OVERVIEW.html revision 1.1.1.3
1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4 <html> 5 6 <head> 7 8 <title>Postfix Architecture Overview </title> 9 10 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12 </head> 13 14 <body> 15 16 <h1> <img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17 Architecture Overview </h1> 18 19 <hr> 20 21 <h2> Introduction </h2> 22 23 <p> This document presents an overview of the Postfix architecture, 24 and provides pointers to descriptions of every Postfix command 25 or server program. The text gives the general context in which 26 each command or server program is used, and provides pointers to 27 documents with specific usage examples and background information. 28 </p> 29 30 <p> Topics covered by this document: </p> 31 32 <ul> 33 34 <li> <a href="#receiving"> How Postfix receives mail </a> 35 36 <li> <a href="#delivering"> How Postfix delivers mail </a> 37 38 <li> <a href="#behind"> Postfix behind the scenes </a> 39 40 <li> <a href="#commands"> Postfix support commands </a> 41 42 </ul> 43 44 <h2><a name="receiving"> How Postfix receives mail </a> </h2> 45 46 <p> When a message enters the Postfix mail system, the first stop 47 on the inside is the incoming queue. The figure below shows the 48 main processes that are involved with new mail. Names followed by 49 a number are Postfix commands or server programs, while unnumbered 50 names inside shaded areas represent Postfix queues. </p> 51 52 <blockquote> 53 54 <table> 55 56 <tr> 57 58 <td colspan="4"> </td> 59 60 <td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8) </td> 61 62 </tr> 63 64 <tr> 65 66 <td> Network </td> <td> <tt> -> </tt> </td> 67 68 <td bgcolor="#f0f0ff" align="center" valign="middle"> smtpd(8) 69 </td> 70 71 <td> </td> 72 73 <td rowspan="2" align="center"> <table> <tr> <td align="center"> 74 ^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 75 </td> </tr> </table> </td> 76 77 </tr> 78 79 <tr> 80 81 <td colspan="3"> </td> <td> <tt> \ </tt> </td> 82 83 </tr> 84 85 <tr> 86 87 <td> Network </td> <td> <tt> -> </tt> </td> 88 89 <td bgcolor="#f0f0ff" align="center" valign="middle"> qmqpd(8) 90 </td> 91 92 <td> <tt> -> </tt> </td> 93 94 <td bgcolor="#f0f0ff" align="center" valign="middle"> cleanup(8) 95 </td> 96 97 <td> <tt> -> </tt> </td> 98 99 <td bgcolor="#f0f0ff" align="center" valign="middle"> <a 100 href="QSHAPE_README.html#incoming_queue"> incoming </a> </td> 101 102 </tr> 103 104 <tr> 105 106 <td colspan="3"> </td> <td> <tt> / </tt> </td> 107 108 </tr> 109 110 <tr> 111 112 <td colspan="2"> </td> 113 114 <td bgcolor="#f0f0ff" align="center" valign="middle"> pickup(8) 115 </td> 116 117 <td> <tt> <- </tt> </td> 118 119 <td bgcolor="#f0f0ff" align="center" valign="middle"> <a 120 href="QSHAPE_README.html#maildrop_queue"> maildrop </a> </td> 121 122 </tr> 123 124 <tr> 125 126 <td colspan="4" align="center"> </td> 127 128 <td align="center"> ^<br> <tt> | </tt> </td> 129 130 </tr> 131 132 <tr> 133 134 <td> Local </td> <td> <tt> -> </tt> </td> 135 136 <td bgcolor="#f0f0ff" align="center" valign="middle"> sendmail(1) 137 </td> 138 139 <td> <tt> -> </tt> </td> 140 141 <td bgcolor="#f0f0ff" align="center" valign="middle"> postdrop(1) 142 </td> 143 144 </tr> 145 146 </table> 147 148 </blockquote> 149 150 <ul> 151 152 <li> <p> Network mail enters Postfix via the smtpd(8) or qmqpd(8) 153 servers. These servers remove the SMTP or QMQP protocol encapsulation, 154 enforce some sanity checks to protect Postfix, and give the sender, 155 recipients and message content to the cleanup(8) server. The 156 smtpd(8) server can be configured to block unwanted mail, as 157 described in the SMTPD_ACCESS_README document. </p> 158 159 <li> <p> Local submissions are received with the Postfix sendmail(1) 160 compatibility command, and are queued in the maildrop queue by 161 the privileged