP_ENFORCE_TLS 4236 extern bool var_tlsp_clnt_enforce_tls; 4237 4238 /* Migrate an incorrect name. */ 4239 #define OBS_TLSP_CLNT_LEVEL "tlsproxy_client_level" 4240 #define VAR_TLSP_CLNT_LEVEL "tlsproxy_client_security_level" 4241 #define DEF_TLSP_CLNT_LEVEL "${" OBS_TLSP_CLNT_LEVEL "?{$" \ 4242 OBS_TLSP_CLNT_LEVEL "}:{$" \ 4243 VAR_SMTP_TLS_LEVEL "}}" 4244 extern char *var_tlsp_clnt_level; 4245 4246 #define VAR_TLSP_CLNT_PER_SITE "tlsproxy_client_per_site" 4247 #define DEF_TLSP_CLNT_PER_SITE "$" VAR_SMTP_TLS_PER_SITE 4248 extern char *var_tlsp_clnt_per_site; 4249 4250 /* Migrate an incorrect name. */ 4251 #define OBS_TLSP_CLNT_POLICY "tlsproxy_client_policy" 4252 #define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy_maps" 4253 #define DEF_TLSP_CLNT_POLICY "${" OBS_TLSP_CLNT_POLICY "?{$" \ 4254 OBS_TLSP_CLNT_POLICY "}:{$" \ 4255 VAR_SMTP_TLS_POLICY "}}" 4256 extern char *var_tlsp_clnt_policy; 4257 4258 /* 4259 * SMTPD "reject" contact info. 4260 */ 4261 #define VAR_SMTPD_REJ_FOOTER "smtpd_reject_footer" 4262 #define DEF_SMTPD_REJ_FOOTER "" 4263 extern char *var_smtpd_rej_footer; 4264 4265 #define VAR_SMTPD_REJ_FTR_MAPS "smtpd_reject_footer_maps" 4266 #define DEF_SMTPD_REJ_FTR_MAPS "" 4267 extern char *var_smtpd_rej_ftr_maps; 4268 4269 /* 4270 * Per-record time limit support. 4271 */ 4272 #define VAR_SMTPD_REC_DEADLINE "smtpd_per_record_deadline" 4273 #define DEF_SMTPD_REC_DEADLINE "${stress?{yes}:{no}}" 4274 extern bool var_smtpd_rec_deadline; 4275 4276 #define VAR_SMTP_REC_DEADLINE "smtp_per_record_deadline" 4277 #define DEF_SMTP_REC_DEADLINE 0 4278 #define VAR_LMTP_REC_DEADLINE "lmtp_per_record_deadline" 4279 #define DEF_LMTP_REC_DEADLINE 0 4280 extern bool var_smtp_rec_deadline; 4281 4282 #define VAR_SMTPD_REQ_DEADLINE "smtpd_per_request_deadline" 4283 #define DEF_SMTPD_REQ_DEADLINE "${smtpd_per_record_deadline?" \ 4284 "{$smtpd_per_record_deadline}:" \ 4285 "{${stress?{yes}:{no}}}}" 4286 extern bool var_smtpd_req_deadline; 4287 4288 #define VAR_SMTP_REQ_DEADLINE "smtp_per_request_deadline" 4289 #define DEF_SMTP_REQ_DEADLINE "${smtp_per_record_deadline?" \ 4290 "{$smtp_per_record_deadline}:{no}}" 4291 #define VAR_LMTP_REQ_DEADLINE "lmtp_per_request_deadline" 4292 #define DEF_LMTP_REQ_DEADLINE "${lmtp_per_record_deadline?" \ 4293 "{$lmtp_per_record_deadline}:{no}}" 4294 extern bool var_smtp_req_deadline; 4295 4296 #define VAR_SMTPD_MIN_DATA_RATE "smtpd_min_data_rate" 4297 #define DEF_SMTPD_MIN_DATA_RATE 500 4298 extern int var_smtpd_min_data_rate; 4299 4300 #define VAR_SMTP_MIN_DATA_RATE "smtp_min_data_rate" 4301 #define DEF_SMTP_MIN_DATA_RATE 500 4302 #define VAR_LMTP_MIN_DATA_RATE "lmtp_min_data_rate" 4303 #define DEF_LMTP_MIN_DATA_RATE 500 4304 extern int var_smtp_min_data_rate; 4305 4306 /* 4307 * Permit logging. 