Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
POSTSCREEN(8)		    System Manager's Manual		 POSTSCREEN(8)

NAME
       postscreen - Postfix zombie blocker

SYNOPSIS
       postscreen [generic Postfix daemon options]

DESCRIPTION
       The Postfix postscreen(8) server	provides additional protection against
       mail server overload. One postscreen(8) process	handles	 multiple  in-
       bound SMTP connections, and decides which clients may talk to a Postfix
       SMTP server process.  By	keeping	spambots  away,	 postscreen(8)	leaves
       more SMTP server	processes available for	legitimate clients, and	delays
       the onset of server overload conditions.

       This program should not be used on SMTP ports that  receive  mail  from
       end-user	clients	(MUAs).	In a typical deployment, postscreen(8) handles
       the MX service on TCP port 25, and smtpd(8) receives mail from MUAs  on
       the submission service (TCP port	587) which requires client authentica-
       tion.  Alternatively, a site could set up a dedicated,  non-postscreen,
       "port  25" server that provides submission service and client authenti-
       cation, but no MX service.

       postscreen(8) maintains a temporary whitelist  for  clients  that  have
       passed  a  number  of  tests.   When  an	 SMTP  client  IP  address  is
       whitelisted, postscreen(8) hands	off the	connection  immediately	 to  a
       Postfix SMTP server process. This minimizes the overhead	for legitimate
       mail.

       By default, postscreen(8) logs statistics and hands off each connection
       to a Postfix SMTP server	process, while excluding clients in mynetworks
       from all	tests (primarily, to avoid problems with non-standard SMTP im-
       plementations  in  network  appliances).	  This	default	mode blocks no
       clients,	and is useful for non-destructive testing.

       In a typical production setting,	postscreen(8) is configured to	reject
       mail  from  clients that	fail one or more tests.	postscreen(8) logs re-
       jected mail with	the client address, helo, sender and recipient	infor-
       mation.

       postscreen(8)  is  not an SMTP proxy; this is intentional.  The purpose
       is to keep spambots away	from Postfix SMTP server processes, while min-
       imizing overhead	for legitimate traffic.

SECURITY
       The postscreen(8) server	is moderately security-sensitive.  It talks to
       untrusted clients on the	network. The process can be  run  chrooted  at
       fixed low privilege.

STANDARDS
       RFC 821 (SMTP protocol)
       RFC 1123	(Host requirements)
       RFC 1652	(8bit-MIME transport)
       RFC 1869	(SMTP service extensions)
       RFC 1870	(Message Size Declaration)
       RFC 1985	(ETRN command)
       RFC 2034	(SMTP Enhanced Status Codes)
       RFC 2821	(SMTP protocol)
       Not: RFC	2920 (SMTP Pipelining)
       RFC 3030	(CHUNKING without BINARYMIME)
       RFC 3207	(STARTTLS command)
       RFC 3461	(SMTP DSN Extension)
       RFC 3463	(Enhanced Status Codes)
       RFC 5321	(SMTP protocol,	including multi-line 220 banners)

DIAGNOSTICS
       Problems	and transactions are logged to syslogd(8) or postlogd(8).

BUGS
       The  postscreen(8) built-in SMTP	protocol engine	currently does not an-
       nounce support for AUTH,	XCLIENT	or XFORWARD.   If  you	need  to  make
       these  services	available  on port 25, then do not enable the optional
       "after 220 server greeting" tests.

       The optional "after 220 server greeting"	tests may result in unexpected
       delivery	delays from senders that retry email delivery from a different
       IP address.  Reason: after passing these	tests a	new client  must  dis-
       connect,	 and  reconnect	from the same IP address before	it can deliver
       mail. See POSTSCREEN_README, section "Tests after the 220  SMTP	server
       greeting", for a	discussion.

CONFIGURATION PARAMETERS
       Changes	to  main.cf  are not picked up automatically, as postscreen(8)
       processes may run for several hours.  Use the command "postfix  reload"
       after a configuration change.

       The  text  below	provides only a	parameter summary. See postconf(5) for
       more details including examples.

       NOTE: Some postscreen(8)	parameters implement  stress-dependent	behav-
       ior.   This  is	supported  only	 when  the  default parameter value is
       stress-dependent	(that is, it looks like	${stress?{X}:{Y}},  or	it  is
       the  $name  of  an  smtpd  parameter  with a stress-dependent default).
       Other parameters	always evaluate	as if the stress  parameter  value  is
       the empty string.