postdrop(1) command. This arrangement even works 162 while the Postfix mail system is not running. The local pickup(8) 163 server picks up local submissions, enforces some sanity checks to 164 protect Postfix, and gives the sender, recipients and message 165 content to the cleanup(8) server. </p> 166 167 <li> <p> Mail from internal sources is given directly to the 168 cleanup(8) server. These sources are not shown in the figure, and 169 include: mail that is forwarded by the local(8) delivery agent (see 170 next section), messages that are returned to the sender by the 171 bounce(8) server (see second-next section), and postmaster 172 notifications about problems with Postfix. </p> 173 174 <li> <p> The cleanup(8) server implements the final processing 175 stage before mail is queued. It adds missing From: and other message 176 headers, and transforms addresses as described in the 177 ADDRESS_REWRITING_README 178 document. Optionally, the cleanup(8) server can be configured to 179 do light-weight content inspection with regular expressions as 180 described in the BUILTIN_FILTER_README document. The cleanup(8) 181 server places the result as a single file into the incoming queue, 182 and notifies the queue manager (see next section) of the arrival 183 of new mail. </p> 184 185 <li> <p> The trivial-rewrite(8) server rewrites addresses to the 186 standard "user (a] fully.qualified.domain" form, as described in the 187 ADDRESS_REWRITING_README document. Postfix currently does not 188 implement a rewriting language, but a lot can be done via table 189 lookups and, if need be, regular expressions. </p> 190 191 </ul> 192 193 <h2> <a name="delivering"> How Postfix delivers mail </a> </h2> 194 195 <p> Once a message has reached the incoming queue the next step is 196 to deliver it. The figure shows the main components of the Postfix 197 mail delivery apparatus. Names followed by a number are Postfix 198 commands or server programs, while unnumbered names inside shaded 199 areas represent Postfix queues. </p> 200 201 <blockquote> 202 203 <table> 204 205 <tr> 206 207 <td rowspan="2" colspan="4"> </td> 208 209 <td rowspan="2" bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8) 210 </td> 211 212 <td> </td> 213 214 <td bgcolor="#f0f0ff" align="center"> smtp(8) </td> 215 216 <td> <tt> -> </tt> </td> <td> Network </td> 217 218 </tr> 219 220 <tr> 221 222 <td align="right"> <tt> / </tt> </td> 223 224 </tr> 225 226 <tr> 227 228 <td rowspan="2" colspan="4"> </td> 229 230 <td rowspan="2" align="center"> <table> <tr> <td align="center"> 231 ^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 232 </td> </tr> </table> </td> 233 234 <td align="right"> <tt> - </tt> </td> 235 236 <td bgcolor="#f0f0ff" align="center"> lmtp(8) </td> 237 238 <td> <tt> -> </tt> </td> <td> Network </td> 239 240 </tr> 241 242 <tr> 243 244 <td align="left"> <tt> / </tt> </td> 245 246 </tr> 247 248 <tr> 249 250 <td bgcolor="#f0f0ff" align="center"> <a 251 href="QSHAPE_README.html#incoming_queue"> incoming </a> </td> 252 253 <td> <tt> -> </tt> </td> 254 255 <td bgcolor="#f0f0ff" align="center"> <a 256 href="QSHAPE_README.html#active_queue"> active </a> </td> 257 258 <td> <tt> -> </tt> </td> 259 260 <td bgcolor="#f0f0ff" align="center"> qmgr(8) </td> 261 262 <td align="right"> <tt> --- </tt> </td> 263 264 <td bgcolor="#f0f0ff" align="center"> local(8) </td> 265 266 <td> <tt> -> </tt> </td> <td> File, command </td> 267 268 </tr> 269 270 <tr> 271 272 <td rowspan="2" colspan="2"> </td> 273 274 <td rowspan="2" align="center"> <table> <tr> <td align="center"> 275 ^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt> 276 </td> </tr> </table> </td> 277 278 <td rowspan="2" colspan="2"> </td> 279 280 <td align="left"> <tt> \ </tt> </td> 281 282 </tr> 283 284 <tr> 285 286 <td align="right"> <tt> - </tt> </td> 287 288 <td bgcolor="#f0f0ff" align="center"> virtual(8) </td> 