4308 */ 4309 #define VAR_SMTPD_ACL_PERM_LOG "smtpd_log_access_permit_actions" 4310 #define DEF_SMTPD_ACL_PERM_LOG "" 4311 extern char *var_smtpd_acl_perm_log; 4312 4313 /* 4314 * Before-smtpd proxy support. 4315 */ 4316 #define VAR_SMTPD_UPROXY_PROTO "smtpd_upstream_proxy_protocol" 4317 #define DEF_SMTPD_UPROXY_PROTO "" 4318 extern char *var_smtpd_uproxy_proto; 4319 4320 #define VAR_SMTPD_UPROXY_TMOUT "smtpd_upstream_proxy_timeout" 4321 #define DEF_SMTPD_UPROXY_TMOUT "5s" 4322 extern int var_smtpd_uproxy_tmout; 4323 4324 /* 4325 * Postfix sendmail command compatibility features. 4326 */ 4327 #define SM_FIX_EOL_STRICT "strict" 4328 #define SM_FIX_EOL_NEVER "never" 4329 #define SM_FIX_EOL_ALWAYS "always" 4330 4331 #define VAR_SM_FIX_EOL "sendmail_fix_line_endings" 4332 #define DEF_SM_FIX_EOL SM_FIX_EOL_ALWAYS 4333 extern char *var_sm_fix_eol; 4334 4335 /* 4336 * Gradual degradation, or fatal exit after table open error? 4337 */ 4338 #define VAR_DAEMON_OPEN_FATAL "daemon_table_open_error_is_fatal" 4339 #define DEF_DAEMON_OPEN_FATAL 0 4340 extern bool var_daemon_open_fatal; 4341 4342 /* 4343 * Optional delivery status filter. 4344 */ 4345 #define VAR_DSN_FILTER "default_delivery_status_filter" 4346 #define DEF_DSN_FILTER "" 4347 extern char *var_dsn_filter; 4348 4349 #define VAR_SMTP_DSN_FILTER "smtp_delivery_status_filter" 4350 #define DEF_SMTP_DSN_FILTER "$" VAR_DSN_FILTER 4351 #define VAR_LMTP_DSN_FILTER "lmtp_delivery_status_filter" 4352 #define DEF_LMTP_DSN_FILTER "$" VAR_DSN_FILTER 4353 extern char *var_smtp_dsn_filter; 4354 4355 #define VAR_PIPE_DSN_FILTER "pipe_delivery_status_filter" 4356 #define DEF_PIPE_DSN_FILTER "$" VAR_DSN_FILTER 4357 extern char *var_pipe_dsn_filter; 4358 4359 #define VAR_VIRT_DSN_FILTER "virtual_delivery_status_filter" 4360 #define DEF_VIRT_DSN_FILTER "$" VAR_DSN_FILTER 4361 extern char *var_virt_dsn_filter; 4362 4363 #define VAR_LOCAL_DSN_FILTER "local_delivery_status_filter" 4364 #define DEF_LOCAL_DSN_FILTER "$" VAR_DSN_FILTER 4365 extern char *var_local_dsn_filter; 4366 4367 /* 4368 * Optional DNS reply filter. 4369 */ 4370 #define VAR_SMTP_DNS_RE_FILTER "smtp_dns_reply_filter" 4371 #define DEF_SMTP_DNS_RE_FILTER "" 4372 #define VAR_LMTP_DNS_RE_FILTER "lmtp_dns_reply_filter" 4373 #define DEF_LMTP_DNS_RE_FILTER "" 4374 extern char *var_smtp_dns_re_filter; 4375 4376 #define VAR_SMTPD_DNS_RE_FILTER "smtpd_dns_reply_filter" 4377 #define DEF_SMTPD_DNS_RE_FILTER "" 4378 extern char *var_smtpd_dns_re_filter; 4379 4380 /* 4381 * Backwards compatibility. 