1 1 000 000 messages with good performance unlikely above that limit 2 10 10 Mandatory configuration file edits 3 11 11 To chroot or not to chroot 4 12 12 Care and feeding of the Postfix system 5 14 rbl_domain rbl_reason rbl_reason 6 168 100 189 2 255 255 255 224 7 18 rbl_domain rbl_reason rbl_reason 8 1 ffff ffff ffff ffff ffff ffff ffff ffff 9 2001 240 587 0 2d0 b7ff fe88 2ca7 ffff ffff ffff ffff 10 31 sasldb Accounts are stored stored in a Cyrus SASL Berkeley DB 11 33 ldapdb Accounts are stored stored in an LDAP database 12 4 yes yes yes never 100 13 5 postmaster postmaster example com 14 5 root root localhost 15 6 abuse abuse example com 16 80821 S 0 00 24 smtpd n smtp t inet u c o stress yes 17 83326 S 0 00 28 smtpd n smtp t inet u c o stress 18 84345 Ss 0 00 11 usr bin perl usr libexec postfix smtpd policy pl 19 8 SENDMAIL usr sbin sendmail G i NEVER NEVER NEVER use t here 20 address localpart as per RFC 822 so that additional or or 21 all all Maximum per destination delivery concurrency 22 and cost cost 1 times more than if the preemptive scheduler was 23 and sneak in the ten recipient mail Wait wait wait Could we Aren t 24 aNULL aNULL kEECDH kEDH RC4 eNULL EXPORT LOW STRENGTH 25 Arrival Date Sun 26 Nov 2006 17 01 01 0500 EST 26 attacks with user domain domain addresses when Postfix provides 27 authzTo authzTo dn regex uniqueIdentifier ou people dc example dc com 28 AUXLIBS AUXLIBS options for LDAP or TLS etc 29 blockquote blockquote 30 broken smtp smtp o smtp_quote_rfc821_envelope no 31 ccert_fingerprint C2 9D F4 87 71 73 73 D9 18 E7 C2 F3 C1 DA 6E 04 32 command_directory command_directory 33 concurrency concurrency limit 34 config_directory config_directory 35 daemon_directory daemon_directory 36 data_directory data_directory 37 Date Sun 26 Nov 2006 17 01 01 0500 EST 38 dd dd Alternatively check_ccert_access accepts an explicit search 39 dd dd check_ccert_access type table search_order cert_fingerprint 40 dd dd The commas are optional dd 41 dd dd The default algorithm is b sha256 b with Postfix ge 3 6 42 dd No TLS TLS will not be used unless enabled for specific 43 Dec 4 04 30 09 hostname postfix smtpd 58549 NOQUEUE reject 44 default_transport uucp uucp gateway 45 Documentation Documentation is available as README files start with the file 46 done done 47 done done 48 dt b a name check_address_map check_address_map a i a href DATABASE_RE 49 dt b a name check_ccert_access check_ccert_access a i a href DATABASE_ 50 dt b a name check_client_a_access check_client_a_access a i a href DAT 51 dt b a name check_client_access check_client_access a i a href DATABAS 52 dt b a name check_client_mx_access check_client_mx_access a i a href D 53 dt b a name check_client_ns_access check_client_ns_access a i a href D 54 dt b a name check_etrn_access check_etrn_access a i a href DATABASE_RE 55 dt b a name check_helo_a_access check_helo_a_access a i a href DATABAS 56 dt b a name check_helo_access check_helo_access a i a href DATABASE_RE 57 dt b a name check_helo_mx_access check_helo_mx_access a i a href DATAB 58 dt b a name check_helo_ns_access check_helo_ns_access a i a href DATAB 59 dt b a name check_policy_service check_policy_service i servername i a 60 dt b a name check_recipient_a_access check_recipient_a_access a i a hre 61 dt b a name check_recipient_access check_recipient_access a i a href D 62 dt b a name check_recipient_mx_access check_recipient_mx_access a i a h 63 dt b a name check_recipient_ns_access check_recipient_ns_access a i a h 64 dt b a name check_sasl_access check_sasl_access a i a href DATABASE_RE 65 dt b a name check_sender_a_access check_sender_a_access a i a href DAT 66 dt b a name check_sender_access check_sender_access a i a href DATABAS 67 dt b a name check_sender_mx_access check_sender_mx_access a i a href D 68 dt b a name check_sender_ns_access check_sender_ns_access a i a href D 69 dt b a name defer defer a b dt 70 dt b a name defer_if_permit defer_if_permit a b dt 71 dt b a name defer_if_reject defer_if_reject a b dt 72 dt b a name defer_unauth_destination