289 290 <td> <tt> -> </tt> </td> <td> File </td> 291 292 </tr> 293 294 <tr> 295 296 <td colspan="2"> </td> 297 298 <td bgcolor="#f0f0ff" align="center"> <a 299 href="QSHAPE_README.html#deferred_queue"> deferred </a> </td> 300 301 <td colspan="2"> </td> 302 303 <td align="right"> <tt> \ </tt> </td> 304 305 </tr> 306 307 <tr> 308 309 <td colspan="6"> 310 311 <td bgcolor="#f0f0ff" align="center"> pipe(8) </td> 312 313 <td> <tt> -> </tt> </td> <td> Command </td> 314 315 </tr> 316 317 </table> 318 319 </blockquote> 320 321 <ul> 322 323 <li> <p> The queue manager (the qmgr(8) server process in the 324 figure) is the heart of Postfix mail delivery. It contacts the 325 smtp(8), lmtp(8), local(8), virtual(8), pipe(8), discard(8) or 326 error(8) delivery agents, and sends a delivery request for one 327 or more recipient addresses. The discard(8) and error(8) delivery 328 agents are special: they discard or bounce all mail, and are not 329 shown in the figure above. </p> 330 331 <p> The queue manager maintains a small active queue with the 332 messages that it has opened for delivery. The active queue acts as 333 a limited window on potentially large incoming or deferred queues. 334 The limited active queue prevents the queue manager from running 335 out of memory under heavy load. </p> 336 337 <p> The queue manager maintains a separate deferred queue for mail 338 that cannot be delivered, so that a large mail backlog will not 339 slow down normal queue accesses. The queue manager's strategy for 340 delayed mail delivery attempts is described in the QSHAPE_README 341 and TUNING_README documents. </p> 342 343 <li> <p> The trivial-rewrite(8) server resolves each recipient 344 address according to its local or remote address class, as defined 345 in the ADDRESS_CLASS_README document. Additional routing information 346 can be specified with the optional transport(5) table. The 347 trivial-rewrite(8) server optionally queries the relocated(5) table 348 for recipients whose address has changed; mail for such recipients is 349 returned to the sender with an explanation. </p> 350 351 <li> <p> The smtp(8) client looks up a list of mail exchangers for 352 the destination host, sorts the list by preference, and tries each 353 server in turn until it finds a server that responds. It then 354 encapsulates the sender, recipient and message content as required 355 by the SMTP protocol; this includes conversion of 8-bit MIME to 356 7-bit encoding. </p> 357 358 <li> <p> The lmtp(8) client speaks a protocol similar to SMTP that 359 is optimized for delivery to mailbox servers such as Cyrus. The 360 advantage of this setup is that one Postfix machine can feed multiple 361 mailbox servers over LMTP. The opposite is true as well: one 362 mailbox server can be fed over LMTP by multiple Postfix machines. 363 </p> 364 365 <li> <p> The local(8) delivery agent understands UNIX-style mailboxes, 366 qmail-compatible maildir files, Sendmail-style system-wide aliases(5) 367 databases, and Sendmail-style per-user .forward files. Multiple 368 local delivery agents can be run in parallel, but parallel delivery 369 to the same user is usually limited. </p> 370 371 <p> The local(8) delivery agent has hooks for alternative forms of 372 local delivery: you can configure it to deliver to mailbox files 373 in user home directories, you can configure it to delegate mailbox 374 delivery to an external command such as procmail, or you can delegate 375 delivery to a different Postfix delivery agent. </p> 376 377 <li> <p> The virtual(8) delivery agent is a bare-bones delivery 378 agent that delivers to UNIX-style mailbox or qmail-style maildir 379 files only. This delivery agent can deliver mail for multiple 380 domains, which makes it especially suitable for hosting lots of 381 small domains on a single machine. This is described in the 382 VIRTUAL_README document. </p> 383 384 <li> <p> The pipe(8) mailer is the outbound interface to other mail 385 processing systems (the Postfix sendmail(1) command being the 386 inbound interface). The interface is UNIX compatible: it provides 387 information on the command line and on the standard input stream, 388 and expects a process exit status code as defined in <sysexits.h>. 