4382 */ 4383 #define VAR_SMTPD_FORBID_BARE_LF "smtpd_forbid_bare_newline" 4384 #define DEF_SMTPD_FORBID_BARE_LF "normalize" 4385 4386 #define VAR_SMTPD_FORBID_BARE_LF_EXCL "smtpd_forbid_bare_newline_exclusions" 4387 #define DEF_SMTPD_FORBID_BARE_LF_EXCL "$" VAR_MYNETWORKS 4388 4389 #define VAR_SMTPD_FORBID_BARE_LF_CODE "smtpd_forbid_bare_newline_reject_code" 4390 #define DEF_SMTPD_FORBID_BARE_LF_CODE 550 4391 4392 #define VAR_CLEANUP_MASK_STRAY_CR_LF "cleanup_replace_stray_cr_lf" 4393 #define DEF_CLEANUP_MASK_STRAY_CR_LF 1 4394 extern bool var_cleanup_mask_stray_cr_lf; 4395 4396 /* 4397 * Share TLS sessions through tlsproxy(8). 4398 */ 4399 #define VAR_SMTP_TLS_CONN_REUSE "smtp_tls_connection_reuse" 4400 #define DEF_SMTP_TLS_CONN_REUSE 0 4401 #define VAR_LMTP_TLS_CONN_REUSE "lmtp_tls_connection_reuse" 4402 #define DEF_LMTP_TLS_CONN_REUSE 0 4403 extern bool var_smtp_tls_conn_reuse; 4404 4405 /* 4406 * Location of shared-library files. 4407 * 4408 * If the files will be installed into a known directory, such as a directory 4409 * that is processed with the ldconfig(1) command, then the shlib_directory 4410 * parameter may be configured at installation time. 4411 * 4412 * Otherwise, the shlib_directory parameter must be specified at compile time, 4413 * and it cannot be changed afterwards. 4414 */ 4415 #define VAR_SHLIB_DIR "shlib_directory" 4416 #ifndef DEF_SHLIB_DIR 4417 #define DEF_SHLIB_DIR "/usr/lib/postfix" 4418 #endif 4419 extern char *var_shlib_dir; 4420 4421 #define VAR_META_DIR "meta_directory" 4422 #ifndef DEF_META_DIR 4423 #define DEF_META_DIR DEF_DAEMON_DIR 4424 #endif 4425 extern char *var_meta_dir; 4426 4427 /* 4428 * SMTPUTF8 support. 4429 */ 4430 #define VAR_SMTPUTF8_ENABLE "smtputf8_enable" 4431 #ifndef DEF_SMTPUTF8_ENABLE 4432 #define DEF_SMTPUTF8_ENABLE "${{$compatibility_level} <level {1} ? " \ 4433 "{no} : {yes}}" 4434 #endif 4435 extern bool var_smtputf8_enable; 4436 4437 #define VAR_STRICT_SMTPUTF8 "strict_smtputf8" 4438 #define DEF_STRICT_SMTPUTF8 0 4439 extern bool var_strict_smtputf8; 4440 4441 #define VAR_SMTPUTF8_AUTOCLASS "smtputf8_autodetect_classes" 4442 #define DEF_SMTPUTF8_AUTOCLASS MAIL_SRC_NAME_SENDMAIL ", " \ 4443 MAIL_SRC_NAME_VERIFY 4444 extern char *var_smtputf8_autoclass; 4445 4446 #define VAR_IDNA2003_COMPAT "enable_idna2003_compatibility" 4447 #define DEF_IDNA2003_COMPAT "no" 4448 extern bool var_idna2003_compat; 4449 4450 /* 4451 * REQUIRETLS support (RFC 8689). 4452 */ 4453 #define VAR_TLSREQUIRED_ENABLE "tls_required_enable" 4454 #define DEF_TLSREQUIRED_ENABLE "yes" 4455 extern bool var_tls_required_enable; 4456 4457 #define VAR_REQTLS_ENABLE "requiretls_enable" 4458 #define DEF_REQTLS_ENABLE "yes" 4459 extern bool var_reqtls_enable; 4460 4461 #define VAR_SMTP_REQTLS_POLICY "smtp_requiretls_policy" 4462 #define DEF_SMTP_REQTLS_POLICY "inline:{{${domain_to_ascii{$mydomain}}=opportunistic}, {.