defer_unauth_destination a b dt 73 dt b a name no_address_mappings no_address_mappings a b dt 74 dt b a name no_header_body_checks no_header_body_checks a b dt 75 dt b a name no_milters no_milters a b dt 76 dt b a name no_unknown_recipient_checks no_unknown_recipient_checks a b 77 dt b a name permit_auth_destination permit_auth_destination a b dt 78 dt b a name permit_dnswl_client permit_dnswl_client i dnswl_domain d d d d 79 dt b a name permit_inet_interfaces permit_inet_interfaces a b dt 80 dt b a name permit_mx_backup permit_mx_backup a b dt 81 dt b a name permit_mynetworks permit_mynetworks a b dt 82 dt b a name permit permit a b dt 83 dt b a name permit_rhswl_client permit_rhswl_client i rhswl_domain d d d d 84 dt b a name permit_sasl_authenticated permit_sasl_authenticated a b dt 85 dt b a name permit_tls_all_clientcerts permit_tls_all_clientcerts a b 86 dt b a name permit_tls_clientcerts permit_tls_clientcerts a b dt 87 dt b a name reject_invalid_helo_hostname reject_invalid_helo_hostname a 88 dt b a name reject_multi_recipient_bounce reject_multi_recipient_bounce a 89 dt b a name reject_non_fqdn_helo_hostname reject_non_fqdn_helo_hostname a 90 dt b a name reject_non_fqdn_recipient reject_non_fqdn_recipient a b dt 91 dt b a name reject_non_fqdn_sender reject_non_fqdn_sender a b dt 92 dt b a name reject_plaintext_session reject_plaintext_session a b dt 93 dt b a name reject_rbl_client reject_rbl_client i rbl_domain d d d d i 94 dt b a name reject reject a b dt 95 dt b a name reject_rhsbl_client reject_rhsbl_client i rbl_domain d d d d 96 dt b a name reject_rhsbl_helo reject_rhsbl_helo i rbl_domain d d d d i 97 dt b a name reject_rhsbl_recipient reject_rhsbl_recipient i rbl_domain d d 98 dt b a name reject_rhsbl_reverse_client reject_rhsbl_reverse_client i rbl_ 99 dt b a name reject_rhsbl_sender reject_rhsbl_sender i rbl_domain d d d d 100 dt b a name reject_sender_login_mismatch reject_sender_login_mismatch a 101 dt b a name reject_unauth_destination reject_unauth_destination a b dt 102 dt b a name reject_unauth_pipelining reject_unauth_pipelining a b dt 103 dt b a name reject_unknown_client_hostname reject_unknown_client_hostname 104 dt b a name reject_unknown_helo_hostname reject_unknown_helo_hostname a 105 dt b a name reject_unknown_recipient_domain reject_unknown_recipient_domain 106 dt b a name reject_unknown_sender_domain reject_unknown_sender_domain a 107 dt b a name reject_unlisted_recipient reject_unlisted_recipient a b wi 108 dt b a name reject_unlisted_sender reject_unlisted_sender a b dt 109 dt b a name reject_unverified_recipient reject_unverified_recipient a b 110 dt b a name reject_unverified_sender reject_unverified_sender a b dt 111 dt b a name sleep sleep i seconds i a b dt 112 dt b a name warn_if_reject warn_if_reject a b dt 113 dt dt b i a href DATABASE_README html type table a i b dt 114 dt dt b i number i i number i b dt 115 dt dt dd 0 Disable logging of TLS activity dd 116 dt dt dd 1 Log only a summary message on TLS handshake completion 117 dt dt dd 2 Also log levels during TLS negotiation dd 118 dt dt dd 3 Also log hexadecimal and ASCII dump of TLS negotiation 119 dt dt dd 4 Also log hexadecimal and ASCII dump of complete 120 dude dude example com 121 eliminates the latency of the TCP handshake SYN SYN ACK ACK 122 example com uucp uucp host 123 example MAIL RCPT BDAT BDAT MAIL RCPT BDAT without ever having to 124 export MANPATH MANPATH pwd man MANPATH 125 fe80 1 2d0 b7ff fe88 2ca7 ffff ffff ffff ffff 126 fe80 5 1 ffff ffff ffff ffff 127 file allows for robust handling of temporary delivery errors errors 128 Filtered Filtered 129 for the file name when a pattern is a type table table specification 130 from host example com 192 168 0 2 TLSv1 with cipher cipher name 131 generic generic a restrictions These restrictions are applicable in 132 groups msn com 63 2 1 2 4 4 14 14 14 8 0 133 highvolume com 4000 160 160 320 640 1280 1440 0 0 0 0 134 host host port host port address or address port the form 135 http www umich edu dirsvcs ldap ldap