389 Examples of delivery via the pipe(8) mailer are in the MAILDROP_README 390 and UUCP_README documents. 391 392 </ul> 393 394 <h2> <a name="behind"> Postfix behind the scenes </a> </h2> 395 396 <p> The previous sections gave an overview of how Postfix server 397 processes send and receive mail. These server processes rely on 398 other server processes that do things behind the scenes. The text 399 below attempts to visualize each service in its own context. As 400 before, names followed by a number are Postfix commands or server 401 programs, while unnumbered names inside shaded areas represent 402 Postfix queues. </p> 403 404 <ul> 405 406 <li> <p> The resident master(8) server is the supervisor that keeps 407 an eye on the well-being of the Postfix mail system. It is typically 408 started at system boot time with the "postfix start" command, and 409 keeps running until the system goes down. The master(8) server is 410 responsible for starting Postfix server processes to receive and 411 deliver mail, and for restarting servers that terminate prematurely 412 because of some problem. The master(8) server is also responsible 413 for enforcing the server process count limits as specified in the 414 <b>master.cf</b> configuration file. The picture below gives the 415 program hierarchy when Postfix is started up. Only some of the mail 416 handling daemon processes are shown. </p> 417 418 <table> 419 420 <tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 421 postfix(1) </td> </tr> 422 423 <tr> <td colspan="2"> </td> <td align="center"> |<br> |</td> </tr> 424 425 <tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 426 postfix-script(1) </td> </tr> 427 428 <tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr> 429 <tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center"> 430 |<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr> 431 <td> </td> <td> \ </td> </tr> </table> </td> </tr> 432 433 <tr> <td align="center" bgcolor="#f0f0ff"> postsuper(1) </td> <td> 434 </td> <td align="center" bgcolor="#f0f0ff"> master(8) </td> <td> 435 </td> <td align="center" bgcolor="#f0f0ff"> postlog(1) </td> </tr> 436 437 <tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr> 438 <tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center"> 439 |<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr> 440 <td> </td> <td> \ </td> </tr> </table> </td> </tr> 441 442 <tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8) </td> <td> 443 </td> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> 444 </td> <td align="center" bgcolor="#f0f0ff"> local(8) </td> </tr> 445 446 </table> 447 448 <li> <p> The anvil(8) server implements client connection and 449 request rate 450 limiting for all smtpd(8) servers. The TUNING_README document 451 provides guidance for dealing with mis-behaving SMTP clients. The 452 anvil(8) service is available in Postfix version 2.2 and later. 