|
|
|
| Description |
La messagerie lectronique est une application trs importante et des plus utiles des rseaux. Plus rapide et moins onreuse que la plupart des autres moyens de communication (tlcopie, tlphone, courrier postal, coursier...) la messagerie lectronique est un vecteur de plus en plus important dans la communication aussi bien interne qu'externe. Dans l'univers des rseaux TCP/IP, la messagerie SMTP est de loin la plus utilise, notamment avec l'outil Unix sendmail.
Le logiciel libre Postfix est un gestionnaire de messagerie simple configurer et conu pour une scurit optimale. De plus il est peu gourmand en ressources systme et constitue donc une vritable alternative Sendmail. Le choix de Postfix est lgitime tant pour le traitement de flux importants de messages que pour de petites installations. L'objectif de ce cours est de prparer l'installation et la mise en exploitation de Postfix en lieu et place de Sendmail. |
| Nature | Support de cours - 40 transparents (HTML). |
| Contexte |
Support de notre formation Postfix. Le support disponible ici est celui utilis le 12 octobre 1999 lors de la formation effectue au CRU ; les futures sessions de cette formation pourront utiliser une version revue du support. |
| Auteurs | Alain Thivillon (Alain.Thivillon@hsc.fr) |
| Sur le mme sujet... |
Prsentation publiques : "Postfix : une nouvelle gnration de MTA sous Unix" (juin 1999) "La scurit du MTA Postfix" (mars 1999) |
| Table des matires |
Page de garde
Agenda : matin
Architecture (1)
Compilation (1)
Installation (1)
Configuration de base (1)
Configuration avance (1) : spam
Maintenance de postfix (1)
Migration depuis sendmail
Exemple 1 : configuration sur un firewall |
| Droits d'auteur | © 1999, Herv Schauer Consultants, tous droits rservs. |
|
Dernire modification le 10 dcembre 1999
Informations sur ce serveur - webmaster@hsc.fr Copyright © 1999 Herv Schauer Consultants |
|
Postfix Configuration - UCE ControlsBy default, the Postfix SMTP server will accept mail only from or to the local network or domain, so that your system can't be used as a mail relay to forward bulk mail from random strangers.
The text in this document describes how you can set up more detailed anti-UCE policies that prevent delivery of unwanted email altogether, for example with sendmail-style access lists or with RBL (real-time blackhole list) name servers.
Unless indicated otherwise, all parameters described here are in the main.cf file. If you change parameters of a running Postfix system, don't forget to issue a postfix reload command.
A rule ending in OK affects only the header being matched. The next header may still result in a REJECT match, causing the mail still to be rejected.
In addition to restrictions that are specific to HELO (EHLO)
command parameters, you can also specify restrictions based
on the client hostname or network address.
In addition to restrictions that are specific to sender mail
addresses, you can also specify restrictions based on the information
passed with the HELO/EHLO command, and on the client hostname or
network address.
In addition to restrictions that are specific to recipient mail
addresses, you can also specify restrictions based on the sender mail
address, on the information passed with the HELO/EHLO command, and
on the client hostname or network address.
In addition to restrictions that are specific to ETRN domain names,
you can also specify restrictions based on the information passed
with the HELO/EHLO command, and on the client hostname or network
address.
Note: RBL lookups are disabled by default.
A host or destination address matches $relay_domains when
its name or parent domain matches any of the names, files or lookup
tables listed in $relay_domains.
Client name/address restrictions
The smtpd_client_restrictions parameter restricts what
clients this system accepts SMTP connections from.
Require HELO (EHLO) command
The smtpd_helo_required parameter determines if clients must
send a HELO (EHLO) command at the beginning of an
SMTP session. Requiring this will stop some UCE software.
HELO (EHLO) hostname restrictions
The smtpd_helo_restrictions parameter restricts what hostnames
clients may send with the HELO (EHLO) command. Some
UCE software can be stopped by being strict here.
Sender address restrictions
The smtpd_sender_restrictions parameter restricts what sender
addresses this system accepts in MAIL FROM commands.
Recipient address restrictions
The smtpd_recipient_restrictions parameter restricts what
recipient addresses this system accepts in RCPT TO commands.
ETRN command restrictions
Not really an UCE restriction, the smtpd_etrn_restrictions
parameter restricts what domains may be specified in ETRN commands,
and what clients may issue ETRN commands.
Generic restrictions
The following restrictions can use used for client hostnames or
addresses, for HELO (EHLO) hostnames, for sender mail addresses
and for recipient mail addresses.
Restrictions:
Additional UCE control parameters
Up one level | Basic
Configuration | UCE Controls | Rate
Controls | Resource Controls | Address Manipulation
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/trivial-rewrite.8.html������������������������������������������������������������������100664 � 1751 � 146 � 12146 7017475553 16507� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
NAME
trivial-rewrite - Postfix address rewriting and resolving
daemon
SYNOPSIS
trivial-rewrite [generic Postfix daemon options]
DESCRIPTION
The trivial-rewrite daemon processes two types of client
service requests:
rewrite
Rewrite an address to standard form. The trivial-
rewrite daemon by default appends local domain
information to unqualified addresses, swaps bang
paths to domain form, and strips source routing
information. This process is under control of sev-
eral configuration parameters (see below).
resolve
Resolve an address to a (transport, nexthop, recip-
ient) triple. The meaning of the results is as fol-
lows:
transport
The delivery agent to use. This is the first
field of an entry in the master.cf file.
nexthop
The host to send to. For local delivery this
is an empty string.
recipient
The envelope recipient address that is
passed on to nexthop.
The trivial-rewrite daemon by default only distin-
guishes between local and non-local mail. For finer
control over mail routing, use the optional trans-
port(5) lookup table.
This program expects to be run from the master(8) process
manager.
STANDARDS
None. The command does not interact with the outside
world.
SECURITY
The trivial-rewrite daemon is not security sensitive. By
default, this daemon does not talk to remote or local
users. It can run at a fixed low privilege in a chrooted
environment.
1
TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
BUGS
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
inet_interfaces
The network interfaces that this mail system
receives mail on. This information is used to
determine if user@[net.work.addr.ess] is local or
remote.
mydestination
List of domains that this machine considers local.
myorigin
The domain that locally-posted mail appears to come
from.
Rewriting
allow_percent_hack
Rewrite user%domain to user@domain.
append_at_myorigin
Rewrite user to user@$myorigin.
append_dot_mydomain
Rewrite user@host to user@host.$mydomain.
swap_bangpath
Rewrite site!user to user@site.
Routing
default_transport
The default transport to use when no transport is
explicitly given in the transport(5) table.
relayhost
The default host to send mail to when no entry is
matched in the transport(5) table.
When no relayhost is specified, mail is routed
directly to the destination's mail exchanger.
transport_maps
List of tables with domain to (transport, nexthop)
mappings.
2
TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
SEE ALSO
master(8) process manager
syslogd(8) system logging
transport(5) transport table format
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
3
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/transport.5.html������������������������������������������������������������������������100664 � 1751 � 146 � 12177 7017475553 15413� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
TRANSPORT(5) TRANSPORT(5)
NAME
transport - format of Postfix transport table
SYNOPSIS
postmap /etc/postfix/transport
DESCRIPTION
The optional transport file specifies a mapping from
domain hierarchies to message delivery transports and/or
relay hosts. The mapping is used by the trivial-rewrite(8)
daemon.
The file serves as input to the postmap(1) command. The
result, an indexed file in dbm or db format, is used for
fast searching by the mail system. After updating this
table, issue the postfix reload command to make the change
visible.
The format of the transport table is as follows:
blanks and comments
Blank lines are ignored, as are lines beginning
with `#'.
domain transport:nexthop
Mail for domain is delivered through transport to
nexthop.
.domain transport:nexthop
Mail for any subdomain of domain is delivered
through transport to nexthop.
The interpretation of the nexthop field is trans-
port dependent. In the case of SMTP, specify
host:service for a non-default server port, and use
[host] or [host:port] in order to disable MX (mail
exchanger) DNS lookups. The [] form can also be
used with IP addresses instead of hostnames.
EXAMPLES
In order to send mail for foo.org and its subdomains
via the uucp transport to the UUCP host named foo:
foo.org uucp:foo
.foo.org uucp:foo
When no nexthop host name is specified, the destination domain
name is used instead. For example, the following directs mail for
user@foo.org via the slow transport to a mail
exchanger for foo.org. The slow transport could be
something that runs at most one delivery process at a time:
foo.org slow:
1
TRANSPORT(5) TRANSPORT(5)
When no transport is specified, the default transport is
used, as specified via the default_transport configuration
parameter. The following sends all mail for foo.org and its
subdomains to host gateway.foo.org:
foo.org :[gateway.foo.org]
.foo.org :[gateway.foo.org]
In the above example, the [] are used to suppress MX lookups.
The result would likely point to your local machine.
In the case of delivery via SMTP, one may specify
hostname:service instead of just a host:
foo.org smtp:bar.org:2025
This directs mail for user@foo.org to host bar.org
port 2025. Instead of a numerical port a symbolic name may be
used. Specify [] around the destination in order to disable MX lookups.
The error mailer can be used to bounce mail:
.foo.org error:mail for *.foo.org is not deliverable
This causes all mail for user@anythingfoo.org
to be bounced.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this topic. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
transport_maps
List of transport lookup tables.
Other parameters of interest:
default_transport
The transport to use when no transport is explic-
itly specified.
relayhost
The default host to send to when no transport table
entry matches.
SEE ALSO
postmap(1) create mapping table
trivial-rewrite(8) rewrite and resolve addresses
LICENSE
The Secure Mailer license must be distributed with this
software.
2
TRANSPORT(5) TRANSPORT(5)
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
3
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/smtpd.8.html����������������������������������������������������������������������������100664 � 1751 � 146 � 24005 7017475553 14502� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
SMTPD(8) SMTPD(8)
NAME
smtpd - Postfix SMTP server
SYNOPSIS
smtpd [generic Postfix daemon options]
DESCRIPTION
The SMTP server accepts network connection requests and
performs zero or more SMTP transactions per connection.
Each received message is piped through the cleanup(8) dae-
mon, and is placed into the incoming queue as one single
queue file. For this mode of operation, the program
expects to be run from the master(8) process manager.
Alternatively, the SMTP server takes an established con-
nection on standard input and deposits messages directly
into the maildrop queue. In this so-called stand-alone
mode, the SMTP server can accept mail even while the mail
system is not running.
The SMTP server implements a variety of policies for con-
nection requests, and for parameters given to HELO, MAIL
FROM, VRFY and RCPT TO commands. They are detailed below
and in the main.cf configuration file.
SECURITY
The SMTP server is moderately security-sensitive. It talks
to SMTP clients and to DNS servers on the network. The
SMTP server can be run chrooted at fixed low privilege.
STANDARDS
RFC 821 (SMTP protocol)
RFC 1123 (Host requirements)
RFC 1651 (SMTP service extensions)
RFC 1652 (8bit-MIME transport)
RFC 1854 (SMTP Pipelining)
RFC 1870 (Message Size Declaration)
RFC 1985 (ETRN command) (partial)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
Depending on the setting of the notify_classes parameter,
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
BUGS
RFC 1985 is implemented by forcing delivery of all
deferred mail.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
1
SMTPD(8) SMTPD(8)
command after a configuration change.
Miscellaneous
always_bcc
Address to send a copy of each message that enters
the system.
command_directory
Location of Postfix support commands (default:
$program_directory).
debug_peer_level
Increment in verbose logging level when a remote
host matches a pattern in the debug_peer_list
parameter.
debug_peer_list
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
debug_peer_level parameter.
error_notice_recipient
Recipient of protocol/policy/resource/software
error notices.
hopcount_limit
Limit the number of Received: message headers.
notify_classes
List of error classes. Of special interest are:
policy When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
protocol
When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
smtpd_banner
Text that follows the 220 status code in the SMTP
greeting banner.
smtpd_recipient_limit
Restrict the number of recipients that the SMTP
server accepts per message delivery.
smtpd_timeout
Limit the time to send a server response and to
receive a client request.
2
SMTPD(8) SMTPD(8)
Resource controls
line_length_limit
Limit the amount of memory in bytes used for the
handling of partial input lines.
message_size_limit
Limit the total size in bytes of a message, includ-
ing on-disk storage for envelope information.
queue_minfree
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
Tarpitting
smtpd_error_sleep_time
Time to wait in seconds before sending a 4xx or 5xx
server error response.
smtpd_soft_error_limit
When an SMTP client has made this number of errors,
wait error_count seconds before responding to any
client request.
smtpd_hard_error_limit
Disconnect after a client has made this number of
errors.
UCE control restrictions
smtpd_client_restrictions
Restrict what clients may connect to this mail sys-
tem.
smtpd_helo_required
Require that clients introduce themselves at the
beginning of an SMTP session.
smtpd_helo_restrictions
Restrict what client hostnames are allowed in HELO
and EHLO commands.
smtpd_sender_restrictions
Restrict what sender addresses are allowed in MAIL
FROM commands.
smtpd_recipient_restrictions
Restrict what recipient addresses are allowed in
RCPT TO commands.
smtpd_etrn_restrictions
Restrict what domain names can be used in ETRN com-
mands, and what clients may issue ETRN commands.
3
SMTPD(8) SMTPD(8)
maps_rbl_domains
List of DNS domains that publish the addresses of
blacklisted hosts.
relay_domains
Restrict what domains or networks this mail system
will relay mail from or to.