COMPATIBILITY CONTROLS
       postscreen_command_filter ($smtpd_command_filter)
	      A	mechanism to transform commands	from remote SMTP clients.

       postscreen_discard_ehlo_keyword_address_maps  ($smtpd_discard_ehlo_key-
       word_address_maps)
	      Lookup tables, indexed by	the remote SMTP	client	address,  with
	      case  insensitive	 lists of EHLO keywords	(pipelining, starttls,
	      auth, etc.) that the postscreen(8) server	will not send  in  the
	      EHLO response to a remote	SMTP client.

       postscreen_discard_ehlo_keywords	($smtpd_discard_ehlo_keywords)
	      A	 case insensitive list of EHLO keywords	(pipelining, starttls,
	      auth, etc.) that the postscreen(8) server	will not send  in  the
	      EHLO response to a remote	SMTP client.

       Available in Postfix version 3.1	and later:

       dns_ncache_ttl_fix_enable (no)
	      Enable a workaround for future libc incompatibility.

       Available in Postfix version 3.4	and later:

       postscreen_reject_footer_maps ($smtpd_reject_footer_maps)
	      Optional	lookup	table for information that is appended after a
	      4XX or 5XX postscreen(8) server response.

TROUBLE	SHOOTING CONTROLS
       postscreen_expansion_filter (see	'postconf -d' output)
	      List  of	characters  that  are  permitted   in	postscreen_re-
	      ject_footer attribute expansions.

       postscreen_reject_footer	($smtpd_reject_footer)
	      Optional	information  that  is  appended	 after	a  4XX	or 5XX
	      postscreen(8) server response.

       soft_bounce (no)
	      Safety net to keep mail queued that would	otherwise be  returned
	      to the sender.

BEFORE-POSTSCREEN PROXY	AGENT
       Available in Postfix version 2.10 and later:

       postscreen_upstream_proxy_protocol (empty)
	      The  name	 of  the  proxy	 protocol  used	 by  an	 optional  be-
	      fore-postscreen proxy agent.

       postscreen_upstream_proxy_timeout (5s)
	      The time	limit  for  the	 proxy	protocol  specified  with  the
	      postscreen_upstream_proxy_protocol parameter.

PERMANENT WHITE/BLACKLIST TEST
       This  test is executed immediately after	a remote SMTP client connects.
       If a client is permanently whitelisted, the client will be  handed  off
       immediately to a	Postfix	SMTP server process.

       postscreen_access_list (permit_mynetworks)
	      Permanent	white/blacklist	for remote SMTP	client IP addresses.

       postscreen_blacklist_action (ignore)
	      The action that postscreen(8) takes when a remote	SMTP client is
	      permanently blacklisted with the postscreen_access_list  parame-
	      ter.

MAIL EXCHANGER POLICY TESTS
       When  postscreen(8)  is configured to monitor all primary and backup MX
       addresses, it can refuse	to whitelist clients that connect to a	backup
       MX address only.	For small sites, this requires configuring primary and
       backup MX addresses on the same MTA. Larger sites would have  to	 share
       the  postscreen(8)  cache  between primary and backup MTAs, which would
       introduce a common point	of failure.

       postscreen_whitelist_interfaces (static:all)
	      A	list of	 local	postscreen(8)  server  IP  addresses  where  a
	      non-whitelisted  remote  SMTP  client can	obtain postscreen(8)'s
	      temporary	whitelist status.

BEFORE 220 GREETING TESTS
       These tests are executed	before the remote  SMTP	 client	 receives  the
       "220 servername"	greeting. If no	tests remain after the successful com-
       pletion of this phase, the client will be handed	off immediately	 to  a
       Postfix SMTP server process.

       dnsblog_service_name (dnsblog)
	      The name of the dnsblog(8) service entry in master.cf.

       postscreen_dnsbl_action (ignore)
	      The  action that postscreen(8) takes when	a remote SMTP client's
	      combined DNSBL score is equal to or greater than a threshold (as
	      defined	    with      the      postscreen_dnsbl_sites	   and
	      postscreen_dnsbl_threshold parameters).

       postscreen_dnsbl_reply_map (empty)
	      A	mapping	from actual DNSBL domain name which includes a	secret
	      password,	 to  the  DNSBL	domain name that postscreen will reply
	      with when	it rejects mail.

       postscreen_dnsbl_sites (empty)
	      Optional list of DNS white/blacklist domains, filters and	weight
	      factors.

       postscreen_dnsbl_threshold (1)
	      The  inclusive  lower  bound  for	blocking a remote SMTP client,
	      based  on	 its  combined	DNSBL  score  as  defined   with   the
	      postscreen_dnsbl_sites parameter.

       postscreen_greet_action (ignore)
	      The  action  that	 postscreen(8) takes when a remote SMTP	client
	      speaks before its	 turn  within  the  time  specified  with  the
	      postscreen_greet_wait parameter.

       postscreen_greet_banner ($smtpd_banner)
	      The  text	 in  the  optional  "220-text..." server response that
	      postscreen(8) sends ahead	of the real Postfix SMTP server's "220
	      text..."	response, in an	attempt	to confuse bad SMTP clients so
	      that they	speak before their turn	(pre-greet).

       postscreen_greet_wait (normal: 6s, overload: 2s)
	      The amount of time that postscreen(8)  will  wait	 for  an  SMTP
	      client  to send a	command	before its turn, and for DNS blocklist
	      lookup results to	arrive (default: up to 2 seconds under stress,
	      up to 6 seconds otherwise).

       smtpd_service_name (smtpd)
	      The  internal  service that postscreen(8)	hands off allowed con-
	      nections to.