453 </p> 454 455 <table> 456 457 <tr> <td> Network </td> <td> <tt> -> </tt> </td> <td align="center" 458 bgcolor="#f0f0ff"> <br> smtpd(8)<br><br> </td> <td> <tt> <-> 459 </tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> anvil(8)<br><br> 460 </td> </tr> 461 462 </table> 463 464 <li> <p> The bounce(8), defer(8) and trace(8) services each maintain 465 their own queue directory trees with per-message logfiles. Postfix 466 uses this information when sending "failed", "delayed" or "success" 467 delivery status notifications to the sender. </p> 468 469 <p> The trace(8) service also implements support for the Postfix 470 "sendmail 471 -bv" and "sendmail -v" commands which produce reports about how 472 Postfix delivers mail, and is available with Postfix version 2.1 473 and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README 474 </a> for examples. </p> 475 476 <table> 477 478 <tr> <td align="center" bgcolor="#f0f0ff"> cleanup(8) </td> <td 479 valign="middle"> <tt> -> </tt> </td> <td align="center" 480 bgcolor="#f0f0ff"> qmgr(8)<br> Postfix<br> queue </td> <td 481 valign="middle"> <tt> -> </tt> </td> <td align="center" 482 bgcolor="#f0f0ff"> Delivery<br> agents</td> </tr> 483 484 <tr> <td align="center"> ^<br> <tt> | </tt> </td> <td> </td> <td 485 align="center"> <tt> |<br> v </tt> </td> <td> </td> <td align="center"> 486 <tt> |<br> v </tt> </td> </tr> 487 488 <tr> <td align="center"> (Non-)<br> delivery<br> notice </td> <td 489 valign="middle"> <tt> <- </tt> </td> <td align="center" 490 bgcolor="#f0f0ff"> bounce(8)<br> defer(8)<br> trace(8) </td> <td 491 valign="middle"> <tt> <- </tt> </td> <td align="center"> Queue 492 id,<br> recipient,<br> status</td> </tr> 493 494 <tr> <td colspan="2"> </td> <td align="center"> <table> <tr> <td 495 align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt> 496 |<br> v </tt> </td> </tr> </table> </td> </tr> 497 498 <tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 499 Per- <br> message<br> logfiles </td> </tr> 500 501 </table> 502 503 <li> <p> The flush(8) servers maintain per-destination logs and 504 implement both ETRN and "sendmail -qRdestination", as described 505 in the ETRN_README document. This moves selected queue files from 506 the deferred queue back to the incoming queue and requests their 507 delivery. The flush(8) service is available with Postfix version 508 1.0 and later. </p> 509 510 <table> 511 512 <tr> <td colspan="4"> </td> <td align="center" bgcolor="#f0f0ff"> 513 <a href="QSHAPE_README.html#incoming_queue"> incoming </a><br>^ 514 <br><a href="QSHAPE_README.html#deferred_queue"> deferred </a> 515 </td> </tr> 516 517 <tr> <td colspan="4"> </td> <td align="center"> ^<br> |</td> </tr> 518 519 <tr> <td align="center" bgcolor="#f0f0ff"> smtpd(8)<br> sendmail(1)<br> 520 postqueue(1) </td> <td> <tt> - </tt> </td> <td align="center"> 521 Destination<br> to flush</td> <td> <tt> -> </tt> </td> <td 522 align="center" bgcolor="#f0f0ff"> flush(8) </td> <td> <tt> <- 523 </tt> </td> <td align="center"> Deferred<br> destination,<br> queue 524 id </td> <td> <tt> - </tt> </td> <td align="center" bgcolor="#f0f0ff"> 525 Delivery<br> agents,<br> qmgr(8) </td> </tr> 526 527 <tr> <td colspan="4"> </td> <td align="center"> <table> <tr> <td 528 align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt> 529 |<br> v </tt> </td> </tr> </table> </td> </tr> 530 531 <tr> <td colspan="4"> </td> <td align="center"> Per-dest-<br> 532 ination<br> logs </td> </tr> 533 534 </table> 535 536 <li> <p> The proxymap(8) servers provide read-only and read-write 537 table lookup 538 service to Postfix processes. This overcomes chroot restrictions, 539 reduces the number of open lookup tables by sharing one open 540 table among multiple processes, and implements single-updater 541 tables. </p> 542 543 <li> <p> The scache(8) server maintains the connection cache for 544 the Postfix smtp(8) client. When connection caching is enabled for 545 selected destinations, the smtp(8) client does not disconnect 546 immediately after a mail transaction, but gives the connection to 547 the connection cache server which keeps the connection open for a 548 limited amount of time. The smtp(8) client continues with some 549 other mail delivery request. Meanwhile, any smtp(8) process can 550 ask the scache(8) server for that cached connection and reuse it 551 for mail delivery. As a safety measure, Postfix