UCE control responses
access_map_reject_code
Server response when a client violates an access
database restriction.
invalid_hostname_reject_code
Server response when a client violates the
reject_invalid_hostname restriction.
maps_rbl_reject_code
Server response when a client violates the
maps_rbl_domains restriction.
reject_code
Response code when the client matches a reject
restriction.
relay_domains_reject_code
Server response when a client attempts to violate
the mail relay policy.
unknown_address_reject_code
Server response when a client violates the
reject_unknown_address restriction.
unknown_client_reject_code
Server response when a client without address to
name mapping violates the reject_unknown_clients
restriction.
unknown_hostname_reject_code
Server response when a client violates the
reject_unknown_hostname restriction.
SEE ALSO
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
4
SMTPD(8) SMTPD(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
5
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/smtp.8.html�����������������������������������������������������������������������������100664 � 1751 � 146 � 21435 7017475553 14342� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
SMTP(8) SMTP(8)
NAME
smtp - Postfix remote delivery via SMTP
SYNOPSIS
smtp [generic Postfix daemon options]
DESCRIPTION
The SMTP client processes message delivery requests from
the queue manager. Each request specifies a queue file, a
sender address, a domain or host to deliver to, and recip-
ient information. This program expects to be run from the
master(8) process manager.
The SMTP client updates the queue file and marks recipi-
ents as finished, or it informs the queue manager that
delivery should be tried again at a later time. Delivery
problem reports are sent to the bounce(8) or defer(8) dae-
mon as appropriate.
The SMTP client looks up a list of mail exchanger
addresses for the destination host, sorts the list by
preference, and connects to each listed address until it
finds a server that responds.
Once the SMTP client has received the server greeting ban-
ner, no error will cause it to proceed to the next address
on the mail exchanger list. Instead, the message is either
bounced, or its delivery is deferred until later.
SECURITY
The SMTP client is moderately security-sensitive. It talks
to SMTP servers and to DNS servers on the network. The
SMTP client can be run chrooted at fixed low privilege.
STANDARDS
RFC 821 (SMTP protocol)
RFC 1651 (SMTP service extensions)
RFC 1870 (Message Size Declaration)
RFC 2197 (Pipelining)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8). Cor-
rupted message files are marked so that the queue manager
can move them to the corrupt queue for further inspection.
Depending on the setting of the notify_classes parameter,
the postmaster is notified of bounces, protocol problems,
and of other trouble.
BUGS
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
1
SMTP(8) SMTP(8)
command after a configuration change.
Miscellaneous
best_mx_transport
Name of the delivery transport to use when the
local machine is the most-preferred mail exchanger
(by default, a mailer loop is reported, and the
message is bounced).
debug_peer_level
Verbose logging level increment for hosts that
match a pattern in the debug_peer_list parameter.
debug_peer_list
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
debug_peer_level parameter.
disable_dns_lookups
Disable DNS lookups. This means that mail must be
forwarded via a smart relay host.
error_notice_recipient
Recipient of protocol/policy/resource/software
error notices.
fallback_relay
Hosts to hand off mail to if a message destination
is not found or if a destination is unreachable.
ignore_mx_lookup_error
When a name server fails to respond to an MX query,
search for an A record instead of assuming that the
name server will recover.
inet_interfaces
The network interface addresses that this mail sys-
tem receives mail on. When any of those addresses
appears in the list of mail exchangers for a remote
destination, the list is truncated to avoid mail
delivery loops.
notify_classes
When this parameter includes the protocol class,
send mail to the postmaster with transcripts of
SMTP sessions with protocol errors.
smtp_skip_4xx_greeting
Skip servers that greet us with a 4xx status code.
smtp_skip_quit_response
Do not wait for the server response after sending
QUIT.
2
SMTP(8) SMTP(8)
Resource controls
smtp_destination_concurrency_limit
Limit the number of parallel deliveries to the same
destination. The default limit is taken from the
default_destination_concurrency_limit parameter.
smtp_destination_recipient_limit
Limit the number of recipients per message deliv-
ery. The default limit is taken from the
default_destination_recipient_limit parameter.
Timeout controls
smtp_connect_timeout
Timeout in seconds for completing a TCP connection.
When no connection can be made within the deadline,
the SMTP client tries the next address on the mail
exchanger list.
smtp_helo_timeout
Timeout in seconds for receiving the SMTP greeting
banner. When the server drops the connection with-
out sending a greeting banner, or when it sends no
greeting banner within the deadline, the SMTP
client tries the next address on the mail exchanger
list.
smtp_helo_timeout
Timeout in seconds for sending the HELO command,
and for receiving the server response.
smtp_mail_timeout
Timeout in seconds for sending the MAIL FROM com-
mand, and for receiving the server response.
smtp_rcpt_timeout
Timeout in seconds for sending the RCPT TO command,
and for receiving the server response.
smtp_data_init_timeout
Timeout in seconds for sending the DATA command,
and for receiving the server response.
smtp_data_xfer_timeout
Timeout in seconds for sending the message content.
smtp_data_done_timeout
Timeout in seconds for sending the "." command, and
for receiving the server response. When no response
is received, a warning is logged that the mail may
be delivered multiple times.
smtp_quit_timeout
Timeout in seconds for sending the QUIT command,
and for receiving the server response.
3
SMTP(8) SMTP(8)
SEE ALSO
bounce(8) non-delivery status reports
master(8) process manager
qmgr(8) queue manager
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
4
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/small-picture.gif�����������������������������������������������������������������������100664 � 1751 � 146 � 622 7017475553 15526� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������GIF89as�-��������!���,����s�-��ڋH扦j.!�þ4}A7D$h9gbc7k*6h/2kc.�_GQ(xd1PC7HG(ٹyxI51g9Y1"hhٛ
S[)W,6Jsl|K@{[]z=
*;
{)[N>
NXi ~
ǎX?t�ր{%B4
DWddQz&M͘%MHJI|D1$GLR[&jS4s
+CJSD)bť+%UxiMXW5رd˚=6ڵlۺ}
7.�;��������������������������������������������������������������������������������������������������������������postfix/doc/small-picture.fig�����������������������������������������������������������������������100664 � 1751 � 146 � 10334 7017475553 15567� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#FIG 3.1
Landscape
Center
Inches
1200 2
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 11850 2250 600 300 11250 1950 12450 2550
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 13500 4350 600 300 12900 4050 14100 4650
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 13500 3300 600 300 12900 3000 14100 3600
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 11850 3300 600 300 11250 3000 12450 3600
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 13500 2250 600 300 12900 1950 14100 2550
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 2700 2775 600 300 2100 2475 3300 3075
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 5700 2775 600 300 5100 2475 6300 3075
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 5700 3825 600 300 5100 3525 6300 4125
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 7350 3300 600 300 6750 3000 7950 3600
1 2 0 1 -1 6 1 0 20 0.000 1 0.0000 7350 2250 600 300 6750 1950 7950 2550
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
10800 3300 11250 3300
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
12450 3300 12900 3300
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
12225 3075 13125 2475
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
12138 3542 13038 4142
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
14100 2250 14550 2250
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
14100 3300 14550 3300
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
14100 4350 14550 4350
2 2 0 0 -1 7 0 0 -1 0.000 0 0 -1 0 0 5
14587 4050 15487 4050 15487 4650 14587 4650 14587 4050
2 2 0 0 -1 7 0 0 -1 0.000 0 0 -1 0 0 5
14550 3000 15450 3000 15450 3600 14550 3600 14550 3000
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
11850 1500 11850 1950
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
11850 2550 11850 3000
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
13500 1500 13500 1950
2 1 0 1 -1 7 2 0 -1 0.000 0 0 -1 0 0 2
14700 1350 13950 2025
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 4
10800 3450 11100 3450 11100 4350 10800 4350
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
11850 3600 11850 4050
2 2 0 1 -1 6 1 0 20 0.000 0 0 7 0 0 5
9900 3000 10800 3000 10800 3600 9900 3600 9900 3000
2 2 0 1 -1 6 1 0 20 0.000 0 0 7 0 0 5
9900 4050 10800 4050 10800 4650 9900 4650 9900 4050
2 2 0 1 -1 6 1 0 20 0.000 0 0 7 0 0 5
14550 1950 15450 1950 15450 2550 14550 2550 14550 1950
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
11400 900 12300 900 12300 1500 11400 1500 11400 900
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
13050 900 13950 900 13950 1500 13050 1500 13050 900
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
14550 900 15450 900 15450 1500 14550 1500 14550 900
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
11400 4050 12300 4050 12300 4650 11400 4650 11400 4050
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
9300 3300 9900 3300
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 4
9900 3450 9600 3450 9600 4350 9900 4350
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
6225 3675 6825 3450
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
7950 3300 8400 3300
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
6225 2925 6825 3150
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
3300 2775 3750 2775
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
1650 2775 2100 2775
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
4650 2775 5100 2775
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
4650 3825 5100 3825
2 2 0 0 -1 7 0 0 -1 0.000 0 0 -1 0 0 5
3750 3525 4650 3525 4650 4125 3750 4125 3750 3525
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
5700 4125 5700 4500
2 1 0 1 -1 7 2 0 -1 0.000 0 0 -1 0 0 2
4500 4650 5250 4050
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
7350 2550 7350 3000
2 1 0 1 -1 7 0 0 -1 0.000 0 0 -1 0 0 2
7350 3600 7350 4050
2 1 0 1 -1 7 2 0 -1 0.000 0 0 -1 1 0 2
0 0 1.00 60.00 120.00
8550 4200 7800 3525
2 2 0 0 -1 7 0 0 -1 0.000 0 0 -1 0 0 5
750 2475 1650 2475 1650 3075 750 3075 750 2475
2 2 0 1 -1 6 1 0 20 0.000 0 0 -1 0 0 5
3750 2475 4650 2475 4650 3075 3750 3075 3750 2475
2 2 0 1 -1 6 1 0 20 0.000 0 0 7 0 0 5
8400 3000 9300 3000 9300 3600 8400 3600 8400 3000
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
3750 4500 4650 4500 4650 5100 3750 5100 3750 4500
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
5250 4500 6150 4500 6150 5100 5250 5100 5250 4500
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
6900 4050 7800 4050 7800 4650 6900 4650 6900 4050
2 2 0 1 -1 3 1 0 20 0.000 0 0 -1 0 0 5
8400 4050 9300 4050 9300 4650 8400 4650 8400 4050
4 0 -1 0 0 0 15 0.0000 4 150 690 14655 3375 Internet\001
4 0 -1 0 0 0 15 0.0000 4 150 930 14647 4425 UUCP etc.\001
4 0 -1 0 0 0 15 0.0000 4 150 690 3840 3892 Internet\001
4 0 -1 0 0 0 15 0.0000 4 150 405 952 2850 local\001
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/showq.8.html����������������������������������������������������������������������������100664 � 1751 � 146 � 3524 7017475553 14477� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
SHOWQ(8) SHOWQ(8)
NAME
showq - list the Postfix mail queue
SYNOPSIS
showq [generic Postfix daemon options]
DESCRIPTION
The showq daemon reports the Postfix mail queue status.
It is the program that emulates the sendmail `mailq' com-
mand.
The showq daemon can also be run in stand-alone mode by
the super-user. This mode of operation is used to emulate
the `mailq' command while the Postfix mail system is down.
SECURITY
The showq daemon can run in a chroot jail at fixed low
privilege, and takes no input from the client. Its service
port is accessible to local untrusted users, so the ser-
vice can be susceptible to denial of service attacks.
STANDARDS
None. The showq daemon does not interact with the outside
world.
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
BUGS
The showq daemon runs at a fixed low privilege; conse-
quently, it cannot extract information from queue files in
the maildrop directory.
SEE ALSO
cleanup(8) canonicalize and enqueue mail
pickup(8) local mail pickup service
qmgr(8) mail being delivered, delayed mail
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/sendmail.1.html�������������������������������������������������������������������������100664 � 1751 � 146 � 27415 7017475553 15150� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
SENDMAIL(1) SENDMAIL(1)
NAME
sendmail - Postfix to Sendmail compatibility interface
SYNOPSIS
sendmail [option ...] [recipient ...]
mailq
sendmail -bp
newaliases
sendmail -I
DESCRIPTION
The sendmail program implements the Postfix to Sendmail
compatibility interface. For the sake of compatibility
with existing applications, some Sendmail command-line
options are recognized but silently ignored.
By default, sendmail reads a message from standard input
and arranges for delivery. sendmail attempts to create a
queue file in the maildrop directory. If that directory is
not world-writable, the message is piped through the post-
drop(1) command, which is expected to execute with suit-
able privileges.
Specific command aliases are provided for other common
modes of operation:
mailq List the mail queue. Each entry shows the queue
file ID, message size, arrival time, sender, and
the recipients that still need to be delivered. If
mail could not be delivered upon the last attempt,
the reason for failure is shown. This mode of oper-
ation is implemented by connecting to the showq(8)
daemon.
newaliases
Initialize the alias database. If no alias database
type is specified, the program uses the type speci-
fied in the database_type configuration parameter;
if no input file is specified, the program pro-
cesses the file(s) specified with the
alias_database configuration parameter. This mode
of operation is implemented by running the postal-
ias(1) command.
Note: it may take a minute or so before an alias
database update becomes visible. Use the postfix
reload command to eliminate this delay.
