SYNOPSIS
postconf parameter ...
postconf -e "parameter=value" ...
DESCRIPTION
The Postfix main.cf configuration file specifies a small subset of all
the parameters that control the operation of the Postfix mail system.
Parameters not specified in main.cf are left at their default values.
The general format of the main.cf file is as follows:
o Each logical line has the form "parameter = value". Whitespace
around the "=" is ignored, as is whitespace at the end of a log-
ical line.
o Empty lines and whitespace-only lines are ignored, as are lines
whose first non-whitespace character is a `#'.
o A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
o A parameter value may refer to other parameters.
o The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter.
o The expression "${name?value}" expands to "value" when
"$name" is non-empty.
o The expression "${name:value}" expands to "value" when
"$name" is empty.
o When the same parameter is defined multiple times, only the last
instance is remembered.
o Otherwise, the order of main.cf parameter definitions does not
matter.
The remainder of this document is a description of all Postfix configu-
ration parameters. Default values are shown after the parameter name in
parentheses, and can be looked up with the postconf -d command.
Note: this is not an invitation to make changes to Postfix configura-
tion parameters. Unnecessary changes can impair the operation of the
mail system.
2bounce_notice_recipient (default: postmaster)
The recipient of undeliverable mail that cannot be returned to the
sender. This feature is enabled with the notify_classes parameter.
access_map_reject_code (default: 554)
This feature is available in Postfix 2.1 and later.
address_verify_map (default: empty)
Optional lookup table for persistent address verification status stor-
age. The table is maintained by the verify(8) service, and is opened
before the process releases privileges.
By default, the information is kept in volatile memory, and is lost
after "postfix reload" or "postfix stop".
Specify a location in a file system that will not fill up. If the data-
base becomes corrupted, the world comes to an end. To recover delete
the file and do "postfix reload".
Examples:
address_verify_map = hash:/etc/postfix/verify
address_verify_map = btree:/etc/postfix/verify
This feature is available in Postfix 2.1 and later.
address_verify_negative_cache (default: yes)
Enable caching of failed address verification probe results. When this
feature is enabled, the cache may pollute quickly with garbage. When
this feature is disabled, Postfix will generate an address probe for
every lookup.
This feature is available in Postfix 2.1 and later.
address_verify_negative_expire_time (default: 3d)
The time after which a failed probe expires from the address verifica-
tion cache.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
This feature is available in Postfix 2.1 and later.
address_verify_negative_refresh_time (default: 3h)
The time after which a failed address verification probe needs to be
refreshed.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
This feature is available in Postfix 2.1 and later.
address_verify_poll_count (default: 3)
How many times to query the verify(8) service for the completion of an
address verification request in progress.
The default poll count is 3.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
This feature is available in Postfix 2.1 and later.
address_verify_positive_expire_time (default: 31d)
The time after which a successful probe expires from the address veri-
fication cache.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
This feature is available in Postfix 2.1 and later.
address_verify_positive_refresh_time (default: 7d)
The time after which a successful address verification probe needs to
be refreshed. The address verification status is not updated when the
probe fails (optimistic caching).
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
This feature is available in Postfix 2.1 and later.
address_verify_relay_transport (default: $relay_transport)
Overrides the relay_transport parameter setting for address verifica-
tion probes.
This feature is available in Postfix 2.1 and later.
address_verify_relayhost (default: $relayhost)
Overrides the relayhost parameter setting for address verification
probes.
This feature is available in Postfix 2.1 and later.
address_verify_sender (default: postmaster)
The sender address to use in address verification probes. To avoid
problems with address probes that are sent in response to address
probes, the Postfix SMTP server excludes the probe sender address from
all SMTPD access blocks.
Specify an empty value (address_verify_sender =) or <> if you want to
use the null sender address. Beware, some sites reject mail from <>,
even though RFCs require that such addresses be accepted.
Examples:
address_verify_sender = <>
address_verify_sender = postmaster@my.domain
This feature is available in Postfix 2.1 and later.
address_verify_service_name (default: verify)
This feature is available in Postfix 2.1 and later.
alias_database (default: see postconf -d output)
The alias databases for local(8) delivery that are updated with
"newaliases" or with "sendmail -bi".
This is a separate configuration parameter because not all the tables
specified with $alias_maps have to be local files.
Examples:
alias_database = hash:/etc/aliases
alias_database = hash:/etc/mail/aliases
alias_maps (default: see postconf -d output)
The alias databases that are used for local(8) delivery. See aliases(5)
for syntax details.
The default list is system dependent. On systems with NIS, the default
is to search the local alias database, then the NIS alias database.
If you change the alias database, run "postalias /etc/aliases" (or
wherever your system stores the mail alias file), or simply run
"newaliases" to build the necessary DBM or DB file.
Examples:
alias_maps = hash:/etc/aliases, nis:mail.aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands (default: alias, forward)
Restrict local(8) mail delivery to external commands. The default is
to disallow delivery to "|command" in :include: files (see aliases(5)
for the text that defines this terminology).
Specify zero or more of: alias, forward or include, in order to allow
commands in aliases(5), .forward files or in :include: files, respec-
tively.
Example:
allow_mail_to_commands = alias,forward,include
allow_mail_to_files (default: alias, forward)
Restrict local(8) mail delivery to external files. The default is to
disallow "/file/name" destinations in :include: files (see aliases(5)
for the text that defines this terminology).
Specify zero or more of: alias, forward or include, in order to allow
"/file/name" destinations in aliases(5), .forward files and in
:include: files, respectively.
allow_percent_hack = no
allow_untrusted_routing (default: no)
Forward mail with sender-specified routing (user[@%!]remote[@%!]site)
from untrusted clients to destinations matching $relay_domains.
By default, this feature is turned off. This closes a nasty open relay
loophole where a backup MX host can be tricked into forwarding junk
mail to a primary MX host which then spams it out to the world.
This parameter also controls if non-local addresses with sender-speci-
fied routing can match Postfix access tables. By default, such
addresses cannot match Postfix access tables, because the address is
ambiguous.
alternate_config_directories (default: empty)
A list of non-default Postfix configuration directories that may be
specified with "-c config_directory" on the command line, or via the
MAIL_CONFIG environment parameter.
This list must be specified in the default Postfix configuration direc-
tory, and is used by set-gid Postfix commands such as postqueue(1) and
postdrop(1).
always_bcc (default: empty)
Optional address that receives a "blind carbon copy" of each message
that is received by the Postfix mail system.
NOTE: if mail to the BCC address bounces it will be returned to the
sender.
anvil_rate_time_unit (default: 60s)
The time unit over which client connection rates and other rates are
calculated.
This feature is implemented by the anvil(8) service which is not part
of the stable Postfix 2.1 release.
The default interval is relatively short. Because of the high frequency
of updates, the anvil(8) server uses volatile memory only. Thus, infor-
mation is lost whenever the process terminates.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
anvil_status_update_time (default: 600s)
How frequently the anvil(8) connection and rate limiting server logs
peak usage information.
This feature is implemented by the anvil(8) service which is not part
of the stable Postfix 2.1 release.
This feature is enabled by default. If disabled, users will not be able
to send mail to "user@partialdomainname" but will have to specify full
domain names instead.
application_event_drain_time (default: 100s)
How long the postkick(1) command waits for a request to enter the
server's input buffer before giving up.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
This feature is available in Postfix 2.1 and later.
authorized_verp_clients (default: $mynetworks)
What SMTP clients are allowed to specify the XVERP command. This com-
mand requests that mail be delivered one recipient at a time with a per
recipient return address.
By default, only trusted clients are allowed to specify XVERP.
This parameter was introduced with Postfix version 1.1. Postfix ver-
sion 2.1 renamed this parameter to smtpd_authorized_verp_clients and
changed the default to none.
Specify a list of network/netmask patterns, separated by commas and/or
whitespace. The mask specifies the number of bits in the network part
of a host address. You can also specify hostnames or below it),
"/file/name" or "type:table" patterns. A "/file/name" pattern is
replaced by its contents; a "type:table" lookup table is matched when a
table entry matches a lookup string (the lookup result is ignored).
Continue long lines by starting the next line with whitespace.
backwards_bounce_logfile_compatibility (default: yes)
Produce additional bounce(8) logfile records that can be read by older
Postfix versions. The current and more extensible "name = value" format
is needed in order to implement more sophisticated functionality.
This feature is available in Postfix 2.1 and later.
berkeley_db_create_buffer_size (default: 16777216)
The per-table I/O buffer size for programs that create Berkeley DB hash
or btree tables. Specify a byte count.
This feature is available in Postfix 2.0 and later.
berkeley_db_read_buffer_size (default: 131072)
The per-table I/O buffer size for programs that read Berkeley DB hash
or btree tables. Specify a byte count.
This feature is available in Postfix 2.0 and later.
However, this feature is expensive because it ties up a Postfix SMTP
client process while the local(8) delivery agent is doing its work. It
is more efficient (for Postfix) to list all hosted domains in a table
or database.
biff (default: yes)
Whether or not to use the local biff service. This service sends "new
mail" notifications to users who have requested new mail notification
with the UNIX command "biff y".
For compatibility reasons this feature is on by default. On systems
with lots of interactive users, the biff service can be a performance
drain. Specify "biff = no" to disable.
body_checks (default: empty)
Optional lookup tables for content inspection as specified in the
body_checks(5) manual page.
Note: with Postfix versions before 2.0, these rules inspect all content
after the primary message headers.
body_checks_size_limit (default: 51200)
How much text in a message body segment (or attachment, if you prefer
to use that term) is subjected to body_checks inspection. The amount
of text is limited to avoid scanning huge attachments.
This feature is available in Postfix 2.0 and later.
bounce_notice_recipient (default: postmaster)
The recipient of postmaster notifications with the message headers of
mail that Postfix did not deliver and of SMTP conversation transcripts
of mail that Postfix did not receive. This feature is enabled with the
notify_classes parameter.
bounce_queue_lifetime (default: 5d)
The maximal time a bounce message is queued before it is considered
undeliverable. By default, this is the same as the queue life time for
regular mail.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
Specify 0 when mail delivery should be tried only once.
This feature is available in Postfix 2.1 and later.
bounce_service_name (default: bounce)
The name of the bounce(8) service. This service maintains a record of
failed delivery attempts and generates non-delivery notifications.
This feature is available in Postfix 2.0 and later.
envelopes. The mapping is applied to both sender and recipient
addresses, in both envelopes and in headers. This is typically used to
clean up dirty addresses from legacy mail systems, or to replace login
names by Firstname.Lastname. The table format and lookups are docu-
mented in canonical(5).
If you use this feature, run "postmap /etc/postfix/canonical" to build
the necessary DBM or DB file after every change. The changes will
become visible after a minute or so. Use "postfix reload" to eliminate
the delay.
Examples:
canonical_maps = dbm:/etc/postfix/canonical
canonical_maps = hash:/etc/postfix/canonical
cleanup_service_name (default: cleanup)
The name of the cleanup(8) service. This service rewrites addresses
into the standard form, and performs canonical(5) address mapping and
virtual(5) aliasing.
This feature is available in Postfix 2.0 and later.
command_directory (default: see postconf -d output)
The location of all postfix administrative commands.
command_expansion_filter (default: see postconf -d output)
Restrict the characters that the local(8) delivery agent allows in
$name expansions of $mailbox_command. Characters outside the allowed
set are replaced by underscores.
command_time_limit (default: 1000s)
Time limit for delivery to external commands. This limit is used by the
local(8) delivery agent, and is the default time limit for delivery by
the pipe(8) delivery agent.
Note: if you set this time limit to a large value you must update the
global ipc_timeout parameter as well.
config_directory (default: see postconf -d output)
The default location of the Postfix main.cf and master.cf configuration
files. This can be overruled via the following mechanisms:
o The MAIL_CONFIG environment variable (daemon processes and com-
mands).
o The "-c" command-line option (commands only).
With Postfix command that run with set-gid privileges, a config_direc-
tory override requires either root privileges, or it requires that the
directory is listed with the alternate_config_directories parameter in
the default main.cf file.
daemon_timeout (default: 18000s)
How much time a Postfix daemon process may take to handle a request
before it is terminated by a built-in watchdog timer.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
debug_peer_level (default: 2)
The increment in verbose logging level when a remote client or server
matches a pattern in the debug_peer_list parameter.
debug_peer_list (default: empty)
Optional list of remote client or server hostname or network address
patterns that cause the verbose logging level to increase by the amount
specified in $debug_peer_level.
Specify domain names, network/netmask patterns, "/file/name" patterns
or "type:table" lookup tables. The result from lookup tables is
ignored.
Pattern matching of domain names is controlled by the par-
ent_domain_matches_subdomains parameter.