limits the number 552 of times that a connection may be reused. </p> 553 554 <p> When delivering mail to a destination with multiple mail servers, 555 connection caching can help to skip over a non-responding server, 556 and thus dramatically speed up delivery. SMTP connection caching 557 is available in Postfix version 2.2 and later. More information 558 about this feature is in the CONNECTION_CACHE_README document. </p> 559 560 <table> 561 562 <tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center" 563 colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt> 564 --> </tt> Internet </td> </tr> 565 566 <tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td> 567 <td align="center" rowspan="3"> </td> <td align="center" 568 rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td> 569 </tr> 570 571 <tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center" 572 colspan="2" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> <tt> 573 --> </tt> Internet </td> </tr> 574 575 <tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td> 576 <td> </td> </tr> 577 578 <tr> <td colspan="3"> </td> <td align="center" colspan="3" 579 bgcolor="#f0f0ff"> scache(8) </td> </tr> 580 581 </table> 582 583 <li> <p> The showq(8) servers list the Postfix queue status. This 584 is the queue listing service that does the work for the mailq(1) 585 and postqueue(1) commands. </p> 586 587 <table> 588 589 <tr> <td> Output </td> <td> <tt> <- </tt> </td> <td align="center" 590 bgcolor="#f0f0ff"> mailq(1)<br> 591 592 <a href="postqueue.1.html"> post-<br>queue(1) </a> <br> </td> <td> 593 <tt> <- </tt> </td> <td align="center" valign="middle" 594 bgcolor="#f0f0ff"> showq(8) </td> <td> <tt> <- </tt></td> <td 595 align="center" valign="middle" bgcolor="#f0f0ff"> Postfix<br> queue 596 </td> </tr> 597 598 </table> 599 600 <li> <p> The spawn(8) servers run non-Postfix commands on request, 601 with the client connected via socket or FIFO to the command's 602 standard input, output and error streams. You can find examples of 603 its use in the SMTPD_POLICY_README document. </p> 604 605 <li> <p> The tlsmgr(8) server runs when TLS (Transport Layer 606 Security, formerly known as SSL) is turned on in the Postfix smtp(8) 607 client or smtpd(8) server. This process has two duties: </p> 608 609 <ul> 610 611 <li> <p> Maintain the pseudo-random number generator (PRNG) that 612 is used to seed the TLS engines in Postfix smtp(8) client or smtpd(8) 613 server processes. The state of this PRNG is periodically saved to 614 a file, and is read when tlsmgr(8) starts up. </p> 615 616 <li> <p> Maintain the optional Postfix smtp(8) client or smtpd(8) 617 server caches with TLS session keys. Saved keys can improve 618 performance by reducing the amount of computation at the start of 619 a TLS session. </p> 620 621 </ul> 622 623 <p> TLS support is available in Postfix version 2.2 and later. 624 Information about the Postfix TLS implementation is in the TLS_README 625 document. </p> 626 627 <table> 628 629 <tr> <td>Network<tt>-> </tt> </td> <td align="center" 630 bgcolor="#f0f0ff"> <br> smtpd(8) <br> </td> <td colspan="2"> 631 <tt> <---seed---<br><br><-session-> </tt> </td> <td 632 align="center" bgcolor="#f0f0ff"> <br> tlsmgr(8) <br> </td> 633 <td colspan="3"> <tt> ---seed---><br> <br><-session-> 634 </tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br> 635 </td> <td> <tt> -></tt>Network </td> </tr> 636 637 <tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td> 638 </td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table> 639 </td> <td align="center"> |<br> |</td> <td align="left"> <table> 640 <tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td> 641 </tr> </table> </td> <td colspan="3"> </td> </tr> 642 643 <tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff"> 644 smtpd<br> session<br> cache </td> <td> </td> <td align="center" 645 bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td 646 align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td> 647 <td colspan="2"> </td> </tr> 648 649 </table> 650 651 652 <li> <p> The verify(8) server verifies that a sender or recipient 653 address is deliverable before the smtpd(8) server accepts it. The 654 verify(8) server queries a cache with address verification results. 