These and other features can be selected by specifying the
appropriate combination of command-line options. Some fea-
tures are controlled by parameters in the main.cf configu-
ration file.
1
SENDMAIL(1) SENDMAIL(1)
The following options are recognized:
-B body_type (ignored)
The message body MIME type. Currently, Postfix
implements just-send-eight.
-C config_file (ignored :-)
The path name of the sendmail.cf file. Postfix con-
figuration files are kept in /etc/postfix.
-F full_name
Set the sender full name. This is used only with
messages that have no From: message header.
-I Initialize alias database. See the newaliases com-
mand above.
-N dsn (ignored)
Delivery status notification control. Currently,
Postfix does not implement DSN.
-R return_limit (ignored)
Limit the size of bounced mail. Use the
bounce_size_limit configuration parameter instead.
-X log_file (ignored)
Log mailer traffic. Use the debug_peer_list and
debug_peer_level configuration parameters instead.
-bd Go into daemon mode. This mode of operation is
implemented by executing the postfix start command.
-bi Initialize alias database. See the newaliases com-
mand above.
-bm Read mail from standard input and arrange for
delivery. This is the default mode of operation.
-bp List the mail queue. See the mailq command above.
-bs Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
dard output. This mode of operation is implemented
by running the smtpd(8) daemon.
-f sender
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an Errors-To: message header.
-h hop_count (ignored)
Hop count limit. Use the hopcount_limit configura-
tion parameter instead.
2
SENDMAIL(1) SENDMAIL(1)
-i (ignored)
Lines beginning with "." get special treatment only
with -bs.
-m (ignored)
Backwards compatibility.
-n (ignored)
Backwards compatibility.
-oAalias_database
Non-default alias database. Specify pathname or
type:pathname. See postalias(1) for details.
-o7 (ignored)
-o8 (ignored)
The message body type. Currently, Postfix imple-
ments just-send-eight.
-om (ignored)
The sender is never eliminated from alias etc.
expansions.
-o x value (ignored)
Set option x to value. Use the equivalent configu-
ration parameter in main.cf instead.
-r sender
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an Errors-To: message header.
-q Flush the mail queue. This is implemented by kick-
ing the qmgr(8) daemon.
-qinterval (ignored)
The interval between queue runs. Use the
queue_run_delay configuration parameter instead.
-t Extract recipients from message headers. This
requires that no recipients be specified on the
command line.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
SECURITY
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
3
SENDMAIL(1) SENDMAIL(1)
DIAGNOSTICS
Problems are logged to syslogd(8) and to the standard
error stream.
ENVIRONMENT
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
Enable verbose logging for debugging purposes.
MAIL_DEBUG
Enable debugging with an external command, as spec-
ified with the debugger_command configuration
parameter.
FILES
/var/spool/postfix, mail queue
/etc/postfix, configuration files
CONFIGURATION PARAMETERS
See the Postfix main.cf file for syntax details and for
default values. Use the postfix reload command after a
configuration change.
alias_database
Default alias database(s) for newaliases. The
default value for this parameter is system-spe-
cific.
bounce_size_limit
The amount of original message context that is sent
along with a non-delivery notification.
database_type
Default alias etc. database type. On many UNIX sys-
tems the default type is either dbm or hash.
debugger_command
Command that is executed after a Postfix daemon has
initialized.
debug_peer_level
Increment in verbose logging level when a remote
host matches a pattern in the debug_peer_list
parameter.
debug_peer_list
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
debug_peer_level parameter.
4
SENDMAIL(1) SENDMAIL(1)
fork_attempts
Number of attempts to fork() a process before giv-
ing up.
fork_delay
Delay in seconds between successive fork()
attempts.
hopcount_limit
Limit the number of Received: message headers.
mail_owner
The owner of the mail queue and of most Postfix
processes.
command_directory
Directory with Postfix support commands (default:
$program_directory).
daemon_directory
Directory with Postfix daemon programs (default:
$program_directory).
queue_directory
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
queue_run_delay
The time between successive scans of the deferred
queue.
SEE ALSO
pickup(8) mail pickup daemon
postalias(1) maintain alias database
postdrop(1) privileged posting agent
postfix(1) mail system control
postkick(1) kick a Postfix daemon
qmgr(8) queue manager
showq(8) list mail queue
smtpd(8) SMTP server
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
5
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/security.html���������������������������������������������������������������������������100664 � 1751 � 146 � 14605 7017475554 15062� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Postfix
Overview - SecurityPostfix is a complex system. The initial release has about 30,000 lines of code (after deleting the comments). With a system that complex, the security of the system should not depend on a single mechanism. If it did, one single error would be sufficient to compromise the entire mail system. Therefore, Postfix uses multiple layers of defense to control the damage from software and other errors.
By default, the maildrop queue directory is world-writable, so that local processes can submit mail without assistance from a set-uid or set-gid command or from a mail daemon process. The maildrop directory is not used for mail coming in via the network, and queue files are not readable for other users.
A writable directory opens up opportunities for annoyance: a local user can make hard links to someone else's maildrop files so they don't go away and/or are delivered multiple times; a local user can fill the maildrop directory with garbage and try to make the mail system crash; and a local user can hard link someone else's files into the maildrop directory and try to have them delivered as mail. However, Postfix queue files have a specific format; less than one in 10^12 non-Postfix files would be recognized as a valid Postfix queue file.
If a world-writable maildrop directory is not acceptable, sites can revoke world write permission, and enable set-gid privileges for a small helper program that is provided for this purpose.
Of course, Postfix programs do not trust data received from the network, either. In particular, Postfix filters sender-provided data before exporting it via environment variables. If there is one lesson that people have learned from Web site security disasters it is this one: don't let any data from the network near a shell. Filtering is the best we can do.
Postfix Configuration - Address ManipulationUnless indicated otherwise, all parameters described here are in the main.cf file. If you change parameters of a running Postfix system, don't forget to issue a postfix reload command.
All mail:
Local delivery:
You probably should never turn off this feature, because a lot of
Postfix components expect that all addresses have the form
user@domain.
If your machine is not the main machine for $myorigin and
you wish to have some users delivered locally without going via
that main machine, make an entry in the virtual
table that redirects user@$myorigin to user@$myhostname.
Some will argue that rewriting host to host.$mydomain
is bad. That is why it can be turned off. Others like the convenience of having
the local domain appended automatically.
Canonical mapping is disabled by default. To enable, edit the canonical_maps parameter in the main.cf file and specify one or more lookup tables, separated by whitespace or commas. For example:
In addition to the canonical maps which are applied to both sender and recipient addresses, you can specify canonical maps that are applied only to sender addresses or to recipient addresses. For example:
The sender and recipient canonical maps are applied before the common canonical maps.
Sender-specific rewriting is useful when you want to rewrite ugly
sender addresses to pretty ones, and still want to be able to
send mail to the those ugly address without creating a mailer loop.
Address masquerading is disabled by default. To enable, edit the
masquerade_domains parameter in the main.cf
file and specify one or more domain names separated by whitespace
or commas. For example:
In this example, addresses of the form user@host.$mydomain
would be rewritten to user@$mydomain.
The masquerade_exceptions configuration parameter specifies
what user names should not be subjected to address masquerading.
Specify one or more user names separated by whitespace or commas.
For example,
By default, Postfix makes no exceptions.
Subtle point: address masquerading is applied only to message
headers and envelope sender addresses, not to envelope recipients.
Virtual mapping is disabled by default. To enable, edit the
virtual_maps parameter in the main.cf file and
specify one or more lookup tables, separated by whitespace or
commas. For example:
Addresses found in virtual maps are subjected to another iteration
of virtual mapping, but are not subjected to canonical mapping, in
order to avoid loops.
Lookups of relocated users are disabled by default. To enable, edit
the relocated_maps parameter in the main.cf
file and specify one or more lookup tables, separated by whitespace
or commas. For example:
Address masquerading
Address masquerading is a method to hide all hosts below a domain
behind their mail gateway, and to make it appear as if the mail
comes from the gateway itself, instead of from individual machines.
Virtual address mapping
After applying the canonical and masquerade mappings, the cleanup daemon uses the virtual table to redirect mail for all
recipients, local or remote. The mapping affects only envelope
recipients; it has no effect on message headers or envelope senders.
Virtual lookups are useful to redirect mail for virtual domains to
real user mailboxes, and to redirect mail for domains that no longer
exist. Virtual lookups can also be used to transform
Firstname.Lastname back into UNIX login names, although it
seems that local aliases are a more appropriate
vehicle.
Relocated users table
Next, the queue manager runs each recipient name through the
relocated database. This table
provides information on how to reach users that no longer have an
account, or what to do with mail for entire domains that no longer
exist. When mail is sent to an address that is listed in this
table, the message is bounced with an informative message.
Mail transport switch
Once the queue manager has established the destination of a message,
the optional transport table controls
how the message will be delivered (this table is used by the address
rewriting and resolving daemon). By default, everything is sent
via the smtp transport. The transport
table can be used to send mail to specific sites via UUCP,
or to send mail to a really broken mail system that can handle only
one SMTP connection at a time (yes, such systems exist and people
used to pay real money for them).
Transport table lookups are disabled by default. To enable, edit the transport_maps parameter in the main.cf file and specify one or more lookup tables, separated by whitespace or commas. For example:
Alias lookups are enabled by default. The default configuration depends on the system environment, but it is typically one of the following:
The path to the alias database file is controlled via the alias_database configuration parameter. The value is system dependent. Usually it is one of the following:
For security reasons, deliveries to command and file destinations
are performed with the rights of the alias database owner. A
default userid, default_privs, is used for deliveries to
commands/files in root-owned aliases.
Alternatively, mail for non-existent recipients can be delegated
to an entirely different message transport, as specified with the
fallback_transport configuration parameter. For details,
see the local delivery agent.
luser_relay can specify one address. It is subjected to
$name expansions. The most useful examples are:
Per-user .forward files
Users can control their own mail delivery by specifying destinations
in a file called .forward in their home directories. The
syntax of these files is the same as with system aliases, except
that the lookup key and colon are not present.
Non-existent users
When the local delivery agent finds that a message recipient does
not exist, the message is normally bounced to the sender ("user
unknown"). Sometimes it is desirable to forward mail for non-existing
recipients to another machine. For this purpose you can specify
an alternative destination with the luser_relay configuration
parameter.
Up one level |
Basic Configuration | UCE
Controls | Rate Controls | Resource Controls | Address Manipulation
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/resource.html���������������������������������������������������������������������������100664 � 1751 � 146 � 17247 7017475554 15047� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Postfix Configuration - Resource Controls
The following parameters restrict the use of file system storage:
The general approach taken in the face of disaster is to terminate with a fatal run-time error (or with a panic in case of software problems), and to try again after some time (the master daemon will restart processes after some delay). Each failed attempt is logged; hopefully, someone will notice the problem and fix it.
Some recovery strategies were implemented very early during Postfix development, and haven't been made configurable yet. What follows is the beginning of a growing list of recovery control parameters:
RELOCATED(5) RELOCATED(5)
NAME
relocated - format of Postfix relocated table
SYNOPSIS
postmap /etc/postfix/relocated
DESCRIPTION
The optional relocated file provides the information that
is used in "user has moved to new_location" bounce mes-
sages.
The file serves as input to the postmap(1) command. The
result, an indexed file in dbm or db format, is used for
fast searching by the mail system. After an update issue a
postfix reload command to make the change visible.
Table lookups are case insensitive.
The format of the table is as follows:
o Blank lines are ignored, as are lines beginning
with `#'.
o An entry has one of the following form:
key new_location
Where new_location specifies contact information
such as an email address, or perhaps a street
address or telephone number.
The key field is one of the following:
user@domain
Matches user@domain. This form has precedence over
all other forms.
user Matches user@site when site is $myorigin, when site
is listed in $mydestination, or when site is listed
in $inet_interfaces.
@domain
Matches every address in domain. This form has the
lowest precedence.
ADDRESS EXTENSION
When the search fails, and the address localpart contains
the optional recipient delimiter (e.g., user+foo@domain),
the search is repeated for the unextended address (e.g.
user@domain).
BUGS
The table format does not understand quoting conventions.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
1
RELOCATED(5) RELOCATED(5)
to this topic. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
relocated_maps
List of lookup tables for relocated users or sites.
Other parameters of interest:
inet_interfaces
The network interface addresses that this system
receives mail on.
mydestination
List of domains that this mail system considers
local.
myorigin
The domain that is appended to locally-posted mail.
SEE ALSO
postmap(1) create lookup table
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
�����������������������������������������postfix/doc/receiving.html��������������������������������������������������������������������������100664 � 1751 � 146 � 7361 7017475554 15147� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Postfix
Anatomy - Receiving MailWhen a message enters the Postfix mail system, the first stop on the inside is the incoming queue. The figure below shows the main components that are involved with new mail. For an explanation of the symbols used, click on the icon in the upper left-hand corner of this page.
Postfix Rate ControlsOn the inbound side, the Postfix SMTP server has defenses in place against malicious or confused clients. They won't protect against an all-out denial of service attack on your infrastructure, but then nothing will except pulling the plug.
Unless indicated otherwise, all parameters described here are in the main.cf file. If you change parameters of a running Postfix system, don't forget to issue a postfix reload command.
You can override this setting for specific Postfix daemons by editing the master.cf file. For example, if you do not wish to receive 50 SMTP messages at the same time, you could specify:
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # ========================================================================== . . . smtp inet n - - - 5 smtpd . . .