html or OpenLDAP 136 id 84863BC0E5 Sun 26 Nov 2006 17 01 01 0500 EST 137 if concurrency concurrency limit 138 ifconfig en0 alias address netmask 255 255 255 255 139 inet_addr_local inet_addr_local configured 2 IPv4 addresses 140 inet_addr_local inet_addr_local configured 4 IPv6 addresses 141 insiders_only insiders_only check_sender_access hash etc postfix insiders reject 142 in the form of a domain name hostname hostname port hostname port 143 into memory such as pcre regexp or texthash texthash is similar 144 jane jane janes preferred machine 145 joe joe joes preferred machine 146 Line 8 NEVER NEVER NEVER use the t command line option here It 147 listname listname request 148 lists sourceforge net 2313 2313 0 0 0 0 0 0 0 0 149 local local 8 150 local_only local_only 151 maildrop maildrop 152 maildrop maildrop owner cn root dc your dc com 153 make make makefiles CC opt ansic bin cc Ae HP UX 154 make make makefiles CC purify cc 155 man man man5 postconf 5 less 156 master_service_disable foo inet inet 157 multi_instance_enable multi_instance_enable 158 multi_instance_group multi_instance_group 159 multi_instance_name multi_instance_name 160 mydestination myhostname localhost mydomain mydomain 161 mydomain to an incomplete address address rewriting alias 162 mynetworks mynetworks 127 0 0 0 8 168 100 189 0 28 1 128 fe80 10 2001 240 587 163 mynetworks mynetworks hash etc postfix network_table 164 Name lt user example com gt gt i Postfix will ignore the i User 165 name name port name or name port 166 NOTE Postfix 3 6 also introduces support for the level level 167 number number ranges Postfix version 2 8 and later If no 168 numbers or number number ranges Postfix version 2 8 and later 169 one or more separated numbers or number number ranges 170 openssl req new key key 171 or more separated numbers or number number ranges p 172 or number number ranges Postfix version 2 8 and later If no 173 ownership of system directories such as etc usr usr bin var 174 PARAM postscreen_dnsbl_max_ttl postscreen_dnsbl_ttl postscreen_dnsbl_ttl 175 patterns list multiple domain names as domain domain 176 p Note 2 address information may be enclosed inside tt tt 177 postfix 12345 12345 postfix no where no shell 178 Postfix 2 3 2 5 to hang up on clients that that match 179 Postfix has TWO sets of mail filters filters that are used for 180 Postfix Postfix can use an LDAP directory as a source for any of its lookups 181 Postfix Postfix passes the status back to the remote SMTP 182 Postfix Postfix will send the mail back to the sender address 183 pre pre 184 query_filter mailacceptinggeneralid s maildrop maildrop 185 queue_directory queue_directory 186 Received from localhost localhost 127 0 0 1 187 Received Received from porcupine org 188 rejected rejected recipients are available on request by the Milter 189 rewrite 8 none none 190 Say we have ten recipient mail followed by two two recipient mails If 191 separated numbers or number number ranges If no 192 smtpd_recipient_restrictions smtpd_recipient_restrictions 193 smtpd_relay_restrictions smtpd_relay_restrictions 194 smtpd_relay_restrictions smtpd_relay_restrictions 195 smtpd_tls_mandatory_protocols SSLv2 SSLv3 TLSv1 TLSv1 1 196 smtpd_tls_mandatory_protocols SSLv2 SSLv3 TLSv1 TLSv1 1 197 smtp smtp o smtp_bind_address 11 22 33 44 198 smtp smtp o smtp_bind_address6 1 2 3 4 5 6 7 8 199 smtp_tls_mandatory_protocols SSLv2 SSLv3 TLSv1 TLSv1 1 200 smtp_tls_mandatory_protocols SSLv2 SSLv3 TLSv1 TLSv1 1 201 SSLv3 TLSv1 TLSv1 1 TLSv1 2 and TLSv1 3 Starting with 202 T 5 10 20 40 80 160 320 640 1280 1280 203 T A 5 10 20 40 80 160 320 320 204 Therefore 301 0301 0x301 and 0x0301 are all equivalent to 205 The syntax of name value value name value and name value 206 the the backed up domain tld domain This prevents your mail queue 207 tls_random_source dev dev urandom 208 tls_random_source dev dev urandom 209 tls_random_source dev dev urandom 210 TLS TLS support in the LMTP delivery agent 211 TLSv1 3 with cipher TLS_AES_256_GCM_SHA384 256 256 bits 212 to flush