Postfix docs Search Results:

Looking for a in entire archive - Found 12400 matches in 114 files
Showing results 1 - 25
Postfix Configuration Parameters, Feb 8 2008
The Postfix main.cf configuration file specifies a very small subset of all the parameters that control the operation of the Postfix mail system. Parameters not explicitly specified are left at their default values.
Whitespace around the "=" is ignored, as is whitespace at the end of a logical line.
Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'.
A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line.
A parameter value may refer to other parameters.
Specify "$$" to produce a single "$" character.
The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the "postconf -d" command.
2bounce_notice_recipient
The recipient of undeliverable mail that cannot be returned to the sender. This feature is enabled with the notify_classes
access_map_reject_code
The numerical Postfix SMTP server response code when a client is rejected by an access(5) map restriction.
Do not change this unless you have a complete understanding of RFC 821.
address_verify_default_transport
(default: $default_transport)
Overrides the default_transport parameter setting for address verification probes.
address_verify_local_transport
(default: $local_transport)
Overrides the local_transport parameter setting for address verification probes.
address_verify_map
Optional lookup table for persistent address verification status storage. The table is maintained by the verify(8) service, and is opened before the process releases privileges.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Configuration Parameters, Feb 8 2008
The Postfix main.cf configuration file specifies a very small subset of all the parameters that control the operation of the Postfix mail system. Parameters not explicitly specified are left at their default values.
Whitespace around the "=" is ignored, as is whitespace at the end of a logical line.
Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'.
A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line.
A parameter value may refer to other parameters.
Specify "$$" to produce a single "$" character.
The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the "postconf -d" command.
2bounce_notice_recipient
The recipient of undeliverable mail that cannot be returned to the sender. This feature is enabled with the notify_classes
access_map_reject_code
The numerical Postfix SMTP server response code when a client is rejected by an access(5) map restriction.
Do not change this unless you have a complete understanding of RFC 821.
address_verify_default_transport
(default: $default_transport)
Overrides the default_transport parameter setting for address verification probes.
address_verify_local_transport
(default: $local_transport)
Overrides the local_transport parameter setting for address verification probes.
address_verify_map
Optional lookup table for persistent address verification status storage. The table is maintained by the verify(8) service, and is opened before the process releases privileges.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Configuration Parameters, Feb 8 2008
The Postfix main.cf configuration file specifies a very small subset of all the parameters that control the operation of the Postfix mail system. Parameters not explicitly specified are left at their default values.
Whitespace around the "=" is ignored, as is whitespace at the end of a logical line.
Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'.
A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line.
A parameter value may refer to other parameters.
Specify "$$" to produce a single "$" character.
The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the "postconf -d" command.
2bounce_notice_recipient
The recipient of undeliverable mail that cannot be returned to the sender. This feature is enabled with the notify_classes
access_map_reject_code
The numerical Postfix SMTP server response code when a client is rejected by an access(5) map restriction.
Do not change this unless you have a complete understanding of RFC 821.
address_verify_default_transport
(default: $default_transport)
Overrides the default_transport parameter setting for address verification probes.
address_verify_local_transport
(default: $local_transport)
Overrides the local_transport parameter setting for address verification probes.
address_verify_map
Optional lookup table for persistent address verification status storage. The table is maintained by the verify(8) service, and is opened before the process releases privileges.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix TLS Support, Feb 8 2008
This document describes a TLS user interface that was introduced with Postfix version 2.3. Support for an older user interface is documented in TLS_LEGACY_README, which also describes the differences between Postfix and the third-party patch on which Postfix version 2.2 TLS support was based.
How Postfix TLS support works
Building Postfix with TLS support
SMTP Server specific settings
SMTP Client specific settings
TLS manager specific settings
Reporting problems
Credits
Getting started, quick and dirty
How Postfix TLS support works
The smtpd(8) server implements the SMTP over TLS server side.
The smtp(8) client implements the SMTP over TLS client side.
The tlsmgr(8) server maintains the pseudo-random number generator (PRNG) that seeds the TLS engines in the smtpd(8) server and smtp(8) client processes, and maintains the TLS session key cache files.
smtpd(8)
tlsmgr(8)
smtp(8)
Building Postfix with TLS support
These instructions assume that you build Postfix from source code as described in the INSTALL document. Some modification may be required if you build Postfix from a vendor-specific source package.
