Postfix docs Search Results:

Looking for postfix in entire archive - Found 5940 matches in 113 files
Showing results 1 - 25
Postfix Configuration Parameters, Feb 8 2008
Postfix Configuration Parameters
Postfix Configuration Parameters
Postfix main.cf file format
The Postfix main.cf configuration file specifies a very small subset of all the parameters that control the operation of the Postfix mail system. Parameters not explicitly specified are left at their default values.
The expression "${name?value}" expands to "value" when "$name" is non-empty. This form is supported with Postfix version 2.2 and later.
The expression "${name:value}" expands to "value" when "$name" is empty. This form is supported with Postfix version 2.2 and later.
The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the "postconf -d" command.
Note: this is not an invitation to make changes to Postfix configuration parameters. Unnecessary changes are likely to impair the operation of the mail system.
The numerical Postfix SMTP server response code when a client is rejected by an access(5) map restriction.
This feature is available in Postfix 2.1 and later.
This feature is available in Postfix 2.1 and later.
By default, the information is kept in volatile memory, and is lost after "postfix reload" or "postfix stop".
Specify a location in a file system that will not fill up. If the database becomes corrupted, the world comes to an end. To recover delete the file and do "postfix reload".
As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
address_verify_map = hash:/var/lib/postfix/verify address_verify_map = btree:/var/lib/postfix/verify
This feature is available in Postfix 2.1 and later.
When this feature is disabled, Postfix will generate an address probe for every lookup.
This feature is available in Postfix 2.1 and later.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Configuration Parameters, Feb 8 2008
Postfix Configuration Parameters
Postfix Configuration Parameters
Postfix main.cf file format
The Postfix main.cf configuration file specifies a very small subset of all the parameters that control the operation of the Postfix mail system. Parameters not explicitly specified are left at their default values.
The expression "${name?value}" expands to "value" when "$name" is non-empty. This form is supported with Postfix version 2.2 and later.
The expression "${name:value}" expands to "value" when "$name" is empty. This form is supported with Postfix version 2.2 and later.
The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the "postconf -d" command.
Note: this is not an invitation to make changes to Postfix configuration parameters. Unnecessary changes are likely to impair the operation of the mail system.
The numerical Postfix SMTP server response code when a client is rejected by an access(5) map restriction.
This feature is available in Postfix 2.1 and later.
This feature is available in Postfix 2.1 and later.
By default, the information is kept in volatile memory, and is lost after "postfix reload" or "postfix stop".
Specify a location in a file system that will not fill up. If the database becomes corrupted, the world comes to an end. To recover delete the file and do "postfix reload".
As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
address_verify_map = hash:/var/lib/postfix/verify address_verify_map = btree:/var/lib/postfix/verify
This feature is available in Postfix 2.1 and later.
When this feature is disabled, Postfix will generate an address probe for every lookup.
This feature is available in Postfix 2.1 and later.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Configuration Parameters, Feb 8 2008
Postfix Configuration Parameters
Postfix Configuration Parameters
Postfix main.cf file format
The Postfix main.cf configuration file specifies a very small subset of all the parameters that control the operation of the Postfix mail system. Parameters not explicitly specified are left at their default values.
The expression "${name?value}" expands to "value" when "$name" is non-empty. This form is supported with Postfix version 2.2 and later.
The expression "${name:value}" expands to "value" when "$name" is empty. This form is supported with Postfix version 2.2 and later.
The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the "postconf -d" command.
Note: this is not an invitation to make changes to Postfix configuration parameters. Unnecessary changes are likely to impair the operation of the mail system.
The numerical Postfix SMTP server response code when a client is rejected by an access(5) map restriction.
This feature is available in Postfix 2.1 and later.
This feature is available in Postfix 2.1 and later.
By default, the information is kept in volatile memory, and is lost after "postfix reload" or "postfix stop".
Specify a location in a file system that will not fill up. If the database becomes corrupted, the world comes to an end. To recover delete the file and do "postfix reload".
As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.
address_verify_map = hash:/var/lib/postfix/verify address_verify_map = btree:/var/lib/postfix/verify
This feature is available in Postfix 2.1 and later.
When this feature is disabled, Postfix will generate an address probe for every lookup.
This feature is available in Postfix 2.1 and later.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix TLS Support, Feb 8 2008
Postfix TLS Support
Postfix TLS Support
By turning on TLS support in Postfix, you not only get the ability to encrypt mail and to authenticate remote SMTP clients or servers.
You also turn on thousands and thousands of lines of OpenSSL library code. Assuming that OpenSSL is written as carefully as Wietse's own code, every 1000 lines introduce one additional bug into Postfix.
What Postfix TLS support does for you
This document describes a TLS user interface that was introduced with Postfix version 2.3. Support for an older user interface is documented in TLS_LEGACY_README, which also describes the differences between Postfix and the third-party patch on which Postfix version 2.2 TLS support was based.
How Postfix TLS support works
Building Postfix with TLS support
How Postfix TLS support works
The diagram below shows the main elements of the Postfix TLS architecture and their relationships. Colored boxes with numbered names represent Postfix daemon programs. Other colored boxes represent storage elements.
Building Postfix with TLS support
These instructions assume that you build Postfix from source code as described in the INSTALL document. Some modification may be required if you build Postfix from a vendor-specific source package.
To build Postfix with TLS support, first we need to generate the make(1) files with the necessary definitions. This is done by invoking the command "make makefiles" in the Postfix top-level directory and with arguments as shown next.
NOTE: Do not use Gnu TLS. It will spontaneously terminate a Postfix daemon process with exit status code 2, instead of allowing Postfix to 1) report the error to the maillog file, and to 2) provide plaintext service where this is appropriate.
If you need to apply other customizations (such as Berkeley DB databases, MySQL, PostgreSQL, LDAP or SASL), see the respective Postfix README documents, and combine their "make makefiles" instructions with the instructions above:
To complete the build process, see the Postfix INSTALL
instructions. Postfix has TLS support turned off by default, so you can start using Postfix as soon as it is installed.
Enabling TLS in the Postfix SMTP server
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Installation From Source Code, Feb 8 2008
Postfix Installation From Source Code
Postfix Installation From Source Code
If you are using a pre-compiled version of Postfix, you should start with BASIC_CONFIGURATION_README and the general documentation referenced by it. INSTALL is only a bootstrap document to get Postfix up and running from scratch with the minimal number of steps; it should not be considered part of the general documentation.
This document describes how to build, install and configure a Postfix system so that it can do one of the following:
Run Postfix instead of Sendmail.
Porting Postfix to an unsupported system
Configuring Postfix to send mail only
Configuring Postfix to send and receive mail via virtual interface
Running Postfix instead of Sendmail
Care and feeding of the Postfix system
In order to view the manual pages before installing Postfix, point your MANPATH environment variable to the "man" subdirectory; be sure to use an absolute path.