       Available in Postfix version 2.11 and later:

       postscreen_dnsbl_whitelist_threshold (0)
	      Allow a remote SMTP client  to  skip  "before"  and  "after  220
	      greeting"	 protocol  tests, based	on its combined	DNSBL score as
	      defined with the postscreen_dnsbl_sites parameter.

       Available in Postfix version 3.0	and later:

       postscreen_dnsbl_timeout	(10s)
	      The time limit for DNSBL or DNSWL	lookups.

AFTER 220 GREETING TESTS
       These tests are executed	after the remote SMTP client receives the "220
       servername"  greeting.  If a client passes all tests during this	phase,
       it will receive a 4XX response to  all  RCPT  TO	 commands.  After  the
       client  reconnects,  it	will  be allowed to talk directly to a Postfix
       SMTP server process.

       postscreen_bare_newline_action (ignore)
	      The action that postscreen(8) takes when a  remote  SMTP	client
	      sends  a bare newline character, that is,	a newline not preceded
	      by carriage return.

       postscreen_bare_newline_enable (no)
	      Enable "bare newline" SMTP protocol tests	in  the	 postscreen(8)
	      server.

       postscreen_disable_vrfy_command ($disable_vrfy_command)
	      Disable the SMTP VRFY command in the postscreen(8) daemon.

       postscreen_forbidden_commands ($smtpd_forbidden_commands)
	      List of commands that the	postscreen(8) server considers in vio-
	      lation of	the SMTP protocol.

       postscreen_helo_required	($smtpd_helo_required)
	      Require that a remote SMTP client	sends HELO or EHLO before com-
	      mencing a	MAIL transaction.

       postscreen_non_smtp_command_action (drop)
	      The  action  that	 postscreen(8) takes when a remote SMTP	client
	      sends non-SMTP commands as specified with	the postscreen_forbid-
	      den_commands parameter.

       postscreen_non_smtp_command_enable (no)
	      Enable "non-SMTP command"	tests in the postscreen(8) server.

       postscreen_pipelining_action (enforce)
	      The  action  that	 postscreen(8) takes when a remote SMTP	client
	      sends multiple commands instead of sending one command and wait-
	      ing for the server to respond.

       postscreen_pipelining_enable (no)
	      Enable  "pipelining"  SMTP  protocol  tests in the postscreen(8)
	      server.

CACHE CONTROLS
       postscreen_cache_cleanup_interval (12h)
	      The amount of time between postscreen(8) cache cleanup runs.

       postscreen_cache_map (btree:$data_directory/postscreen_cache)
	      Persistent storage for the postscreen(8) server decisions.

       postscreen_cache_retention_time (7d)
	      The amount of time that postscreen(8) will cache an expired tem-
	      porary whitelist entry before it is removed.

       postscreen_bare_newline_ttl (30d)
	      The amount of time that postscreen(8) will use the result	from a
	      successful "bare newline"	SMTP protocol test.

       postscreen_dnsbl_max_ttl
       (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)
	      The  maximum  amount of time that	postscreen(8) will use the re-
	      sult from	a successful DNS-based reputation test before a	client
	      IP address is required to	pass that test again.

       postscreen_dnsbl_min_ttl	(60s)
	      The  minimum  amount of time that	postscreen(8) will use the re-
	      sult from	a successful DNS-based reputation test before a	client
	      IP address is required to	pass that test again.

       postscreen_greet_ttl (1d)
	      The amount of time that postscreen(8) will use the result	from a
	      successful PREGREET test.

       postscreen_non_smtp_command_ttl (30d)
	      The amount of time that postscreen(8) will use the result	from a
	      successful "non_smtp_command" SMTP protocol test.

       postscreen_pipelining_ttl (30d)
	      The amount of time that postscreen(8) will use the result	from a
	      successful "pipelining" SMTP protocol test.