flush 8 Deferred 213 to host example com 192 168 0 2 25 TLSv1 with cipher cipher name 214 to server example TLSv1 3 with cipher TLS_AES_256_GCM_SHA384 256 256 bits 215 TOTAL 5000 200 200 400 800 1600 1000 200 200 200 200 216 transport transport 217 tt tt in the authorized_verp_clients value and in files 218 tt tt in the mynetworks value and in files specified with 219 tt tt in the smtpd_authorized_verp_clients value and in 220 tt tt in the smtpd_authorized_xclient_hosts value and in 221 tt tt in the smtpd_authorized_xforward_hosts value and in 222 tt tt in the smtpd_client_event_limit_exceptions value and 223 tt tt in the smtpd_sasl_exceptions_networks value and in 224 tt tt p 225 two two recipient mails 226 uid cn cn auth 227 Unfiltered Unfiltered 228 unknown recipients in local domains domains that match mydestination 229 Use blockquote pre pre blockquote for examples 230 Use pre pre for the Examples section at the end 231 username username 232 user sourceforge net 7678 7678 0 0 0 0 0 0 0 0 233 using TLSv1 3 with cipher TLS_AES_256_GCM_SHA384 256 256 bits 234 using TLSv1 with cipher cipher name 235 var var spool and so on This is especially an issue if you executed 236 With the standard operators lt lt etc compatibility 237 yes yes yes never 100 238 zombie zombie tlsproxy 8 smtpd 8 239 and 1 000 000 messages with good performance unlikely above that 240 dt dt b name value b Postfix ge 3 0 dt 241 dt dt dd 3 Also log the hexadecimal and ASCII dump of the 242 dt dt dd 4 Also log the hexadecimal and ASCII dump of complete 243 parametername stress something something Other 244 p Note on OpenBSD systems specify dev dev arandom when dev dev urandom 245 user3 example net smtp smtp relay example net submission 246 virtual_alias_maps hash etc postfix virtual virtual aliasing 247 system_wide_settings system_wide_settings 248 ssl_library_settings ssl_library_settings 249 initial_ssl_settings initial_ssl_settings 250 postfix_settings postfix_settings 251 postfix_ssl_settings postfix_ssl_settings 252 baseline_postfix_settings baseline_postfix_settings 253 The and match and literally Without the the 254 The matches literally Without the the would 255 The example is simplified for educational purposes In reality my patterns list multiple domain names as domain domain 256 The matches literally Without the the would match any character 257 The and match and literally Without the the and would be grouping operators 258 The matches literally Without the the would match any character 259 pipeline all commands following EHLO for example MAIL RCPT BDAT BDAT MAIL RCPT BDAT without ever having to wait for a server response This means that with BDAT the Postfix SMTP server cannot distinguish between a well behaved client and a 260 NOTE Postfix 3 6 also introduces support for the level level and other operators to compare compatibility levels With the standard operators etc compatibility level 3 10 would be smaller than 3 9 which is undesirable 261 Otherwise the benefits of SMTP connection caching are minor it eliminates the latency of the TCP handshake SYN SYN ACK ACK plus the latency of the SMTP initial handshake 220 greeting EHLO command EHLO response With TLS encrypted 262 Otherwise the benefits of SMTP connection caching are minor it eliminates the latency of the TCP handshake SYN SYN ACK ACK plus the latency of the SMTP initial handshake 220 greeting EHLO command EHLO response With TLS encrypted 263 3 Reject the mail by sending a suitable status code back to Postfix Postfix will send the mail back to the sender address 264 Line 8 NEVER NEVER NEVER use the t command line option here It will mis deliver mail like sending messages from a mailing list back to the mailing list 265 Line 8 NEVER NEVER NEVER use the t command line option here It will mis deliver mail like sending messages from a mailing list back to the mailing list 266 Documentation Documentation is available as README files start with the file README_FILES AAAREADME as HTML web pages point your browser to html index html and as