NOTE: Do not use Gnu TLS. It will spontaneously terminate a Postfix daemon process with exit status code 2, instead of allowing Postfix to 1) report the error to the maillog file, and to 2) provide plaintext service where this is appropriate.
% make tidy # if you have left-over files from a previous build % make makefiles CCARGS="-DUSE_TLS" AUXLIBS="-lssl -lcrypto"
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Queue Scheduler, Feb 8 2008
Concurrency scheduling, concerned with the number of concurrent deliveries to a specific destination, including decisions on when to suspend deliveries after persistent failures.
Preemptive scheduling, concerned with the selection of email messages and recipients for a given destination.
Credits, something this document would not be complete without.
Once started, the qmgr(8) process runs until "postfix reload" or "postfix stop". As a persistent process, the queue manager has to meet strict requirements with respect to code correctness and robustness. Unlike non-persistent daemon processes, the queue manager cannot benefit from Postfix's process rejuvenation mechanism that limit the impact from resource leaks and other coding errors (translation: replacing a process after a short time covers up bugs before they can become a problem).
Concurrency scheduling
The following sections document the Postfix 2.5 concurrency scheduler, after a discussion of the limitations of the existing concurrency scheduler. This is followed by results of medium-concurrency experiments, and a discussion of trade-offs between performance and robustness.
Drawbacks of the existing concurrency scheduler
Summary of the Postfix 2.5 concurrency feedback algorithm
Summary of the Postfix 2.5 "dead destination" detection algorithm
Pseudocode for the Postfix 2.5 concurrency scheduler
Results for delivery to concurrency limited servers
Discussion of concurrency limited server results
Limitations of less-than-1 per delivery feedback
Concurrency configuration parameters
Drawbacks of the existing concurrency scheduler
From the start, Postfix has used a simple but robust algorithm where the per-destination delivery concurrency is decremented by 1 after delivery failed due to connection or handshake failure, and incremented by 1 otherwise. Of course the concurrency is never allowed to exceed the maximum per-destination concurrency limit.
And when a destination's concurrency level drops to zero, the destination is declared "dead" and delivery is suspended.
Throttling down to zero concurrency after a single pseudo-cohort(*) failure. This was especially an issue with low-concurrency channels where a single failure could be sufficient to mark a destination as "dead", causing the suspension of further deliveries to the affected destination.
(*) A pseudo-cohort is a number of delivery requests equal to a destination's delivery concurrency.
The revised concurrency scheduler has a highly modular structure.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Address Rewriting, Feb 8 2008
Postfix address rewriting purpose
Transform an incomplete address into a complete address.
Replace an internal address by an external address. For example, replace "username@localdomain.local" by "isp-account@isp.example" when sending mail from a home computer to the Internet.
Determine how and where to deliver mail for a specific address. For example, deliver mail for "username@example.com" with the smtp(8) delivery agent, to the hosts that are listed in the DNS as the mail servers for the domain "example.com".
Although Postfix currently has no address rewriting language, it can do surprisingly powerful address manipulation via table lookup. Postfix typically uses lookup tables with fixed strings to map one address to one or multiple addresses, and typically uses regular expressions to map multiple addresses to one or multiple addresses. Fixed-string lookup tables may be in the form of local files, or in the form of NIS, LDAP or SQL databases. The DATABASE_README document gives an introduction to Postfix lookup tables.
To rewrite message headers or not, or to label as invalid
Postfix address rewriting overview
Address rewriting when mail is received
Rewrite addresses to standard form
Canonical address mapping
Address masquerading
Automatic BCC recipients
Virtual aliasing
Address rewriting when mail is delivered
Resolve address to destination
Mail transport switch
Relocated users table
Address rewriting with remote delivery
Generic mapping for outgoing SMTP mail
Address rewriting with local delivery
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Address Rewriting, Feb 8 2008
Postfix address rewriting purpose
Transform an incomplete address into a complete address.
Replace an internal address by an external address. For example, replace "username@localdomain.local" by "isp-account@isp.example" when sending mail from a home computer to the Internet.
Determine how and where to deliver mail for a specific address. For example, deliver mail for "username@example.com" with the smtp(8) delivery agent, to the hosts that are listed in the DNS as the mail servers for the domain "example.com".