Examples:
debug_peer_list = 127.0.0.1
debug_peer_list = some.domain
debugger_command (default: empty)
The external command to execute when a Postfix daemon program is
invoked with the -D option.
Use "command .. & sleep 5" so that the debugger can attach before
the process marches on. If you use an X-based debugger, be sure to set
up your XAUTHORITY environment variable before starting Postfix.
Example:
debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_database_type (default: see postconf -d output)
The default database type for use in newaliases(1), postalias(1) and
postmap(1) commands. On many UNIX systems the default type is either
dbm or hash. The default setting is frozen when the Postfix system is
built.
Examples:
default_database_type = hash
The cost of 0 is used to disable the preempting scheduling completely.
The minimum value the scheduling algorithm can use is 2 - use it if you
want to maximize the message throughput rate. Although there is no max-
imum, it doesn't make much sense to use values above say 50.
The only reason why the value of 2 is not the default is the way this
parameter affects the delivery of mailing-list mail. In the worst case,
their delivery can take somewhere between (cost+1/cost) and
(cost/cost-1) times more than if the preemptive scheduler was disabled.
The default value of 5 turns out to provide reasonable message response
times while making sure the mailing-list deliveries are not extended by
more than 20-25 percent even in the worst case.
Examples:
default_delivery_slot_cost = 0
default_delivery_slot_cost = 2
default_delivery_slot_discount (default: 50)
The default value for transport-specific _delivery_slot_discount set-
tings.
This parameter speeds up the moment when a message preemption can hap-
pen. Instead of waiting until the full amount of delivery slots
required is available, the preemption can happen when transport_deliv-
ery_slot_discount percent of the required amount plus transport_deliv-
ery_slot_loan still remains to be accumulated. Note that the full
amount will still have to be accumulated before another preemption can
take place later.
default_delivery_slot_loan (default: 3)
The default value for transport-specific _delivery_slot_loan settings.
This parameter speeds up the moment when a message preemption can hap-
pen. Instead of waiting until the full amount of delivery slots
required is available, the preemption can happen when transport_deliv-
ery_slot_discount percent of the required amount plus transport_deliv-
ery_slot_loan still remains to be accumulated. Note that the full
amount will still have to be accumulated before another preemption can
take place later.
default_destination_concurrency_limit (default: 20)
The default maximal number of parallel deliveries to the same destina-
tion. This is the default limit for delivery via the lmtp(8), pipe(8),
smtp(8) and virtual(8) delivery agents.
default_destination_recipient_limit (default: 50)
The default maximal number of recipients per message delivery. This is
the default limit for delivery via the lmtp(8), pipe(8), smtp(8) and
virtual(8) delivery agents.
never accumulate at least this many delivery slots (subject to slot
cost parameter as well) are never preempted.
default_privs (default: nobody)
The default rights used by the local(8) delivery agent for delivery to
external file or command. These rights are used when delivery is
requested from an aliases(5) file that is owned by root, or when deliv-
ery is done on behalf of root. DO NOT SPECIFY A PRIVILEGED USER OR THE
POSTFIX OWNER.
default_process_limit (default: 100)
The default maximal number of Postfix child processes that provide a
given service. This limit can be overruled for specific services in the
master.cf file.
default_rbl_reply (default: see postconf -d output)
The default SMTP server response template for a request that is
rejected by an RBL-based restriction. This template can be overruled by
specific entries in the optional rbl_reply_maps lookup table.
This feature is available in Postfix 2.0 and later.
The template is subject to exactly one level of $name substitution:
$client
The client hostname and IP address, formatted as name[address].
$client_address
The client IP address.
$client_name
The client hostname or "unknown".
$helo_name
The hostname given in HELO or EHLO command or empty string.
$rbl_class
The blacklisted entity type: Client host, Helo command, Sender
address, or Recipient address.
$rbl_code
The numerical SMTP response code, as specified with the
maps_rbl_reject_code configuration parameter.
$rbl_domain
The RBL domain where $rbl_what is blacklisted.
$rbl_reason
The reason why $rbl_what is blacklisted, or an empty string.
$rbl_what
The entity that is blacklisted (an IP address, a hostname, a
$sender_domain
The sender domain or empty string.
$sender_name
The sender address localpart or <> in case of the null address.
${name?text}
Expands to `text' if $name is not empty.
${name:text}
Expands to `text' if $name is empty.
Instead of $name you can also specify ${name} or $(name).
default_recipient_limit (default: 10000)
The default per-transport upper limit on the number of in-memory recip-
ients. These limits take priority over the global qmgr_message_recipi-
ent_limit after the message has been assigned to the respective trans-
ports. See also default_extra_recipient_limit and qmgr_message_recipi-
ent_minimum.
default_transport (default: smtp)
The default mail delivery transport for domains that do not match
$mydestination, $inet_interfaces, $proxy_interfaces, $vir-
tual_alias_domains, $virtual_mailbox_domains, or $relay_domains. This
information can be overruled with the transport(5) table.
Specify a string of the form transport:nexthop, where transport is the
name of a mail delivery transport defined in master.cf. The :nexthop
part is optional. For more details see the transport(5) manual page.
Example:
default_transport = uucp:relayhostname
default_verp_delimiters (default: +=)
The two default VERP delimiter characters. These are used when no
explicit delimiters are specified with the SMTP XVERP command or with
the "sendmail -V" command-line option. Specify characters that are
allowed by the verp_delimiter_filter setting.
This feature is available in Postfix 1.1 and later.
defer_code (default: 450)
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "defer" restriction.
Do not change this unless you have a complete understanding of RFC 821.
defer_service_name (default: defer)
The name of the defer(8) service. This service maintains a record of
failed delivery attempts and generates non-delivery notifications.
The recipient of postmaster notifications with the message headers of
mail that cannot be delivered within $delay_warning_time time units.
This feature is enabled with the delay_warning_time parameter.
delay_warning_time (default: 0h)
The time after which the sender receives the message headers of mail
that is still queued.
To enable this feature, specify a non-zero integral value.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is h (hours).
deliver_lock_attempts (default: 20)
The maximal number of attempts to acquire an exclusive lock on a mail-
box file or bounce(8) logfile.
deliver_lock_delay (default: 1s)
The time between attempts to acquire an exclusive lock on a mailbox
file or bounce(8) logfile.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
disable_dns_lookups (default: no)
Disable DNS lookups in the Postfix SMTP and LMTP clients. When dis-
abled, hosts are looked up with the gethostbyname() system library rou-
tine which normally also looks in /etc/hosts.
DNS lookups are enabled by default.
disable_mime_input_processing (default: no)
Turn off MIME processing while receiving mail. This means that no spe-
cial treatment is given to Content-Type: message headers, and that all
text after the initial message headers is considered to be part of the
message body.
This feature is available in Postfix 2.0 and later.
Mime input processing is enabled by default, and is needed in order to
recognize MIME headers in message content.
disable_mime_output_conversion (default: no)
Disable the conversion of 8BITMIME format to 7BIT format. Mime output
conversion is needed when the destination does not advertise 8BITMIME
support.
This feature is available in Postfix 2.0 and later.
disable_verp_bounces (default: no)
Disable sending one bounce report per recipient.
Don't remove queue files and save them to the "saved" mail queue. This
is a debugging aid. To inspect the envelope information and content of
a Postfix queue file, use the postcat(1) command.
double_bounce_sender (default: double-bounce)
The sender address of postmaster notifications that are generated by
the mail system. All mail to this address is silently discarded, in
order to terminate mail bounce loops.
duplicate_filter_limit (default: 1000)
The maximal number of addresses remembered by the address duplicate
filter for aliases(5) or virtual(5) alias expansion, or for showq(8)
queue displays.
empty_address_recipient (default: MAILER-DAEMON)
The recipient of mail addressed to the null address. Postfix does not
accept such addresses in SMTP commands, but they may still be created
locally as the result of configuration or software error.
enable_errors_to (default: no)
Report mail delivery errors to the address specified with the non-stan-
dard Errors-To: message header, instead of the envelope sender address.
This support is disabled by default with Postfix 2.1 and later, and is
always turned on with older Postfix versions.
enable_original_recipient (default: yes)
Enable support for the X-Original-To message header. This header is
needed for multi-recipient mailboxes.
When this parameter is set to yes, the cleanup(8) daemon performs
duplicate elimination on distinct pairs of (original recipient, rewrit-
ten recipient), and generates non-empty original recipient queue file
records.
When this parameter is set to no, the cleanup(8) daemon performs dupli-
cate elimination on the rewritten recipient address only, and generates
empty original recipient queue file records.
This feature is available in Postfix 2.1 and later. With Postfix 2.0,
support for the X-Original-To message header is always turned on. Post-
fix versions before 2.0 have no support for the X-Original-To message
header.
error_notice_recipient (default: postmaster)
The recipient of postmaster notifications about mail delivery problems
that are caused by policy, resource, software or protocol errors.
These notifications are enabled with the notify_classes parameter.
error_service_name (default: error)
The name of the error(8) pseudo delivery agent. This service always
returns mail as undeliverable.
space or comma.
Example:
export_environment = TZ PATH=/bin:/usr/bin
extract_recipient_limit (default: 10240)
The maximal number of recipient addresses that Postfix will extract
from message headers when mail is submitted with "sendmail -t".
This feature was removed in Postfix 2.1.
fallback_relay (default: empty)
Optional list of relay hosts for SMTP destinations that can't be found
or that are unreachable.
By default, mail is returned to the sender when a destination is not
found, and delivery is deferred if a destination is unreachable.
The fallback relays must be SMTP destinations. Specify a domain, host,
host:port, [host]:port, [address] or [address]:port; the form [host]
turns off MX lookups. If you specify multiple SMTP destinations, Post-
fix will try them in the specified order.
fallback_transport (default: empty)
Optional message delivery transport that the local(8) delivery agent
should use for names that are not found in the aliases(5) database or
in the UNIX passwd database.
fast_flush_domains (default: $relay_domains)
Optional list of destinations that are eligible for per-destination
logfiles with mail that is queued to those destinations.
By default, Postfix maintains "fast flush" logfiles only for destina-
tions that the Postfix SMTP server is willing to relay to (i.e. the
default is: "fast_flush_domains = $relay_domains"; see the
relay_domains parameter in the postconf(5) manual).
Specify a list of hosts or domains, "/file/name" patterns or "type:ta-
ble" lookup tables, separated by commas and/or whitespace. Continue
long lines by starting the next line with whitespace. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table is
matched when the domain or its parent domain appears as lookup key.
Specify "fast_flush_domains =" to disable the feature altogether.
fast_flush_purge_time (default: 7d)
The time after which an empty per-destination "fast flush" logfile is
deleted.
You can specify the time as a number, or as a number followed by a let-
ter that indicates the time unit: s=seconds, m=minutes, h=hours,
flush_service_name (default: flush)
The name of the flush(8) service. This service maintains per-destina-
tion logfiles with the queue file names of mail that is queued for
those destinations.
This feature is available in Postfix 2.0 and later.
fork_attempts (default: 5)
The maximal number of attempts to fork() a child process.
fork_delay (default: 1s)
The delay between attempts to fork() a child process.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
forward_expansion_filter (default: see postconf -d output)
Restrict the characters that the local(8) delivery agent allows in
$name expansions of $forward_path. Characters outside the allowed set
are replaced by underscores.
Characters outside the allowed set are replaced by underscores.
forward_path (default: see postconf -d output)
The local(8) delivery agent search list for finding a .forward file
with user-specified delivery methods. The first file that is found is
used.
The following expansions are done on forward_path before the search
actually happens:
$user The recipient's username.
$shell The recipient's login shell pathname.
$home The recipient's home directory.
$recipient
The full recipient address.
$extension
The optional recipient address extension.
$domain
The recipient domain.
$local The entire recipient localpart.
$recipient_delimiter
The system-wide recipient address extension delimiter.
hash_queue_depth (default: 1)
The number of subdirectory levels for queue directories listed with the
hash_queue_names parameter.
After changing the hash_queue_names or hash_queue_depth parameter, exe-
cute the command "postfix reload".
hash_queue_names (default: see postconf -d output)
The names of queue directories that are split across multiple subdirec-
tory levels.
After changing the hash_queue_names or hash_queue_depth parameter, exe-
cute the command "postfix reload".
header_address_token_limit (default: 10240)
The maximal number of address tokens are allowed in an address message
header. Information that exceeds the limit is discarded. The limit is
enforced by the cleanup(8) server.
header_checks (default: empty)
Optional lookup tables for content inspection of primary non-MIME mes-
sage headers, as specified in the header_checks(5) manual page.
header_size_limit (default: 102400)
The maximal amount of memory in bytes for storing a message header. If
a header is larger, the excess is discarded. The limit is enforced by
the cleanup(8) server.
helpful_warnings (default: yes)
Log warnings about problematic configuration settings, and provide
helpful suggestions.