UNIX style manual pages 267 Parameters whose defaults can be specified in this way are listed below See the postconf 5 manpage for a description command nroff man man man5 postconf 5 less 268 Parameters whose defaults can be specified in this way are listed below See the postconf 5 manpage for a description command nroff man man man5 postconf 5 less 269 mynetworks mynetworks 127 0 0 0 8 168 100 189 0 28 1 128 fe80 10 2001 240 587 64 270 Postfix Postfix can use an LDAP directory as a source for any of its lookups aliases 5 virtual 5 canonical 5 etc This allows you to keep information for your mail service in a replicated network database with fine grained access controls By not 271 If you re using the libraries from the UM distribution http www umich edu dirsvcs ldap ldap html or OpenLDAP http www openldap org something like this in the top level of your Postfix source tree should work 272 query_filter mailacceptinggeneralid s maildrop maildrop maildrop 273 query_filter mailacceptinggeneralid s maildrop maildrop maildrop 274 query_filter mailacceptinggeneralid s maildrop maildrop maildrop owner cn root dc your dc com 275 query_filter mailacceptinggeneralid s maildrop maildrop maildrop owner cn root dc your dc com 276 As of Postfix version 2 0 the Postfix SMTP server rejects mail for unknown recipients in local domains domains that match mydestination or the IP addresses in inet_interfaces or proxy_interfaces with User unknown in local recipient table 277 Postfix emulates a limited number of Sendmail macros as shown in the table Some macro values depend on whether a recipient is rejected rejected recipients are available on request by the Milter application Different macros are available at 278 Postfix has TWO sets of mail filters filters that are used for SMTP mail only specified with the smtpd_milters parameter and filters for non SMTP mail specified with the non_smtpd_milters parameter The non SMTP filters are primarily for 279 etc usr usr bin var var spool and so on This is especially an issue if you executed postfix install see above as an unprivileged user 280 etc usr usr bin var var spool and so on This is especially an issue if you executed postfix install see above as an unprivileged user 281 parametername stress something stress something or parametername stress something something Other parameters always evaluate as if the stress value is the empty string 282 parametername stress something stress something or parametername stress something something Other parameters always evaluate as if the stress value is the empty string 283 more CPU faster disks and more network bandwidth can deal with larger deferred queues but as a rule of thumb the deferred queue scales to somewhere between 100 000 and 1 000 000 messages with good performance unlikely above that limit 284 31 sasldb Accounts are stored stored in a Cyrus SASL Berkeley DB database 285 assigned to the delivery slots might look like this 12131415 Hmm fine for sneaking in the single recipient mail but how do we sneak in the mail with more than one recipient Say if we have one four recipient mail followed by two two recipient 286 we see the hundred recipient job can accumulate ten free delivery slots and then we could preempt it and sneak in the ten recipient mail Wait wait wait Could we Aren t we overinflating the original one thousand recipient mail 287 The truth is that it turns out that it is not really necessary to wait until the jobs counter accumulates all the delivery slots in advance Say we have ten recipient mail followed by two two recipient mails If the preemption happened when enough 288 Disallowing RFC 822 address syntax example MAIL FROM the dude dude example com 289 3 Reject the mail by sending a suitable SMTP status code back to Postfix Postfix passes the status back to the remote SMTP client This way Postfix does not have to send a bounce message 290 Lines 14 18 Define the list of valid addresses in the the backed up domain tld domain This prevents your mail queue from filling up with undeliverable