Although Postfix currently has no address rewriting language, it can do surprisingly powerful address manipulation via table lookup. Postfix typically uses lookup tables with fixed strings to map one address to one or multiple addresses, and typically uses regular expressions to map multiple addresses to one or multiple addresses. Fixed-string lookup tables may be in the form of local files, or in the form of NIS, LDAP or SQL databases. The DATABASE_README document gives an introduction to Postfix lookup tables.
To rewrite message headers or not, or to label as invalid
Postfix address rewriting overview
Address rewriting when mail is received
Rewrite addresses to standard form
Canonical address mapping
Address masquerading
Automatic BCC recipients
Virtual aliasing
Address rewriting when mail is delivered
Resolve address to destination
Mail transport switch
Relocated users table
Address rewriting with remote delivery
Generic mapping for outgoing SMTP mail
Address rewriting with local delivery
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Address Rewriting, Feb 8 2008
Postfix address rewriting purpose
Transform an incomplete address into a complete address.
Replace an internal address by an external address. For example, replace "username@localdomain.local" by "isp-account@isp.example" when sending mail from a home computer to the Internet.
Determine how and where to deliver mail for a specific address. For example, deliver mail for "username@example.com" with the smtp(8) delivery agent, to the hosts that are listed in the DNS as the mail servers for the domain "example.com".
Although Postfix currently has no address rewriting language, it can do surprisingly powerful address manipulation via table lookup. Postfix typically uses lookup tables with fixed strings to map one address to one or multiple addresses, and typically uses regular expressions to map multiple addresses to one or multiple addresses. Fixed-string lookup tables may be in the form of local files, or in the form of NIS, LDAP or SQL databases. The DATABASE_README document gives an introduction to Postfix lookup tables.
To rewrite message headers or not, or to label as invalid
Postfix address rewriting overview
Address rewriting when mail is received
Rewrite addresses to standard form
Canonical address mapping
Address masquerading
Automatic BCC recipients
Virtual aliasing
Address rewriting when mail is delivered
Resolve address to destination
Mail transport switch
Relocated users table
Address rewriting with remote delivery
Generic mapping for outgoing SMTP mail
Address rewriting with local delivery
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Bottleneck Analysis, Feb 8 2008
It explains how the qshape(1) program can help to track down the reason for queue congestion. qshape(1) is bundled with Postfix 2.1 and later source code, under the "auxiliary" directory. This document describes qshape(1) as bundled with Postfix 2.4.
Introducing the qshape tool
Trouble shooting with qshape
Example 1: Healthy queue
Example 2: Deferred queue full of dictionary attack bounces
Example 3: Congestion in the active queue
Example 4: High volume destination backlog
Postfix queue directories
The "maildrop" queue
The "hold" queue
The "incoming" queue
The "active" queue
The "deferred" queue
Credits
Introducing the qshape tool
When mail is draining slowly or the queue is unexpectedly large, run qshape(1) as the super-user (root) to help zero in on the problem.
The qshape(1) program displays a tabular view of the Postfix queue contents.
For example, in the output below we see the top 10 lines of the (mostly forged) sender domain distribution for captured spam in the "hold" queue:
In this example, there are 14 messages allegedly from yahoo.com, 1 between 10 and 20 minutes old, 1 between 320 and 640 minutes old and 12 older than 1280 minutes (1440 minutes in a day).
When the output is a terminal intermediate results showing the top 20 domains (-n option) are displayed after every 1000 messages (-N option) and the final output also shows only the top 20 domains. This makes qshape useful even when the deferred queue is very large and it may otherwise take prohibitively long to read the entire deferred queue.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Virtual Domain Hosting Howto, Feb 8 2008
Canonical versus hosted versus other domains
Local files versus network databases
As simple as can be: shared domains, UNIX system accounts
Postfix virtual ALIAS example: separate domains, UNIX system accounts
Postfix virtual MAILBOX example: separate domains, non-UNIX accounts
Non-Postfix mailbox store: separate domains, non-UNIX accounts
Mail forwarding domains
Mailing lists
Autoreplies
Canonical versus hosted versus other domains
Most Postfix systems are final destination for only a few domain names. These include the hostnames and of the machine that Postfix runs on, and sometimes also include the parent domain of the hostname. The remainder of this document will refer to these domains as the canonical domains. They are usually implemented with the Postfix local domain address class, as defined in the ADDRESS_CLASS_README file.