This feature is available in Postfix 2.0 and later.
home_mailbox (default: empty)
Optional pathname of a mailbox file relative to a local(8) user's home
directory.
Specify a pathname ending "/" for qmail-style delivery.
The precedence of local(8) delivery features from high to low is:
aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
box_command, home_mailbox, mail_spool_directory, fallback_transport and
luser_relay.
Examples:
home_mailbox = Mailbox
home_mailbox = Maildir/
hopcount_limit (default: 50)
instead. This violates the SMTP standard and can result in mis-delivery
of mail.
import_environment (default: see postconf -d output)
The list of environment parameters that a Postfix process will import
from a non-Postfix parent process. Examples of relevant parameters:
TZ Needed for sane time keeping on most System-V-ish systems.
DISPLAY
Needed for debugging Postfix daemons with an X-windows debugger.
XAUTHORITY
Needed for debugging Postfix daemons with an X-windows debugger.
MAIL_CONFIG
Needed to make "postfix -c" work.
Specify a list of names and/or name=value pairs, separated by white-
space or comma. The name=value form is supported with Postfix 2.1 and
later.
in_flow_delay (default: 1s)
Time to pause before accepting a new message, when the message arrival
rate exceeds the message delivery rate. This feature is turned on by
default (it's disabled on SCO UNIX due to an SCO bug).
With the default 100 SMTP server process limit, "in_flow_delay = 1s"
limits the mail inflow to 100 messages per second above the number of
messages delivered per second.
Specify 0 to disable the feature. Valid delays are 0..10.
inet_interfaces (default: all)
The network interface addresses that this mail system receives mail on.
By default, the software claims all active interfaces on the machine.
The parameter also controls delivery of mail to user@[ip.address].
See also the proxy_interfaces parameter, for network addresses that are
forwarded to us by way of a proxy or address translator.
Note: you need to stop and start Postfix when this parameter changes.
initial_destination_concurrency (default: 5)
The initial per-destination concurrency level for parallel delivery to
the same destination. This limit applies to delivery via smtp(8), and
via the pipe(8) and virtual(8) delivery agents.
Warning: with concurrency of 1, one bad message can be enough to block
all mail to a site.
invalid_hostname_reject_code (default: 501)
ipc_timeout (default: 3600s)
The time limit for sending or receiving information over an internal
communication channel. The purpose is to break out of deadlock situa-
tions. If the time limit is exceeded the software aborts with a fatal
error.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
ipc_ttl (default: 1000s)
The time after which a client closes an active internal communication
channel. The purpose is to allow servers to terminate voluntarily
after reaching their client limit. This is used, for example, by the
address resolving and rewriting clients.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
This feature is available in Postfix 2.1 and later.
line_length_limit (default: 2048)
Upon input, long lines are chopped up into pieces of at most this
length; upon delivery, long lines are reconstructed.
lmtp_cache_connection (default: yes)
Keep Postfix LMTP client connections open for up to $max_idle seconds.
When the LMTP client receives a request for the same connection the
connection is reused.
The effectiveness of cached connections will be determined by the num-
ber of LMTP servers in use, and the concurrency limit specified for the
LMTP client. Cached connections are closed under any of the following
conditions:
o The LMTP client idle time limit is reached. This limit is spec-
ified with the Postfix max_idle configuration parameter.
o A delivery request specifies a different destination than the
one currently cached.
o The per-process limit on the number of delivery requests is
reached. This limit is specified with the Postfix max_use con-
figuration parameter.
o Upon the onset of another delivery request, the LMTP server
associated with the current session does not respond to the RSET
command.
Most of these limitations will be removed after Postfix implements a
connection cache that is shared among multiple LMTP client programs.
The LMTP client time limit for sending the LMTP ".", and for receiving
the server response. When no response is received within the deadline,
a warning is logged that the mail may be delivered multiple times.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
lmtp_data_init_timeout (default: 120s)
The LMTP client time limit for sending the LMTP DATA command, and for
receiving the server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
lmtp_data_xfer_timeout (default: 180s)
The LMTP client time limit for sending the LMTP message content. When
the connection stalls for more than $lmtp_data_xfer_timeout the LMTP
client terminates the transfer.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
lmtp_destination_concurrency_limit (default: $default_destination_concur-
rency_limit)
The maximal number of parallel deliveries to the same destination via
the lmtp message delivery transport. This limit is enforced by the
queue manager. The message delivery transport name is the first field
in the entry in the master.cf file.
lmtp_destination_recipient_limit (default: $default_destination_recipi-
ent_limit)
The maximal number of recipients per delivery via the lmtp message
delivery transport. This limit is enforced by the queue manager. The
message delivery transport name is the first field in the entry in the
master.cf file.
Setting this parameter to a value of 1 changes the meaning of lmtp_des-
tination_concurrency_limit from concurrency per domain into concurrency
per recipient.
lmtp_lhlo_timeout (default: 300s)
The LMTP client time limit for receiving the LMTP greeting banner.
When the server drops the connection without sending a greeting banner,
or when it sends no greeting banner within the deadline, the LMTP
client tries the next address on the mail exchanger list.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
lmtp_mail_timeout (default: 300s)
The LMTP client time limit for sending the MAIL FROM command, and for
receiving the server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
lmtp_rset_timeout (default: 120s)
The LMTP client time limit for sending the RSET command, and for
receiving the server response. The LMTP client sends RSET in order to
find out if a cached connection is still alive.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
lmtp_sasl_auth_enable (default: no)
Enable SASL authentication in the Postfix LMTP client.
lmtp_sasl_password_maps (default: empty)
Optional LMTP client lookup tables with one username:password entry per
host or domain. If a remote host or domain has no username:password
entry, then the Postfix LMTP client will not attempt to authenticate to
the remote host.
lmtp_sasl_security_options (default: noplaintext, noanonymous)
What authentication mechanisms the Postfix LMTP client is allowed to
use. The list of available authentication mechanisms is system depen-
dent.
noplaintext
Disallow authentication methods that use plaintext passwords.
noactive
Disallow authentication methods that are vulnerable to non-dic-
tionary active attacks.
nodictionary
Disallow authentication methods that are vulnerable to passive
dictionary attack.
noanonymous
Disallow anonymous logins.
Example:
lmtp_sasl_security_options = noplaintext
lmtp_send_xforward_command (default: no)
Send an XFORWARD command to the LMTP server when the LMTP LHLO server
response announces XFORWARD support. This allows an lmtp(8) delivery
agent, used for content filter message injection, to forward the name,
address, protocol and HELO name of the original client to the content
filter and downstream queuing LMTP server. Before you change the value
to yes, it is best to make sure that your content filter supports this
command.
mail exchanger list.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
This feature is available in Postfix 2.1 and later.
local_command_shell (default: empty)
Optional shell program for local(8) delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands are
given to given to /bin/sh only when they contain shell meta characters
or shell built-in commands.
"sendmail's restricted shell" (smrsh) is what most people will use in
order to restrict what programs can be run from e.g. .forward files
(smrsh is part of the Sendmail distribution).
Note: when a shell program is specified, it is invoked even when the
command contains no shell built-in commands or meta characters.
Example:
local_command_shell = /some/where/smrsh -c
local_destination_concurrency_limit (default: 2)
The maximal number of parallel deliveries via the local mail delivery
transport to the same recipient (when "local_destination_recipi-
ent_limit = 1") or the maximal number of parallel deliveries to the
same local domain (when "local_destination_recipient_limit > 1"). This
limit is enforced by the queue manager. The message delivery transport
name is the first field in the entry in the master.cf file.
A low limit of 2 is recommended, just in case someone has an expensive
shell command in a .forward file or in an alias (e.g., a mailing list
manager). You don't want to run lots of those at the same time.
local_destination_recipient_limit (default: 1)
The maximal number of recipients per message delivery via the local
mail delivery transport. This limit is enforced by the queue manager.
The message delivery transport name is the first field in the entry in
the master.cf file.
Setting this parameter to a value > 1 changes the meaning of local_des-
tination_concurrency_limit from concurrency per recipient into concur-
rency per domain.
local_recipient_maps (default: proxy:unix:passwd.byname $alias_maps)
Lookup tables with all names or addresses of local recipients: a recip-
ient address is local when its domain matches $mydestination,
$inet_interfaces or $proxy_interfaces. Specify @domain as a wild-card
for domains that do not have a valid recipient list. Technically,
tables listed with $local_recipient_maps are used as lists: Postfix
o You redefine the "local_transport" setting in main.cf.
o You use the "luser_relay", "mailbox_transport", or "fall-
back_transport" feature of the Postfix local(8) delivery agent.
Details are described in the LOCAL_RECIPIENT_README file.
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the proxymap(8) service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of the
system password file in the chroot jail is not practical.
Examples:
local_recipient_maps =
local_transport (default: local:$myhostname)
The default mail delivery transport for domains that match $mydestina-
tion, $inet_interfaces or $proxy_interfaces. This information can be
overruled with the transport(5) table.
By default, local mail is delivered to the transport called "local",
which is just the name of a service that is defined the master.cf file.
Specify a string of the form transport:nexthop, where transport is the
name of a mail delivery transport defined in master.cf. The :nexthop
part is optional. For more details see the transport(5) manual page.
Beware: if you override the default local delivery agent then you need
to review the LOCAL_RECIPIENT_README document, otherwise the SMTP
server may reject mail for local recipients.
luser_relay (default: empty)
Optional catch-all destination for unknown local(8) recipients. By
default, mail for unknown recipients in domains that match $mydestina-
tion, $inet_interfaces or $proxy_interfaces is returned as undeliver-
able.
The following $name expansions are done on luser_relay:
$domain
The recipient domain.
$extension
The recipient address extension.
$home The recipient's home directory.
$local The entire recipient address localpart.
$recipient
Instead of $name you can also specify ${name} or $(name).
Note: luser_relay works only for the Postfix local(8) delivery agent.
NOTE: if you use this feature for accounts not in the UNIX password
file, then you must specify "local_recipient_maps =" (i.e. empty) in
the main.cf file, otherwise the Postfix SMTP server will reject mail
for non-UNIX accounts with "User unknown in local recipient table".
Examples:
luser_relay = $user@other.host
luser_relay = $local@other.host
luser_relay = admin+$local
mail_name (default: Postfix)
The mail system name that is displayed in Received: headers, in the
SMTP greeting banner, and in bounced mail.
mail_owner (default: postfix)
The UNIX system account that owns the Postfix queue and most Postfix
daemon processes. Specify the name of a user account that does not
share a group with other accounts and that owns no other files or pro-
cesses on the system. In particular, don't specify nobody or daemon.
PLEASE USE A DEDICATED USER ID AND GROUP ID.
mail_release_date (default: see postconf -d output)
The Postfix release date, in "YYYYMMDD" format.
mail_spool_directory (default: see postconf -d output)
The directory where local(8) UNIX-style mailboxes are kept. The default
setting depends on the system type. Specify a name ending in / for
maildir-style delivery.
Note: maildir delivery is done with the privileges of the recipient.
If you use the mail_spool_directory setting for maildir style delivery,
then you must create the top-level maildir directory in advance. Post-
fix will not create it.
Examples:
mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail
mail_version (default: see postconf -d output)
The version of the mail system. Stable releases are named
major.minor.patchlevel. Experimental releases also include the release
date. The version string can be used in, for example, the SMTP greeting
banner.
mailbox_command (default: empty)
HOME The recipient home directory.
LOCAL The recipient address localpart.
LOGNAME
The recipient's username.
RECIPIENT
The full recipient address.
SENDER The full sender address.
SHELL The recipient's login shell.
USER The recipient username.
Unlike other Postfix configuration parameters, the mailbox_command
parameter is not subjected to $name substitutions. This is to make it
easier to specify shell syntax (see example below).
If you can, avoid shell meta characters because they will force Postfix
to run an expensive shell process. If you're delivering via Procmail
then running a shell won't make a noticeable difference in the total
cost.
Note: if you use the mailbox_command feature to deliver mail system-
wide, you must set up an alias that forwards mail for root to a real
user.
The precedence of local(8) delivery features from high to low is:
aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
box_command, home_mailbox, mail_spool_directory, fallback_transport and
luser_relay.
Examples:
mailbox_command = /some/where/procmail
mailbox_command = /some/where/procmail -a "$EXTENSION"
mailbox_command = /some/where/maildrop -d "$USER"
-f "$SENDER" "$EXTENSION"
mailbox_command_maps (default: empty)
Optional lookup tables with per-recipient external commands to use for
local(8) mailbox delivery. Behavior is as with mailbox_command.