655 If a result is not found, the verify(8) server injects a probe 656 message into the Postfix queue and processes the status update from 657 a delivery agent or queue manager. 658 This process is described in the ADDRESS_VERIFICATION_README 659 document. The verify(8) service is available with Postfix version 660 2.1 and later. </p> 661 662 <table> 663 664 <tr> 665 666 <td rowspan="2" colspan="5" align="center" valign="middle"> 667 </td> <td rowspan="3" align="center" valign="bottom"> 668 <tt> -> </tt> </td> <td rowspan="3" align="center" 669 valign="middle"> probe<br> message </td> <td rowspan="3" 670 align="center" valign="middle"> <tt> -> </tt> </td> <td 671 rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle"> 672 Postfix<br> mail<br> queue </td> 673 674 </tr> 675 676 <tr> <td> </td> </tr> 677 678 <tr> 679 680 <td rowspan="3" align="center" valign="middle"> Network </td> 681 <td rowspan="3" align="center" valign="middle"> <tt> -> </tt> 682 </td> <td rowspan="3" bgcolor="#f0f0ff" align="center" 683 valign="middle"> smtpd(8) </td> <td rowspan="3" align="center" 684 valign="middle"> <tt> <-> </tt> </td> <td rowspan="3" 685 bgcolor="#f0f0ff" align="center" valign="middle"> verify(8) 686 </td> 687 688 </tr> 689 690 <tr> 691 692 <td rowspan="1" colspan="3"> </td> <td rowspan="1" align="center" 693 valign="middle"> <tt> |</tt><br> <tt> v</tt> </td> 694 695 </tr> 696 697 <tr> 698 699 <td rowspan="3" align="center" valign="top"> <tt> <- </tt> 700 </td> <td rowspan="3" align="center" valign="middle"> probe<br> 701 status </td> <td rowspan="3" align="center" valign="middle"> 702 <tt> <- </tt> </td> <td rowspan="3" bgcolor="#f0f0ff" 703 align="center" valign="middle"> Postfix<br> delivery<br> agents 704 </td> <td rowspan="3" align="left" valign="middle"> <tt>-></tt> 705 Local<br> <tt>-></tt> Network</td> 706 707 </tr> 708 709 <tr> 710 711 <td rowspan="3" colspan="4" align="center" valign="middle"> 712 </td> <td rowspan="3" align="center" valign="middle"> 713 <tt> ^</tt><br> <tt> |</tt><br> <tt> v</tt> </td> 714 715 </tr> 716 717 <tr> <td> </td> </tr> 718 719 <tr> <td colspan="4"> </td> </tr> 720 721 <tr> 722 723 <td colspan="4" align="center" valign="middle"> </td> 724 <td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br> 725 verification<br> cache </td> 726 727 </tr> 728 729 </table> 730 731 <li> <p> The postscreen(8) server can be put "in front" of Postfix 732 smtpd(8) processes. Its purpose is to accept connections from the 733 network and to decide what SMTP clients are allowed to talk to 734 Postfix. According to the 2008 MessageLabs annual report, 81% of 735 all email was spam, and 90% of that was sent by botnets; by 2010, 736 those numbers were 92% and 95%, respectively. While postscreen(8) 737 keeps the zombies away, more smtpd(8) processes remain available 738 for legitimate clients. </p> 739 740 <p> The postscreen(8) server is available with Postfix 2.8 and 741 later. To keep the implementation simple, postscreen(8) delegates 742 DNS white/backlist lookups to dnsblog(8) server processes, and 743 delegates TLS encryption/decryption to tlsproxy(8) server processes. 