Besides the canonical domains, Postfix can be configured to be final destination for any number of additional domains.
These domains are called hosted, because they are not directly associated with the name of the machine itself. Hosted domains are usually implemented with the virtual alias domain address class and/or with the virtual mailbox domain address class, as defined in the ADDRESS_CLASS_README file.
But wait! There is more. Postfix can be configured as a backup MX host for other domains. In this case Postfix is not the final destination for those domains. It merely queues the mail when the primary MX host is down, and forwards the mail when the primary MX host becomes available. This function is implemented with the relay domain address class, as defined in the ADDRESS_CLASS_README
Finally, Postfix can be configured as a transit host for sending mail across the internet. Obviously, Postfix is not final destination for such mail. This function is available only for authorized clients and/or users, and is implemented by the default domain
address class, as defined in the ADDRESS_CLASS_README file.
Local files versus network databases
See the documentation in LDAP_README, MYSQL_README and PGSQL_README
Example: postmap -q info@example.com ldap:/etc/postfix/virtual.cf
As simple as can be: shared domains, UNIX system accounts
...limit of 20 lines reached, additional matching lines are not shown...

Postfix and Mailman deliver enhanced e-mail security and performance, Feb 8 2008
Home
Mail this Article
Topical Index
Backissues
SunWHERE
Subscribe, It's Free
Letters to the Editor
Events Calendar
TechDispatch Newsletters
Solaris Security
Secure Programming
Performance Q&A
SE Toolkit
Keep in mind the fundamental architecture of e-mail processing: At your desktop, you compose a message. You use a mail user agent (MUA) as the user interface to pass your message, along with such other information as the address for which it's intended, to an e-mail server. A mail transfer agent (MTA) on the server takes responsibility for figuring out how best to deliver your message (Is it local -- should it go through my LAN? Is it external? What server on the other end will receive it?). Generally, it communicates with another MTA on the server used by your intended recipient. Once the message has been received by that second MTA, it's available for your recipient's MUA to access it.
Sendmail isn't perfect, though. It's bulky, difficult, and has a history of security problems. More precisely, it's in just the shape you'd expect of a product originally built for a much different computing environment, and it's been patched and rewritten during several computing generations. Still, the Sendmail development team has achieved quite a feat in bringing it forward from the far more relaxed security traditions of two decades ago.
Wietse Venema has an alternative, though. Venema, a security expert on the IBM Research staff, started fresh, and has produced Postfix, a drop-in replacement for Sendmail which promises to deliver e-mail more quickly, conveniently, and safely.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Standard Configuration Examples, Feb 8 2008
This document presents a number of typical Postfix configurations.
This document should be reviewed after you have followed the basic configuration steps as described in the BASIC_CONFIGURATION_README
Postfix on a stand-alone Internet host
Postfix on a null client
Postfix on a local network
Postfix email firewall/gateway
Delivering some but not all accounts locally
Running Postfix behind a firewall
Configuring Postfix as primary or backup MX host for a remote site
Postfix on a dialup machine
Postfix on hosts without a real Internet hostname
Postfix on a stand-alone Internet host
Postfix should work out of the box without change on a stand-alone machine that has direct Internet access. At least, that is how Postfix installs when you download the Postfix source code via http://www.postfix.org/.
You can use the command "postconf -n" to find out what settings are overruled by your main.cf. Besides a few pathname settings, few parameters should be set on a stand-alone box, beyond what is covered in the BASIC_CONFIGURATION_README document:
/etc/postfix/main.cf: # Optional: send mail as user@domainname instead of user@hostname.
#myorigin = $mydomain
#proxy_interfaces = 1.2.3.4
mynetworks_style = host relay_domains =
# mynetworks = 192.168.1.0/28 # relay_domains =
See also the section "Postfix on hosts without a real Internet hostname" if this is applicable to your configuration.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Basic Configuration, Feb 8 2008
Postfix has several hundred configuration parameters that are controlled via the main.cf file. Fortunately, all parameters have sensible default values. In many cases, you need to configure only two or three parameters before you can start to play with the mail system. Here's a quick introduction to the syntax:
Postfix configuration files
The text below assumes that you already have Postfix installed on the system, either by compiling the source code yourself (as described in the INSTALL file) or by installing an already compiled version.