All Postfix source files have their own built-in manual page.
At some point in time, a version of Postfix was supported on:
If you need to build Postfix for multiple architectures, use the "lndir" command to build a shadow tree with symbolic links to the source files. "lndir" is part of X11R6.
If at any time in the build process you get messages like: "make: don't know how to ..." you should be able to recover by running the following command from the Postfix top-level directory:
If you copied the Postfix source code after building it on another machine, it is a good idea to cd into the top-level directory and first do this:
To build with GCC, or with the native compiler if people told me that is better for your system, just cd into the top-level Postfix directory of the source tree and type:
By default, Postfix builds as a mail system with relatively few bells and whistles. Support for third-party databases etc.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Address Rewriting, Feb 8 2008
Postfix Address Rewriting
Postfix Address Rewriting
Postfix address rewriting purpose
Address rewriting is at the heart of the Postfix mail system.
Postfix rewrites addresses for many different purposes. Some are merely cosmetic, and some are necessary to deliver correctly formatted mail to the correct destination. Examples of address rewriting in Postfix are:
Although Postfix currently has no address rewriting language, it can do surprisingly powerful address manipulation via table lookup. Postfix typically uses lookup tables with fixed strings to map one address to one or multiple addresses, and typically uses regular expressions to map multiple addresses to one or multiple addresses. Fixed-string lookup tables may be in the form of local files, or in the form of NIS, LDAP or SQL databases. The DATABASE_README document gives an introduction to Postfix lookup tables.
Postfix address rewriting overview
Postfix versions 2.1 and earlier always rewrite message header addresses, and append Postfix's own domain information to addresses that Postfix considers incomplete. While rewriting message header addresses is OK for mail with a local origin, it is undesirable for remote mail:
Appending Postfix's own domain produces incorrect results with some incomplete addresses,
Appending Postfix's own domain sometimes creates the appearance that spam is sent by local users.
Postfix versions 2.2 give you the option to either not rewrite message headers from remote SMTP clients at all, or to label incomplete addresses in such message headers as invalid. Here is how it works:
Postfix always rewrites message headers from local SMTP clients and from the Postfix sendmail command, and appends its own domain to incomplete addresses. The local_header_rewrite_clients parameter controls what SMTP clients Postfix considers local (by default, only local network interface addresses).
Postfix never rewrites message header addresses from remote SMTP clients when the remote_header_rewrite_domain parameter value is empty (the default setting).
Otherwise, Postfix rewrites message headers from remote SMTP clients, and appends the remote_header_rewrite_domain value to incomplete addresses. This feature can be used to append a reserved domain such as "domain.invalid", so that incomplete addresses cannot be mistaken for local addresses.
Postfix address rewriting overview
The figure below zooms in on those parts of Postfix that are most involved with address rewriting activity. See the OVERVIEW document for an overview of the complete Postfix architecture. Names followed by a number are Postfix daemon programs, while unnumbered names represent Postfix queues or internal sources of mail messages.
The table below summarizes all Postfix address manipulations.
The cleanup(8) server receives mail from outside of Postfix as well as mail from internal sources such as forwarded mail, undeliverable mail that is bounced to the sender, and postmaster notifications about problems with the mail system.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Address Rewriting, Feb 8 2008
Postfix Address Rewriting
Postfix Address Rewriting
Postfix address rewriting purpose
Address rewriting is at the heart of the Postfix mail system.
Postfix rewrites addresses for many different purposes. Some are merely cosmetic, and some are necessary to deliver correctly formatted mail to the correct destination. Examples of address rewriting in Postfix are:
Although Postfix currently has no address rewriting language, it can do surprisingly powerful address manipulation via table lookup. Postfix typically uses lookup tables with fixed strings to map one address to one or multiple addresses, and typically uses regular expressions to map multiple addresses to one or multiple addresses. Fixed-string lookup tables may be in the form of local files, or in the form of NIS, LDAP or SQL databases. The DATABASE_README document gives an introduction to Postfix lookup tables.
Postfix address rewriting overview
Postfix versions 2.1 and earlier always rewrite message header addresses, and append Postfix's own domain information to addresses that Postfix considers incomplete. While rewriting message header addresses is OK for mail with a local origin, it is undesirable for remote mail:
Appending Postfix's own domain produces incorrect results with some incomplete addresses,
Appending Postfix's own domain sometimes creates the appearance that spam is sent by local users.
Postfix versions 2.2 give you the option to either not rewrite message headers from remote SMTP clients at all, or to label incomplete addresses in such message headers as invalid. Here is how it works:
Postfix always rewrites message headers from local SMTP clients and from the Postfix sendmail command, and appends its own domain to incomplete addresses. The local_header_rewrite_clients parameter controls what SMTP clients Postfix considers local (by default, only local network interface addresses).
Postfix never rewrites message header addresses from remote SMTP clients when the remote_header_rewrite_domain parameter value is empty (the default setting).
Otherwise, Postfix rewrites message headers from remote SMTP clients, and appends the remote_header_rewrite_domain value to incomplete addresses. This feature can be used to append a reserved domain such as "domain.invalid", so that incomplete addresses cannot be mistaken for local addresses.
Postfix address rewriting overview
The figure below zooms in on those parts of Postfix that are most involved with address rewriting activity. See the OVERVIEW document for an overview of the complete Postfix architecture. Names followed by a number are Postfix daemon programs, while unnumbered names represent Postfix queues or internal sources of mail messages.
The table below summarizes all Postfix address manipulations.
The cleanup(8) server receives mail from outside of Postfix as well as mail from internal sources such as forwarded mail, undeliverable mail that is bounced to the sender, and postmaster notifications about problems with the mail system.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Address Rewriting, Feb 8 2008
Postfix Address Rewriting
Postfix Address Rewriting
Postfix address rewriting purpose
Address rewriting is at the heart of the Postfix mail system.
Postfix rewrites addresses for many different purposes. Some are merely cosmetic, and some are necessary to deliver correctly formatted mail to the correct destination. Examples of address rewriting in Postfix are:
Although Postfix currently has no address rewriting language, it can do surprisingly powerful address manipulation via table lookup. Postfix typically uses lookup tables with fixed strings to map one address to one or multiple addresses, and typically uses regular expressions to map multiple addresses to one or multiple addresses. Fixed-string lookup tables may be in the form of local files, or in the form of NIS, LDAP or SQL databases. The DATABASE_README document gives an introduction to Postfix lookup tables.