${domain_to_ascii{$mydomain}}=opportunistic}, {localhost=opportunistic}}, cidr:{{0.0.0.0/0 opportunistic}, {::/0 opportunistic}}, enforce" 4463 extern char *var_smtp_reqtls_policy; 4464 4465 #define VAR_LMTP_REQTLS_POLICY "lmtp_requiretls_policy" 4466 #define DEF_LMTP_REQTLS_POLICY "opportunistic" 4467 4468 #define VAR_REQTLS_REDACT_DSN "requiretls_redact_dsn" 4469 #define DEF_REQTLS_REDACT_DSN "yes" 4470 extern bool var_reqtls_redact_dsn; 4471 4472 #define VAR_REQTLS_ESMTP_HDR "requiretls_esmtp_header" 4473 #define DEF_REQTLS_ESMTP_HDR "yes" 4474 extern bool var_reqtls_esmtp_hdr; 4475 4476 /* 4477 * TS per-feature policy status. 4478 */ 4479 #define VAR_SMTP_LOG_TLS_FEATURE_STATUS "smtp_log_tls_feature_status" 4480 #define DEF_SMTP_LOG_TLS_FEATURE_STATUS "yes" 4481 #define VAR_LMTP_LOG_TLS_FEATURE_STATUS "lmtp_log_tls_feature_status" 4482 #define DEF_LMTP_LOG_TLS_FEATURE_STATUS "yes" 4483 extern bool var_log_tls_feature_status; 4484 4485 /* 4486 * Workaround for future incompatibility. Our implementation of RFC 2308 4487 * negative reply caching relies on the promise that res_query() and 4488 * res_search() invoke res_send(), which returns the server response in an 4489 * application buffer even if the requested record does not exist. If this 4490 * promise is broken, we have a workaround that is good enough for DNS 4491 * reputation lookups. 4492 */ 4493 #define VAR_DNS_NCACHE_TTL_FIX "dns_ncache_ttl_fix_enable" 4494 #define DEF_DNS_NCACHE_TTL_FIX 0 4495 extern bool var_dns_ncache_ttl_fix; 4496 4497 /* 4498 * Logging. As systems evolve over time, logging becomes more challenging. 4499 */ 4500 #define VAR_MAILLOG_FILE "maillog_file" 4501 #define DEF_MAILLOG_FILE "" 4502 extern char *var_maillog_file; 4503 4504 #define VAR_MAILLOG_FILE_PFXS "maillog_file_prefixes" 4505 #define DEF_MAILLOG_FILE_PFXS "/var, /dev/stdout" 4506 extern char *var_maillog_file_pfxs; 4507 4508 #define VAR_MAILLOG_FILE_COMP "maillog_file_compressor" 4509 #define DEF_MAILLOG_FILE_COMP "gzip" 4510 extern char *var_maillog_file_comp; 4511 4512 #define VAR_MAILLOG_FILE_STAMP "maillog_file_rotate_suffix" 4513 #define DEF_MAILLOG_FILE_STAMP "%Y%m%d-%H%M%S" 4514 extern char *var_maillog_file_stamp; 4515 4516 #define VAR_MAILLOG_FILE_PERMS "maillog_file_permissions" 4517 #define DEF_MAILLOG_FILE_PERMS "0600" 4518 extern char *var_maillog_file_perms; 4519 4520 #define VAR_POSTLOG_SERVICE "postlog_service_name" 4521 #define DEF_POSTLOG_SERVICE MAIL_SERVICE_POSTLOG 4522 extern char *var_postlog_service; 4523 4524 #define VAR_POSTLOGD_WATCHDOG "postlogd_watchdog_timeout" 4525 #define DEF_POSTLOGD_WATCHDOG "10s" 4526 extern int var_postlogd_watchdog; 4527 4528 /* 4529 * Backwards compatibility for internal-form address logging. 