This document covers basic Postfix configuration. Information about how to configure Postfix for specific applications such as mailhub, firewall or dial-up client can be found in the STANDARD_CONFIGURATION_README file. But don't go there until you already have covered the material presented below.
What domain name to use in outbound mail
What domains to receive mail for
What clients to relay mail from
What destinations to relay mail to
What delivery method: direct or indirect
What trouble to report to the postmaster
Be sure to set the following correctly if you're behind a proxy or network address translator, and you are running a backup MX host for some other domain:
Proxy/NAT external network addresses
Postfix daemon processes run in the background, and log problems and normal activity to the syslog daemon. Here are a few things that you need to be aware of:
What you need to know about Postfix logging
If your machine has unusual security requirements you may want to run Postfix daemon processes inside a chroot environment.
Running Postfix daemon processes chrooted
If you run Postfix on a virtual network interface, or if your machine runs other mailers on virtual interfaces, you'll have to look at the other parameters listed here as well:
My own hostname
My own domain name
My own network addresses
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Installation From Source Code, Feb 8 2008
1 - Purpose of this document
If you are using a pre-compiled version of Postfix, you should start with BASIC_CONFIGURATION_README and the general documentation referenced by it. INSTALL is only a bootstrap document to get Postfix up and running from scratch with the minimal number of steps; it should not be considered part of the general documentation.
This document describes how to build, install and configure a Postfix system so that it can do one of the following:
Send and receive mail via a virtual host interface, still without any change to an existing Sendmail installation.
Purpose of this document
Typographical conventions
Documentation
Building on a supported system
Porting Postfix to an unsupported system
Installing the software after successful compilation
Configuring Postfix to send mail only
Configuring Postfix to send and receive mail via virtual interface
Running Postfix instead of Sendmail
Mandatory configuration file edits
To chroot or not to chroot
Care and feeding of the Postfix system
2 - Typographical conventions
In the instructions below, a command written as
A command written as
3 - Documentation
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Performance Tuning, Feb 8 2008
The hints and tips in this document help you improve the performance of Postfix systems that already work. If your Postfix system is unable to receive or deliver mail, then you need to solve those problems first, using the DEBUG_README document as guidance.
For tuning external content filter performance, first read the respective information in the FILTER_README and SMTPD_PROXY_README
documents. Then make sure to avoid latency in the content filter code. As much as possible avoid performing queries against external data sources with a high or highly variable delay. Your content filter will run with a small concurrency to avoid CPU/memory starvation, and if any latency creeps in, content filter throughput will suffer. High volume environments should avoid RBL lookups, complex database queries and so on.
General mail receiving performance tips
Doing more work with your SMTP server processes
Slowing down SMTP clients that make many errors
Measures against clients that make too many connections
General mail delivery performance tips
Tuning the frequency of deferred mail delivery attempts
Tuning the number of simultaneous deliveries
Tuning the number of recipients per delivery
Tuning the number of Postfix processes
Tuning the number of open files or sockets
smtp-source, SMTP/LMTP message generator
smtp-sink, SMTP/LMTP message dump
qmqp-source, QMQP message generator
qmqp-sink, QMQP message dump
General mail receiving performance tips
Read and understand the maildrop queue, incoming queue, and active queue discussions in the QSHAPE_README document.
Run a local name server to reduce slow-down due to DNS lookups. If you run multiple Postfix systems, point each local name server to a shared forwarding server to reduce the number of lookups across the upstream network link.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix After-Queue Content Filter, Feb 8 2008
This document describes implementations that use a single Postfix instance for everything: receiving, filtering and delivering mail. Applications that use two separate Postfix instances will be covered by a later version of this document.
The after-queue content filter is not to be confused with the approaches described in the SMTPD_PROXY_README or MILTER_README
Principles of operation
Simple content filter example
Simple content filter performance
Simple content filter limitations
Turning off the simple content filter
Advanced content filter example
Advanced content filter performance
Turning off the advanced content filter
Filtering mail from outside users only
Different filters for different domains
FILTER actions in access or header/body tables
Principles of operation
Reject the mail (by sending a suitable status code back to Postfix). Postfix will send the mail back to the sender address.
NOTE: in this time of mail worms and forged spam, it is a VERY BAD IDEA to send viruses back to the sender address, because the sender address is almost certainly not the originator. It is better to discard known viruses, and to quarantine material that is suspect so that a human can decide what to do with it.