The Postfix queue manager comes to the rescue. This program implements the analog of the TCP slow start flow control strategy: when delivering to a site, send a small number of messages first, then increase the rate as long as all goes well; back off in the face of congestion.
The initial_destination_concurrency parameter (default: 2) controls how many messages are initially sent to the same destination before adapting delivery concurrency. Of course, this setting is effective only as long as it does not exceed the process limit and the destination concurrency limit for the specific mail transport channel.
The default_destination_concurrency_limit parameter (default: 10) controls how many messages may be sent to the same destination simultaneously. You can override this setting for specific delivery channels (local, smtp, uucp etc.). The main.cf file recommends the following:
A destination concurrency limit of 10 for SMTP delivery seems enough
to noticeably load a system without bringing it to its knees. Be
careful when changing this to a much larger number.
You can override this setting for specific Postfix delivery agents
(smtp, uucp, etc.). For example:
You must be careful when increasing the recipient limit; some SMTP
servers abort the connection when they run out of memory or when
a hard recipient limit is reached, so the mail won't get through.
The smtpd_recipient_limit parameter (default: 1000)
controls how many recipients the SMTP server will take per delivery.
That's more than any reasonable SMTP client would send. The limit
exists just to protect the local mail system against a malicious
or confused client.
A small site that is on-line only part of the time, and
that wants to defer all deliveries until the command sendmail
-q is executed (e.g., from a PPP dialout script) would use:
An ISP can use the defer_transports feature for customers
that are off-line most of the time. The customer can trigger delivery
by issuing an ETRN command at the SMTP port. The following
examples show how to configure such a customer:
You can specify any number of transports here. The example gives
just one.
The [] are necessary to avoid MX lookups, which might point to your
local machine. The second entry is necessary only if you want to
relay mail for customer subdomains.
This is just the master.cf entry for regular SMTP, with the
first field changed to hold.
As you would expect, this whole process is governed by a bunch of
little parameters.
Some defenses are part of a more general strategy: for example,
how long a line of text may be before it is broken up into pieces,
and how much text may be carried in a multi-line message header.
See the resource controls documentation
for details.
The Postfix SMTP server increments a
per-session error counter whenever a client request is unrecognized
or unimplemented, or whenever a client request violates UCE restrictions or other reasons. The error
counter is reset when a message is transferred successfully.
As the per-session error count increases, the SMTP server changes
behavior. The idea is to limit the damage by slowing down the
client. The behavior is controlled by the following parameters:
Unfortunately, the Postfix SMTP server does not yet know how to
limit the number of connections from the same client,
other than by limiting the total number of SMTP server processes
(see process limit). Things could be worse:
some mailers don't even implement an SMTP server process limit.
That's of course no excuse. I'm still looking for a good solution.
Recipient limits
The default_destination_recipient_limit parameter (default:
50) controls how many recipients a Postfix delivery agent (smtp,
uucp, etc.) will send with each copy of an email message.
If an email message has more than
$default_destination_recipient_limit recipients at the same
destination, the list of recipients will be broken up into smaller lists,
and multiple copies of the message will be sent.
would limit the number of recipients per UUCP delivery to 100.
Always postponing delivery
The defer_transports parameter allows you to specify what
mail should always be deferred until Postfix is explicitly asked
to deliver.
Backoff from unreachable hosts
When a Postfix delivery agent (smtp, local, uucp, etc.)
is unable to deliver a message it may blame the message itself or
the receiving party.
Slowing down bad clients
First of all, no defense will protect against an all-out denial of
service attack. I just don't want to raise impossible expectations.
But there are a few simple things one can do in order to deal with
confused or malicious client programs.
Up one level |
Basic Configuration | UCE
Controls | Rate Controls | Resource
Controls | Address Manipulation
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/queuing.html����������������������������������������������������������������������������100664 � 1751 � 146 � 10354 7017475554 14665� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Postfix Overview - Queue Management
Up one level | Introduction | Goals
and features | Global architecture
| Queue Management | Security
The queue manager keeps information in memory about the active queue only. The active queue size is limited on purpose: the queue manager should never run out of working memory because of a peak message workload. Whenever there is space in the active queue, the queue manager lets in one message from the incoming queue and one from the deferred queue. This guarantees that new mail will get through even when there is a large backlog.
Postfix tries to be a good network neighbor. When delivering mail to a site, Postfix will initially make no more than two simultaneous connections. As long as deliveries succeed, the concurrency slowly increases up to some configurable limit (or until the host or network is unable to handle the load); concurrency is decreased in the face of trouble. For those familiar with TCP/IP implementation details, Postfix implements its own analog of the TCP slow start algorithm
On the average, Postfix will do simultaneous deliveries to the same domain only when there is not enough work to keep all outbound SMTP channels busy. So, when AOL goes off-line and comes back, it should not stop the system from delivering to other sites.
When mail arrives faster than Postfix can deliver it, Postfix will favor new mail over delayed mail. The idea is that new mail should be delivered with as little delay as possible; delayed mail can be delivered while the system would otherwise be idle.
Whenever a repeat delivery attempt fails, the queue file time stamp is moved into the future by an amount of time equal to the age of the message. Thus, the time between delivery attempts doubles each time. This strategy effectively implements exponential backoff.
QMGR(8) QMGR(8)
NAME
qmgr - Postfix queue manager
SYNOPSIS
qmgr [generic Postfix daemon options]
DESCRIPTION
The qmgr daemon awaits the arrival of incoming mail and
arranges for its delivery via Postfix delivery processes.
The actual mail routing strategy is delegated to the triv-
ial-rewrite(8) daemon. This program expects to be run
from the master(8) process manager.
Mail addressed to the local double-bounce address is
silently discarded. This stops potential loops caused by
undeliverable bounce notifications.
Mail addressed to a user listed in the optional relocated
database is bounced with a "user has moved to new_loca-
tion" message. See relocated(5) for a precise description.
MAIL QUEUES
The qmgr daemon maintains the following queues:
incoming
Inbound mail from the network, or mail picked up by
the local pickup agent from the maildrop directory.
active Messages that the queue manager has opened for
delivery. Only a limited number of messages is
allowed to enter the active queue (leaky bucket
strategy, for a fixed delivery rate).
deferred
Mail that could not be delivered upon the first
attempt. The queue manager implements exponential
backoff by doubling the time between delivery
attempts.
corrupt
Unreadable or damaged queue files are moved here
for inspection.
DELIVERY STATUS REPORTS
The qmgr daemon keeps an eye on per-message delivery sta-
tus reports in the following directories. Each status
report file has the same name as the corresponding message
file:
bounce Per-recipient status information about why mail is
bounced. These files are maintained by the
bounce(8) daemon.
defer Per-recipient status information about why mail is
1
QMGR(8) QMGR(8)
delayed. These files are maintained by the
defer(8) daemon.
The qmgr daemon is responsible for asking the bounce(8) or
defer(8) daemons to send non-delivery reports.
STRATEGIES
The queue manager implements a variety of strategies for
either opening queue files (input) or for message delivery
(output).
leaky bucket
This strategy limits the number of messages in the
active queue and prevents the queue manager from
running out of memory under heavy load.
fairness
When the active queue has room, the queue manager
takes one message from the incoming queue and one
from the deferred queue. This prevents a large mail
backlog from blocking the delivery of new mail.
slow start
This strategy eliminates "thundering herd" problems
by slowly adjusting the number of parallel deliver-
ies to the same destination.
round robin
The queue manager sorts delivery requests by desti-
nation. Round-robin selection prevents one desti-
nation from dominating deliveries to other destina-
tions.
exponential backoff
Mail that cannot be delivered upon the first
attempt is deferred. The time interval between
delivery attempts is doubled after each attempt.
destination status cache
The queue manager avoids unnecessary delivery
attempts by maintaining a short-term, in-memory
list of unreachable destinations.
TRIGGERS
On an idle system, the queue manager waits for the arrival
of trigger events, or it waits for a timer to go off. A
trigger is a one-byte message. Depending on the message
received, the queue manager performs one of the following
actions (the message is followed by the symbolic constant
used internally by the software):
D (QMGR_REQ_SCAN_DEFERRED)
Start a deferred queue scan. If a deferred queue
scan is already in progress, that scan will be
2
QMGR(8) QMGR(8)
restarted as soon as it finishes.
I (QMGR_REQ_SCAN_INCOMING)
Start an incoming queue scan. If an incoming queue
scan is already in progress, that scan will be
restarted as soon as it finishes.
A (QMGR_REQ_SCAN_ALL)
Ignore deferred queue file time stamps. The request
affects the next deferred queue scan.
F (QMGR_REQ_FLUSH_DEAD)
Purge all information about dead transports and
destinations.
W (TRIGGER_REQ_WAKEUP)
Wakeup call, This is used by the master server to
instantiate servers that should not go away for-
ever. The action is to start an incoming queue
scan.
The qmgr daemon reads an entire buffer worth of triggers.
Multiple identical trigger requests are collapsed into
one, and trigger requests are sorted so that A and F pre-
cede D and I. Thus, in order to force a deferred queue
run, one would request A F D; in order to notify the queue
manager of the arrival of new mail one would request I.
STANDARDS
None. The qmgr daemon does not interact with the outside
world.
SECURITY
The qmgr daemon is not security sensitive. It reads sin-
gle-character messages from untrusted local users, and
thus may be susceptible to denial of service attacks. The
qmgr daemon does not talk to the outside world, and it can
be run at fixed low privilege in a chrooted environment.
DIAGNOSTICS
Problems and transactions are logged to the syslog daemon.
Corrupted message files are saved to the corrupt queue for
further inspection.
Depending on the setting of the notify_classes parameter,
the postmaster is notified of bounces and of other trou-
ble.
BUGS
A single queue manager process has to compete for disk
access with multiple front-end processes such as smtpd. A
sudden burst of inbound mail can negatively impact out-
bound delivery rates.
3
QMGR(8) QMGR(8)
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
relocated_maps
Tables with contact information for users, hosts or
domains that no longer exist. See relocated(5).
queue_directory
Top-level directory of the Postfix queue.
Active queue controls
qmgr_message_active_limit
Limit the number of messages in the active queue.
qmgr_message_recipient_limit
Limit the number of in-memory recipients.
This parameter also limits the size of the short-
term, in-memory destination cache.
Timing controls
min_backoff
Minimal time in seconds between delivery attempts
of a deferred message.
This parameter also limits the time an unreachable
destination is kept in the short-term, in-memory
destination status cache.
max_backoff
Maximal time in seconds between delivery attempts
of a deferred message.
maximal_queue_lifetime
Maximal time in days a message is queued before it
is sent back as undeliverable.
queue_run_delay
Time in seconds between deferred queue scans. Queue
scans do not overlap.
transport_retry_time
Time in seconds between attempts to contact a bro-
ken delivery transport.
Concurrency controls
In the text below, transport is the first field in a mas-
ter.cf entry.
4
QMGR(8) QMGR(8)
initial_destination_concurrency
Initial per-destination concurrency level for par-
allel delivery to the same destination.
default_destination_concurrency_limit
Default limit on the number of parallel deliveries
to the same destination.
transport_destination_concurrency_limit
Limit on the number of parallel deliveries to the
same destination, for delivery via the named mes-
sage transport.
Recipient controls
default_destination_recipient_limit
Default limit on the number of recipients per mes-
sage transfer.
transport_destination_recipient_limit
Limit on the number of recipients per message
transfer, for the named message transport.
SEE ALSO
master(8), process manager
relocated(5), format of the "user has moved" table
syslogd(8) system logging
trivial-rewrite(8), address routing
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
5
����������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postsuper.1.html������������������������������������������������������������������������100664 � 1751 � 146 � 5210 7017475555 15367� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTSUPER(1) POSTSUPER(1)
NAME
postsuper - Postfix super intendent
SYNOPSIS
postsuper [-p] [-s] [-v] [directory ...]
DESCRIPTION
The postsuper command does small maintenance jobs on the
named Postfix queue directories (default: all). Directory
names are relative to the Postfix top-level queue direc-
tory.
By default, postsuper performs the operations requested
with the -s and -p command-line options. postsuper always
tries to remove objects that are neither files nor direc-
tories. Use of this command is restricted to the super-
user.
Options:
-s Structure check. Move queue files that are in the
wrong place in the file system hierarchy and remove
subdirectories that are no longer needed. File
rearrangements are necessary after a change in the
hash_queue_names and/or hash_queue_depth configura-
tion parameters. It is highly recommended to run
this check once before Postfix startup.
-p Purge stale files (files that are left over after
system or software crashes).
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
DIAGNOSTICS
Problems are reported to the standard error stream and to
syslogd.
CONFIGURATION PARAMETERS
See the Postfix main.cf file for syntax details and for
default values.
hash_queue_depth
Number of subdirectory levels for hashed queues.
hash_queue_names
The names of queues that are organized into multi-
ple levels of subdirectories.
LICENSE
The Secure Mailer license must be distributed with this
software.
1
POSTSUPER(1) POSTSUPER(1)
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postmap.1.html��������������������������������������������������������������������������100664 � 1751 � 146 � 11160 7017475555 15027� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTMAP(1) POSTMAP(1)
NAME
postmap - Postfix lookup table management
SYNOPSIS
postmap [-c config_dir] [-i] [-v] [-w]
[file_type:]file_name
DESCRIPTION
The postmap command creates a new Postfix lookup table, or
updates an existing one. The input and output formats are
expected to be compatible with:
makemap file_type file_name < file_name
While the table update is in progress, signal delivery is
postponed, and an exclusive, advisory, lock is placed on
the entire table, in order to avoid surprises in spectator
programs.