4530 */ 4531 #define INFO_LOG_ADDR_FORM_NAME_EXTERNAL "external" 4532 #define INFO_LOG_ADDR_FORM_NAME_INTERNAL "internal" 4533 4534 #define VAR_INFO_LOG_ADDR_FORM "info_log_address_format" 4535 #define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_EXTERNAL 4536 extern char *var_info_log_addr_form; 4537 4538 /* 4539 * DNSSEC probing, to find out if DNSSEC validation is available. 4540 */ 4541 #define VAR_DNSSEC_PROBE "dnssec_probe" 4542 #define DEF_DNSSEC_PROBE "ns:." 4543 extern char *var_dnssec_probe; 4544 4545 /* 4546 * Pre-empt services(5) lookups. 4547 */ 4548 #define VAR_KNOWN_TCP_PORTS "known_tcp_ports" 4549 #define DEF_KNOWN_TCP_PORTS \ 4550 "lmtp=24, smtp=25, smtps=submissions=465, submission=587" 4551 extern char *var_known_tcp_ports; 4552 4553 /* 4554 * SRV lookup support. 4555 */ 4556 #define VAR_USE_SRV_LOOKUP "use_srv_lookup" 4557 #define DEF_USE_SRV_LOOKUP "" 4558 extern char *var_use_srv_lookup; 4559 4560 #define VAR_IGN_SRV_LOOKUP_ERR "ignore_srv_lookup_error" 4561 #define DEF_IGN_SRV_LOOKUP_ERR 0 4562 extern bool var_ign_srv_lookup_err; 4563 4564 #define VAR_ALLOW_SRV_FALLBACK "allow_srv_lookup_fallback" 4565 #define DEF_ALLOW_SRV_FALLBACK 0 4566 extern bool var_allow_srv_fallback; 4567 4568 /* 4569 * TLSRPT notification support. The lmtp_ names must be defined because the 4570 * build system enforces that every smtp_ parameter has an lmtp_ variant. 4571 */ 4572 #define VAR_SMTP_TLSRPT_ENABLE "smtp_tlsrpt_enable" 4573 #define DEF_SMTP_TLSRPT_ENABLE "no" 4574 #define VAR_LMTP_TLSRPT_ENABLE "lmtp_tlsrpt_enable" 4575 #define DEF_LMTP_TLSRPT_ENABLE DEF_SMTP_TLSRPT_ENABLE 4576 extern bool var_smtp_tlsrpt_enable; 4577 4578 #define VAR_SMTP_TLSRPT_SOCKNAME "smtp_tlsrpt_socket_name" 4579 #define DEF_SMTP_TLSRPT_SOCKNAME "" 4580 #define VAR_LMTP_TLSRPT_SOCKNAME "lmtp_tlsrpt_socket_name" 4581 #define DEF_LMTP_TLSRPT_SOCKNAME DEF_SMTP_TLSRPT_SOCKNAME 4582 extern char *var_smtp_tlsrpt_sockname; 4583 4584 #define VAR_SMTP_TLSRPT_SKIP_REUSED_HS "smtp_tlsrpt_skip_reused_handshakes" 4585 #define DEF_SMTP_TLSRPT_SKIP_REUSED_HS "no" 4586 #define VAR_LMTP_TLSRPT_SKIP_REUSED_HS "lmtp_tlsrpt_skip_reused_handshakes" 4587 #define DEF_LMTP_TLSRPT_SKIP_REUSED_HS DEF_SMTP_TLSRPT_SKIP_REUSED_HS 4588 extern bool var_smtp_tlsrpt_skip_reused_hs; 4589 4590 #define VAR_SMTP_TLS_ENF_STS_MX_PAT "smtp_tls_enforce_sts_mx_patterns" 4591 #define DEF_SMTP_TLS_ENF_STS_MX_PAT "yes" 4592 #define VAR_LMTP_TLS_ENF_STS_MX_PAT "lmtp_tls_enforce_sts_mx_patterns" 