The precedence of local(8) delivery features from high to low is:
aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
box_command, home_mailbox, mail_spool_directory, fallback_transport and
luser_relay.
mailbox_delivery_lock (default: see postconf -d output)
How to lock a UNIX-style local(8) mailbox before attempting delivery.
written to upon local delivery, including files written by external
commands that are executed by the local(8) delivery agent.
This limit must not be smaller than the message size limit.
mailbox_transport (default: empty)
Optional message delivery transport that the local(8) delivery agent
should use for mailbox delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
The precedence of local(8) delivery features from high to low is:
aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
box_command, home_mailbox, mail_spool_directory, fallback_transport and
luser_relay.
mailq_path (default: see postconf -d output)
Sendmail compatibility feature that specifies where the Postfix
mailq(1) command is installed. This command can be used to list the
Postfix mail queue.
manpage_directory (default: see postconf -d output)
Where the Postfix manual pages are installed.
maps_rbl_domains (default: empty)
Obsolete feature: use the reject_rbl_client feature instead.
maps_rbl_reject_code (default: 554)
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_rbl_client,
reject_rhsbl_client, reject_rhsbl_sender or reject_rhsbl_recipient
restriction.
Do not change this unless you have a complete understanding of RFC 821.
masquerade_classes (default: envelope_sender, header_sender, header_recipient)
What addresses are subject to address masquerading.
By default, address masquerading is limited to envelope sender
addresses, and to header sender and header recipient addresses. This
allows you to use address masquerading on a mail gateway while still
being able to forward mail to users on individual machines.
Specify zero or more of: envelope_sender, envelope_recipient,
header_sender, header_recipient
masquerade_domains (default: empty)
Optional list of domains whose subdomain structure will be stripped off
in email addresses.
The list is processed left to right, and processing stops at the first
match. Thus,
Example:
masquerade_domains = $mydomain
masquerade_exceptions (default: empty)
Optional list of user names that are not subjected to address mas-
querading, even when their address matches $masquerade_domains.
By default, address masquerading makes no exceptions.
Specify a list of user names, "/file/name" or "type:table" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. Specify "!name" to
exclude a name from the list. A "/file/name" pattern is replaced by its
contents; a "type:table" lookup table is matched when a name matches a
lookup key (the lookup result is ignored). Continue long lines by
starting the next line with whitespace.
Examples:
masquerade_exceptions = root, mailer-daemon
masquerade_exceptions = root
max_idle (default: 100s)
The maximum amount of time that an idle Postfix daemon process waits
for the next service request before exiting. This parameter is ignored
by the Postfix queue manager.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
max_use (default: 100)
The maximal number of connection requests before a Postfix daemon
process terminates. This parameter is ignored by the Postfix queue man-
ager and by other long-lived Postfix daemon processes.
maximal_backoff_time (default: 4000s)
The maximal time between attempts to deliver a deferred message.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
maximal_queue_lifetime (default: 5d)
The maximal time a message is queued before it is sent back as undeliv-
erable.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
Specify 0 when mail delivery should be tried only once.
message_size_limit (default: 10240000)
mime_nesting_limit (default: 100)
The maximal nesting level of multipart mail that the MIME processor
will handle. Postfix refuses mail that is nested deeper.
This feature is available in Postfix 2.0 and later.
minimal_backoff_time (default: 1000s)
The minimal time between attempts to deliver a deferred message. This
parameter also limits the time an unreachable destination is kept in
the short-term, in-memory, destination status cache.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
multi_recipient_bounce_reject_code (default: 550)
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_multi_recipient_bounce restric-
tion.
Do not change this unless you have a complete understanding of RFC 821.
This feature is available in Postfix 2.1 and later.
mydestination (default: $myhostname, localhost.$mydomain, localhost)
The list of domains that are delivered via the $local_transport mail
delivery transport. By default this is the Postfix local(8) delivery
agent which looks up all recipients in /etc/passwd and /etc/aliases.
The SMTP server validates recipient addresses with $local_recipi-
ent_maps and rejects non-existent recipients. See also the local domain
class in the ADDRESS_CLASS_README file.
The default mydestination value specifies names for the local machine
only. On a mail domain gateway, you should also include $mydomain.
The $local_transport delivery method is also selected for mail
addressed to user@[the.net.work.address] of the mail system (the IP
addresses specified with the inet_interfaces and proxy_interfaces
parameters).
Warnings:
o Do not specify the names of virtual domains - those domains are
specified elsewhere. See VIRTUAL_README for more information.
o Do not specify the names of domains that this machine is backup
MX host for. See STANDARD_CONFIGURATION_README for how to set up
backup MX hosts.
o By default, the Postfix SMTP server rejects mail for recipients
not listed with the local_recipient_maps parameter. See the
postconf(5) manual for a description of the local_recipient_maps
The internet domain name of this mail system. The default is to use
$myhostname minus the first component. $mydomain is used as a default
value for many other configuration parameters.
Example:
mydomain = domain.tld
myhostname (default: see postconf -d output)
The internet hostname of this mail system. The default is to use the
fully-qualified domain name from gethostname(). $myhostname is used as
a default value for many other configuration parameters.
Example:
myhostname = host.domain.tld
mynetworks (default: see postconf -d output)
The list of "trusted" SMTP clients that have more privileges than
"strangers".
In particular, "trusted" SMTP clients are allowed to relay mail through
Postfix. See the smtpd_recipient_restrictions parameter description in
the postconf(5) manual.
You can specify the list of "trusted" network addresses by hand or you
can let Postfix do it for you (which is the default). See the descrip-
tion of the mynetworks_style parameter for more information.
Alternatively, you can specify the mynetworks list by hand, in which
case Postfix ignores the mynetworks_style setting.
Specify a list of network/netmask patterns, separated by commas and/or
whitespace. The mask specifies the number of bits in the network part
of a host address. You can also specify "/file/name" or "type:table"
patterns. A "/file/name" pattern is replaced by its contents; a
"type:table" lookup table is matched when a table entry matches a
lookup string (the lookup result is ignored). Continue long lines by
starting the next line with whitespace.
Examples:
mynetworks = 168.100.189.0/28, 127.0.0.0/8
mynetworks = $config_directory/mynetworks
mynetworks = hash:/etc/postfix/network_table
mynetworks_style (default: subnet)
The method to generate the default value for the mynetworks parameter.
This is the list of trusted networks for relay access control etc.
o Specify "mynetworks_style = host" when Postfix should "trust"
only the local machine.
The domain name that locally-posted mail appears to come from, and that
locally posted mail is delivered to. The default, $myhostname, is ade-
quate for small sites. If you run a domain with multiple machines, you
should (1) change this to $mydomain and (2) set up a domain-wide alias
database that aliases each user to user@that.users.mailhost.
Example:
myorigin = $mydomain
nested_header_checks (default: $header_checks)
Optional lookup tables for content inspection of non-MIME message head-
ers in attached messages, as described in the header_checks(5) manual
page.
This feature is available in Postfix 2.0 and later.
newaliases_path (default: see postconf -d output)
Sendmail compatibility feature that specifies the location of the
newaliases(1) command. This command can be used to rebuild the local(8)
aliases(5) database.
non_fqdn_reject_code (default: 504)
The numerical Postfix SMTP server reply code when a client request is
rejected by the reject_non_fqdn_hostname, reject_non_fqdn_sender or
reject_non_fqdn_recipient restriction.
notify_classes (default: resource, software)
The list of error classes that are reported to the postmaster. The
default is to report only the most serious problems. The paranoid may
wish to turn on the policy (UCE and mail relaying) and protocol error
(broken mail software) reports.
The error classes are:
bounce (also implies 2bounce)
Send the postmaster copies of the headers of bounced mail, and
send transcripts of SMTP sessions when Postfix rejects mail. The
notification is sent to the address specified with the
bounce_notice_recipient configuration parameter (default: post-
master).
2bounce
Send undeliverable bounced mail to the postmaster. The notifica-
tion is sent to the address specified with the
2bounce_notice_recipient configuration parameter (default: post-
master).
delay Send the postmaster copies of the headers of delayed mail. The
notification is sent to the address specified with the
delay_notice_recipient configuration parameter (default: post-
master).
Inform the postmaster of mail not delivered due to resource
problems. The notification is sent to the address specified
with the error_notice_recipient configuration parameter
(default: postmaster).
software
Inform the postmaster of mail not delivered due to software
problems. The notification is sent to the address specified
with the error_notice_recipient configuration parameter
(default: postmaster).
Examples:
notify_classes = bounce, delay, policy, protocol, resource, software
notify_classes = 2bounce, resource, software
owner_request_special (default: yes)
Give special treatment to owner-listname and listname-request address
localparts: don't don't split such addresses when the recipient_delim-
iter is set to "-". This feature is useful for mailing lists.
parent_domain_matches_subdomains (default: see postconf -d output)
What Postfix features match subdomains of "domain.tld" automatically,
instead of requiring an explicit ".domain.tld" pattern. This is
planned backwards compatibility: eventually, all Postfix features are
expected to require explicit ".domain.tld" style patterns when you
really want to match subdomains.
permit_mx_backup_networks (default: empty)
Restrict the use of the permit_mx_backup SMTP access feature to only
domains whose primary MX hosts match the listed networks.
pickup_service_name (default: pickup)
The name of the pickup(8) service. This service picks up local mail
submissions from the Postfix maildrop queue.
This feature is available in Postfix 2.0 and later.
prepend_delivered_header (default: command, file, forward)
The message delivery contexts where the Postfix local(8) delivery agent
prepends a Delivered-To: message header.
By default, the Postfix local delivery agent prepends a Delivered-To:
header when forwarding mail and when delivering to file (mailbox) and
command. Turning off the Delivered-To: header when forwarding mail is
not recommended.
Specify zero or more of forward, file, or command.
Example:
prepend_delivered_header = forward
For example, with a virtual(5) mapping of "joe@domain -> joe.user", the
address "joe+foo@domain" would rewrite to "joe.user+foo".
Specify zero or more of canonical, virtual, alias, forward or include.
These cause address extension propagation with canonical(5), vir-
tual(5), and aliases(5) maps, and with local(8) .forward and :include:
file lookups, respectively.
Note: enabling this feature for types other than canonical and virtual
is likely to cause problems when mail is forwarded to other sites,
especially with mail that is sent to a mailing list exploder address.
Examples:
propagate_unmatched_extensions = canonical, virtual, alias,
forward, include
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces (default: empty)
The network interface addresses that this mail system receives mail on
by way of a proxy or network address translation unit.
This feature is available in Postfix 2.0 and later.
You must specify your "outside" proxy/NAT addresses when your system is
a backup MX host for other domains, otherwise mail delivery loops will
happen when the primary MX host is down.
Example:
proxy_interfaces = 1.2.3.4
proxy_read_maps (default: see postconf -d output)
The lookup tables that the proxymap(8) server is allowed to access.
Table references that don't begin with proxy: are ignored. The prox-
ymap(8) table accesses are read-only.
This feature is available in Postfix 2.0 and later.
qmgr_clog_warn_time (default: 300s)
The minimal delay between warnings that a specific destination is clog-
ging up the Postfix active queue. Specify 0 to disable.
This feature is enabled with the helpful_warnings parameter.
This feature is available in Postfix 2.0 and later.
qmgr_fudge_factor (default: 100)
Obsolete feature: the percentage of delivery resources that a busy mail
system will use up for delivery of a large mailing list message.
qmgr_message_recipient_limit and the per transport _recipient_limit) if
necessary. The minimum value allowed for this parameter is 1.
qmqpd_authorized_clients (default: empty)
What clients are allowed to connect to the QMQP server port.
By default, no client is allowed to use the service. This is because
the QMQP server will relay mail to any destination.
Specify a list of client patterns. A list pattern specifies a host
name, a domain name, an internet address, or a network/mask pattern,
where the mask specifies the number of bits in the network part. When
a pattern specifies a file name, its contents are substituted for the
file name; when a pattern is a "type:table" table specification, table
lookup is used instead.
Patterns are separated by whitespace and/or commas. In order to reverse
the result, precede a non-file name pattern with an exclamation point
(!).
Example:
qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24
qmqpd_error_delay (default: 1s)
How long the QMQP server will pause before sending a negative reply to
the client. The purpose is to slow down confused or malicious clients.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
qmqpd_timeout (default: 300s)
The time limit for sending or receiving information over the network.