Postfix address rewriting overview
Postfix versions 2.1 and earlier always rewrite message header addresses, and append Postfix's own domain information to addresses that Postfix considers incomplete. While rewriting message header addresses is OK for mail with a local origin, it is undesirable for remote mail:
Appending Postfix's own domain produces incorrect results with some incomplete addresses,
Appending Postfix's own domain sometimes creates the appearance that spam is sent by local users.
Postfix versions 2.2 give you the option to either not rewrite message headers from remote SMTP clients at all, or to label incomplete addresses in such message headers as invalid. Here is how it works:
Postfix always rewrites message headers from local SMTP clients and from the Postfix sendmail command, and appends its own domain to incomplete addresses. The local_header_rewrite_clients parameter controls what SMTP clients Postfix considers local (by default, only local network interface addresses).
Postfix never rewrites message header addresses from remote SMTP clients when the remote_header_rewrite_domain parameter value is empty (the default setting).
Otherwise, Postfix rewrites message headers from remote SMTP clients, and appends the remote_header_rewrite_domain value to incomplete addresses. This feature can be used to append a reserved domain such as "domain.invalid", so that incomplete addresses cannot be mistaken for local addresses.
Postfix address rewriting overview
The figure below zooms in on those parts of Postfix that are most involved with address rewriting activity. See the OVERVIEW document for an overview of the complete Postfix architecture. Names followed by a number are Postfix daemon programs, while unnumbered names represent Postfix queues or internal sources of mail messages.
The table below summarizes all Postfix address manipulations.
The cleanup(8) server receives mail from outside of Postfix as well as mail from internal sources such as forwarded mail, undeliverable mail that is bounced to the sender, and postmaster notifications about problems with the mail system.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix SASL Howto, Feb 8 2008
Postfix SASL Howto
Postfix SASL Howto
People who go to the trouble of installing Postfix may have the expectation that Postfix is more secure than some other mailers.
The Cyrus SASL library is a lot of code. With this, Postfix becomes as secure as other mail systems that use the Cyrus SASL library.
How Postfix uses SASL authentication information
Postfix SASL support (RFC 4954, formerly RFC 2554) can be used to authenticate remote SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server.
When receiving mail, the Postfix SMTP server logs the client-provided username, authentication method, and sender address to the maillog file, and optionally grants mail access via the permit_sasl_authenticated
When sending mail, the Postfix SMTP client can look up the remote SMTP server hostname or destination domain (the address right-hand part) in a SASL password table, and if a username/password is found, it will use that username and password to authenticate to the remote SMTP server. And as of version 2.3, Postfix can be configured to search its SASL password table by the sender email address.
Building Postfix with Dovecot SASL support
Building Postfix with Cyrus SASL support
Enabling SASL authentication in the Postfix SMTP server
Dovecot SASL configuration for the Postfix SMTP server
Cyrus SASL configuration for the Postfix SMTP server
Testing SASL authentication in the Postfix SMTP server
Enabling SASL authentication in the Postfix SMTP client
Supporting multiple ISP accounts in the Postfix SMTP client
This document describes Postfix with the following SASL implementations:
Dovecot protocol version 1 (server only, Postfix version 2.3 and later)
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Standard Configuration Examples, Feb 8 2008
Postfix Standard Configuration Examples
Postfix Standard Configuration Examples
This document presents a number of typical Postfix configurations.
document. In particular, do not proceed here if you don't already have Postfix working for local mail submission and for local mail delivery.
Postfix on a stand-alone Internet host
Postfix on a null client
Postfix on a local network
Postfix email firewall/gateway
Running Postfix behind a firewall
Configuring Postfix as primary or backup MX host for a remote site
Postfix on a dialup machine
Postfix on hosts without a real Internet hostname
Postfix on a stand-alone Internet host
Postfix should work out of the box without change on a stand-alone machine that has direct Internet access. At least, that is how Postfix installs when you download the Postfix source code via http://www.postfix.org/.
/etc/postfix/main.cf: # Optional: send mail as user@domainname instead of user@hostname.
See also the section "Postfix on hosts without a real Internet hostname" if this is applicable to your configuration.
Postfix on a null client
1 /etc/postfix/main.cf: 2 myorigin = $mydomain
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Basic Configuration, Feb 8 2008
Postfix Basic Configuration
Postfix Basic Configuration
Postfix has several hundred configuration parameters that are controlled via the main.cf file. Fortunately, all parameters have sensible default values. In many cases, you need to configure only two or three parameters before you can start to play with the mail system. Here's a quick introduction to the syntax:
Postfix configuration files
The text below assumes that you already have Postfix installed on the system, either by compiling the source code yourself (as described in the INSTALL file) or by installing an already compiled version.
This document covers basic Postfix configuration. Information about how to configure Postfix for specific applications such as mailhub, firewall or dial-up client can be found in the STANDARD_CONFIGURATION_README file. But don't go there until you already have covered the material presented below.
Postfix daemon processes run in the background, and log problems and normal activity to the syslog daemon. Here are a few things that you need to be aware of:
What you need to know about Postfix logging
If your machine has unusual security requirements you may want to run Postfix daemon processes inside a chroot environment.
Running Postfix daemon processes chrooted
If you run Postfix on a virtual network interface, or if your machine runs other mailers on virtual interfaces, you'll have to look at the other parameters listed here as well:
Postfix configuration files
By default, Postfix configuration files are in /etc/postfix.
In /etc/postfix/main.cf you will have to set up a minimal number of configuration parameters. Postfix configuration parameters resemble shell variables, with two important differences: the first one is that Postfix does not know about quotes like the UNIX shell does.
/etc/postfix/main.cf: parameter = value
/etc/postfix/main.cf: other_parameter = $parameter
You can use $parameter before it is given a value (that is the second main difference with UNIX shell variables). The Postfix configuration language uses lazy evaluation, and does not look at a parameter value until it is needed at runtime.
Postfix uses database files for access control, address rewriting and other purposes. The DATABASE_README file gives an introduction to how Postfix works with Berkeley DB, LDAP or SQL and other types.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Virtual Domain Hosting Howto, Feb 8 2008
Postfix Virtual Domain Hosting Howto
Postfix Virtual Domain Hosting Howto
This document requires Postfix version 2.0 or later.
This document gives an overview of how Postfix can be used for hosting multiple Internet domains, both for final delivery on the machine itself and for the purpose of forwarding to destinations elsewhere.
The text not only describes delivery mechanisms that are built into Postfix, but also gives pointers for using non-Postfix mail delivery software.
Postfix virtual ALIAS example: separate domains, UNIX system accounts
Postfix virtual MAILBOX example: separate domains, non-UNIX accounts
Non-Postfix mailbox store: separate domains, non-UNIX accounts
Most Postfix systems are final destination for only a few domain names. These include the hostnames and of the machine that Postfix runs on, and sometimes also include the parent domain of the hostname. The remainder of this document will refer to these domains as the canonical domains. They are usually implemented with the Postfix local domain address class, as defined in the ADDRESS_CLASS_README file.