The format of a lookup table input file is as follows:
o Blank lines are ignored. So are lines beginning
with `#'.
o A table entry has the form
key whitespace value
o A line that starts with whitespace continues the
preceding line.
The key and value are processed as is, except that sur-
rounding white space is stripped off. Unlike with Postfix
alias databases, quotes cannot be used to protect lookup
keys that contain special characters such as `#' or
whitespace. The key is mapped to lowercase to make mapping
lookups case insensitive.
Options:
-c config_dir
Read the main.cf configuration file in the named
directory.
-i Incremental mode. Read entries from standard input
and do not truncate an existing database. By
default, postmap creates a new database from the
entries in file_name.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
B-w Do not warn about duplicate entries; silently
1
POSTMAP(1) POSTMAP(1)
ignore them.
Arguments:
file_type
The type of database to be produced.
btree The output file is a btree file, named
file_name.db. This is available only on
systems with support for db databases.
dbm The output consists of two files, named
file_name.pag and file_name.dir. This is
available only on systems with support for
dbm databases.
hash The output file is a hashed file, named
file_name.db. This is available only on
systems with support for db databases.
When no file_type is specified, the software uses
the database type specified via the database_type
configuration parameter.
file_name
The name of the lookup table source file when
rebuilding a database.
DIAGNOSTICS
Problems and transactions are logged to the standard error
stream. No output means no problems. Duplicate entries are
skipped and are flagged with a warning.
ENVIRONMENT
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
Enable verbose logging for debugging purposes.
CONFIGURATION PARAMETERS
database_type
Default output database type. On many UNIX sys-
tems, the default database type is either hash or
dbm.
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
2
POSTMAP(1) POSTMAP(1)
Yorktown Heights, NY 10598, USA
3
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postlog.1.html��������������������������������������������������������������������������100664 � 1751 � 146 � 3550 7017475555 15017� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTLOG(1) POSTLOG(1)
NAME
postlog - Postfix-compatible logging utility
SYNOPSIS
postlog [-i] [-p priority] [-t tag] [-v] [text...]
DESCRIPTION
The postlog command implements a Postfix-compatible log-
ging interface for use in, for example, shell scripts.
By default, postlog logs the text given on the command
line as one record. If no text is specified on the command
line, postlog reads from standard input and logs each
input line as one record.
Logging is sent to syslogd(8); when the standard error
stream is connected to a terminal, logging is sent there
as well.
The following options are implemented:
-i Include the process ID in the logging tag.
-p priority
Specifies the logging severity: info (default),
warn, error, fatal, or panic.
-t tag Specifies the logging tag, that is, the identifying
name that appears at the beginning of each logging
record.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
SEE ALSO
syslogd(8) syslog daemon.
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
��������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postlock.1.html�������������������������������������������������������������������������100664 � 1751 � 146 � 6624 7017475555 15173� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTLOCK(1) POSTLOCK(1)
NAME
postlock - lock mail folder and execute command
SYNOPSIS
postlock [-c config_dir] [-v] file command...
DESCRIPTION
The postlock command locks file for exclusive access, and
executes command. The locking method is compatible with
the Postfix UNIX-style local delivery agent.
Options:
-c config_dir
Read configuration information from main.cf in the
named configuration directory.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
Arguments:
file A mailbox file. The user should have read/write
permission.
command...
The command to execute while file is locked for
exclusive access. The command is executed
directly, i.e. without interpretation by a shell
command interpreter.
DIAGNOSTICS
The result status is 75 (EX_TEMPFAIL) when the file is
locked by another process, 255 (on some systems: -1) when
postlock could not perform the requested operation. Oth-
erwise, the exit status is the exit status from the com-
mand.
BUGS
With remote file systems, the ability to acquire a lock
does not necessarily eliminate access conflicts. Avoid
file access by processes running on different machines.
ENVIRONMENT
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
Enable verbose logging for debugging purposes.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
1
POSTLOCK(1) POSTLOCK(1)
details and for default values.
Locking controls
deliver_lock_attempts
Limit the number of attempts to acquire an exclu-
sive lock.
deliver_lock_delay
Time in seconds between successive attempts to
acquire an exclusive lock.
stale_lock_time
Limit the time after which a stale lock is removed.
Resource controls
fork_attempts
Number of attempts to fork() a process before giv-
ing up.
fork_delay
Delay in seconds between successive fork()
attempts.
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
������������������������������������������������������������������������������������������������������������postfix/doc/postkick.1.html�������������������������������������������������������������������������100664 � 1751 � 146 � 5236 7017475555 15162� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTKICK(1) POSTKICK(1)
NAME
postkick - kick a Postfix service
SYNOPSIS
postkick [-c config_dir] [-v] class service request
DESCRIPTION
The postkick command sends request to the specified ser-
vice over a local transport channel. This command makes
Postfix private IPC accessible for use in, for example,
shell scripts.
Options:
-c config_dir
Read configuration information from main.cf in the
named configuration directory.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
Arguments:
class Name of a class of local transport channel end-
points, either public (accessible by any local
user) or private (administrative access only).
service
The name of a local transport endpoint within the
named class.
request
A string. The list of valid requests is service-
specific.
DIAGNOSTICS
Problems and transactions are logged to the standard error
stream.
ENVIRONMENT
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
Enable verbose logging for debugging purposes.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values.
queue_directory
Location of the Postfix queue, and of the local IPC
1
POSTKICK(1) POSTKICK(1)
communication endpoints.
SEE ALSO
qmgr(8) queue manager trigger protocol
pickup(8) local pickup daemon
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postfix.1.html��������������������������������������������������������������������������100664 � 1751 � 146 � 11421 7017475556 15041� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTFIX(1) POSTFIX(1)
NAME
postfix - Postfix control program
SYNOPSIS
postfix [-c config_dir] [-D] [-v] command
DESCRIPTION
The postfix command controls the operation of the Postfix
mail system: start or stop the master daemon, do a health
check, and other maintenance. The command sets up a stan-
dardized environment and runs the postfix-script shell
script to do the actual work.
The following commands are implemented:
check Validate the Postfix mail system configuration.
Warn about bad directory/file ownership or permis-
sions, and create missing directories.
start Start the Postfix mail system. This also runs the
configuration check described above.
stop Stop the Postfix mail system in an orderly fashion.
Running processes are allowed to terminate at their
earliest convenience.
Note: in order to refresh the Postfix mail system
after a configuration change, do not use the start
and stop commands in succession. Use the reload
command instead.
abort Stop the Postfix mail system abruptly. Running pro-
cesses are signaled to stop immediately.
flush Force delivery: attempt to deliver every message in
the deferred mail queue. Normally, attempts to
deliver delayed mail happen at regular intervals,
the interval doubling after each failed attempt.
reload Re-read configuration files. Running processes ter-
minate at their earliest convenience.
The following options are implemented:
-c config_dir
The absolute path to a directory with Postfix con-
figuration files. Use this to distinguish between
multiple Postfix instances on the same host.
-D (with postfix start only)
Run each Postfix daemon under control of a debugger
as specified via the debugger_command configuration
parameter.
1
POSTFIX(1) POSTFIX(1)
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
ENVIRONMENT
The postfix command sets the following environment vari-
ables:
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
This is set when the -v command-line option is pre-
sent.
MAIL_DEBUG
This is set when the -D command-line option is pre-
sent.
The following configuration parameters are made available
as process environment variables with the same names:
command_directory
Directory with Postfix support commands (default:
$program_directory).
daemon_directory
Directory with Postfix daemon programs (default:
$program_directory).
config_directory
Directory with Postfix configuration files and with
administrative shell scripts.
queue_directory
The directory with the Postfix queue directory (and
with some files needed for programs running in a
chrooted environment).
mail_owner
The owner of the Postfix queue and of most Postfix
processes.
FILES
$config_directory/postfix-script, administrative commands
SEE ALSO
master(8) Postfix master program
LICENSE
The Secure Mailer license must be distributed with this
software.
2
POSTFIX(1) POSTFIX(1)
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
3
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postdrop.1.html�������������������������������������������������������������������������100664 � 1751 � 146 � 5157 7017475556 15210� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTDROP(1) POSTDROP(1)
NAME
postdrop - Postfix mail posting agent
SYNOPSIS
postdrop [option ...]
DESCRIPTION
The postdrop command creates a file in the maildrop direc-
tory and copies its standard input to the file.
The command is designed to run with set-gid privileges,
and with group write permission to the maildrop queue
directory.
The postdrop command is automatically invoked by the send-
mail(1) mail posting agent when the maildrop queue direc-
tory is not world-writable.
Options:
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
SECURITY
This program is designed so that it can run with set-user
(or group) id privileges.
DIAGNOSTICS
Fatal errors: malformed input, I/O error, out of memory.
Problems are logged to syslogd(8) and to the standard
error stream. When the input is incomplete, or when the
process receives a HUP, INT, QUIT or TERM signal, the
queue file is deleted.
ENVIRONMENT
The program deletes all environment information, because
the C library can't be trusted.
FILES
/var/spool/postfix, mail queue
/etc/postfix, configuration files
CONFIGURATION PARAMETERS
See the Postfix main.cf file for syntax details and for
default values. Use the postfix reload command after a
configuration change.
queue_directory
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
1
POSTDROP(1) POSTDROP(1)
SEE ALSO
sendmail(1) compatibility interface
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postconf.1.html�������������������������������������������������������������������������100664 � 1751 � 146 � 2752 7017475556 15167� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTCONF(1) POSTCONF(1)
NAME
postconf - Postfix configuration utility
SYNOPSIS
postconf [-c config_dir] [-d] [-h] [-n] [-v] [parameter
...]
DESCRIPTION
The postconf command prints the actual value of parameter
(all known parameters by default), one parameter per line.
Options:
-c config_dir
The main.cf configuration file is in the named
directory.
-d Print default parameter settings instead of actual
settings.
-h Show parameter values only, not the ``name = ''
label that normally precedes the value.
-n Print non-default parameter settings only.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
DIAGNOSTICS
Problems are reported to the standard error stream.
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
����������������������postfix/doc/postcat.1.html��������������������������������������������������������������������������100664 � 1751 � 146 � 2130 7017475556 14777� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTCAT(1) POSTCAT(1)
NAME
postcat - show Postfix queue file contents
SYNOPSIS
postcat [-v] [files...]
DESCRIPTION
The postcat command prints the contents of the named Post-
fix queue files in human-readable form. If no files are
specified on the command line, the program reads from
standard input.
Options:
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
DIAGNOSTICS
Problems are reported to the standard error stream.
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/postalias.1.html������������������������������������������������������������������������100664 � 1751 � 146 � 10365 7017475556 15352� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
POSTALIAS(1) POSTALIAS(1)
NAME
postalias - Postfix alias database maintenance
SYNOPSIS
postalias [-c config_dir] [-i] [-v] [-w]
[file_type:]file_name ...
DESCRIPTION
The postalias command creates a new Postfix alias
database, or updates an existing one. The input and output
file formats are expected to be compatible with Sendmail
version 8, and are expected to be suitable for the use as
NIS alias maps.
While a database update is in progress, signal delivery is
postponed, and an exclusive, advisory, lock is placed on
the entire database, in order to avoid surprises in spec-
tator programs.
Options:
-c config_dir
Read the main.cf configuration file in the named
directory.
-i Incremental mode. Read entries from standard input
and do not truncate an existing database. By
default, postalias creates a new database from the
entries in file_name.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
-w Do not warn about duplicate entries; silently
ignore them.
Arguments:
file_type
The type of database to be produced.
btree The output is a btree file, named
file_name.db. This is available only on
systems with support for db databases.
dbm The output consists of two files, named
file_name.pag and file_name.dir. This is
available only on systems with support for
dbm databases.
hash The output is a hashed file, named
file_name.db. This is available only on
systems with support for db databases.
1
POSTALIAS(1) POSTALIAS(1)
When no file_type is specified, the software uses
the database type specified via the database_type
configuration parameter. The default value for
this parameter depends on the host environment.
file_name
The name of the alias database source file when
rebuilding a database.
DIAGNOSTICS
Problems are logged to the standard error stream. No out-
put means no problems were detected. Duplicate entries are
skipped and are flagged with a warning.
ENVIRONMENT
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
Enable verbose logging for debugging purposes.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values.
database_type
Default alias database type. On many UNIX systems,
the default type is either dbm or hash.
STANDARDS
RFC 822 (ARPA Internet Text Messages)
SEE ALSO
aliases(5) format of alias database input file.
sendmail(1) mail posting and compatibility interface.
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/pipe.8.html�����������������������������������������������������������������������������100664 � 1751 � 146 � 21114 7017475556 14311� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
PIPE(8) PIPE(8)
NAME
pipe - Postfix delivery to external command
SYNOPSIS
pipe [generic Postfix daemon options] command_attributes...
DESCRIPTION
The pipe daemon processes requests from the Postfix queue
manager to deliver messages to external commands. Each
delivery request specifies a queue file, a sender address,
a domain or host to deliver to, and one or more recipi-
ents. This program expects to be run from the master(8)
process manager.
The pipe daemon updates queue files and marks recipients
as finished, or it informs the queue manager that delivery
should be tried again at a later time. Delivery problem
reports are sent to the bounce(8) or defer(8) daemon as
appropriate.