Simple content filter example
The first example is simple to set up, but has major limitations that will be addressed in a second example. Postfix receives unfiltered mail from the network with the smtpd(8) server, and delivers unfiltered mail to a content filter with the Postfix pipe(8) delivery agent. The content filter injects filtered mail back into Postfix with the Postfix sendmail(1) command, so that Postfix can deliver it to the final destination.
This means that mail submitted via the Postfix sendmail(1)
In the figure below, names followed by a number represent Postfix commands or daemon programs. See the OVERVIEW
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Address Verification, Feb 8 2008
The sender/recipient address verification feature described in this document is suitable only for low-traffic sites. It performs poorly under high load; excessive sender address verification activity may even cause your site to be blacklisted by some providers. See the "Limitations" section below for details.
What Postfix address verification can do for you
Address verification is a feature that allows the Postfix SMTP server to block a sender (MAIL FROM) or recipient (RCPT TO) address until the address has been verified to be deliverable.
The technique may also be useful to block mail for undeliverable recipients, for example on a mail relay host that does not have a list of all the valid recipient addresses. This prevents undeliverable junk mail from entering the queue, so that Postfix doesn't have to waste resources trying to send MAILER-DAEMON messages back.
How address verification works
Limitations of address verification
Recipient address verification
Sender address verification for mail from frequently forged domains
Sender address verification for all email
Address verification database
Managing the address verification database
Controlling the routing of address verification probes
Forced probe routing examples
Limitations of forced probe routing
How address verification works
A sender or recipient address is verified by probing the nearest MTA for that address, without actually delivering mail. The nearest MTA could be Postfix itself, or it could be a remote MTA (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded.
Postfix
server
Postfix
server
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Architecture Overview, Feb 8 2008
This document presents an overview of the Postfix architecture, and is the place where you find a pointer to every Postfix command or server program. The text gives the general context in which each command or server program is used, and provides pointers to documents with specific usage examples and background information.
How Postfix receives mail
How Postfix delivers mail
Postfix behind the scenes
Postfix support commands
How Postfix receives mail
When a message enters the Postfix mail system, the first stop on the inside is the incoming queue. The figure below shows the main processes that are involved with new mail. Names followed by a number are Postfix commands or server programs, while unnumbered names inside shaded areas represent Postfix queues.
trivial-
rewrite(8)
smtpd(8)
qmqpd(8)
cleanup(8)
incoming
pickup(8)
maildrop
sendmail(1)
postdrop(1)
Network mail enters Postfix via the smtpd(8) or qmqpd(8)
servers. These servers remove the SMTP or QMQP protocol encapsulation, enforce some sanity checks to protect Postfix, and give the sender, recipients and message content to the cleanup(8) server. The smtpd(8) server can be configured to block unwanted mail, as described in the SMTPD_ACCESS_README document.
Local submissions are received with the Postfix sendmail(1)
...limit of 20 lines reached, additional matching lines are not shown...

Postfix LDAP Howto, Feb 8 2008
Postfix can use an LDAP directory as a source for any of its lookups: aliases(5), virtual(5), canonical(5), etc. This allows you to keep information for your mail service in a replicated network database with fine-grained access controls. By not storing it locally on the mail server, the administrators can maintain it from anywhere, and the users can control whatever bits of it you think appropriate. You can have multiple mail servers using the same information, without the hassle and delay of having to copy it to each.
Building Postfix with LDAP support
Configuring LDAP lookups
Example: aliases
Example: virtual domains/addresses
Example: expanding LDAP groups
Other uses of LDAP lookups
Notes and things to think about
Feedback
Credits
Building Postfix with LDAP support
These instructions assume that you build Postfix from source code as described in the INSTALL document. Some modification may be required if you build Postfix from a vendor-specific source package.
If you're using the libraries from the UM distribution (http://www.umich.edu/~dirsvcs/ldap/ldap.html) or OpenLDAP (http://www.openldap.org), something like this in the top level of your Postfix source tree should work:
If your LDAP libraries were built with Kerberos support, you'll also need to include your Kerberos libraries in this line. Note that the KTH Kerberos IV libraries might conflict with Postfix's lib/libdns.a, which defines dns_lookup. If that happens, you'll probably want to link with LDAP libraries that lack Kerberos support just to build Postfix, as it doesn't support Kerberos binds to the LDAP server anyway. Sorry about the bother.