If a read or write operation blocks for more than $qmqpd_timeout sec-
onds the QMQP server gives up and disconnects.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
queue_directory (default: see postconf -d output)
The location of the Postfix top-level queue directory. This is the root
directory of Postfix daemon processes that run chrooted.
queue_file_attribute_count_limit (default: 100)
The maximal number of (name=value) attributes that may be stored in a
Postfix queue file. The limit is enforced by the cleanup(8) server.
This feature is available in Postfix 2.0 and later.
queue_minfree (default: 0)
The minimal amount of free space in bytes in the queue file system that
is needed to receive mail. This is currently used by the SMTP server
The default time unit is s (seconds).
queue_service_name (default: qmgr)
The name of the qmgr(8) service. This service manages the Postfix queue
and schedules delivery requests.
This feature is available in Postfix 2.0 and later.
rbl_reply_maps (default: empty)
Optional lookup tables with RBL response templates. The tables are
indexed by the RBL domain name. By default, Postfix uses the default
template as specified with the default_rbl_reply configuration parame-
ter. See there for a discussion of the syntax of RBL reply templates.
This feature is available in Postfix 2.0 and later.
readme_directory (default: see postconf -d output)
The location of Postfix README files that describe how to build, con-
figure or operate a specific Postfix subsystem or feature.
receive_override_options (default: empty)
Enable or disable recipient validation, built-in content filtering, or
address rewriting. Typically, these are specified in master.cf as com-
mand-line arguments for the smtpd(8), qmqpd(8) or pickup(8) daemons.
Specify zero or more of the following options. The options override
main.cf settings and are either implemented by smtpd(8), qmqpd(8), or
pickup(8) themselves, or they are forwarded to the cleanup server.
no_unknown_recipient_checks
Do not try to reject unknown recipients (SMTP server only).
This is typically specified AFTER an external content filter.
no_address_mappings
Disable canonical address mapping, virtual alias map expansion,
address masquerading, and automatic BCC (blind carbon-copy)
recipients. This is typically specified BEFORE an external con-
tent filter.
no_header_body_checks
Disable header/body_checks. This is typically specified AFTER an
external content filter.
Note: when the "BEFORE content filter" receive_override_options setting
is specified in the main.cf file, specify the "AFTER content filter"
receive_override_options setting in master.cf (and vice versa).
Examples:
receive_override_options =
no_unknown_recipient_checks, no_header_body_checks
receive_override_options = no_address_mappings
o Look up the "user@domain.tld" address without the optional
address extension.
o Look up the "user+extension" address local part when the recipi-
ent domain equals $myorigin, $mydestination, $inet_interfaces or
$proxy_interfaces.
o Look up the "user" address local part when the recipient domain
equals $myorigin, $mydestination, $inet_interfaces or
$proxy_interfaces.
o Look up the "@domain.tld" part.
Specify the types and names of databases to use. After change, run
"postmap /etc/postfix/recipient_bcc".
NOTE: if mail to the BCC address bounces it will be returned to the
sender.
Example:
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_canonical_maps (default: empty)
Optional address mapping lookup tables for envelope and header recipi-
ent addresses. The table format and lookups are documented in canoni-
cal(5).
Note: $recipient_canonical_maps is processed before $canonical_maps.
Example:
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
recipient_delimiter (default: empty)
The separator between user names and address extensions (user+foo).
See canonical(5), local(8), relocated(5) and virtual(5) for the effects
this has on aliases, canonical, virtual, relocated and on .forward file
lookups. Basically, the software tries user+foo and .forward+foo
before trying user and .forward.
Example:
recipient_delimiter = +
reject_code (default: 554)
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "reject" restriction.
Do not change this unless you have a complete understanding of RFC 821.
master.cf file.
Setting this parameter to a value of 1 changes the meaning of
relay_destination_concurrency_limit from concurrency per domain into
concurrency per recipient.
This feature is available in Postfix version 2.0 and later.
relay_domains (default: $mydestination)
What destination domains (and subdomains thereof) this system will
relay mail to. Subdomain matching is controlled with the par-
ent_domain_matches_subdomains parameter. For details about how the
relay_domains value is used, see the description of the per-
mit_auth_destination and reject_unauth_destination SMTP recipient
restrictions.
Domains that match $relay_domains are delivered with the $relay_trans-
port mail delivery transport. The SMTP server validates recipient
addresses with $relay_recipient_maps and rejects non-existent recipi-
ents. See also the relay domains address class in the
ADDRESS_CLASS_README file.
NOTE: Postfix will not automatically forward mail for domains that list
this system as their primary or backup MX host. See the per-
mit_mx_backup restriction in the postconf(5) manual page.
Specify a list of host or domain names, "/file/name" patterns or
"type:table" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents; a "type:table" lookup
table is matched when a (parent) domain appears as lookup key.
relay_domains_reject_code (default: 554)
The numerical Postfix SMTP server response code when a client request
is rejected by the reject_unauth_destination recipient restriction.
Do not change this unless you have a complete understanding of RFC 821.
relay_recipient_maps (default: empty)
Optional lookup tables with all valid addresses in the domains that
match $relay_domains. Specify @domain as a wild-card for domains that
do not have a valid recipient list. Technically, tables listed with
$relay_recipient_maps are used as lists: Postfix needs to know only if
a lookup string is found or not, but it does not use the result from
table lookup.
If this parameter is non-empty, then the Postfix SMTP server will
reject mail to unknown relay users. This feature is off by default.
See also the relay domains address class in the ADDRESS_CLASS_README
file.
See also the relay domains address class in the ADDRESS_CLASS_README
file.
This feature is available in Postfix 2.0 and later.
relayhost (default: empty)
The default host to send non-local mail to when no entry is matched in
the optional transport(5) table. When no relayhost is given, mail is
routed directly to the destination.
On an intranet, specify the organizational domain name. If your inter-
nal DNS uses no MX records, specify the name of the intranet gateway
host instead.
In the case of SMTP, specify a domain name, hostname, hostname:port,
[hostname]:port, [hostaddress] or [hostaddress]:port. The form [host-
name] turns off MX lookups.
If you're connected via UUCP, see the UUCP_README file for useful
information.
Examples:
relayhost = $mydomain
relayhost = [gateway.my.domain]
relayhost = uucphost
relayhost = [an.ip.add.ress]
relocated_maps (default: empty)
Optional lookup tables with new contact information for users or
domains that no longer exist. The table format and lookups are docu-
mented in relocated(5).
If you use this feature, run "postmap /etc/postfix/relocated" to build
the necessary DBM or DB file after change, then "postfix reload" to
make the changes visible.
Examples:
relocated_maps = dbm:/etc/postfix/relocated
relocated_maps = hash:/etc/postfix/relocated
require_home_directory (default: no)
Whether or not a local(8) recipient's home directory must exist before
mail delivery is attempted. By default this test is disabled. It can
be useful for environments that import home directories to the mail
server (NOT RECOMMENDED).
resolve_dequoted_address (default: yes)
Resolve a recipient address safely instead of correctly, by looking
inside quotes.
hostname were specified, instead of rejecting the address as invalid.
This feature is available in Postfix version 2.1 and later. Earlier
versions always resolve the null domain as the local hostname.
The Postfix SMTP server uses this feature to reject mail from or to
addresses that end in the "@" null domain, and from addresses that re-
write into a form that ends in the "@" null domain.
rewrite_service_name (default: rewrite)
The name of the address rewriting service. This service rewrites
addresses to standard form and resolves them to a (delivery method,
next-hop host, recipient) triple.
This feature is available in Postfix 2.0 and later.
sample_directory (default: /etc/postfix)
The name of the directory with example Postfix configuration files.
sender_based_routing (default: no)
This parameter should not be used.
sender_bcc_maps (default: empty)
Optional BCC (blind carbon-copy) address lookup tables, indexed by
sender address. The BCC address (multiple results are not supported)
is added when mail enters from outside of Postfix.
This feature is available in Postfix 2.1 and later.
The table search order is as follows:
o Look up the "user+extension@domain.tld" address including the
optional address extension.
o Look up the "user@domain.tld" address without the optional
address extension.
o Look up the "user+extension" address local part when the sender
domain equals $myorigin, $mydestination, $inet_interfaces or
$proxy_interfaces.
o Look up the "user" address local part when the sender domain
equals $myorigin, $mydestination, $inet_interfaces or
$proxy_interfaces.
o Look up the "@domain.tld" part.
Specify the types and names of databases to use. After change, run
"postmap /etc/postfix/sender_bcc".
NOTE: if mail to the BCC address bounces it will be returned to the
sender.
Note: $sender_canonical_maps is processed before $canonical_maps.
Example:
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path (default: see postconf -d output)
A Sendmail compatibility feature that specifies the location of the
Postfix sendmail(1) command. This command can be used to submit mail
into the Postfix queue.
service_throttle_time (default: 60s)
How long the Postfix master(8) waits before forking a server that
appears to be malfunctioning.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
setgid_group (default: postdrop)
The group ownership of set-gid Postfix commands and of group-writable
Postfix directories. When this parameter value is changed you need to
re-run "post-install set-permissions".
show_user_unknown_table_name (default: yes)
Display the name of the recipient table in the "User unknown"
responses. The extra detail makes trouble shooting easier but also
reveals information that is nobody elses business.
This feature is available in Postfix 2.0 and later.
showq_service_name (default: showq)
The name of the showq(8) service. This service produces mail queue sta-
tus reports.
This feature is available in Postfix 2.0 and later.
smtp_always_send_ehlo (default: yes)
Always send EHLO at the start of an SMTP session.
With "smtp_always_send_ehlo = no", Postfix sends EHLO only when the
word "ESMTP" appears in the server greeting banner (example: 220
spike.porcupine.org ESMTP Postfix).
smtp_bind_address (default: empty)
An optional numerical network address that the SMTP client should bind
to when making a connection.
This can be specified in the main.cf file for all SMTP clients, or it
can be specified in the master.cf file for a specific client, for exam-
ple:
/etc/postfix/master.cf:
smtp_data_done_timeout (default: 600s)
The SMTP client time limit for sending the SMTP ".", and for receiving
the server response.
When no response is received within the deadline, a warning is logged
that the mail may be delivered multiple times.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
smtp_data_init_timeout (default: 120s)
The SMTP client time limit for sending the SMTP DATA command, and for
receiving the server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
smtp_data_xfer_timeout (default: 180s)
The SMTP client time limit for sending the SMTP message content. When
the connection makes no progress for more than $smtp_data_xfer_timeout
seconds the SMTP client terminates the transfer.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
smtp_defer_if_no_mx_address_found (default: no)
Defer mail delivery when no MX record resolves to an IP address.
The default (no) is to return the mail as undeliverable. With older
Postfix versions the default was to keep trying to deliver the mail
until someone fixed the MX record or until the mail was too old.
Note: Postfix always ignores MX records with equal or worse preference
than the local MTA itself.
This feature is available in Postfix 2.1 and later.
smtp_destination_concurrency_limit (default: $default_destination_concur-
rency_limit)
The maximal number of parallel deliveries to the same destination via
the smtp message delivery transport. This limit is enforced by the
queue manager. The message delivery transport name is the first field
in the entry in the master.cf file.
smtp_destination_recipient_limit (default: $default_destination_recipi-
ent_limit)
The maximal number of recipients per delivery via the smtp message
delivery transport. This limit is enforced by the queue manager. The
message delivery transport name is the first field in the entry in the
master.cf file.
Setting this parameter to a value of 1 changes the meaning of smtp_des-
mysmtp ... smtp -o smtp_helo_name=foo.bar.com
This feature is available in Postfix 2.0 and later.
smtp_helo_timeout (default: 300s)
The SMTP client time limit for sending the HELO or EHLO command, and
for receiving the initial server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
smtp_host_lookup (default: dns)
What mechanisms when the SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
Specify one of the following:
dns Hosts can be found in the DNS (preferred).
native Use the native naming service only (nsswitch.conf, or equivalent
mechanism).
dns, native
Use the native service for hosts not found in the DNS.
This feature is available in Postfix 2.1 and later.
smtp_line_length_limit (default: 990)
The maximal length of message header and body lines that Postfix will
send via SMTP. Longer lines are broken by inserting "<CR><LF><SPACE>".
This minimizes the damage to MIME formatted mail.
By default, the line length is limited to 990 characters, because some
server implementations cannot receive mail with long lines.
smtp_mail_timeout (default: 300s)
The SMTP client time limit for sending the MAIL FROM command, and for
receiving the server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
smtp_mx_address_limit (default: 0)
The maximal number of MX (mail exchanger) IP addresses that can result
from mail exchanger lookups, or zero (no limit).