RESOURCE CONTROLS
       line_length_limit (2048)
	      Upon input, long lines are chopped up into  pieces  of  at  most
	      this length; upon	delivery, long lines are reconstructed.

       postscreen_client_connection_count_limit		($smtpd_client_connec-
       tion_count_limit)
	      How many simultaneous connections	any remote SMTP	client is  al-
	      lowed to have with the postscreen(8) daemon.

       postscreen_command_count_limit (20)
	      The  limit  on the total number of commands per SMTP session for
	      postscreen(8)'s built-in SMTP protocol engine.

       postscreen_command_time_limit (normal: 300s, overload: 10s)
	      The  time	 limit	to  read   an	entire	 command   line	  with
	      postscreen(8)'s built-in SMTP protocol engine.

       postscreen_post_queue_limit ($default_process_limit)
	      The  number  of  clients	that can be waiting for	service	from a
	      real Postfix SMTP	server process.

       postscreen_pre_queue_limit ($default_process_limit)
	      The number of non-whitelisted clients that can be	waiting	for  a
	      decision	whether	 they will receive service from	a real Postfix
	      SMTP server process.

       postscreen_watchdog_timeout (10s)
	      How much time a postscreen(8) process may	take to	respond	 to  a
	      remote  SMTP  client command or to perform a cache operation be-
	      fore it is terminated by a built-in watchdog timer.

STARTTLS CONTROLS
       postscreen_tls_security_level ($smtpd_tls_security_level)
	      The SMTP TLS security level for the postscreen(8)	server;	when a
	      non-empty	value is specified, this overrides the obsolete	param-
	      eters postscreen_use_tls and postscreen_enforce_tls.

       tlsproxy_service_name (tlsproxy)
	      The name of the tlsproxy(8) service entry	in master.cf.

OBSOLETE STARTTLS SUPPORT CONTROLS
       These parameters	are supported for compatibility	with  smtpd(8)	legacy
       parameters.

       postscreen_use_tls ($smtpd_use_tls)
	      Opportunistic  TLS:  announce  STARTTLS  support	to remote SMTP
	      clients, but do not require that clients use TLS encryption.

       postscreen_enforce_tls ($smtpd_enforce_tls)
	      Mandatory	TLS: announce STARTTLS support to remote SMTP clients,
	      and require that clients use TLS encryption.

MISCELLANEOUS CONTROLS
       config_directory	(see 'postconf -d' output)
	      The  default  location of	the Postfix main.cf and	master.cf con-
	      figuration files.

       delay_logging_resolution_limit (2)
	      The maximal number of digits after the decimal point  when  log-
	      ging sub-second delay values.

       command_directory (see 'postconf	-d' output)
	      The location of all postfix administrative commands.

       max_idle	(100s)
	      The  maximum  amount of time that	an idle	Postfix	daemon process
	      waits for	an incoming connection before terminating voluntarily.

       process_id (read-only)
	      The process ID of	a Postfix command or daemon process.

       process_name (read-only)
	      The process name of a Postfix command or daemon process.

       syslog_facility (mail)
	      The syslog facility of Postfix logging.

       syslog_name (see	'postconf -d' output)
	      A	prefix that  is	 prepended  to	the  process  name  in	syslog
	      records, so that,	for example, "smtpd" becomes "prefix/smtpd".

       Available in Postfix 3.3	and later:

       service_name (read-only)
	      The master.cf service name of a Postfix daemon process.

       Available in Postfix 3.5	and later:

       info_log_address_format (external)
	      The  email  address  form	that will be used in non-debug logging
	      (info, warning, etc.).

SEE ALSO
       smtpd(8), Postfix SMTP server
       tlsproxy(8), Postfix TLS	proxy server
       dnsblog(8), DNS black/whitelist logger
       postlogd(8), Postfix logging
       syslogd(8), system logging

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to	locate
       this information.
       POSTSCREEN_README, Postfix Postscreen Howto

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       This service was	introduced with	Postfix	version	2.8.

       Many  ideas  in	postscreen(8) were explored in earlier work by Michael
       Tokarev,	in OpenBSD spamd, and in MailChannels Traffic Control.

AUTHOR(S)
       Wietse Venema
       IBM T.J.	Watson Research
       P.O. Box	704
       Yorktown	Heights, NY 10598, USA

       Wietse Venema
       Google, Inc.
       111 8th Avenue
       New York, NY 10011, USA

								 POSTSCREEN(8)

NAME | SYNOPSIS | DESCRIPTION | SECURITY | STANDARDS | DIAGNOSTICS | BUGS | CONFIGURATION PARAMETERS | COMPATIBILITY CONTROLS | TROUBLE SHOOTING CONTROLS | BEFORE-POSTSCREEN PROXY AGENT | PERMANENT WHITE/BLACKLIST TEST | MAIL EXCHANGER POLICY TESTS | BEFORE 220 GREETING TESTS | AFTER 220 GREETING TESTS | CACHE CONTROLS | RESOURCE CONTROLS | STARTTLS CONTROLS | OBSOLETE STARTTLS SUPPORT CONTROLS | MISCELLANEOUS CONTROLS | SEE ALSO | README FILES | LICENSE | HISTORY | AUTHOR(S)

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=postscreen&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help