Configuring LDAP lookups
In order to use LDAP lookups, define an LDAP source as a table lookup in main.cf, for example:
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
The file /etc/postfix/ldap-aliases.cf can specify a great number of parameters, including parameters that enable LDAP SSL and STARTTLS. For a complete description, see the ldap_table(5) manual page.
Example: local(8) aliases
Here's a basic example for using LDAP to look up local(8)
...limit of 20 lines reached, additional matching lines are not shown...

Sys Admin Magazine Online, Feb 8 2008
Root
Current
Archives
Downloads
Solaris Corner
LINUX Rookery
Tool Showcase
Q&A
Resources
Newsletters
Marketing opps
HOME | CONTACT US | SUBSCRIBE | ADVERTISE | WRITE FOR US | ABOUT US | CDROM
Wietse Venema, probably best known as the developer of SATAN and the TCP Wrapper security tools, has now created Secure Mailer. In December of 1998, IBM released Secure Mailer as open source software providing a new, freely available alternative to the nearly universal Sendmail program. The program, more commonly known in open-source circles as Postfix, attempts to be fast, easy to administer, and secure. One of the primary goals of Postfix is to be widely implemented in order to make the most significant impact on the performance and security of Internet email overall.
Sendmail by some estimates handles nearly three-quarters of all email on the Internet, but it has had a bit of a checkered past with a history of security problems. A scan through the CERT Advisories quickly turned up more than a dozen Sendmail incidents.
Although Sendmail developers have made a lot of progress in bringing it up to date for an environment that was unimaginable when it was originally created, Postfix offers a solid alternative that is inherently more secure.
In addition to tighter security, Postfix offers several advantages over Sendmail while maintaining a high level of compatibility with it. The Postfix Web site claims that it is up to three times faster than its nearest competitor. (There are several other Sendmail alternatives, such as qmail and various commercial packages.) It is designed to be robust and behave well under stress. For example, runaway conditions that might occur during error handling are diminished because the software pauses before sending error messages or terminating with a fatal error. It operates under a "no thundering herd" policy when delivering mail to other hosts. Initially, Postfix will make only two simultaneous connections. If the deliveries succeed, Postfix will slowly increase connections up to a configurable limit. It will also detect whether the receiving host can no longer handle the load and decrease the number of connections.
In processing its own queue, Postfix implements a few other policies to make it a well-behaved software package. The queue manager sorts messages by destination and processes deliveries in a round-robin fashion to hit all destinations in the queue. Postfix will only make simultaneous deliveries to the same host when it does not have messages for other destinations waiting. If a message cannot be delivered, the queue manager marks it with a time stamp.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix before-queue Milter support, Feb 8 2008
The reason for adding Milter support to Postfix is that there exists a large collection of applications, not only to block unwanted mail, but also to verify authenticity (examples: DomainKeys Identified Mail (DKIM), SenderID+SPF and DomainKeys) or to digitally sign mail (examples: DomainKeys Identified Mail (DKIM), DomainKeys).
Having yet another Postfix-specific version of all that software is a poor use of human and system resources.
See, however, the workarounds and limitations sections at the end of this document.
How Milter applications plug into Postfix
Building Milter applications
Running Milter applications
Configuring Postfix
Workarounds
Limitations
How Milter applications plug into Postfix
The SMTP-only filters handle mail that arrives via the Postfix smtpd(8) server. They are typically used to filter unwanted mail and to sign mail from authorized SMTP clients. You specify SMTP-only Milter applications with the smtpd_milters parameter as described in a later section. Mail that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters that are described next.
The non-SMTP filters handle mail that arrives via the Postfix sendmail(1) command-line or via the Postfix qmqpd(8) server.
They are typically used to digitally sign mail only. Although non-SMTP filters can be used to filter unwanted mail, they have limitations compared to the SMTP-only filters. You specify non-SMTP Milter applications with the non_smtpd_milters parameter as described in a later section.
For those who are familiar with the Postfix architecture, the figure below shows how Milter applications plug into Postfix. Names followed by a number are Postfix commands or server programs, while unnumbered names inside shaded areas represent Postfix queues. To avoid clutter, the path for local submission is simplified (the OVERVIEW document has a more complete description).
smtpd(8)
qmqpd(8)
cleanup(8)
incoming
pickup(8)
sendmail(1)
...limit of 20 lines reached, additional matching lines are not shown...