This feature is available in Postfix 2.1 and later.
smtp_mx_session_limit (default: 2)
The maximal number of SMTP sessions per delivery request before giving
up or delivering to a fall-back relay host, or zero (no limit). This
restriction ignores IP addresses that fail to complete the SMTP initial
smtp_pix_workaround_threshold_time (default: 500s)
How long a message must be queued before the PIX firewall
"<CR><LF>.<CR><LF>" bug workaround is turned on.
By default, the workaround is turned off for mail that is queued for
less than 500 seconds. In other words, the workaround is normally
turned off for the first delivery attempt.
Specify 0 to enable the PIX firewall "<CR><LF>.<CR><LF>" bug workaround
upon the first delivery attempt.
smtp_quit_timeout (default: 300s)
The SMTP client time limit for sending the QUIT command, and for
receiving the server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
smtp_quote_rfc821_envelope (default: yes)
Quote addresses in SMTP MAIL FROM and RCPT TO commands as required by
RFC 821. This includes putting quotes around an address localpart that
ends in ".".
The default is to comply with RFC 821. If you have to send mail to a
broken SMTP server, configure a special SMTP client in master.cf:
/etc/postfix/master.cf:
broken-smtp . . . smtp -o smtp_quote_rfc821_envelope=no
and route mail for the destination in question to the "broken-smtp"
message delivery with a transport(5) table.
This feature is available in Postfix 2.1 and later.
smtp_randomize_addresses (default: yes)
Randomize the order of equal-preference MX host addresses. This is a
performance feature of the Postfix SMTP client.
smtp_rcpt_timeout (default: 300s)
The SMTP client time limit for sending the SMTP RCPT TO command, and
for receiving the server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
smtp_rset_timeout (default: 120s)
The SMTP client time limit for sending the RSET command, and for
receiving the server response.
This feature is available in Postfix 2.1 and later.
The Postfix SMTP client opens the lookup table before going to chroot
jail, so you can leave the password file in /etc/postfix.
smtp_sasl_security_options (default: noplaintext, noanonymous)
What authentication mechanisms the Postfix SMTP client is allowed to
use. The list of available authentication mechanisms is system depen-
dent.
Specify zero or more of the following:
noplaintext
Disallow methods that use plaintext passwords.
noactive
Disallow methods subject to active (non-dictionary) attack.
nodictionary
Disallow methods subject to passive (dictionary) attack.
noanonymous
Disallow methods that allow anonymous authentication.
mutual_auth
Only allow methods that provide mutual authentication (not
available with SASL version 1).
Example:
smtp_sasl_security_options = noplaintext
smtp_send_xforward_command (default: no)
Send the non-standard XFORWARD command when the Postfix SMTP server
EHLO response announces XFORWARD support.
This allows an "smtp" delivery agent, used for injecting mail into a
content filter, to forward the name, address, protocol and HELO name of
the original client to the content filter and downstream queuing SMTP
server. This can produce more useful logging than localhost[127.0.0.1]
etc.
This feature is available in Postfix 2.1 and later.
smtp_skip_4xx_greeting (default: yes)
Skip SMTP servers that greet with a 4XX status code (go away, try again
later).
By default, Postfix moves on the next mail exchanger. Specify
"smtp_skip_4xx_greeting = no" if Postfix should defer delivery immedi-
ately.
This feature is available in Postfix version 2.0 and earlier. Later
Postfix versions always skip SMTP servers that greet with a 4XX status
smtp_xforward_timeout (default: 300s)
The SMTP client time limit for sending the XFORWARD command, and for
receiving the server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
This feature is available in Postfix 2.1 and later.
smtpd_authorized_verp_clients (default: $authorized_verp_clients)
What SMTP clients are allowed to specify the XVERP command. This com-
mand requests that mail be delivered one recipient at a time with a per
recipient return address.
By default, no clients are allowed to specify XVERP.
This parameter was renamed with Postfix 2.1. The default value is back-
wards compatible with Postfix 2.0.
Specify a list of network/netmask patterns, separated by commas and/or
whitespace. The mask specifies the number of bits in the network part
of a host address. You can also specify hostnames or below it),
"/file/name" or "type:table" patterns. A "/file/name" pattern is
replaced by its contents; a "type:table" lookup table is matched when a
table entry matches a lookup string (the lookup result is ignored).
Continue long lines by starting the next line with whitespace.
smtpd_authorized_xclient_hosts (default: empty)
What SMTP clients are allowed to use the XCLIENT feature. This command
overrides SMTP client information that is used for access control. Typ-
ical use is for SMTP-based content filters, fetchmail-like programs, or
SMTP server access rule testing. See the XCLIENT_README document for
details.
This feature is available in Postfix 2.1 and later.
By default, no clients are allowed to specify XCLIENT.
Specify a list of network/netmask patterns, separated by commas and/or
whitespace. The mask specifies the number of bits in the network part
of a host address. You can also specify hostnames or below it),
"/file/name" or "type:table" patterns. A "/file/name" pattern is
replaced by its contents; a "type:table" lookup table is matched when a
table entry matches a lookup string (the lookup result is ignored).
Continue long lines by starting the next line with whitespace.
smtpd_authorized_xforward_hosts (default: empty)
What SMTP clients are allowed to use the XFORWARD feature. This com-
mand forwards information that is used to improve logging after SMTP-
based content filters. See the XFORWARD_README document for details.
This feature is available in Postfix 2.1 and later.
fix shows no version.
You MUST specify $myhostname at the start of the text. This is required
by the SMTP protocol.
Example:
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_connection_count_limit (default: 50)
How many simultaneous connections any SMTP client is allowed to make to
the SMTP service. By default, the limit is set it to half the default
process limit value.
To disable this feature, specify a limit of 0.
WARNING: The purpose of this feature is to limit abuse. It must not be
used to regulate legitimate mail traffic.
This feature is not part of the stable Postfix 2.1 release.
smtpd_client_connection_limit_exceptions (default: $mynetworks)
Clients that are excluded from connection count or connection rate
restrictions.
By default, clients in trusted networks are excluded. Specify a list of
network blocks, hostnames or .domain names (the initial dot causes the
domain to match any name below it).
This feature is not part of the stable Postfix 2.1 release.
smtpd_client_connection_rate_limit (default: 0)
The maximal number of connection attempts any client is allowed to make
to this service per time unit. The time unit is specified with the
anvil_rate_time_unit configuration parameter, and defaults to one
minute.
By default, a client can make as many connections per time unit as
Postfix can accept.
To disable this feature, specify a limit of 0.
WARNING: The purpose of this feature is to limit abuse. It must not be
used to regulate legitimate mail traffic.
This feature is not part of the stable Postfix 2.1 release.
Example:
smtpd_client_connection_rate_limit = 1000
smtpd_client_restrictions (default: empty)
Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by
stripping least significant octets. See the access(5) manual
page for details.
permit_mynetworks
Permit the request when the client IP address matches any net-
work listed in $mynetworks.
reject_rbl_client rbl_domain=d.d.d.d
Reject the request when the reversed client network address is
listed with the A record "d.d.d.d" under rbl_domain (Postfix
version 2.1 and later only). If no "=d.d.d.d" is specified,
reject the request when the reversed client network address is
listed with any A record under rbl_domain.
The maps_rbl_reject_code parameter specifies the response code
for rejected requests (default: 554), the default_rbl_reply
parameter specifies the default server reply, and the
rbl_reply_maps parameter specifies tables with server replies
indexed by rbl_domain. This feature is available in Postfix 2.0
and later.
reject_rhsbl_client rbl_domain=d.d.d.d
Reject the request when the client hostname is listed with the A
record "d.d.d.d" under rbl_domain (Postfix version 2.1 and later
only). If no "=d.d.d.d" is specified, reject the request when
the reversed client network address is listed with any A record
under rbl_domain. See the reject_rbl_client description above
for additional RBL related configuration parameters. This fea-
ture is available in Postfix 2.0 and later.
reject_unknown_client
Reject the request when the client IP address has no PTR
(address to name) record in the DNS, or when the PTR record does
not have a matching A (name to address) record.
The unknown_client_reject_code parameter specifies the response
code for rejected requests (default: 450). The reply is always
450 in case the hostname lookup failed due to a temporary prob-
lem.
In addition, you can use any of the following generic restrictions.
These restrictions are applicable in any SMTP command context.
check_policy_service servername
Query the specified policy server. See the SMTPD_POLICY_README
document for details. This feature is available in Postfix 2.1
and later.
defer Defer the request. The client is told to try again later. This
restriction is useful at the end of a restriction list, to make
the default policy explicit.
The defer_code parameter specifies the SMTP server reply code
permit Permit the request. This restriction is useful at the end of a
restriction list, to make the default policy explicit.
reject_multi_recipient_bounce
Reject the request when the envelope sender is the null address,
and the message has multiple envelope recipients. Although this
usage is technically allowed, it seems to have no legitimate
application.
The multi_recipient_bounce_reject_code parameter specifies the
response code for rejected requests (default: 550). This fea-
ture is available in Postfix 2.1 and later.
reject_unauth_pipelining
Reject the request when the client sends SMTP commands ahead of
time where it is not allowed, or when the client sends SMTP com-
mands ahead of time without knowing that Postfix actually sup-
ports SMTP command pipelining. This stops mail from bulk mail
software that improperly uses SMTP command pipelining in order
to speed up deliveries.
reject Reject the request. This restriction is useful at the end of a
restriction list, to make the default policy explicit. The
reject_code configuration parameter specifies the response code
to rejected requests (default: 554).
warn_if_reject
Change the meaning of the next restriction, so that it logs a
warning instead of rejecting a request (look for logfile records
that contain "reject_warning"). This is useful for testing new
restrictions in a "live" environment without risking unnecessary
loss of mail.
Other restrictions that are valid in this context:
o SMTP command specific restrictions that are described under the
smtpd_helo_restrictions, smtpd_sender_restrictions or
smtpd_recipient_restrictions parameters. When helo, sender or
recipient restrictions are listed under smtpd_client_restric-
tions, they have effect only with "smtpd_delay_reject = yes", so
that $smtpd_client_restrictions is evaluated at the time of the
RCPT TO command.
Example:
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
smtpd_data_restrictions (default: empty)
Optional access restrictions that the Postfix SMTP server applies in
the context of the SMTP DATA command.
This feature is available in Postfix 2.0 and later.
Examples:
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_multi_recipient_bounce
smtpd_delay_reject (default: yes)
Wait until the RCPT TO command before evaluating $smtpd_client_restric-
tions, $smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait
until the ETRN command before evaluating $smtpd_client_restrictions and
$smtpd_helo_restrictions.
This feature is turned on by default because some clients apparently
mis-behave when the Postfix SMTP server rejects commands before RCPT
TO.
The default setting has one major benefit: it allows Postfix to log
recipient address information when rejecting a client name/address or
sender address, so that it is possible to find out whose mail is being
rejected.
smtpd_error_sleep_time (default: 1s)
With Postfix 2.1 and later: the SMTP server response delay after a
client has made more than $smtpd_soft_error_limit errors, and fewer
than $smtpd_hard_error_limit errors, without delivering mail.
With Postfix 2.0 and earlier: the SMTP server delay before sending a
reject (4xx or 5xx) response, when the client has made fewer than
$smtpd_soft_error_limit errors without delivering mail.
smtpd_etrn_restrictions (default: empty)
Optional SMTP server access restrictions in the context of a client
ETRN request.
The Postfix ETRN implementation accepts only destinations that are eli-
gible for the Postfix "fast flush" service. See the ETRN_README file
for details.
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first restric-
tion that matches wins.
The following restrictions are specific to the domain name information
received with the ETRN command.
check_etrn_access type:table
Search the specified access database for the ETRN domain name or
its parent domains. See the access(5) manual page for details.
Other restrictions that are valid in this context:
o Generic restrictions that can be used in any SMTP command con-
This parameter is not subjected to $parameter expansion.
This feature is available in Postfix 2.0 and later.
smtpd_hard_error_limit (default: 20)
The maximal number of errors a remote SMTP client is allowed to make
without delivering mail. The Postfix SMTP server disconnects when the
limit is exceeded.
smtpd_helo_required (default: no)
Require that a remote SMTP client introduces itself at the beginning of
an SMTP session with the HELO or EHLO command.
Example:
smtpd_helo_required = yes
smtpd_helo_restrictions (default: empty)
Optional restrictions that the Postfix SMTP server applies in the con-
text of the SMTP HELO command.
The default is to permit everything.
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first restric-
tion that matches wins.