4593 #define DEF_LMTP_TLS_ENF_STS_MX_PAT "yes" 4594 extern bool var_smtp_tls_enf_sts_mx_pat; 4595 4596 /* 4597 * RFC 2047 encoding of full name info. 4598 */ 4599 #define VAR_FULL_NAME_ENCODING_CHARSET "full_name_encoding_charset" 4600 #define DEF_FULL_NAME_ENCODING_CHARSET "utf-8" 4601 extern char *var_full_name_encoding_charset; 4602 4603 /* 4604 * Limit for the sockmap reply size 4605 */ 4606 #define VAR_SOCKMAP_MAX_REPLY "socketmap_max_reply_size" 4607 #define DEF_SOCKMAP_MAX_REPLY 100000 /* reply size limit */ 4608 extern int var_sockmap_max_reply; 4609 4610 /* 4611 * Client privacy. 4612 */ 4613 #define VAR_SMTPD_HIDE_CLIENT_SESSION "smtpd_hide_client_session" 4614 #define DEF_SMTPD_HIDE_CLIENT_SESSION "no" 4615 extern bool var_smtpd_hide_client_session; 4616 4617 /* 4618 * SMTP server reject response filter. 4619 */ 4620 #define VAR_SMTPD_REJECT_FILTER_MAPS "smtpd_reject_filter_maps" 4621 #define DEF_SMTPD_REJECT_FILTER_MAPS "" 4622 extern char *var_smtpd_reject_filter_maps; 4623 4624 /* 4625 * Non-Berkeley-DB migration. 4626 */ 4627 #define NBDB_LEV_NAME_NONE "disable" 4628 #define NBDB_LEV_NAME_REDIRECT "enable-redirect" 4629 #define NBDB_LEV_NAME_REINDEX "enable-reindex" 4630 4631 #define VAR_NBDB_LEVEL "non_bdb_migration_level" 4632 #define DEF_NBDB_LEVEL NBDB_LEV_NAME_NONE 4633 extern char *var_nbdb_level; 4634 4635 #define VAR_NBDB_CUST_MAP "non_bdb_custom_mapping" 4636 #define DEF_NBDB_CUST_MAP "" 4637 extern char *var_nbdb_cust_map; 4638 4639 #define VAR_NBDB_SERVICE "non_bdb_migration_service_name" 4640 #define DEF_NBDB_SERVICE "nbdb_reindex" 4641 extern char *var_nbdb_service; 4642 4643 #define VAR_NBDB_ALLOW_ROOT_PFXS "non_bdb_migration_allow_root_prefixes" 4644 #define DEF_NBDB_ALLOW_ROOT_PFXS "/etc /usr/local/etc" 4645 extern char *var_nbdb_allow_root_pfxs; 4646 4647 #define VAR_NBDB_ALLOW_USER_PFXS "non_bdb_migration_allow_user_prefixes" 4648 #define DEF_NBDB_ALLOW_USER_PFXS "$" VAR_DATA_DIR " /var/lib/mailman" \ 4649 " /var/lib/mailman3" 4650 extern char *var_nbdb_allow_user_pfxs; 4651 4652 #define VAR_NBDB_LOG_REDIRECT "non_bdb_migration_log_redirect" 4653 #define DEF_NBDB_LOG_REDIRECT "yes" 4654 extern bool var_nbdb_log_redirect; 4655 4656 /* LICENSE 4657 /* .ad 4658 /* .fi 4659 /* The Secure Mailer license must be distributed with this software. 4660 /* AUTHOR(S) 4661 /* Wietse Venema 4662 /* IBM T.J. Watson Research 4663 /* P.O. Box 704 4664 /* Yorktown Heights, NY 10598, USA 4665 /* 4666 /* Wietse Venema 4667 /* Google, Inc. 4668 /* 111 8th Avenue 4669 /* New York, NY 10011, USA 4670 /* 4671 /* Wietse Venema 4672 /* porcupine.org 4673 /*--*/ 4674 4675 #endif 4676
Indexes created Wed Jun 17 00:25:26 UTC 2026