Besides the canonical domains, Postfix can be configured to be final destination for any number of additional domains.
But wait! There is more. Postfix can be configured as a backup MX host for other domains. In this case Postfix is not the final destination for those domains. It merely queues the mail when the primary MX host is down, and forwards the mail when the primary MX host becomes available. This function is implemented with the relay domain address class, as defined in the ADDRESS_CLASS_README
Finally, Postfix can be configured as a transit host for sending mail across the internet. Obviously, Postfix is not final destination for such mail. This function is available only for authorized clients and/or users, and is implemented by the default domain
Example: postmap -q info@example.com hash:/etc/postfix/virtual
Example: postmap -q info@example.com ldap:/etc/postfix/virtual.cf
The simplest method to host an additional domain is to add the domain name to the domains listed in the Postfix mydestination
In the examples we will use "example.com" as the domain that is being hosted on the local Postfix machine.
/etc/postfix/main.cf: mydestination = $myhostname localhost.$mydomain ... example.com
Postfix virtual ALIAS example: separate domains, UNIX system accounts
...limit of 20 lines reached, additional matching lines are not shown...

Postfix manual - smtp(8), Feb 8 2008
Postfix manual - smtp(8)
smtp - Postfix SMTP+LMTP client
smtp
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery protocols. It processes message delivery requests from the queue manager. Each request specifies a queue file, a sender address, a domain or host to deliver to, and recipient information. This program expects to be run from the master(8) process manager.
Connect to the local UNIX-domain server that is bound to the specified pathname. If the process runs chrooted, an absolute pathname is interpreted relative to the Postfix queue directory.
Before Postfix version 2.3, the LMTP client is a separate program that implements only a subset of the functionality available with SMTP: there is no support for TLS, and con- nections are cached in-process, making it ineffective when the client is used for multiple domains.
processes run for only a limited amount of time. Use the command "postfix reload" to speed up a change.
The maximal length of message header and body lines that Postfix will send via SMTP.
How long the Postfix SMTP client pauses before sending ".<CR><LF>" in order to work around the PIX firewall "<CR><LF>.<CR><LF>" bug.
Available in Postfix version 2.0 and earlier:
Available in Postfix version 2.2 and later:
Lookup tables, indexed by the remote SMTP server address, with case insensitive lists of EHLO key- words (pipelining, starttls, auth, etc.) that the Postfix SMTP client will ignore in the EHLO response from a remote SMTP server.
A case insensitive list of EHLO keywords (pipelin- ing, starttls, auth, etc.) that the Postfix SMTP client will ignore in the EHLO response from a remote SMTP server.
Available in Postfix version 2.2.9 and later:
Allow DNS CNAME records to override the servername that the Postfix SMTP client uses for logging, SASL password lookup, TLS policy decisions, or TLS cer- tificate verification.
Available in Postfix version 2.3 and later:
Available in Postfix version 2.4.4 and later:
Available in Postfix version 2.5 and later:
...limit of 20 lines reached, additional matching lines are not shown...

Postfix After-Queue Content Filter, Feb 8 2008
Postfix After-Queue Content Filter
Postfix After-Queue Content Filter
This document requires Postfix version 2.1 or later.
Normally, Postfix receives mail, stores it in the mail queue and then delivers it. With the external content filter described here, mail is filtered AFTER it is queued. This approach decouples mail receiving processes from mail filtering processes, and gives you maximal control over how many filtering processes you are willing to run in parallel.
Postfix
Postfix
This document describes implementations that use a single Postfix instance for everything: receiving, filtering and delivering mail. Applications that use two separate Postfix instances will be covered by a later version of this document.
documents, where incoming SMTP mail is filtered BEFORE it is stored into the Postfix queue.
An after-queue content filter receives unfiltered mail from Postfix (as described further below) and can do one of the following:
Re-inject the mail back into Postfix, perhaps after changing content and/or destination.
Reject the mail (by sending a suitable status code back to Postfix). Postfix will send the mail back to the sender address.
The first example is simple to set up, but has major limitations that will be addressed in a second example. Postfix receives unfiltered mail from the network with the smtpd(8) server, and delivers unfiltered mail to a content filter with the Postfix pipe(8) delivery agent. The content filter injects filtered mail back into Postfix with the Postfix sendmail(1) command, so that Postfix can deliver it to the final destination.
This means that mail submitted via the Postfix sendmail(1)
In the figure below, names followed by a number represent Postfix commands or daemon programs. See the OVERVIEW
document for an introduction to the Postfix architecture.
Postfix
Postfix
Postfix
...limit of 20 lines reached, additional matching lines are not shown...

Postfix before-queue Milter support, Feb 8 2008
Postfix before-queue Milter support
Postfix before-queue Milter support
Postfix version 2.3 introduces support for the Sendmail version 8 Milter (mail filter) protocol. This protocol is used by applications that run outside the MTA to inspect SMTP events (CONNECT, DISCONNECT), SMTP commands (HELO, MAIL FROM, etc.) as well as mail content (headers and body). All this happens before mail is queued.
The reason for adding Milter support to Postfix is that there exists a large collection of applications, not only to block unwanted mail, but also to verify authenticity (examples: DomainKeys Identified Mail (DKIM), SenderID+SPF and DomainKeys) or to digitally sign mail (examples: DomainKeys Identified Mail (DKIM), DomainKeys).
Having yet another Postfix-specific version of all that software is a poor use of human and system resources.
Postfix version 2.4 implements all the requests of Sendmail version 8 Milter protocols up to version 4, including message body replacement (body replacement is not available with Postfix version 2.3).
How Milter applications plug into Postfix
Configuring Postfix
How Milter applications plug into Postfix
The Postfix Milter implementation uses two different lists of mail filters: one list of filters that are used for SMTP mail only, and one list of filters that are used for non-SMTP mail. The two lists have different capabilities, which is unfortunate. Avoiding this would require major restructuring of Postfix.
The SMTP-only filters handle mail that arrives via the Postfix smtpd(8) server. They are typically used to filter unwanted mail and to sign mail from authorized SMTP clients. You specify SMTP-only Milter applications with the smtpd_milters parameter as described in a later section. Mail that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters that are described next.
The non-SMTP filters handle mail that arrives via the Postfix sendmail(1) command-line or via the Postfix qmqpd(8) server.
For those who are familiar with the Postfix architecture, the figure below shows how Milter applications plug into Postfix. Names followed by a number are Postfix commands or server programs, while unnumbered names inside shaded areas represent Postfix queues. To avoid clutter, the path for local submission is simplified (the OVERVIEW document has a more complete description).