The following restrictions are specific to the hostname information
received with the HELO or EHLO command.
check_helo_access type:table
Search the specified access(5) database for the HELO or EHLO
hostname or parent domains, and execute the corresponding
action.
check_helo_mx_access type:table
Search the specified access(5) database for the MX hosts for the
HELO or EHLO hostname, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from
blacklists. This feature is available in Postfix 2.1 and later.
check_helo_ns_access type:table
Search the specified access(5) database for the DNS servers for
the HELO or EHLO hostname, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from
blacklists. This feature is available in Postfix 2.1 and later.
reject_invalid_hostname
Reject the request when the HELO or EHLO hostname syntax is
rejected requests (default: 450).
Other restrictions that are valid in this context:
o Generic restrictions that can be used in any SMTP command con-
text, described under smtpd_client_restrictions.
o Client hostname or network address specific restrictions
described under smtpd_client_restrictions.
o SMTP command specific restrictions described under
smtpd_sender_restrictions or smtpd_recipient_restrictions. When
sender or recipient restrictions are listed under
smtpd_helo_restrictions, they have effect only with
"smtpd_delay_reject = yes", so that $smtpd_helo_restrictions is
evaluated at the time of the RCPT TO command.
Examples:
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname
smtpd_history_flush_threshold (default: 100)
The maximal number of lines in the Postfix SMTP server command history
before it is flushed upon receipt of EHLO, RSET, or end of DATA.
smtpd_junk_command_limit (default: 100)
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
SMTP client can send before the Postfix SMTP server starts to increment
the error counter with each junk command. The junk command count is
reset after mail is delivered. See also the smtpd_error_sleep_time and
smtpd_soft_error_limit configuration parameters.
smtpd_noop_commands (default: empty)
List of commands that the Postfix SMTP server replies to with "250 Ok",
without doing any syntax checks and without changing state. This list
overrides any commands built into the Postfix SMTP server.
smtpd_null_access_lookup_key (default: <>)
The lookup key to be used in SMTP access(5) tables instead of the null
sender address.
smtpd_policy_service_max_idle (default: 300s)
The time after which an idle SMTPD policy service connection is closed.
This feature is available in Postfix 2.1 and later.
smtpd_policy_service_max_ttl (default: 1000s)
The time after which an active SMTPD policy service connection is
closed.
This feature is available in Postfix 2.1 and later.
The hostname and TCP port of the mail filtering proxy server. The
proxy receives all mail from the Postfix SMTP server, and is supposed
to give the result to another Postfix SMTP server process.
Specify host:port. The host can be specified as an IP address or as a
symbolic name; no MX lookups are done. When no host or host: are spec-
ified, the local machine is assumed.
This feature is available in Postfix 2.1 and later.
smtpd_proxy_timeout (default: 100s)
The time limit for connecting to a proxy filter and for sending or
receiving information. When a connection fails the client gets a
generic error message while more detailed information is logged to the
maillog file.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
This feature is available in Postfix 2.1 and later.
smtpd_recipient_limit (default: 1000)
The maximal number of recipients that the Postfix SMTP server accepts
per message delivery request.
smtpd_recipient_overshoot_limit (default: 1000)
The number of recipients that a remote SMTP client can send in excess
of the limit specified with $smtpd_recipient_limit, before the Postfix
SMTP server increments the per-session error count for each excess
recipient.
smtpd_recipient_restrictions (default: permit_mynetworks, reject_unauth_desti-
nation)
The access restrictions that the Postfix SMTP server applies in the
context of the RCPT TO command.
By default, the Postfix SMTP server accepts:
o Mail from clients whose IP address matches $mynetworks, or:
o Mail to remote destinations that match $relay_domains, except
for addresses that contain sender-specified routing (user@else-
where@domain), or:
o Mail to local destinations that match $inet_interfaces or
$proxy_interfaces, $mydestination, $virtual_alias_domains, or
$virtual_mailbox_domains.
IMPORTANT: If you change this parameter setting, you must specify at
least one of the following restrictions. Otherwise Postfix will refuse
to receive mail:
check_recipient_mx_access type:table
Search the specified access(5) database for the MX hosts for the
RCPT TO address, and execute the corresponding action. Note: a
result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later.
check_recipient_ns_access type:table
Search the specified access(5) database for the DNS servers for
the RCPT TO address, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from
blacklists. This feature is available in Postfix 2.1 and later.
permit_auth_destination
Permit the request when one of the following is true:
o Postfix is mail forwarder: the resolved RCPT TO address matches
$relay_domains or a subdomain thereof, and the address contains
no sender-specified routing (user@elsewhere@domain),
o Postfix is the final destination: the resolved RCPT TO address
matches $mydestination, $inet_interfaces, $proxy_interfaces,
$virtual_alias_domains, or $virtual_mailbox_domains, and the
address contains no sender-specified routing (user@else-
where@domain).
permit_mx_backup
Permit the request when the local mail system is MX host for the
RCPT TO address. This includes the case that the local mail sys-
tem is the final destination. However, the SMTP server will not
forward mail with addresses that have sender-specified routing
information (example: user@elsewhere@domain). Use the optional
permit_mx_backup_networks parameter to require that the primary
MX hosts match a list of network blocks.
NOTE: prior to Postfix version 2.0, use of permit_mx_backup is
not recommended; mail may be rejected in case of a temporary DNS
lookup problem.
reject_non_fqdn_recipient
Reject the request when the RCPT TO address is not in fully-
qualified domain form, as required by the RFC.
The non_fqdn_reject_code parameter specifies the response code
to rejected requests (default: 504).
reject_rhsbl_recipient rbl_domain=d.d.d.d
Reject the request when the RCPT TO domain is listed with the A
record "d.d.d.d" under rbl_domain (Postfix version 2.1 and later
only). If no "=d.d.d.d" is specified, reject the request when
the reversed client network address is listed with any A record
under rbl_domain.
o Postfix is the final destination: the resolved RCPT TO address
matches $mydestination, $inet_interfaces, $proxy_interfaces,
$virtual_alias_domains, or $virtual_mailbox_domains, and con-
tains no sender-specified routing (user@elsewhere@domain).
The relay_domains_reject_code parameter specifies the response
code for rejected requests (default: 554).
reject_unknown_recipient_domain
Reject the request when the RCPT TO address has no DNS A or MX
record and Postfix is not final destination for the recipient
address.
The unknown_address_reject_code parameter specifies the response
code for rejected requests (default: 450). The response is
always 450 in case of a temporary DNS error.
reject_unlisted_recipient (Postfix 2.0 name: check_recipient_maps)
Reject the request when the RCPT TO address is not listed in the
list of valid recipients for its domain class. See the
smtpd_reject_unlisted_recipient parameter description for
details. This feature is available in Postfix 2.1 and later.
reject_unverified_recipient
Reject the request when mail to the RCPT TO address is known to
bounce, or when the recipient address destination is not reach-
able. Address verification information is managed by the ver-
ify(8) server; see the ADDRESS_VERIFICATION_README file for
details.
The unverified_recipient_reject_code parameter specifies the
response when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do
so). Postfix replies with 450 when an address probe failed due
to a temporary problem. This feature is available in Postfix
2.1 and later.
Other restrictions that are valid in this context:
o Generic restrictions that can be used in any SMTP command con-
text, described under smtpd_client_restrictions.
o SMTP command specific restrictions described under
smtpd_client_restrictions, smtpd_helo_restrictions and
smtpd_sender_restrictions.
Example:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient (default: yes)
Request that the Postfix SMTP server rejects mail for unknown recipient
addresses, even when no explicit reject_unlisted_recipient access
restriction is specified. This prevents the Postfix queue from filling
up with undeliverable MAILER-DAEMON messages.
is not null.
This feature is available in Postfix 2.1 and later.
smtpd_reject_unlisted_sender (default: no)
Request that the Postfix SMTP server rejects mail from unknown sender
addresses, even when no explicit reject_unlisted_sender access restric-
tion is specified. This can slow down an explosion of forged mail from
worms or viruses.
o The sender domain matches $mydestination, $inet_interfaces or
$proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
o The sender domain matches $virtual_alias_domains but the recipi-
ent is not listed in $virtual_alias_maps.
o The sender domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $vir-
tual_mailbox_maps is not null.
o The sender domain matches $relay_domains but the recipient is
not listed in $relay_recipient_maps, and $relay_recipient_maps
is not null.
This feature is available in Postfix 2.1 and later.
smtpd_restriction_classes (default: empty)
User-defined aliases for groups of access restrictions. The aliases can
be specified in smtpd_recipient_restrictions etc., and on the right-
hand side of a Postfix access(5) table.
One major application is for implementing per-recipient UCE control.
See the RESTRICTION_CLASS_README document for other examples.
smtpd_sasl_application_name (default: smtpd)
The application name used for SASL server initialization. This controls
the name of the SASL configuration file. The default value is smtpd,
corresponding to a SASL configuration file named smtpd.conf.
This feature is available in Postfix 2.1 and later.
smtpd_sasl_auth_enable (default: no)
Enable SASL authentication in the Postfix SMTP server. By default, the
Postfix SMTP server does not use authentication.
If a remote SMTP client is authenticated, the permit_sasl_authenticated
access restriction can be used to permit relay access, like this:
smtpd_recipient_restrictions =
permit_mynetworks, permit_sasl_authenticated, ...
Specify a list of network/netmask patterns, separated by commas and/or
whitespace. The mask specifies the number of bits in the network part
of a host address. You can also "/file/name" or "type:table" patterns.
A "/file/name" pattern is replaced by its contents; a "type:table"
lookup table is matched when a table entry matches a lookup string (the
lookup result is ignored). Continue long lines by starting the next
line with whitespace.
Example:
smtpd_sasl_exceptions_networks = $mynetworks
This feature is available in Postfix 2.1 and later.
smtpd_sasl_local_domain (default: empty)
The name of the local SASL authentication realm.
By default, the local authentication realm name is the null string.
Examples:
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options (default: noanonymous)
Restrict what authentication mechanisms the Postfix SMTP server will
offer to the client. The list of available authentication mechanisms
is system dependent.
Specify zero or more of the following:
noplaintext
Disallow methods that use plaintext passwords.
noactive
Disallow methods subject to active (non-dictionary) attack.
nodictionary
Disallow methods subject to passive (dictionary) attack.
noanonymous
Disallow methods that allow anonymous authentication.
mutual_auth
Only allow methods that provide mutual authentication (not
available with SASL version 1).
By default, the Postfix SMTP server accepts plaintext passwords but not
anonymous logins.
Warning: it appears that clients try authentication methods in the
Specify zero or more "type:table" lookup tables. With lookups from
indexed files such as DB or DBM, or from networked tables such as NIS,
LDAP or SQL, the following search operations are done with a sender
address of user@domain:
1) user@domain
This table lookup is always done and has the highest precedence.
2) user
This table lookup is done only when the domain part of the
sender address matches $myorigin, $mydestination, $inet_inter-
faces or $proxy_interfaces.
3) @domain
This table lookup is done last and has the lowest precedence.
In all cases the result of table lookup must be either "not found" or a
list of SASL login names separated by comma and/or whitespace.
smtpd_sender_restrictions (default: empty)
Optional restrictions that the Postfix SMTP server applies in the con-
text of the MAIL FROM command.
The default is to permit everything.
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first restric-
tion that matches wins.
The following restrictions are specific to the sender address received
with the MAIL FROM command.
check_sender_access type:table
Search the specified access(5) database for the MAIL FROM
address, domain, parent domains, or localpart@, and execute the
corresponding action.
check_sender_mx_access type:table
Search the specified access(5) database for the MX hosts for the
MAIL FROM address, and execute the corresponding action. Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later.
check_sender_ns_access type:table
Search the specified access(5) database for the DNS servers for
the MAIL FROM address, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from
blacklists. This feature is available in Postfix 2.1 and later.
later only). If no "=d.d.d.d" is specified, reject the request
when the reversed client network address is listed with any A
record under rbl_domain.
The maps_rbl_reject_code parameter specifies the response code
for rejected requests (default: 554); the default_rbl_reply
parameter specifies the default server reply; and the
rbl_reply_maps parameter specifies tables with server replies
indexed by rbl_domain. This feature is available in Postfix 2.0
and later.
reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an
owner for the MAIL FROM address, but the client is not (SASL)
logged in as that MAIL FROM address owner; or when the client is
(SASL) logged in, but the client login name doesn't own the MAIL
FROM address according to $smtpd_sender_login_maps.
reject_unauthenticated_sender_login_mismatch
Enforces the reject_sender_login_mismatch restriction for unau-
thenticated clients only. This feature is available in Postfix
version 2.1 and later.
reject_unknown_sender_domain
Reject the request when the MAIL FROM address has no DNS A or MX
record and Postfix is not final destination for the sender
address.
The unknown_address_reject_code parameter specifies the response
code for rejected requests (default: 450). The response is
always 450 in case of a temporary DNS error.
reject_unlisted_sender
Reject the request when the MAIL FROM address is not listed in
the list of valid recipients for its domain class. See the
smtpd_reject_unlisted_sender parameter description for details.