COMMAND ATTRIBUTE SYNTAX
The external command attributes are given in the master.cf
file at the end of a service definition. The syntax is as
follows:
flags=FR> (optional)
Optional message processing flags. By default, a
message is copied unchanged.
F Prepend a "From sender time_stamp" envelope
header to the message content. This is
expected by, for example, UUCP software. The
F flag also causes an empty line to be
appended to the message.
R Prepend a Return-Path: message header with
the envelope sender address.
> Prepend > to lines starting with "From ".
This is expected by, for example, UUCP soft-
ware.
user=username (required)
user=username:groupname
The external command is executed with the rights of
the specified username. The software refuses to
execute commands with root privileges, or with the
privileges of the mail system owner. If groupname
is specified, the corresponding group ID is used
instead of the group ID of of username.
argv=command... (required)
The command to be executed. This must be specified
1
PIPE(8) PIPE(8)
as the last command attribute. The command is exe-
cuted directly, i.e. without interpretation of
shell meta characters by a shell command inter-
preter.
In the command argument vector, the following
macros are recognized and replaced with correspond-
ing information from the Postfix queue manager
delivery request:
${extension}
This macro expands to the extension part of
a recipient address. For example, with an
address user+foo@domain the extension is
foo. A command-line argument that contains
${extension} expands into as many command-
line arguments as there are recipients.
${mailbox}
This macro expands to the complete local
part of a recipient address. For example,
with an address user+foo@domain the mailbox
is user+foo. A command-line argument that
contains ${mailbox} expands into as many
command-line arguments as there are recipi-
ents.
${nexthop}
This macro expands to the next-hop hostname.
${recipient}
This macro expands to the complete recipient
address. A command-line argument that con-
tains ${recipient} expands into as many com-
mand-line arguments as there are recipients.
${sender}
This macro expands to the envelope sender
address.
${user}
This macro expands to the username part of a
recipient address. For example, with an
address user+foo@domain the username part is
user. A command-line argument that contains
${user} expands into as many command-line
arguments as there are recipients.
In addition to the form ${name}, the forms $name and
$(name) are also recognized. Specify $$ where a single $
is wanted.
DIAGNOSTICS
Command exit status codes are expected to follow the
2
PIPE(8) PIPE(8)
conventions defined in <sysexits.h>.
Problems and transactions are logged to syslogd(8). Cor-
rupted message files are marked so that the queue manager
can move them to the corrupt queue for further inspection.
SECURITY
This program needs a dual personality 1) to access the
private Postfix queue and IPC mechanisms, and 2) to exe-
cute external commands as the specified user. It is there-
fore security sensitive.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
mail_owner
The process privileges used while not running an
external command.
Resource controls
In the text below, transport is the first field in a mas-
ter.cf entry.
transport_destination_concurrency_limit
Limit the number of parallel deliveries to the same
destination, for delivery via the named transport.
The default limit is taken from the default_desti-
nation_concurrency_limit parameter. The limit is
enforced by the Postfix queue manager.
transport_destination_recipient_limit
Limit the number of recipients per message deliv-
ery, for delivery via the named transport. The
default limit is taken from the default_destina-
tion_recipient_limit parameter. The limit is
enforced by the Postfix queue manager.
transport_time_limit
Limit the time for delivery to external command,
for delivery via the named transport. The default
limit is taken from the command_time_limit parame-
ter. The limit is enforced by the Postfix queue
manager.
SEE ALSO
bounce(8) non-delivery status reports
master(8) process manager
qmgr(8) queue manager
syslogd(8) system logging
3
PIPE(8) PIPE(8)
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
4
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/pickup.8.html���������������������������������������������������������������������������100664 � 1751 � 146 � 6054 7017475557 14636� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
PICKUP(8) PICKUP(8)
NAME
pickup - Postfix local mail pickup
SYNOPSIS
pickup [generic Postfix daemon options]
DESCRIPTION
The pickup daemon waits for hints that new mail has been
dropped into the world-writable maildrop directory, and
feeds it into the cleanup(8) daemon. Ill-formatted files
are deleted without notifying the originator. This pro-
gram expects to be run from the master(8) process manager.
STANDARDS
None. The pickup daemon does not interact with the outside
world.
SECURITY
The pickup daemon runs with superuser privileges so that
it 1) can open a queue file with the rights of the submit-
ting user and 2) can access the Postfix private IPC chan-
nels. On the positive side, the program can run chrooted,
opens no files for writing, is careful about what files it
opens for reading, and does not actually touch any data
that is sent to its public service endpoint.
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
BUGS
The pickup daemon copies mail from file to the cleanup(8)
daemon. It could avoid message copying overhead by send-
ing a file descriptor instead of file data, but then the
already complex cleanup(8) daemon would have to deal with
unfiltered user data.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
always_bcc
Address to send a copy of each message that enters
the system.
mail_owner
The process privileges used while not opening a
maildrop file.
queue_directory
Top-level directory of the Postfix queue.
1
PICKUP(8) PICKUP(8)
SEE ALSO
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/outbound.gif����������������������������������������������������������������������������100664 � 1751 � 146 � 7745 7017475557 14645� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������GIF89a
�������!���,����
�ڋH扦ʶ
L
ĢL*̦ JԪj
N
xm%hxCxXHY 29iY):dJډĪK*t[ԻR')
wYl
0�
-=M]m}
==Nݬ\>.O
?~>.ឿv
X`�H
D8=
6xHB
C`̈E M$q_G
Q҃E-cF۸M0w4ie9w)k3
h֒:Zi)/J4խ\iMeԯ6Ң
V:2Z4bӝZJeW%߾4淋YɎoF8`
C5x
wԪ3OxgwtҶg`
hGF[Snyq
}zAt *pcC,Sv߾x}v
`w)<$`xC aWaGYxqu�5֞oQVsi
HAgg~),
YIe[|:Hր"HvSh68a
#EQYVu
Ld\uXY^bnY%
UBBce k~ RWp@tЛd?Dz9柀Ph>m6Ϟn袗(Χi�iy
%i9)
jjR:OAuJPHm%zvK,ɸA̳l�ml_ws(
I~k϶9 `L)Tn~pK%7R5n#{0 /1
?
^gѰ_,q1!CB%r ]�jZ
*Z42
#缐ƌC:s1C
4/m$;K/2G"
%ǪA7g
!5̶O([lX{R'F+i؍1:mk`kH
Nxc6/^8?84Eyc^)/^l_$y蛏Vgz) zw1�^y0nz;q{N$]
|OAߞo?߃/=17_.O9/S{?9{
c{.Nw
N ;8
=
*
aF&aa6"!|(dyXw
�-b^X
ndx& L!=,^[Lc>Uψ
A
8ю#t".�<<&nS'H.R<" ).pvm
d'?YDP~1W)CJO2
*_yOΣN T2ߓ`
)HJBRd1˨GW2|
nLA
r&g;\syl%2WYCq<#7YMv+_K8=ihs%XH
ҟhY
x2t(=EQ3)]ҙ&BBP
5R3sT'IlaBSh
3BudDӞբf\TrH(FZDb5PjVHU&UNBh֭B{1
+Y*/Qe[-ʕ|^W=u{%M~*dbEZ1 -[Yj-䱓GWKg|6U`h>085&`/mJ;GVCxZWЊֶíi
We k祸8.w>mtMr؝.oqZd
jzy=q}XX}_ϱ%>l]2.n-i
02bIx+1;aC,'Ո-z.N΅{d1Fql
j{w̥$٭HZj^@,8q@)_B`r#¬Y
j2_ +fȶ-_2&lZ
f7*ufdJVMnF\r>ځu;iIetmvML�vZijJWke1@/:gUs&տ
kFp2BDעVZXfѿ6bSa;֮4 X^]L[ݰfO ңt ]W{FKH
SENDMAIL(1) SENDMAIL(1)
NAME
sendmail - Postfix to Sendmail compatibility interface
SYNOPSIS
sendmail [option ...] [recipient ...]
mailq
sendmail -bp
newaliases
sendmail -I
DESCRIPTION
The sendmail program implements the Postfix to Sendmail
compatibility interface. For the sake of compatibility
with existing applications, some Sendmail command-line
options are recognized but silently ignored.
By default, sendmail reads a message from standard input
and arranges for delivery. sendmail attempts to create a
queue file in the maildrop directory. If that directory is
not world-writable, the message is piped through the post-
drop(1) command, which is expected to execute with suit-
able privileges.
Specific command aliases are provided for other common
modes of operation:
mailq List the mail queue. Each entry shows the queue
file ID, message size, arrival time, sender, and
the recipients that still need to be delivered. If
mail could not be delivered upon the last attempt,
the reason for failure is shown. This mode of oper-
ation is implemented by connecting to the showq(8)
daemon.
newaliases
Initialize the alias database. If no alias database
type is specified, the program uses the type speci-
fied in the database_type configuration parameter;
if no input file is specified, the program pro-
cesses the file(s) specified with the
alias_database configuration parameter. This mode
of operation is implemented by running the postal-
ias(1) command.
Note: it may take a minute or so before an alias
database update becomes visible. Use the postfix
reload command to eliminate this delay.
These and other features can be selected by specifying the
appropriate combination of command-line options. Some fea-
tures are controlled by parameters in the main.cf configu-
ration file.
1
SENDMAIL(1) SENDMAIL(1)
The following options are recognized:
-B body_type (ignored)
The message body MIME type. Currently, Postfix
implements just-send-eight.
-C config_file (ignored :-)
The path name of the sendmail.cf file. Postfix con-
figuration files are kept in /etc/postfix.
-F full_name
Set the sender full name. This is used only with
messages that have no From: message header.
-I Initialize alias database. See the newaliases com-
mand above.
-N dsn (ignored)
Delivery status notification control. Currently,
Postfix does not implement DSN.
-R return_limit (ignored)
Limit the size of bounced mail. Use the
bounce_size_limit configuration parameter instead.
-X log_file (ignored)
Log mailer traffic. Use the debug_peer_list and
debug_peer_level configuration parameters instead.
-bd Go into daemon mode. This mode of operation is
implemented by executing the postfix start command.
-bi Initialize alias database. See the newaliases com-
mand above.
-bm Read mail from standard input and arrange for
delivery. This is the default mode of operation.
-bp List the mail queue. See the mailq command above.
-bs Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
dard output. This mode of operation is implemented
by running the smtpd(8) daemon.
-f sender
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an Errors-To: message header.
-h hop_count (ignored)
Hop count limit. Use the hopcount_limit configura-
tion parameter instead.
2
SENDMAIL(1) SENDMAIL(1)
-i (ignored)
Lines beginning with "." get special treatment only
with -bs.
-m (ignored)
Backwards compatibility.
-n (ignored)
Backwards compatibility.
-oAalias_database
Non-default alias database. Specify pathname or
type:pathname. See postalias(1) for details.
-o7 (ignored)
-o8 (ignored)
The message body type. Currently, Postfix imple-
ments just-send-eight.
-om (ignored)
The sender is never eliminated from alias etc.
expansions.
-o x value (ignored)
Set option x to value. Use the equivalent configu-
ration parameter in main.cf instead.
-r sender
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an Errors-To: message header.
-q Flush the mail queue. This is implemented by kick-
ing the qmgr(8) daemon.
-qinterval (ignored)
The interval between queue runs. Use the
queue_run_delay configuration parameter instead.
-t Extract recipients from message headers. This
requires that no recipients be specified on the
command line.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
SECURITY
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
3
SENDMAIL(1) SENDMAIL(1)
DIAGNOSTICS
Problems are logged to syslogd(8) and to the standard
error stream.
ENVIRONMENT
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
Enable verbose logging for debugging purposes.
MAIL_DEBUG
Enable debugging with an external command, as spec-
ified with the debugger_command configuration
parameter.
FILES
/var/spool/postfix, mail queue
/etc/postfix, configuration files
CONFIGURATION PARAMETERS
See the Postfix main.cf file for syntax details and for
default values. Use the postfix reload command after a
configuration change.
alias_database
Default alias database(s) for newaliases. The
default value for this parameter is system-spe-
cific.
bounce_size_limit
The amount of original message context that is sent
along with a non-delivery notification.
database_type
Default alias etc. database type. On many UNIX sys-
tems the default type is either dbm or hash.
debugger_command
Command that is executed after a Postfix daemon has
initialized.
debug_peer_level
Increment in verbose logging level when a remote
host matches a pattern in the debug_peer_list
parameter.
debug_peer_list
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
debug_peer_level parameter.
4
SENDMAIL(1) SENDMAIL(1)
fork_attempts
Number of attempts to fork() a process before giv-
ing up.
fork_delay
Delay in seconds between successive fork()
attempts.
hopcount_limit
Limit the number of Received: message headers.
mail_owner
The owner of the mail queue and of most Postfix
processes.
command_directory
Directory with Postfix support commands (default:
$program_directory).
daemon_directory
Directory with Postfix daemon programs (default:
$program_directory).
queue_directory
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
queue_run_delay
The time between successive scans of the deferred
queue.
SEE ALSO
pickup(8) mail pickup daemon
postalias(1) maintain alias database
postdrop(1) privileged posting agent
postfix(1) mail system control
postkick(1) kick a Postfix daemon
qmgr(8) queue manager
showq(8) list mail queue
smtpd(8) SMTP server
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
5
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/motivation.html�������������������������������������������������������������������������100664 � 1751 � 146 � 3241 7017475557 15361� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Postfix
Overview - IntroductionPostfix is the freeware project that I started during my sabattical year in the USA while visiting IBM T.J. Watson Research. I am grateful to IBM for the opportunity to write this software and for their permission to give it away.
