1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
.TH SMTPD 8
.ad
.fi
.SH NAME
smtpd
\-
Postfix SMTP server
.SH SYNOPSIS
.na
.nf
\fBsmtpd\fR [generic Postfix daemon options]
.SH DESCRIPTION
.ad
.fi
The SMTP server accepts network connection requests
and performs zero or more SMTP transactions per connection.
Each received message is piped through the \fBcleanup\fR(8)
daemon, and is placed into the \fBincoming\fR queue as one
single queue file. For this mode of operation, the program
expects to be run from the \fBmaster\fR(8) process manager.
Alternatively, the SMTP server takes an established
connection on standard input and deposits messages directly
into the \fBmaildrop\fR queue. In this so-called stand-alone
mode, the SMTP server can accept mail even while the mail
system is not running.
The SMTP server implements a variety of policies for connection
requests, and for parameters given to \fBHELO, MAIL FROM, VRFY\fR
and \fBRCPT TO\fR commands. They are detailed below and in the
\fBmain.cf\fR configuration file.
.SH SECURITY
.na
.nf
.ad
.fi
The SMTP server is moderately security-sensitive. It talks to SMTP
clients and to DNS servers on the network. The SMTP server can be
run chrooted at fixed low privilege.
.SH STANDARDS
.na
.nf
RFC 821 (SMTP protocol)
RFC 1123 (Host requirements)
RFC 1651 (SMTP service extensions)
RFC 1652 (8bit-MIME transport)
RFC 1854 (SMTP Pipelining)
RFC 1870 (Message Size Declaration)
RFC 1985 (ETRN command) (partial)
.SH DIAGNOSTICS
.ad
.fi
Problems and transactions are logged to \fBsyslogd\fR(8).
Depending on the setting of the \fBnotify_classes\fR parameter,
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
.SH BUGS
.ad
.fi
RFC 1985 is implemented by forcing delivery of all deferred mail.
.SH CONFIGURATION PARAMETERS
.na
.nf
.ad
.fi
The following \fBmain.cf\fR parameters are especially relevant to
this program. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
.SH "Compatibility controls"
.ad
.fi
.IP \fBstrict_rfc821_envelopes\fR
Disallow non-RFC 821 style addresses in envelopes. For example,
allow RFC822-style address forms with comments, like Sendmail does.
.SH Miscellaneous
.ad
.fi
.IP \fBalways_bcc\fR
Address to send a copy of each message that enters the system.
.IP \fBcommand_directory\fR
Location of Postfix support commands (default:
\fB$program_directory\fR).
.IP \fBdebug_peer_level\fR
Increment in verbose logging level when a remote host matches a
pattern in the \fBdebug_peer_list\fR parameter.
.IP \fBdebug_peer_list\fR
List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter.
.IP \fBerror_notice_recipient\fR
Recipient of protocol/policy/resource/software error notices.
.IP \fBhopcount_limit\fR
Limit the number of \fBReceived:\fR message headers.
.IP \fBnotify_classes\fR
List of error classes. Of special interest are:
.IP \fBlocal_recipient_maps\fR
List of maps with user names that are local to \fB$myorigin\fR
or \fB$inet_interfaces\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown local users.
.RS
.IP \fBpolicy\fR
When a client violates any policy, mail a transcript of the
entire SMTP session to the postmaster.
.IP \fBprotocol\fR
When a client violates the SMTP protocol or issues an unimplemented
command, mail a transcript of the entire SMTP session to the
postmaster.
.RE
.IP \fBsmtpd_banner\fR
Text that follows the \fB220\fR status code in the SMTP greeting banner.
.IP \fBsmtpd_recipient_limit\fR
Restrict the number of recipients that the SMTP server accepts
per message delivery.
.IP \fBsmtpd_timeout\fR
Limit the time to send a server response and to receive a client
request.
.SH "Resource controls"
.ad
.fi
.IP \fBline_length_limit\fR
Limit the amount of memory in bytes used for the handling of
partial input lines.
.IP \fBmessage_size_limit\fR
Limit the total size in bytes of a message, including on-disk
storage for envelope information.
.IP \fBqueue_minfree\fR
Minimal amount of free space in bytes in the queue file system
for the SMTP server to accept any mail at all.
.SH Tarpitting
.ad
.fi
.IP \fBsmtpd_error_sleep_time\fR
Time to wait in seconds before sending a 4xx or 5xx server error
response.
.IP \fBsmtpd_soft_error_limit\fR
When an SMTP client has made this number of errors, wait
\fIerror_count\fR seconds before responding to any client request.
.IP \fBsmtpd_hard_error_limit\fR
Disconnect after a client has made this number of errors.
.IP \fBsmtpd_junk_command_limit\fR
Limit the number of times a client can issue a junk command
such as NOOP, VRFY, ETRN or RSET in one SMTP session before
it is penalized with tarpit delays.
.SH "UCE control restrictions"
.ad
.fi
.IP \fBsmtpd_client_restrictions\fR
Restrict what clients may connect to this mail system.
.IP \fBsmtpd_helo_required\fR
Require that clients introduce themselves at the beginning
of an SMTP session.
.IP \fBsmtpd_helo_restrictions\fR
Restrict what client hostnames are allowed in \fBHELO\fR and
\fBEHLO\fR commands.
.IP \fBsmtpd_sender_restrictions\fR
Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
.IP \fBsmtpd_recipient_restrictions\fR
Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
.IP \fBsmtpd_etrn_restrictions\fR
Restrict what domain names can be used in \fBETRN\fR commands,
and what clients may issue \fBETRN\fR commands.
.IP \fBallow_untrusted_routing\fR
Allow untrusted clients to specify addresses with sender-specified
routing. Enabling this opens up nasty relay loopholes involving
trusted backup MX hosts.
.IP \fBrestriction_classes\fR
Declares the name of zero or more parameters that contain a
list of UCE restrictions. The names of these parameters can
then be used instead of the restriction lists that they represent.
.IP \fBmaps_rbl_domains\fR
List of DNS domains that publish the addresses of blacklisted
hosts.
.IP \fBrelay_domains\fR
Restrict what domains or networks this mail system will relay
mail from or to.
.SH "UCE control responses"
.ad
.fi
.IP \fBaccess_map_reject_code\fR
Server response when a client violates an access database restriction.
.IP \fBinvalid_hostname_reject_code\fR
Server response when a client violates the \fBreject_invalid_hostname\fR
restriction.
.IP \fBmaps_rbl_reject_code\fR
Server response when a client violates the \fBmaps_rbl_domains\fR
restriction.
.IP \fBreject_code\fR
Response code when the client matches a \fBreject\fR restriction.
.IP \fBrelay_domains_reject_code\fR
Server response when a client attempts to violate the mail relay
policy.
.IP \fBunknown_address_reject_code\fR
Server response when a client violates the \fBreject_unknown_address\fR
restriction.
.IP \fBunknown_client_reject_code\fR
Server response when a client without address to name mapping
violates the \fBreject_unknown_clients\fR restriction.
.IP \fBunknown_hostname_reject_code\fR
Server response when a client violates the \fBreject_unknown_hostname\fR
restriction.
.SH SEE ALSO
.na
.nf
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging
.SH LICENSE
.na
.nf
.ad
.fi
The Secure Mailer license must be distributed with this software.
.SH AUTHOR(S)
.na
.nf
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
|