This feature is available in Postfix 2.1 and later.
reject_unverified_sender
Reject the request when mail to the MAIL FROM address is known
to bounce, or when the sender address destination is not reach-
able. Address verification information is managed by the ver-
ify(8) server; see the ADDRESS_VERIFICATION_README file for
details.
The unverified_sender_reject_code parameter specifies the
response when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do
so). Postfix replies with 450 when an address probe failed due
to a temporary problem. This feature is available in Postfix
2.1 and later.
Other restrictions that are valid in this context:
o Generic restrictions that can be used in any SMTP command con-
smtpd_sender_restrictions = reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/access
smtpd_soft_error_limit (default: 10)
The number of errors a remote SMTP client is allowed to make without
delivering mail before the Postfix SMTP server slows down all its
responses.
o With Postfix version 2.1 and later, the Postfix SMTP server
delays all responses by $smtpd_error_sleep_time seconds.
o With Postfix versions 2.0 and earlier, the Postfix SMTP server
delays all responses by (number of errors) seconds.
smtpd_timeout (default: 300s)
The time limit for sending a Postfix SMTP server response and for
receiving a remote SMTP client request.
Note: if you set SMTP time limits to very large values you may have to
update the global ipc_timeout parameter.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
soft_bounce (default: no)
Safety net to keep mail queued that would otherwise be returned to the
sender. This parameter disables locally-generated bounces, and pre-
vents the Postfix SMTP server from rejecting mail permanently, by
changing 5xx reply codes into 4xx. However, soft_bounce is no cure for
address rewriting mistakes or mail routing mistakes.
Example:
soft_bounce = yes
stale_lock_time (default: 500s)
The time after which a stale exclusive mailbox lockfile is removed.
This is used for delivery to file or mailbox.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
strict_7bit_headers (default: no)
Reject mail with 8-bit text in message headers. This blocks mail from
poorly written applications.
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
This feature is available in Postfix 2.0 and later.
strict_8bitmime (default: no)
bounces from qmail or from old versions of Postfix).
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
This feature is available in Postfix 2.0 and later.
strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information for the
message/* or multipart/* MIME content types. This blocks mail from
poorly written software.
This feature should not be enabled on a general purpose mail server,
because it will reject mail after a single violation.
This feature is available in Postfix 2.0 and later.
strict_rfc821_envelopes (default: no)
Require that addresses received in SMTP MAIL FROM and RCPT TO commands
are enclosed with <>, and that those addresses do not contain RFC 822
style comments or phrases. This stops mail from poorly written soft-
ware.
By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL FROM
and RCPT TO addresses.
sun_mailtool_compatibility (default: no)
Obsolete SUN mailtool compatibility feature. Instead, use "mail-
box_delivery_lock = dotlock".
swap_bangpath (default: yes)
Enable the rewriting of "site!user" into "user@site". This is neces-
sary if your machine is connected to UUCP networks. It is enabled by
default.
Example:
swap_bangpath = no
syslog_facility (default: mail)
The syslog facility of Postfix logging. Specify a facility as defined
in syslog.conf(5). The default facility is "mail".
Warning: a non-default syslog_facility setting takes effect only after
a Postfix process has completed initialization. Errors during process
initialization will be logged with the default facility. Examples are
errors while parsing the command line arguments, and errors while
accessing the Postfix main.cf configuration file.
syslog_name (default: postfix)
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
transport_maps (default: empty)
Optional lookup tables with mappings from recipient address to (message
delivery transport, next-hop destination). See transport(5) for
details.
Specify zero or more "type:table" lookup tables. If you use this fea-
ture with local files, run "postmap /etc/postfix/transport" after mak-
ing a change.
Examples:
transport_maps = dbm:/etc/postfix/transport
transport_maps = hash:/etc/postfix/transport
transport_retry_time (default: 60s)
The time between attempts by the Postfix queue manager to contact a
malfunctioning message delivery transport.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
trigger_timeout (default: 10s)
The time limit for sending a trigger to a Postfix daemon (for example,
the pickup(8) or qmgr(8) daemon). This time limit prevents programs
from getting stuck when the mail system is under heavy load.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
undisclosed_recipients_header (default: To: undisclosed-recipients:;)
Message header that the Postfix cleanup(8) server inserts when a mes-
sage contains no To: or Cc: message header.
unknown_address_reject_code (default: 450)
The numerical Postfix SMTP server response code when a sender or recip-
ient address is rejected by the reject_unknown_sender_domain or
reject_unknown_recipient_domain restriction.
Do not change this unless you have a complete understanding of RFC 821.
unknown_client_reject_code (default: 450)
The numerical Postfix SMTP server response code when a client without
valid address <=> name mapping is rejected by the reject_unknown_client
restriction. The SMTP server always replies with 450 when the mapping
failed due to a temporary error condition.
Do not change this unless you have a complete understanding of RFC 821.
unknown_hostname_reject_code (default: 450)
The numerical Postfix SMTP server response code when the hostname spec-
ified with the HELO or EHLO command is rejected by the
reject_unknown_hostname restriction.
Example:
unknown_local_recipient_reject_code = 450
This feature is available in Postfix 2.0 and later.
unknown_relay_recipient_reject_code (default: 550)
The numerical Postfix SMTP server reply code when a recipient address
matches $relay_domains, and relay_recipient_maps specifies a list of
lookup tables that does not match the recipient address.
This feature is available in Postfix 2.0 and later.
unknown_virtual_alias_reject_code (default: 550)
The SMTP server reply code when a recipient address matches $vir-
tual_alias_domains, and $virtual_alias_maps specifies a list of lookup
tables that does not match the recipient address.
This feature is available in Postfix 2.0 and later.
unknown_virtual_mailbox_reject_code (default: 550)
The SMTP server reply code when a recipient address matches $vir-
tual_mailbox_domains, and $virtual_mailbox_maps specifies a list of
lookup tables that does not match the recipient address.
This feature is available in Postfix 2.0 and later.
unverified_recipient_reject_code (default: 450)
The numerical Postfix SMTP server response when a recipient address is
rejected by the reject_unverified_recipient restriction.
Unlike elsewhere in Postfix, you can specify 250 in order to accept the
address anyway.
Do not change this unless you have a complete understanding of RFC 821.
This feature is available in Postfix 2.1 and later.
unverified_sender_reject_code (default: 450)
The numerical Postfix SMTP server response code when a recipient
address is rejected by the reject_unverified_sender restriction.
Unlike elsewhere in Postfix, you can specify 250 in order to accept the
address anyway.
Do not change this unless you have a complete understanding of RFC 821.
This feature is available in Postfix 2.1 and later.
verp_delimiter_filter (default: -=+)
The characters Postfix accepts as VERP delimiter characters on the
Postfix sendmail(1) command line and in SMTP commands.
information about virtual alias domains in one place. If you have many
users, it is better to separate information that changes more fre-
quently (virtual address -> local or remote address mapping) from
information that changes less frequently (the list of virtual domain
names).
Specify a list of host or domain names, "/file/name" or "type:table"
patterns, separated by commas and/or whitespace. A "/file/name" pattern
is replaced by its contents; a "type:table" lookup table is matched
when a table entry matches a lookup string (the lookup result is
ignored). Continue long lines by starting the next line with white-
space.
See also the VIRTUAL_README and ADDRESS_CLASS_README documents for fur-
ther information.
Example:
virtual_alias_domains = virtual1.tld virtual2.tld
virtual_alias_expansion_limit (default: 1000)
The maximal number of addresses that virtual alias expansion produces
from each original recipient.
This feature is available in Postfix 2.1 and later.
virtual_alias_maps (default: $virtual_maps)
Optional lookup tables that alias specific mail addresses or domains to
other local or remote address. The table format and lookups are docu-
mented in virtual(5).
This feature is available in Postfix 2.0 and later. The default value
is backwards compatible with Postfix 1.1.
If you use this feature with indexed files, run "postmap /etc/post-
fix/virtual" after changing the file.
Examples:
virtual_alias_maps = dbm:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_recursion_limit (default: 1000)
The maximal nesting depth of virtual alias expansion. Currently the
recursion limit is applied only to the left branch of the expansion
graph, so the depth of the tree can in the worst case reach the sum of
the expansion and recursion limits. This may change in the future.
This feature is available in Postfix 2.1 and later.
virtual_destination_concurrency_limit (default: $default_destination_concur-
rency_limit)
concurrency per recipient.
virtual_gid_maps (default: empty)
Lookup tables with the per-recipient group ID for virtual(8) mailbox
delivery.
In a lookup table, specify a left-hand side of "@domain.tld" to match
any user in the specified domain that does not have a specific
"user@domain.tld" entry.
When a recipient address has an optional address extension
(user+foo@domain.tld), the virtual(8) delivery agent looks up the full
address first, and when the lookup fails, it looks up the unextended
address (user@domain.tld).
Note 1: for security reasons, the virtual(8) delivery agent disallows
regular expression substitution of $1 etc. in regular expression lookup
tables, because that would open a security hole.
Note 2: for security reasons, the virtual(8) delivery agent does not
allow table lookup through the proxymap(8) service, because that would
open a security hole.
virtual_mailbox_base (default: empty)
A prefix that the virtual(8) delivery agent prepends to all pathname
results from $virtual_mailbox_maps table lookups. This is a safety
measure to ensure that an out of control map doesn't litter the file
system with mailboxes. While virtual_mailbox_base could be set to "/",
this setting isn't recommended.
Example:
virtual_mailbox_base = /var/mail
virtual_mailbox_domains (default: $virtual_mailbox_maps)
The list of domains that are delivered via the $virtual_transport mail
delivery transport. By default this is the Postfix virtual(8) delivery
agent. The SMTP server validates recipient addresses with $vir-
tual_mailbox_maps and rejects mail for non-existent recipients. See
also the virtual mailbox domain class in the ADDRESS_CLASS_README file.
This parameter expects the same syntax as the mydestination configura-
tion parameter.
This feature is available in Postfix 2.0 and later. The default value
is backwards compatible with Postfix 1.1.
virtual_mailbox_limit (default: 51200000)
The maximal size in bytes of an individual mailbox or maildir file, or
zero (no limit).
virtual_mailbox_lock (default: see postconf -d output)
match $virtual_mailbox_domains.
In a lookup table, specify a left-hand side of "@domain.tld" to match
any user in the specified domain that does not have a specific
"user@domain.tld" entry.
The virtual(8) delivery agent uses this table to look up the per-recip-
ient mailbox or maildir pathname. If the lookup result ends in a slash
("/"), maildir-style delivery is carried out, otherwise the path is
assumed to specify a UNIX-style mailbox file. Note that $virtual_mail-
box_base is unconditionally prepended to this path.
When a recipient address has an optional address extension
(user+foo@domain.tld), the virtual(8) delivery agent looks up the full
address first, and when the lookup fails, it looks up the unextended
address (user@domain.tld).
Note 1: for security reasons, the virtual(8) delivery agent disallows
regular expression substitution of $1 etc. in regular expression lookup
tables, because that would open a security hole.
Note 2: for security reasons, the virtual(8) delivery agent disallows
table lookup through the proxymap(8) server, because that would open a
security hole.
virtual_maps (default: empty)
Optional lookup tables with a) names of domains for which all addresses
are aliased to addresses in other local or remote domains, and b)
addresses that are aliased to addresses in other local or remote
domains. Available before Postfix version 2.0. With Postfix 2.1 and
later, this is replaced by separate controls: virtual_alias_domains and
virtual_alias_maps.
virtual_minimum_uid (default: 100)
The minimum user ID value that the virtual(8) delivery agent accepts as
a result from $virtual_uid_maps table lookup. Returned values less
than this will be rejected, and the message will be deferred.
virtual_transport (default: virtual)
The default mail delivery transport for domains that match the $vir-
tual_mailbox_domains parameter value. This information can be overruled
with the transport(5) table.
Specify a string of the form transport:nexthop, where transport is the
name of a mail delivery transport defined in master.cf. The :nexthop
part is optional. For more details see the transport(5) manual page.
This feature is available in Postfix 2.0 and later.
virtual_uid_maps (default: empty)
Lookup tables with the per-recipient user ID that the virtual(8) deliv-
ery agent uses while writing to the recipient's mailbox.
Note 2: for security reasons, the virtual(8) delivery agent does not
allow table lookup through the proxymap(8) service, because that would
open a security hole.
SEE ALSO
postconf(1) postfix configuration maintenance
LICENSE
The Secure Mailer license must be distributed with this software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
POSTCONF(5)
Man(1) output converted with
man2html