Postfix SASL Howto, Feb 8 2008
The Cyrus SASL library is a lot of code. With this, Postfix becomes as secure as other mail systems that use the Cyrus SASL library.
How Postfix uses SASL authentication information
Postfix SASL support (RFC 4954, formerly RFC 2554) can be used to authenticate remote SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server.
When receiving mail, the Postfix SMTP server logs the client-provided username, authentication method, and sender address to the maillog file, and optionally grants mail access via the permit_sasl_authenticated
When sending mail, the Postfix SMTP client can look up the remote SMTP server hostname or destination domain (the address right-hand part) in a SASL password table, and if a username/password is found, it will use that username and password to authenticate to the remote SMTP server. And as of version 2.3, Postfix can be configured to search its SASL password table by the sender email address.
What SASL implementations are supported
Building Postfix with Dovecot SASL support
Building the Cyrus SASL library
Building Postfix with Cyrus SASL support
Enabling SASL authentication in the Postfix SMTP server
Dovecot SASL configuration for the Postfix SMTP server
Cyrus SASL configuration for the Postfix SMTP server
Testing SASL authentication in the Postfix SMTP server
Trouble shooting the SASL internals
Enabling SASL authentication in the Postfix SMTP client
Supporting multiple ISP accounts in the Postfix SMTP client
Credits
What SASL implementations are supported
Postfix version 2.3 introduces a plug-in mechanism that provides support for multiple SASL implementations. To find out what implementations are built into Postfix, use the following commands:
% postconf -a (SASL support in the SMTP server) % postconf -A (SASL support in the SMTP+LMTP client)
...limit of 20 lines reached, additional matching lines are not shown...

sendmail.net:, Feb 8 2008
home search about us site map policies
using sendmail
interviews
articles
conferences
sendmail, inc.
sendmail.org
home
q&a: wietse venema
Q&A: Wietse Venema
When you name a program SATAN, you can expect your intentions to be misread. Wietse Venema discovered this firsthand when he and colleague Dan Farmer released the Security Administrator Tool for Analyzing Networks, reporting software designed to let administrators test their own networks for vulnerabilities, but immediately misconstrued as a toy for budding crackers.
There's little chance that mistake will be repeated. Venema's name has become synonymous with security in the minds of sysadmins worldwide, thanks to his work on SATAN,
TCP Wrappers, and a host of other tools to keep the scriptkiddies at bay. This work hasn't gone unnoticed: at the LISA '99 conference last November, Venema received the SAGE Outstanding Achievement Award, an honor previously bestowed upon the likes of Paul Vixie and Larry Wall.
The other thing Venema's famous for, of course, is Postfix, the mail transfer agent he wrote after coming to IBM's Thomas J. Watson Research Center from the Netherlands. Known briefly by the name "VMailer," Postfix aims to be "fast, easy to configure, and hopefully secure." We spoke with Venema by phone about Postfix, security, and the superiority of asynchronous communication - i.e., email.
mark durham
sendmail newsgroup -->
comp.mail.sendmail newsgroup
give us feedback
buy the knife
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Add-on Software, Feb 8 2008
Home
Non-English Info
Feature overview
Web sites (text)
Download (source)
Mailing lists
Press and Interviews
Documentation
Howtos and FAQs
Add-on Software
Packages and Ports
Becoming a mirror site
authentication |
webmail |
PGP/SMIME gateways |
policy servers/libraries |
open proxy/relay detection |
before smtp auth |
certified email |
run/configuration/queue/user mgt |
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Add-on Software, Feb 8 2008
Home
Non-English Info
Feature overview
Web sites (text)
Download (source)
Mailing lists
Press and Interviews
Documentation
Howtos and FAQs
Add-on Software
Packages and Ports
Becoming a mirror site
authentication |
webmail |
PGP/SMIME gateways |
policy servers/libraries |
open proxy/relay detection |
before smtp auth |
certified email |
run/configuration/queue/user mgt |
...limit of 20 lines reached, additional matching lines are not shown...


Limit of 25 files reached.
New Query: Rank by:
Search results by Webglimpse Advanced Site Search Engine