Postfix is my attempt to provide an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and hopefully secure, while at the same time being sendmail compatible enough to not upset your users.
The original plan was to release this software under a different name, VMailer. With the release in sight, IBM's lawyers discovered that VMailer was too similar to an existing trade mark. So, the program will go through its life as Postfix instead.
Postfix is a direct competitor to the qmail by Dan Bernstein. That's competitor, not enemy. I'm sure that friendly competition will help to improve both programs.
MASTER(8) MASTER(8)
NAME
master - Postfix master process
SYNOPSIS
master [-c config_dir] [-D] [-t] [-v]
DESCRIPTION
The master daemon is the resident process that runs Post-
fix daemons on demand: daemons to send or receive messages
via the network, daemons to deliver mail locally, etc.
These daemons are created on demand up to a configurable
maximum number per service.
Postfix daemons terminate voluntarily, either after being
idle for a configurable amount of time, or after having
serviced a configurable number of requests. The exception
to this rule is the resident Postfix queue manager.
The behavior of the master daemon is controlled by the
master.cf configuration file. The table specifies zero or
more servers in the UNIX or INET domain, or servers that
take requests from a FIFO. Precise configuration details
are given in the master.cf file, and in the manual pages
of the respective daemons.
Options:
-c config_dir
Read the main.cf and master.cf configuration files
in the named directory.
-D After initialization, run a debugger on the master
process. The debugging command is specified with
the debugger_command in the main.cf global configu-
ration file.
-t Test mode. Return a zero exit status when the mas-
ter.pid lock file does not exist or when that file
is not locked. This is evidence that the master
daemon is not running.
-v Enable verbose logging for debugging purposes. This
option is passed on to child processes. Multiple -v
options make the software increasingly verbose.
Signals:
SIGHUP Upon receipt of a HUP signal (e.g., after postfix
reload), the master process re-reads its configura-
tion files. If a service has been removed from the
master.cf file, its running processes are termi-
nated immediately. Otherwise, running processes
are allowed to terminate as soon as is convenient,
so that changes in configuration settings affect
1
MASTER(8) MASTER(8)
only new service requests.
SIGTERM
Upon receipt of a TERM signal (e.g., after postfix
abort), the master process passes the signal on to
its child processes and terminates. This is useful
for an emergency shutdown. Normally one would ter-
minate only the master (postfix stop) and allow
running processes to finish what they are doing.
DIAGNOSTICS
Problems are reported to syslogd(8).
BUGS
ENVIRONMENT
MAIL_DEBUG
After initialization, start a debugger as specified
with the debugger_command configuration parameter
in the main.cf configuration file.
MAIL_CONFIG
Directory with Postfix configuration files.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
mail_owner
The owner of the mail queue and of most Postfix
processes.
command_directory
Directory with Postfix support programs.
daemon_directory
Directory with Postfix daemon programs.
queue_directory
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
Resource controls
default_process_limit
Default limit for the number of simultaneous child
processes that provide a given service.
max_idle
Limit the time in seconds that a child process
waits between service requests.
2
MASTER(8) MASTER(8)
max_use
Limit the number of service requests handled by a
child process.
service_throttle_time
Time to avoid forking a server that appears to be
broken.
FILES
/etc/postfix/main.cf: global configuration file.
/etc/postfix/master.cf: master process configuration file.
/var/spool/postfix/pid/master.pid: master lock file.
SEE ALSO
qmgr(8) queue manager
pickup(8) local mail pickup
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
3
��������������postfix/doc/mailq.1.html����������������������������������������������������������������������������100664 � 1751 � 146 � 27415 7017475557 14463� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
SENDMAIL(1) SENDMAIL(1)
NAME
sendmail - Postfix to Sendmail compatibility interface
SYNOPSIS
sendmail [option ...] [recipient ...]
mailq
sendmail -bp
newaliases
sendmail -I
DESCRIPTION
The sendmail program implements the Postfix to Sendmail
compatibility interface. For the sake of compatibility
with existing applications, some Sendmail command-line
options are recognized but silently ignored.
By default, sendmail reads a message from standard input
and arranges for delivery. sendmail attempts to create a
queue file in the maildrop directory. If that directory is
not world-writable, the message is piped through the post-
drop(1) command, which is expected to execute with suit-
able privileges.
Specific command aliases are provided for other common
modes of operation:
mailq List the mail queue. Each entry shows the queue
file ID, message size, arrival time, sender, and
the recipients that still need to be delivered. If
mail could not be delivered upon the last attempt,
the reason for failure is shown. This mode of oper-
ation is implemented by connecting to the showq(8)
daemon.
newaliases
Initialize the alias database. If no alias database
type is specified, the program uses the type speci-
fied in the database_type configuration parameter;
if no input file is specified, the program pro-
cesses the file(s) specified with the
alias_database configuration parameter. This mode
of operation is implemented by running the postal-
ias(1) command.
Note: it may take a minute or so before an alias
database update becomes visible. Use the postfix
reload command to eliminate this delay.
These and other features can be selected by specifying the
appropriate combination of command-line options. Some fea-
tures are controlled by parameters in the main.cf configu-
ration file.
1
SENDMAIL(1) SENDMAIL(1)
The following options are recognized:
-B body_type (ignored)
The message body MIME type. Currently, Postfix
implements just-send-eight.
-C config_file (ignored :-)
The path name of the sendmail.cf file. Postfix con-
figuration files are kept in /etc/postfix.
-F full_name
Set the sender full name. This is used only with
messages that have no From: message header.
-I Initialize alias database. See the newaliases com-
mand above.
-N dsn (ignored)
Delivery status notification control. Currently,
Postfix does not implement DSN.
-R return_limit (ignored)
Limit the size of bounced mail. Use the
bounce_size_limit configuration parameter instead.
-X log_file (ignored)
Log mailer traffic. Use the debug_peer_list and
debug_peer_level configuration parameters instead.
-bd Go into daemon mode. This mode of operation is
implemented by executing the postfix start command.
-bi Initialize alias database. See the newaliases com-
mand above.
-bm Read mail from standard input and arrange for
delivery. This is the default mode of operation.
-bp List the mail queue. See the mailq command above.
-bs Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
dard output. This mode of operation is implemented
by running the smtpd(8) daemon.
-f sender
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an Errors-To: message header.
-h hop_count (ignored)
Hop count limit. Use the hopcount_limit configura-
tion parameter instead.
2
SENDMAIL(1) SENDMAIL(1)
-i (ignored)
Lines beginning with "." get special treatment only
with -bs.
-m (ignored)
Backwards compatibility.
-n (ignored)
Backwards compatibility.
-oAalias_database
Non-default alias database. Specify pathname or
type:pathname. See postalias(1) for details.
-o7 (ignored)
-o8 (ignored)
The message body type. Currently, Postfix imple-
ments just-send-eight.
-om (ignored)
The sender is never eliminated from alias etc.
expansions.
-o x value (ignored)
Set option x to value. Use the equivalent configu-
ration parameter in main.cf instead.
-r sender
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an Errors-To: message header.
-q Flush the mail queue. This is implemented by kick-
ing the qmgr(8) daemon.
-qinterval (ignored)
The interval between queue runs. Use the
queue_run_delay configuration parameter instead.
-t Extract recipients from message headers. This
requires that no recipients be specified on the
command line.
-v Enable verbose logging for debugging purposes. Mul-
tiple -v options make the software increasingly
verbose.
SECURITY
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
3
SENDMAIL(1) SENDMAIL(1)
DIAGNOSTICS
Problems are logged to syslogd(8) and to the standard
error stream.
ENVIRONMENT
MAIL_CONFIG
Directory with Postfix configuration files.
MAIL_VERBOSE
Enable verbose logging for debugging purposes.
MAIL_DEBUG
Enable debugging with an external command, as spec-
ified with the debugger_command configuration
parameter.
FILES
/var/spool/postfix, mail queue
/etc/postfix, configuration files
CONFIGURATION PARAMETERS
See the Postfix main.cf file for syntax details and for
default values. Use the postfix reload command after a
configuration change.
alias_database
Default alias database(s) for newaliases. The
default value for this parameter is system-spe-
cific.
bounce_size_limit
The amount of original message context that is sent
along with a non-delivery notification.
database_type
Default alias etc. database type. On many UNIX sys-
tems the default type is either dbm or hash.
debugger_command
Command that is executed after a Postfix daemon has
initialized.
debug_peer_level
Increment in verbose logging level when a remote
host matches a pattern in the debug_peer_list
parameter.
debug_peer_list
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
debug_peer_level parameter.
4
SENDMAIL(1) SENDMAIL(1)
fork_attempts
Number of attempts to fork() a process before giv-
ing up.
fork_delay
Delay in seconds between successive fork()
attempts.
hopcount_limit
Limit the number of Received: message headers.
mail_owner
The owner of the mail queue and of most Postfix
processes.
command_directory
Directory with Postfix support commands (default:
$program_directory).
daemon_directory
Directory with Postfix daemon programs (default:
$program_directory).
queue_directory
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
queue_run_delay
The time between successive scans of the deferred
queue.
SEE ALSO
pickup(8) mail pickup daemon
postalias(1) maintain alias database
postdrop(1) privileged posting agent
postfix(1) mail system control
postkick(1) kick a Postfix daemon
qmgr(8) queue manager
showq(8) list mail queue
smtpd(8) SMTP server
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
5
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/local.8.html����������������������������������������������������������������������������100664 � 1751 � 146 � 51363 7017475557 14460� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
LOCAL(8) LOCAL(8)
NAME
local - Postfix local mail delivery
SYNOPSIS
local [generic Postfix daemon options]
DESCRIPTION
The local daemon processes delivery requests from the
Postfix queue manager to deliver mail to local recipients.
Each delivery request specifies a queue file, a sender
address, a domain or host to deliver to, and one or more
recipients. This program expects to be run from the mas-
ter(8) process manager.
The local daemon updates queue files and marks recipients
as finished, or it informs the queue manager that delivery
should be tried again at a later time. Delivery problem
reports are sent to the bounce(8) or defer(8) daemon as
appropriate.
SYSTEM-WIDE AND USER-LEVEL ALIASING
The system adminstrator can set up one or more system-wide
sendmail-style alias databases. Users can have sendmail-
style ~/.forward files. Mail for name is delivered to the
alias name, to destinations in ~name/.forward, to the
mailbox owned by the user name, or it is sent back as
undeliverable.
The system administrator can specify a comma/space sepa-
rated list of ~/.forward like files through the for-
ward_path configuration parameter. Upon delivery, the
local delivery agent tries each pathname in the list until
a file is found. The forward_path parameter is subject to
interpolation of $user (recipient username), $home (recip-
ient home directory), $shell (recipient shell), $recipient
(complete recipient address), $extension (recipient
address extension), $domain (recipient domain), local
(entire recipient address localpart) and $recipient_delim-
iter. The forms ${name?value} and ${name:value} expand
conditionally to value when $name is (is not) defined.
Characters that may have special meaning to the shell or
file system are replaced by underscores. The list of
acceptable characters is specified with the forward_expan-
sion_filter configuration parameter.
An alias or ~/.forward file may list any combination of
external commands, destination file names, :include:
directives, or mail addresses. See aliases(5) for a pre-
cise description. Each line in a user's .forward file has
the same syntax as the right-hand part of an alias.
When an address is found in its own alias expansion,
delivery is made to the user instead. When a user is
listed in the user's own ~/.forward file, delivery is made
1
LOCAL(8) LOCAL(8)
to the user's mailbox instead. An empty ~/.forward file
means do not forward mail.
In order to prevent the mail system from using up unrea-
sonable amounts of memory, input records read from
:include: or from ~/.forward files are broken up into
chunks of length line_length_limit.
While expanding aliases, ~/.forward files, and so on, the
program attempts to avoid duplicate deliveries. The dupli-
cate_filter_limit configuration parameter limits the num-
ber of remembered recipients.
MAIL FORWARDING
For the sake of reliability, forwarded mail is re-submit-
ted as a new message, so that each recipient has a sepa-
rate on-file delivery status record.
In order to stop mail forwarding loops early, the software
adds an optional Delivered-To: header with the envelope
recipient address. If mail arrives for a recipient that is
already listed in a Delivered-To: header, the message is
bounced.
MAILBOX DELIVERY
The default per-user mailbox is a file in the UNIX mail
spool directory (/var/mail/user or /var/spool/mail/user);
the location can be specified with the mail_spool_direc-
tory configuration parameter.
Alternatively, the per-user mailbox can be a file in the
user's home directory with a name specified via the
home_mailbox configuration parameter. Specify a relative
path name. Specify a name ending in / for qmail-compatible
maildir delivery.
Mailbox delivery can be delegated to an external command
specified with the mailbox_command configuration parame-
ter. The command executes with the privileges of the
recipient user (exception: in case of delivery as root,
the command executes with the privileges of
default_privs).
Mailbox delivery can be delegated to alternative message
transports specified in the master.cf file. The mail-
box_transport configuration parameter specifies a message
transport that is to be used for all local recipients,
regardless of whether they are found in the UNIX passwd
database. The fallback_transport parameter specifies a
message transport for recipients that are not found in the
UNIX passwd database.