Postfix currently does not provide such a library, but Sendmail does.
Please specify a userid value that isn't used for other applications (not "postfix", not "www", etc.).
Configuring Postfix
Like Sendmail, Postfix has a lot of configuration options that control how it talks to Milter applications. With the initial Postfix Milter protocol implementation, many options are global, that is, they apply to all Milter applications. Future Postfix versions may support per-Milter timeouts, per-Milter error handling, etc.
The SMTP-only Milter applications handle mail that arrives via the Postfix smtpd(8) server. They are typically used to filter unwanted mail, and to sign mail from authorized SMTP clients. Mail that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters that are described in the next section.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Architecture Overview, Feb 8 2008
Postfix Architecture Overview
Postfix Architecture Overview
This document presents an overview of the Postfix architecture, and is the place where you find a pointer to every Postfix command or server program. The text gives the general context in which each command or server program is used, and provides pointers to documents with specific usage examples and background information.
How Postfix receives mail
How Postfix delivers mail
Postfix behind the scenes
Postfix support commands
How Postfix receives mail
When a message enters the Postfix mail system, the first stop on the inside is the incoming queue. The figure below shows the main processes that are involved with new mail. Names followed by a number are Postfix commands or server programs, while unnumbered names inside shaded areas represent Postfix queues.
Network mail enters Postfix via the smtpd(8) or qmqpd(8)
servers. These servers remove the SMTP or QMQP protocol encapsulation, enforce some sanity checks to protect Postfix, and give the sender, recipients and message content to the cleanup(8) server. The smtpd(8) server can be configured to block unwanted mail, as described in the SMTPD_ACCESS_README document.
Local submissions are received with the Postfix sendmail(1)
compatibility command, and are queued in the maildrop queue by the privileged postdrop(1) command. This arrangement even works while the Postfix mail system is not running. The local pickup(8)
server picks up local submissions, enforces some sanity checks to protect Postfix, and gives the sender, recipients and message content to the cleanup(8) server.
Mail from internal sources is given directly to the cleanup(8) server. These sources are not shown in the figure, and include: mail that is forwarded by the local(8) delivery agent (see next section), messages that are returned to the sender by the bounce(8) server (see second-next section), and postmaster notifications about problems with Postfix.
The trivial-rewrite(8) server rewrites addresses to the standard "user@fully.qualified.domain" form, as described in the ADDRESS_REWRITING_README document. Postfix currently does not implement a rewriting language, but a lot can be done via table lookups and, if need be, regular expressions.
How Postfix delivers mail
Once a message has reached the incoming queue the next step is to deliver it. The figure shows the main components of the Postfix mail delivery apparatus. Names followed by a number are Postfix commands or server programs, while unnumbered names inside shaded areas represent Postfix queues.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Debugging Howto, Feb 8 2008
Postfix Debugging Howto
Postfix Debugging Howto
This document describes how to debug parts of the Postfix mail system when things do not work according to expectation. The methods vary from making Postfix log a lot of detail, to running some daemon processes under control of a call tracer or debugger.
The text assumes that the Postfix main.cf and master.cf
configuration files are stored in directory /etc/postfix. You can use the command "postconf config_directory" to find out the actual location of this directory on your machine.
Debugging Postfix from inside
Making Postfix daemon programs more verbose
Manually tracing a Postfix daemon process
Automatically tracing a Postfix daemon process
Reporting problems to postfix-users@postfix.org
Postfix logs all failed and successful deliveries to a logfile.
When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working properly:
"panic" indicates a problem in the software itself that only a programmer can fix. Postfix cannot proceed until this is fixed.
"fatal" is the result of missing files, incorrect permissions, incorrect configuration file settings that you can fix. Postfix cannot proceed until this is fixed.
"error" reports an error condition. For safety reasons, a Postfix process will terminate when more than 13 of these happen.
Debugging Postfix from inside
With Postfix version 2.1 and later you can ask Postfix to produce mail delivery reports for debugging purposes. These reports not only show sender/recipient addresses after address rewriting and alias expansion or forwarding, they also show information about delivery to mailbox, delivery to non-Postfix command, responses from remote SMTP servers, and so on.
Postfix can produce two types of mail delivery reports for debugging:
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Small/Home Office Hints and Tips, Feb 8 2008
Postfix Small/Home Office Hints and Tips
Postfix Small/Home Office Hints and Tips
This document combines hints and tips for "small office/home office" applications into one document so that they are easier to find. The text describes the mail sending side only. If your machine does not receive mail directly (i.e. it does not have its own Internet domain name and its own fixed IP address), then you will need a solution such as "fetchmail", which is outside the scope of the Postfix documentation.
Postfix on a stand-alone Internet host
Postfix on hosts without a real Internet hostname
Enabling SASL authentication in the Postfix SMTP client
Supporting multiple ISP accounts in the Postfix SMTP client
Postfix on a stand-alone Internet host
Postfix should work out of the box without change on a stand-alone machine that has direct Internet access. At least, that is how Postfix installs when you download the Postfix source code via http://www.postfix.org/.
/etc/postfix/main.cf: # Optional: send mail as user@domainname instead of user@hostname.
See also the section "Postfix on hosts without a real Internet hostname" if this is applicable to your configuration.
Postfix on hosts without a real Internet hostname
This section is for hosts that don't have their own Internet hostname. Typically these are systems that get a dynamic IP address via DHCP or via dialup. Postfix will let you send and receive mail just fine between accounts on a machine with a fantasy name. However, you cannot use a fantasy hostname in your email address when sending mail into the Internet, because no-one would be able to reply to your mail. In fact, more and more sites refuse mail addresses with non-existent domain names.
Note: the following information is Postfix version dependent.
To find out what Postfix version you have, execute the command "postconf mail_version".
Solution 1: Postfix version 2.2 and later
Postfix 2.2 uses the generic(5) address mapping to replace local fantasy email addresses by valid Internet addresses. This mapping happens ONLY when mail leaves the machine; not when you send mail between users on the same machine.
1 /etc/postfix/main.cf: 2 smtp_generic_maps = hash:/etc/postfix/generic 3 4 /etc/postfix/generic: 5 his@localdomain.local hisaccount@hisisp.example 6 her@localdomain.local heraccount@herisp.example 7 @localdomain.local hisaccount+local@hisisp.example
...limit of 20 lines reached, additional matching lines are not shown...

http://www.postfix.org/linuxmag.200006/postfix.html, Feb 8 2008
Postfix - der Sendmail-Ersatz?
Postfix hat das Zeug, Sendmail als Standard-Mailer abzulösen.