744 This delegation is invisible to the remote SMTP client, and is not 745 shown in the diagram below. </p> 746 747 <table> 748 749 <tr> <td> zombie </td> </tr> 750 751 <tr> <td> </td> <td align="left"> <tt> \ </tt> </td> </tr> 752 753 <tr> <td> zombie </td> <td align="left"> <tt> - </tt> </td> <td> 754 </td> <td> </td> <td> </td> <td align="right"> <tt> - </tt> </td> 755 <td bgcolor="#f0f0ff" align="center"> smtpd(8) </td> </tr> 756 757 <tr> <td> </td> <td align="right"> <tt> \ </tt> </td> <td> </td> 758 <td align="left"> <tt> / </tt> </td> </tr> 759 760 <tr> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt> 761 --- </tt> </td> <td bgcolor="#f0f0ff" align="center" valign="middle"> 762 postscreen(8) </td> </tr> 763 764 <tr> <td> </td> <td align="right"> <tt> / </tt> </td> <td> </td> 765 <td align="right"> <tt> \ </tt> </td> </tr> 766 767 <tr> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left"> 768 <tt> - </tt> </td> <td> </td> <td> </td> <td> </td> <td align="right"> 769 <tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> smtpd(8) 770 </td> </tr> 771 772 <tr> <td> </td> <td align="left"> <tt> / </tt> </td> </tr> 773 774 <tr> <td> zombie </td> </tr> 775 776 777 </table> 778 779 </ul> 780 781 <h2> <a name="commands"> Postfix support commands </a> </h2> 782 783 <p> The Postfix architecture overview ends with a summary of 784 command-line utilities for day-to-day use of the Postfix mail 785 system. Besides the Sendmail-compatible sendmail(1), mailq(1), and 786 newaliases(1) commands, the Postfix system comes with it own 787 collection of command-line utilities. For consistency, these are 788 all named post<i>something</i>. </p> 789 790 <ul> 791 792 <li> <p> The postfix(1) command controls the operation of the mail 793 system. It is the interface for starting, stopping, and restarting 794 the mail system, as well as for some other administrative operations. 795 This command is reserved to the super-user. </p> 796 797 <li> <p> The postalias(1) command maintains Postfix aliases(5) type 798 databases. This is the program that does the work for the 799 newaliases(1) command. </p> 800 801 <li> <p> The postcat(1) command displays the contents of Postfix 802 queue files. This is a limited, preliminary utility. This program 803 is likely to be superseded by something more powerful that can also 804 edit Postfix queue files. </p> 805 806 <li> <p> The postconf(1) command displays or updates Postfix main.cf 807 parameters and displays system dependent information about the 808 supported file locking methods, and the supported types of lookup 809 tables. </p> 810 811 <li> <p> The postdrop(1) command is the mail posting utility that 812 is run by the Postfix sendmail(1) command in order to deposit mail 813 into the maildrop queue directory. </p> 814 815 <li> <p> The postkick(1) command makes some Postfix internal 816 communication channels available for use in, for example, shell 817 scripts. </p> 818 819 <li> <p> The postlock(1) command provides Postfix-compatible mailbox 820 locking for use in, for example, shell scripts. </p> 821 822 <li> <p> The postlog(1) command provides Postfix-compatible logging 823 for shell scripts. </p> 824 825 <li> <p> The postmap(1) command maintains Postfix lookup tables 826 such as canonical(5), virtual(5) and others. It is a cousin of the 827 UNIX makemap command. </p> 828 829 <li> <p> The postmulti(1) command repeats the "postfix start" etc. 830 command for each Postfix instance, and supports creation, deletion 831 etc. of Postfix instances. For a tutorial, see MULTI_INSTANCE_README. 832 </p> 833 834 <li> <p> The postqueue(1) command is the privileged command that 835 is run by Postfix sendmail(1) and mailq(1) in order to flush or 836 list the 837 mail queue. </p> 838 839 <li> <p> The postsuper(1) command maintains the Postfix queue. It 840 removes old temporary files, and moves queue files into the right 841 directory after a change in the hashing depth of queue directories. 842 This command is run at mail system startup time and when Postfix 843 is restarted. </p> 844 845 </ul> 846 847 </body> 848 849 </html> 850
Indexes created Sun Jun 28 00:24:58 UTC 2026