MAILER DAEMON messages If you can t maintain a list of valid recipients then you must 291 The syntax of name value value name value and name value is explained at the beginning of the postconf 5 manual page 292 Use 521 SMTP reply codes Postfix 2 6 and later or 421 Postfix 2 3 2 5 to hang up on clients that that match botnet related RBLs see next bullet or that match selected non RBL restrictions such as SMTP access maps The Postfix SMTP 293 the next hop destination can have the Postfix specific form name name port name or name port 294 dt b a name no_unknown_recipient_checks no_unknown_recipient_checks a b dt 295 dt b a name check_ccert_access check_ccert_access a i a href DATABASE_README html type table a i b dt 296 dt b a name check_client_access check_client_access a i a href DATABASE_README html type table a i b dt 297 dt b a name check_client_a_access check_client_a_access a i a href DATABASE_README html type table a i b dt 298 dt b a name check_client_mx_access check_client_mx_access a i a href DATABASE_README html type table a i b dt 299 dt b a name check_client_ns_access check_client_ns_access a i a href DATABASE_README html type table a i b dt 300 dt b a name check_reverse_client_hostname_access check_reverse_client_hostname_access a i a href DATABASE_README html type table a i b dt 301 dt b a name check_reverse_client_hostname_a_access check_reverse_client_hostname_a_access a i a href DATABASE_README html type table a i b dt 302 dt b a name check_reverse_client_hostname_mx_access check_reverse_client_hostname_mx_access a i a href DATABASE_README html type table a i b dt 303 dt b a name check_reverse_client_hostname_ns_access check_reverse_client_hostname_ns_access a i a href DATABASE_README html type table a i b dt 304 dt b a name check_sasl_access check_sasl_access a i a href DATABASE_README html type table a i b dt 305 dt b a name permit_sasl_authenticated permit_sasl_authenticated a b dt 306 dt b a name permit_tls_all_clientcerts permit_tls_all_clientcerts a b dt 307 dt b a name reject_rbl_client reject_rbl_client i rbl_domain d d d d i a b dt 308 dt b a name permit_dnswl_client permit_dnswl_client i dnswl_domain d d d d i a b dt 309 dt b a name reject_rhsbl_client reject_rhsbl_client i rbl_domain d d d d i a b dt 310 dt b a name permit_rhswl_client permit_rhswl_client i rhswl_domain d d d d i a b dt 311 dt b a name reject_rhsbl_reverse_client reject_rhsbl_reverse_client i rbl_domain d d d d i a b dt 312 dt b a name reject_unknown_client_hostname reject_unknown_client_hostname a b with Postfix lt 2 3 reject_unknown_client dt 313 dt b a name reject_unknown_reverse_client_hostname reject_unknown_reverse_client_hostname a b dt 314 dt b a name reject_unknown_forward_client_hostname reject_unknown_forward_client_hostname a b dt 315 dt b a name check_policy_service check_policy_service i servername i a b dt 316 dt b a name reject_multi_recipient_bounce reject_multi_recipient_bounce a b dt 317 dt b a name check_etrn_access check_etrn_access a i a href DATABASE_README html type table a i b dt 318 dt b a name check_helo_access check_helo_access a i a href DATABASE_README html type table a i b dt 319 dt b a name check_helo_a_access check_helo_a_access a i a href DATABASE_README html type table a i b dt 320 dt b a name check_helo_mx_access check_helo_mx_access a i a href DATABASE_README html type table a i b dt 321 dt b a name check_helo_ns_access check_helo_ns_access a i a href DATABASE_README html type table a i b dt 322 dt b a name reject_invalid_helo_hostname reject_invalid_helo_hostname a b with Postfix lt 2 3 reject_invalid_hostname dt 323 dt b a name reject_non_fqdn_helo_hostname reject_non_fqdn_helo_hostname a b with Postfix lt 2 3 reject_non_fqdn_hostname dt 324 dt b a name reject_rhsbl_helo reject_rhsbl_helo i rbl_domain d d d d i a b dt 325 dt b a name reject_unknown_helo_hostname reject_unknown_helo_hostname a b with Postfix lt 2 3 reject_unknown_hostname dt 326 dt b a name check_recipient_access check_recipient_access a i a href DATABASE_README html type