Die beiden am häufigsten eingesetzten (freien) Alternativen zu Sendmail sind Dan Bernsteins Qmail und Postfix von Wietse Venema. Beide sind wie Sendmail im Quelltext frei verfügbar - Qmail unter der GPL, Postfix unter einer von der Mozilla Public License abgeleiteten Lizenz von IBM - und beide sind einfacher zu handhaben als das altehrwürdige Sendmail.
> We spent several months giving names to the program. > > The IBM name polizei killed every name we thought up, and so we > decided to change tactics. The program now has TWO names: > IBM Secure Mailer + Postfix.
Wieste's Ziel bei der Entwicklung von Postfix war, ein schnelles, einfach zu administrierendes und sicheres Programm(paket) zu entwickeln, das so weit wie möglich zu Sendmail kompatibel sein soll. Das Interessanteste an Postfix ist sein innerer Aufbau (siehe Grafik): es besteht aus mehreren kleinen Programmen, die über UNIX-Domain-Sockets kommunizieren. Auf diese Weise ist es viel einfacher, Probleme, Fehler oder Sicherheitsmängel in den Griff zu bekommen. Beispielsweise kommt Postfix ganz ohne setuid-M©chanismen aus. Deshalb ist es für einen potenziellen Angreifer unmöglich, Superuser-Rechte zu bekommen - selbst wenn er ein Sicherheitsloch von Postfix gefunden hätte. Sendmail hingegen muß unter UID 0 (root) laufen, zumindest in einer Standardinstallation und ohne größere Klimmzüge.
Ebenfalls aus Sicherheitsgründen arbeitet Postfix mit vier verschiedenen Queues: "maildrop", "incoming", "active" und "deferred". Lokal gesendete Mails landen in "maildrop" und werden von dort in die "incoming"-Queue kopiert, nachdem sie regelbasiert auf Größe, Inhalt und anderes überprüft wurden. In der "active" Queue landen die Mails, die der Queue-Manager gerade bearbeitet und ausliefert (lokal oder remote). Nachrichten, die Postfix nicht ausliefern kann (Dienst des Zielmailservers reagiert nicht, keine Route, keine Netzverbindung, ...), landen in der "deferred" Queue.
Da Postfix immer nur eine Mail gleichzeitig bearbeitet und die "active" Queue klein hält, ist es unempfindlich gegen Ressourcenknappheit. Das Bearbeiten/Ausliefern von Mails kann also in keinem Fall, beispielsweise wegen eines vollen Dateisystems, blockiert werden.
Modularer Aufbau von Postfix
Die Grafik zeigt den modularen Aufbau von Postfix. Hierbei bedeuten:
Programme in der umrandeten Box laufen unter der Kontrolle des Postfix master Daemons.
Dateien in diesem Kasten gehören dem Postfix-Mail-System.
Postfix bietet zudem einige Mechanismen, empfangende, möglicherweise ressourcenschwache Mailsysteme zu schützen. Der Autor bezeichnet sein Mailsystem als "guten Nachbarn", der auch langsame Systeme nicht in Bedrängnis bringt.
Postfix befindet sich derzeit immer noch in der Entwicklungsphase. So findet man auf den verschiedenen FTP-Servern verschiedene Versionen: die offiziellen und die experimentellen Releases (Snapshots). Operative Mailsysteme sollten nur eine offizielle Release verwenden, auch wenn die Snapshots nach Aussagen des Autors stabil laufen. Nach dem Auspacken sollte ein einfaches make genügen, um Postfix zu compilieren. Sollte Postfix bereits vorher für ein anderes Betriebssystem übersetzt worden sein, etwa in einem heterogenen Netz mit verschiedenen Unix-Systemen (siehe Kasten "Postfix-Plattformen"), löscht make tidy alle betriebssystemspezifischen Einstellungen.
Da Postfix nicht als "root" laufen sollte, ist es sinnvoll, einen neuen (virtuellen) Account einzurichten - etwa mit dem Namen "postfix" und ohne Login Shell:
Postfix verwaltet die Systemmailbox (etwa /var/ mail
oder /var/spool/mail) auf zwei mögliche Arten: als systemweit schreibbares Verzeichnis, oder mittels SGID-Bit. Welche Methode sinnvoller ist, bleibt dem Systemadministrator überlassen. Ein SGID-Bit zu vergeben, ist immer mit Risiken verbunden. Wenn Postfix mit SETGID installiert wird, führt das Installationsskript folgendes aus:
Das Installationsskript installiert die einzelnen Postfix-Dateien und ermöglicht gleichzeitig, einige Pfade interaktiv zu setzen. Diese werden gespeichert, um bei einer Neuinstallation nicht alles nochmal eingeben zu müssen.
...limit of 20 lines reached, additional matching lines are not shown...

Sys Admin Magazine Online, Feb 8 2008
Wietse Venema, probably best known as the developer of SATAN and the TCP Wrapper security tools, has now created Secure Mailer. In December of 1998, IBM released Secure Mailer as open source software providing a new, freely available alternative to the nearly universal Sendmail program. The program, more commonly known in open-source circles as Postfix, attempts to be fast, easy to administer, and secure. One of the primary goals of Postfix is to be widely implemented in order to make the most significant impact on the performance and security of Internet email overall.
Although Sendmail developers have made a lot of progress in bringing it up to date for an environment that was unimaginable when it was originally created, Postfix offers a solid alternative that is inherently more secure.
In addition to tighter security, Postfix offers several advantages over Sendmail while maintaining a high level of compatibility with it. The Postfix Web site claims that it is up to three times faster than its nearest competitor. (There are several other Sendmail alternatives, such as qmail and various commercial packages.) It is designed to be robust and behave well under stress. For example, runaway conditions that might occur during error handling are diminished because the software pauses before sending error messages or terminating with a fatal error. It operates under a "no thundering herd" policy when delivering mail to other hosts. Initially, Postfix will make only two simultaneous connections. If the deliveries succeed, Postfix will slowly increase connections up to a configurable limit. It will also detect whether the receiving host can no longer handle the load and decrease the number of connections.
In processing its own queue, Postfix implements a few other policies to make it a well-behaved software package. The queue manager sorts messages by destination and processes deliveries in a round-robin fashion to hit all destinations in the queue. Postfix will only make simultaneous deliveries to the same host when it does not have messages for other destinations waiting. If a message cannot be delivered, the queue manager marks it with a time stamp.
With each repeated delivery failure, Postfix will wait longer each time before wasting resources trying to deliver a message to a host that is not available. The queue manager also maintains a short-term list of unreachable destinations.
Postfix is designed to be compatible with Sendmail to make migration easier, and to make the change transparent to users. In fact, you can continue to use Sendmail in conjunction with Postfix, allowing the new mailer to replace specific mail functions as needed. Postfix continues support for /etc/aliases and delivery to any of the standard mail directories as well as to a specified file or command. It also respects user.lock files and will obey $HOME/.forward directives. Basically all the aspects of Sendmail are present except one significant one -- sendmail.cf.