In the case of UNIX-style mailbox delivery, the local dae-
mon prepends a "From sender time_stamp" envelope header to
2
LOCAL(8) LOCAL(8)
each message, prepends an optional Delivered-To: header
with the envelope recipient address, prepends a Return-
Path: header with the envelope sender address, prepends a
> character to lines beginning with "From ", and appends
an empty line. The mailbox is locked for exclusive access
while delivery is in progress. In case of problems, an
attempt is made to truncate the mailbox to its original
length.
In the case of maildir delivery, the local daemon prepends
an optional Delivered-To: header with the envelope recipi-
ent address and prepends a Return-Path: header with the
envelope sender address.
EXTERNAL COMMAND DELIVERY
The allow_mail_to_commands configuration parameter
restricts delivery to external commands. The default set-
ting (alias, forward) forbids command destinations in
:include: files.
The command is executed directly where possible. Assis-
tance by the shell (/bin/sh on UNIX systems) is used only
when the command contains shell magic characters, or when
the command invokes a shell built-in command.
A limited amount of command output (standard output and
standard error) is captured for inclusion with non-deliv-
ery status reports. A command is forcibly terminated if
it does not complete within command_time_limit seconds.
Command exit status codes are expected to follow the con-
ventions defined in <sysexits.h>.
A limited amount of message context is exported via envi-
ronment variables. Characters that may have special mean-
ing to the shell are replaced by underscores. The list of
acceptable characters is specified with the command_expan-
sion_filter configuration parameter.
SHELL The recipient user's login shell.
HOME The recipient user's home directory.
USER The bare recipient name.
EXTENSION
The optional recipient address extension.
DOMAIN The recipient address domain part.
LOGNAME
The bare recipient name.
LOCAL The entire recipient address localpart (text to the
left of the rightmost @ character).
3
LOCAL(8) LOCAL(8)
RECIPIENT
The entire recipient address.
The PATH environment variable is always reset to a system-
dependent default path, and the TZ (time zone) environment
variable is always passed on without change.
The current working directory is the mail queue directory.
The local daemon prepends a "From sender time_stamp" enve-
lope header to each message, prepends an optional Deliv-
ered-To: header with the recipient envelope address,
prepends a Return-Path: header with the sender envelope
address, and appends an empty line.
EXTERNAL FILE DELIVERY
The allow_mail_to_files configuration parameter restricts
delivery to external files. The default setting (alias,
forward) forbids file destinations in :include: files.
Specify a pathname ending in / for qmail-compatible
maildir delivery.
The local daemon prepends a "From sender time_stamp" enve-
lope header to each message, prepends an optional Deliv-
ered-To: header with the recipient envelope address,
prepends a > character to lines beginning with "From ",
and appends an empty line. The envelope sender address is
available in the Return-Path: header. When the destina-
tion is a regular file, it is locked for exclusive access
while delivery is in progress. In case of problems, an
attempt is made to truncate a regular file to its original
length.
In the case of maildir delivery, the local daemon prepends
an optional Delivered-To: header with the envelope recipi-
ent address. The envelope sender address is available in
the Return-Path: header.
ADDRESS EXTENSION
The optional recipient_delimiter configuration parameter
specifies how to separate address extensions from local
recipient names.
For example, with "recipient_delimiter = +", mail for
name+foo is delivered to the alias name+foo or to the
alias name, to the destinations listed in ~name/.for-
ward+foo or in ~name/.forward, to the mailbox owned by the
user name, or it is sent back as undeliverable.
In all cases the local daemon prepends an opional `Deliv-
ered-To: name+foo' header line.
DELIVERY RIGHTS
Deliveries to external files and external commands are
4
LOCAL(8) LOCAL(8)
made with the rights of the receiving user on whose behalf
the delivery is made. In the absence of a user context,
the local daemon uses the owner rights of the :include:
file or alias database. When those files are owned by the
superuser, delivery is made with the rights specified with
the default_privs configuration parameter.
STANDARDS
RFC 822 (ARPA Internet Text Messages)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8). Cor-
rupted message files are marked so that the queue manager
can move them to the corrupt queue afterwards.
Depending on the setting of the notify_classes parameter,
the postmaster is notified of bounces and of other trou-
ble.
BUGS
For security reasons, the message delivery status of
external commands or of external files is never check-
pointed to file. As a result, the program may occasionally
deliver more than once to a command or external file. Bet-
ter safe than sorry.
Mutually-recursive aliases or ~/.forward files are not
detected early. The resulting mail forwarding loop is
broken by the use of the Delivered-To: message header.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
alias_maps
List of alias databases.
expand_owner_alias
When delivering to an alias that has an owner- com-
panion alias, set the envelope sender address to
the right-hand side of the owner alias, instead
using of the left-hand side address.
forward_path
Search list for .forward files. The names are sub-
ject to $name expansion.
local_command_shell
Shell to use for external command execution (for
example, /some/where/smrsh -c). When a shell is
specified, it is invoked even when the command
5
LOCAL(8) LOCAL(8)
contains no shell built-in commands or meta charac-
ters.
owner_request_special
Give special treatment to owner-xxx and xxx-request
addresses.
prepend_delivered_header
Prepend an optional Delivered-To: header upon
external forwarding, delivery to command or file.
Specify zero or more of: command, file, forward.
Turning off Delivered-To: when forwarding mail is
not recommended.
recipient_delimiter
Separator between username and address extension.
Mailbox delivery
fallback_transport
Message transport for recipients that are not found
in the UNIX passwd database. This parameter over-
rides luser_relay.
home_mailbox
Pathname of a mailbox relative to a user's home
directory. Specify a path ending in / for maildir-
style delivery.
luser_relay
Destination (@domain or address) for non-existent
users. The address is subjected to $name expan-
sion.
mail_spool_directory
Directory with UNIX-style mailboxes. The default
pathname is system dependent.
mailbox_command
External command to use for mailbox delivery. The
command executes with the recipient privileges
(exception: root). The string is subject to $name
expansions.
mailbox_transport
Message transport to use for mailbox delivery to
all local recipients, whether or not they are found
in the UNIX passwd database. This parameter over-
rides all other configuration parameters that con-
trol mailbox delivery, including luser_relay.
Locking controls
deliver_lock_attempts
Limit the number of attempts to acquire an exclu-
sive lock on a mailbox or external file.
6
LOCAL(8) LOCAL(8)
deliver_lock_delay
Time in seconds between successive attempts to
acquire an exclusive lock.
stale_lock_time
Limit the time after which a stale lock is removed.
Resource controls
command_time_limit
Limit the amount of time for delivery to external
command.
duplicate_filter_limit
Limit the size of the duplicate filter for results
from alias etc. expansion.
line_length_limit
Limit the amount of memory used for processing a
partial input line.
local_destination_concurrency_limit
Limit the number of parallel deliveries to the same
user. The default limit is taken from the
default_destination_concurrency_limit parameter.
local_destination_recipient_limit
Limit the number of recipients per message deliv-
ery. The default limit is taken from the
default_destination_recipient_limit parameter.
Security controls
allow_mail_to_commands
Restrict the usage of mail delivery to external
command.
allow_mail_to_files
Restrict the usage of mail delivery to external
file.
command_expansion_filter
What characters are allowed to appear in $name
expansions of mailbox_command. Illegal characters
are replaced by underscores.
default_privs
Default rights for delivery to external file or
command.
forward_expansion_filter
What characters are allowed to appear in $name
expansions of forward_path. Illegal characters are
replaced by underscores.
7
LOCAL(8) LOCAL(8)
HISTORY
The Delivered-To: header appears in the qmail system by
Daniel Bernstein.
The maildir structure appears in the qmail system by
Daniel Bernstein.
SEE ALSO
aliases(5) format of alias database
bounce(8) non-delivery status reports
postalias(1) create/update alias database
syslogd(8) system logging
qmgr(8) queue manager
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
8
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������postfix/doc/index.html������������������������������������������������������������������������������100664 � 1751 � 146 � 2334 7017475557 14301� 0����������������������������������������������������������������������������������������������������ustar �thivillo������������������������www��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Wietse's Postfix Project
All programmers are optimists -- Frederick P. Brooks, Jr.
First of all, thank you for your interest in the Postfix project.
What is Postfix? It is Wietse Venema's attempt to provide an alternative to the widely-used Sendmail program. Sendmail is responsible for an estimated 70% of all e-mail delivered on the Internet. With an estimated 100 million users, that's billions of messages daily. A stunning number.
Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users.
Postfix
Overview - Goals and Features
Postfix Frequently Asked Questions
This assumes that your organization has set up multiple internal MX hosts for the local domain.
If your intranet does not use MX records internally, you have to specify the gateway host itself:
This assumes that your organization has set up multiple internal MX hosts for the local domain.
If your intranet does not use MX records internally, you have to specify the gateway host itself:
Specify dbm:/etc/postfix/transport if your system uses dbm files instead of db.
How to set up Postfix on the firewall machine so that it relays mail for my.domain to a gateway machine on the inside, and so that it refuses mail for *.my.domain? The problem is that the standard relay_domains mail relaying restriction allows mail to *.my.domain when you specify my.domain.
Specify dbm:/etc/postfix/virtual if your system uses dbm files instead of db.
Unfortunately, the solution cannot use the transport table, because that table is ignored for destinations that match $mydestination. That's an implementation error, and it will be removed.
If your machine is disconnected most of the time, there isn't a lot of opportunity for Postfix to deliver mail to hard-to-reach corners of the Internet. It's better to drop the mail to a machine that is connected all the time.
Normally, Postfix attempts to deliver outbound mail at its convenience. If your machine uses on-demand dialup IP, this causes your system to place a telephone call whenever you submit new mail, and whenever Postfix retries to deliver delayed mail. To prevent such telephone calls from being placed, disable spontaneous SMTP mail deliveries.
Some people use Postfix to deliver mail across a LAN that is disconnected most of the time. Under such conditions, mail delivery can suffer from delays while the Postfix SMTP client performs sender and recipient domain DNS lookups in order to be standards-compliant. To prevent these delays, disable all SMTP client DNS lookups.
When you disable DNS lookups, you must specify the relayhost as either a numeric IP address, or as a hostname that resolves to one or more IP addresses (with DNS lookup disabled, Postfix does no MX lookup).
Put the following command into your PPP or SLIP dialup scripts:
The exact location of the sendmail command is system-specific. With some UNIX versions, use /usr/lib/sendmail. If you have disabled spontaneous SMTP mail delivery, you also need to run the above command every now and then while the dialup link is up, so that newly-posted mail is flushed from the queue.
Address masquerading is intended for use only on mail gateways.
Note that the gateway should have append_dot_domain and append_myorigin turned on (which is the default setting) so that all addresses are fully qualified before they are subjected to address masquerading.
In some cases, you may wish to have certain users or hosts exempted from masquerading.
Note that the order above is crucial: exemptions such as somehost.my.domain must precede $mydomain in the statement.
It should go without saying that if a particular host you wish to exempt this way is originating mail as user@my.domain in the first place, you can hardly exempt it.
Currently, Postfix has no hooks to let other programs inspect every message, so the scanning has to be done before mail enters Postfix or while mail leaves Postfix, for example at mailbox delivery time.
Postfix supports the maildir mailbox format. Edit main.cf and specify a line with: home_mailbox = Maildir/ (any relative pathname that ends in / will do).
The maildir format is also supported for delivery from aliases or .forward files. Specify /file/name/ as destination. The trailing / turns on maildir delivery.
If you can, avoid using any shell meta characters or built-ins such as $ or " or IFS or &&, because they force Postfix to run an expensive shell process.
With a distributed mail system such as Postfix, this is difficult to implement. Postfix does not run any mail delivery process under control by a user. Instead, mail delivery is done by daemon processes that have no parental relationship with user processes. This eliminates a large variety of potential security exploits with environment variables, signal handlers, and with other process attributes that UNIX passes on from parent to child.
In addition, Postfix uses multiple processes in order to insulate subsystems from each other. Making the delivery agents talk directly to user processes would defeat a lot of the effort that went into making Postfix more secure than ordinary mailers.
Solutions, ranging from fighting symptoms to turning off the Delivered-To: header:
POSIX regular expression support (regexp) is enabled by default on modern UNIX systems. Perl-compatible regular expression support (pcre) is optional; see the PCRE_README file in the top-level Postfix source directory.
See also the FAQ item for problems with the majordomo approve command.
Currently, the workaround is to edit the approve script to strip any header lines that match:
Yes, this assumes that the moderator knows what she is doing.
This causes all mail for the some.domain (and subdomains thereof) to be sent via UUCP to the host uucp-host.
uucp unix - n n - - pipe
flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
This runs the uux command, and substitutes the next-hop hostname (uucp-host) and the recipients before executing the command. The uux command is executed without assistance from the shell, so there are no problems with shell meta characters.
Specify dbm instead of hash if your system has no db support.
uucp unix - n n - - pipe
flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
This runs the uux command, and substitutes the next-hop
hostname (uucp-gateway, or whatever you specified) and the
recipients before executing the command. The uux command
is executed without assistance from the shell, so there are no
problems with shell meta characters.
![[debut]](../icons/info.gif){kind=icon}
![[precedent]](../icons/prev.gif){kind=icon}
![[suivant]](../icons/next.gif){kind=icon}
Herv SCHAUER Consultants 1999 -
142, rue de Rivoli -
75039 PARIS CEDEX 01 
sr : bnficier de l'exprience Sendmail...
utiliser "virtual"