table a i b dt 327 dt b a name check_recipient_a_access check_recipient_a_access a i a href DATABASE_README html type table a i b dt 328 dt b a name check_recipient_mx_access check_recipient_mx_access a i a href DATABASE_README html type table a i b dt 329 dt b a name check_recipient_ns_access check_recipient_ns_access a i a href DATABASE_README html type table a i b dt 330 dt b a name reject_non_fqdn_recipient reject_non_fqdn_recipient a b dt 331 dt b a name reject_rhsbl_recipient reject_rhsbl_recipient i rbl_domain d d d d i a b dt 332 dt b a name reject_unauth_destination reject_unauth_destination a b dt 333 dt b a name reject_unknown_recipient_domain reject_unknown_recipient_domain a b dt 334 dt b a name reject_unlisted_recipient reject_unlisted_recipient a b with Postfix version 2 0 check_recipient_maps dt 335 dt b a name reject_unverified_recipient reject_unverified_recipient a b dt 336 dt b a name check_sender_access check_sender_access a i a href DATABASE_README html type table a i b dt 337 dt b a name check_sender_a_access check_sender_a_access a i a href DATABASE_README html type table a i b dt 338 dt b a name check_sender_mx_access check_sender_mx_access a i a href DATABASE_README html type table a i b dt 339 dt b a name check_sender_ns_access check_sender_ns_access a i a href DATABASE_README html type table a i b dt 340 dt b a name reject_authenticated_sender_login_mismatch reject_authenticated_sender_login_mismatch a b dt 341 dt b a name reject_known_sender_login_mismatch reject_known_sender_login_mismatch a b dt 342 dt b a name reject_rhsbl_sender reject_rhsbl_sender i rbl_domain d d d d i a b dt 343 dt b a name reject_sender_login_mismatch reject_sender_login_mismatch a b dt 344 dt b a name reject_unauthenticated_sender_login_mismatch reject_unauthenticated_sender_login_mismatch a b dt 345 dt b a name reject_unknown_sender_domain reject_unknown_sender_domain a b dt 346 dt b a name check_address_map check_address_map a i a href DATABASE_README html type table a i b dt 347 PARAM postscreen_dnsbl_max_ttl postscreen_dnsbl_ttl postscreen_dnsbl_ttl 1 h 348 standard lt CR gt lt LF gt br br This maintains compatibility 349 lt CR gt lt LF gt lt CR gt lt LF gt br br Such clients 350 smtpd_forbid_bare_newline_reject_code br br This will reject 351 br br This will also reject some email from Microsoft services 352 2045 Sections 2 7 and 2 8 br br Such clients can be excluded 353 br br This will also reject email from services that use BDAT 354 RFC 2045 Sections 2 7 and 2 8 br br Such clients can be 355 to become a list of comma separated names br br This feature 356 the form of a domain name hostname hostname service hostname service 357 expected to become a list of comma separated names br br This 358 Postfix Postfix can use MongoDB as a source for any of its lookups aliases 5 virtual 5 canonical 5 etc This allows you to keep information for your mail service in a replicated noSQL database with fine grained access controls By not storing it 359 CCARGS CCARGS DHAS_MONGODB I usr include libmongoc 1 0 360 dt dt dd 2 Also enable verbose logging in the Postfix TLS 361 Postfix Postfix legacy TLS Support 362 var run tlsrpt tlsrpt sock Relative names will work with and without Postfix chroot support Do not specify a location under a directory such as private or public that is already used by Postfix programs Only Postfix programs should create 363 Note the recommended socket location is still to be determined A good socket location would be under the Postfix queue directory for example smtp_tlsrpt_socket_name run tlsrpt tlsrpt sock The advantage of using a relative name is that 364 with cipher ECDHE RSA AES256 GCM SHA384 256 256 bits 365 TLSv1 2 with cipher ECDHE RSA AES256 GCM SHA384 256 256 bits 366 The recommended socket location is still to be determined A good socket location would be under the Postfix queue directory for example smtp_tlsrpt_socket_name run tlsrpt tlsrpt sock The advantage of using a relative name is that it 367
Indexes created Fri Mar 06 19:51:54 UTC 2026