Sendmail makes extensive use of rewriting rules to ensure that addresses are in the correct form and to select the correct mail delivery agent for a message site. Administrators can also use them to customize delivery for their networks. The Postfix Web pages say that there is not yet support for rewriting rules; rather, Postfix uses a rewriting table. In my opinion, Postfix should display this fact as its most prominent feature and not suggest support for any rewriting rules in the future. Only a handful of sites would ever need the full power of Sendmail's rewriting rules, and even fewer systems administrators understand the black art of rewriting rules well enough to make reasonable modifications. If you do in fact modify Sendmail rewriting rules, Postfix is probably not an option for you. However, you should look at the address mapping table feature to see whether it can support your requirements.
Overall, Postfix is written to be a highly secure network application. It employs multiple layers of defense. All of its processes run at a fixed low privilege, and most can be run within a chrooted environment. Sendmail is the classic monolithic program, and it runs with root privilege. These two facts are largely the reason for the severity of Sendmail's security problems. If a vulnerability is discovered, the possibility that it will allow root access is high.
It is quite possible that Postfix has security bugs, but because of its design, whatever vulnerabilities might exist will be very limited and possibly not even exploitable over a network. Its modularity provides flexibility and also security. There are various processes that perform specific tasks. There is a separate process to send mail and receive mail and to deliver mail locally.
Some additional security aspects are that Postfix programs do not run under a user process, thereby eliminating exploits that involve signals, open files, the environment, and other process attributes that might be passed from a parent to a child. Postfix relies on the security notion of trust or lack of it. Postfix processes do not even trust each other. Contents of queue files or IPC messages might have been tampered with; therefore, each process tries to use only its own information in taking security-sensitive actions.
Some other security lessons learned from Sendmail (among others) and incorporated into Postfix are that there are no setuid programs, no /tmp race conditions, no remote data in shell variables or shell commands, and no fixed-length string buffers.
Installing Postfix
After you have downloaded Postfix, it is a simple matter to uncompress the bundle and compile it. On my system, I had to add one option for the compiler, which was easily accomplished by editing a straightforward make file. The INSTALL file that comes with the distribution lists supported systems. The normal UNIX platforms are all there. For most systems, compilation should be as simple as going to the top-level directory and typing make. In my case compilation was less than a minute, and after I corrected the makefile, reported no errors.
The INSTALL file offers three options for installing Postfix:
I opted for the third choice. Documentation is available on the Postfix Web site and also comes with the distribution as HTML files and man pages. The INSTALL file provides instructions for installing Postfix after compilation is complete.
You will need root access on the machine where you are installing the package. As root, create a directory for Postfix.
# mkdir /etc/postfix
Then execute the following commands from the Postfix source directory:
# chmod 755 /etc/postfix # cp conf/* /etc/postfix # chmod 644 /etc/postfix/* # chmod 755 /etc/postfix/postfix-script*
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Performance Tuning, Feb 8 2008
Postfix Performance Tuning
Postfix Performance Tuning
Purpose of Postfix performance tuning
The hints and tips in this document help you improve the performance of Postfix systems that already work. If your Postfix system is unable to receive or deliver mail, then you need to solve those problems first, using the DEBUG_README document as guidance.
Other Postfix performance tuning topics:
Tuning the number of Postfix processes
The following tools can be used to measure mail system performance under artificial loads. They are normally not installed with Postfix.
Run a local name server to reduce slow-down due to DNS lookups. If you run multiple Postfix systems, point each local name server to a shared forwarding server to reduce the number of lookups across the upstream network link.
When Postfix responds slowly to SMTP clients:
If Postfix logs the SMTP client as "unknown" then you have a name service problem: the name server is bad, or the resolv.conf file contains bad information, or some packet filter is blocking the DNS requests or replies.
If the number of smtpd(8) processes has reached the process limit as specified in master.cf, new SMTP clients must wait until a process becomes available. Increase the number of processes if memory permits. See the instructions given under "Tuning the number of Postfix processes".
With Postfix versions 2.0 and earlier, the smtpd(8) server pauses before reporting an error to an SMTP client. The idea is called tar pitting. However, these delays also slow down Postfix.
When the smtpd(8) server replies slowly, sessions take more time, so that more smtpd(8) server processes are needed to handle the load. When your Postfix smtpd(8) server process limit is reached, new clients must wait until a server process becomes available.
/etc/postfix/main.cf: # Not needed with Postfix 2.1 smtpd_error_sleep_time = 0
With the above setting, Postfix 2.0 and earlier can serve more SMTP clients with the same number SMTP server processes. The next section describes how Postfix deals with clients that make a large number of errors.
The Postfix smtpd(8) server maintains a per-session error count.
The idea is to slow down a run-away client in order to limit resource usage. The behavior is Postfix version dependent.
IMPORTANT: These delays slow down Postfix, too. When too much delay is configured, the number of simultaneous SMTP sessions will increase until it reaches the smtpd(8) server process limit, and new SMTP clients must wait until an smtpd(8) server process becomes available.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Lookup Table Overview, Feb 8 2008
Postfix Lookup Table Overview
Postfix Lookup Table Overview
The Postfix lookup table model
Postfix lists versus tables
Preparing Postfix for LDAP or SQL lookups
Maintaining Postfix lookup table files
Postfix lookup table types
The Postfix lookup table model
Postfix uses lookup tables to store and look up information for access control, address rewriting and even for content filtering.
All Postfix lookup tables are specified as "type:table", where "type" is one of the database types described under "Postfix lookup table types" at the end of this document, and where "table" is the lookup table name. The Postfix documentation uses the terms "database" and "lookup table" for the same thing.
Examples of lookup tables that appear often in the Postfix documentation:
/etc/postfix/main.cf: alias_maps = hash:/etc/postfix/aliases (local aliasing) header_checks = regexp:/etc/postfix/header_checks (content filtering) transport_maps = hash:/etc/postfix/transport (routing table) virtual_alias_maps = hash:/etc/postfix/virtual (address rewriting)
All Postfix lookup tables store information as (key, value) pairs. This interface may seem simplistic at first, but it turns out to be very powerful. The (key, value) query interface completely hides the complexities of LDAP or SQL from Postfix. This is a good example of connecting complex systems with simple interfaces.
Benefits of the Postfix (key, value) query interface:
You can implement Postfix lookup tables first with local Berkeley DB files and then switch to LDAP or MySQL without any impact on the Postfix configuration itself, as described under "Preparing Postfix for LDAP or SQL lookups" below.
Postfix lists versus tables
Most Postfix lookup tables are used to look up information.
With some tables, however, Postfix needs to know only if the lookup key exists. The lookup result itself is not used. Examples are the local_recipient_maps that determine what local recipients Postfix accepts in mail from the network, the mydestination parameter that specifies what domains Postfix delivers locally, or the mynetworks parameter that specifies the IP addresses of trusted clients or client networks. Technically, these are lists, not tables. Despite the difference, Postfix lists are described here because they use the same underlying infrastructure as Postfix lookup tables.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix SMTP Access Policy Delegation, Feb 8 2008
Postfix SMTP Access Policy Delegation
Postfix SMTP Access Policy Delegation
Purpose of Postfix SMTP access policy delegation
The Postfix SMTP server has a number of built-in mechanisms to block or accept mail at specific SMTP protocol stages. As of version 2.1, Postfix can delegate policy decisions to an external server that runs outside Postfix.
greylist policy can be implemented with only a dozen lines of Perl, as is shown at the end of this document. A complete example can be found in the Postfix source code, in the directory examples/smtpd-policy.
Policy delegation is now the preferred method for adding policies to Postfix. It's much easier to develop a new feature in few lines of Perl, Python, Ruby, or TCL, than trying to do the same in C code.
The Postfix policy delegation protocol is really simple. The client request is a sequence of name=value attributes separated by newline, and is terminated by an empty line. The server reply is one name=value attribute and it, too, is terminated by an empty line.
Here is an example of all the attributes that the Postfix SMTP server sends in a delegated SMTPD access policy request:
Postfix version 2.1 and later:
request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=some.domain.tld queue_id=8045F2AB23 sender=foo@bar.tld recipient=bar@foo.tld recipient_count=0 client_address=1.2.3.4 client_name=another.domain.tld reverse_client_name=another.domain.tld instance=123.456.7 Postfix version 2.2 and later:
sasl_method=plain sasl_username=you sasl_sender= size=12345 ccert_subject=solaris9.porcupine.org ccert_issuer=Wietse+20Venema ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04 Postfix version 2.3 and later:
encryption_protocol=TLSv1/SSLv3 encryption_cipher=DHE-RSA-AES256-SHA encryption_keysize=256 etrn_domain= Postfix version 2.5 and later:
The "recipient" attribute is available only in the "RCPT TO" stage, and in the "DATA" and "END-OF-MESSAGE" stages when Postfix accepted only one recipient for the current message.
The "recipient_count" attribute (Postfix 2.3 and later) is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It specifies the number of recipients that Postfix accepted for the current message.
The "size" attribute value specifies the message size that the client specified in the MAIL FROM command (zero if none was specified). With Postfix 2.2 and later, it specifies the actual message size when the client sends the END-OF-DATA command.
The "sasl_*" attributes (Postfix 2.2 and later) specify information about how the client was authenticated via SASL.
The "ccert_*" attributes (Postfix 2.2 and later) specify information about how the client was authenticated via TLS.
As of Postfix 2.2.11 these attribute values are encoded as xtext: some characters are represented by +XX, where XX is the two-digit hexadecimal representation of the character value.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Stress-Dependent Configuration, Feb 8 2008
Postfix Stress-Dependent Configuration
Postfix Stress-Dependent Configuration
This document describes the symptoms of Postfix SMTP server overload, and how to avoid the condition under normal conditions.
When the condition is caused by botnets or other malware, the document suggests configuration settings that help to minimize the impact on legitimate mail. Finally, the document introduces stress-adaptive behavior, introduced with Postfix 2.5, and how it can be used to automatically switch configuration settings under overload.
Symptoms of Postfix SMTP server overload
Make Postfix behavior stress-adaptive
Symptoms of Postfix SMTP server overload
Under normal conditions, Postfix responds immediately when a remote SMTP client connects. The time needed to deliver mail should be noticeable only with very large messages. Performance degrades more dramatically when the number of remote SMTP clients exceeds the number of Postfix SMTP server processes. When a client connects while all server processes are busy, the client must wait until a server process becomes available.
Overload may be caused by a legitimate mail (example: a DNS registrar opens a new zone for registrations), by mistake (mail explosion caused by a forwarding loop) or by illegitimate mail (worm outbreak, botnet, or other malware activity). Symptoms of Postfix SMTP mail server overload are:
Remote SMTP clients experience a long delay before Postfix sends the "220 hostname.example.com ESMTP Postfix" greeting. If this affects end-user mail clients, enable the "submission" service entry in master.cf (present since Postfix 2.1), and tell users to connect to this instead of the public SMTP service.
The Postfix SMTP server logs an increased number of "lost connection after CONNECT" events. This happens because remote SMTP clients disconnect before Postfix answers the connection.
Postfix 2.3 and later logs a warning that all server ports are busy:
Oct 3 20:39:27 spike postfix/master: warning: service "smtp" (25) has reached its process limit "30": new clients may experience noticeable delays Oct 3 20:39:27 spike postfix/master: warning: to avoid this condition, increase the process count in master.cf or reduce the service time per client
Broken DNS also causes lengthy delays before "220 hostname.example.com ..." while the Postfix SMTP server tries to look up the client's hostname.
(line 10 below). Either way, you need to issue a "postfix reload" command to make the change effective.
Process limits above 1000 require Postfix version 2.4 or later, and an operating system that supports kernel-based event filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll).
You can reduce the Postfix memory footprint by using cdb: lookup tables instead of Berkeley DB.
1 /etc/postfix/main.cf: 2 # Raise the global process limit, 100 since Postfix 2.0.
...limit of 20 lines reached, additional matching lines are not shown...

Postfix Manual Pages, Feb 8 2008
Postfix Manual Pages
Postfix Manual Pages
Information for new Postfix users
New Postfix users should first look at the following introductory documents. These introductions are hyperlinked to more advanced documents and to UNIX-style manual pages. The UNIX-style manual pages are intended for people who are already familiar with Postfix.
Postfix architecture overview
Postfix manual page organization
Each Postfix manual page is numbered after a section of the UNIX manual: examples are mailq(1) or access(5). Unfortunately, there is no single universal method to organize manual pages; each UNIX flavor appears to be different. Postfix documentation assumes the following convention:
postcat(1), examine Postfix queue file
postconf(1), Postfix configuration utility
postfix(1), Postfix control program
postkick(1), trigger Postfix daemon
postlock(1), Postfix-compatible locking
postlog(1), Postfix-compatible logging
postmap(1), Postfix lookup table manager
postqueue(1), Postfix mail queue control
postsuper(1), Postfix housekeeping
Postfix configuration
bounce(5), Postfix bounce message templates
...limit of 20 lines reached, additional matching lines are not shown...


Limit of 25 files reached.
New Query: Rank by:
Search results by Webglimpse Advanced Site Search Engine