Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SMTP(8)			    System Manager's Manual		       SMTP(8)

NAME
       smtp - Postfix SMTP+LMTP	client

SYNOPSIS
       smtp [generic Postfix daemon options] [flags=DORX]

DESCRIPTION
       The Postfix SMTP+LMTP client implements the SMTP	and LMTP mail delivery
       protocols. It processes message delivery	requests from the  queue  man-
       ager.  Each  request specifies a	queue file, a sender address, a	domain
       or host to deliver to, and recipient information.  This program expects
       to be run from the master(8) process manager.

       The  SMTP+LMTP  client  updates	the queue file and marks recipients as
       finished, or it informs the queue manager that delivery should be tried
       again  at  a  later  time.  Delivery  status  reports  are  sent	to the
       bounce(8), defer(8) or trace(8) daemon as appropriate.

       The SMTP+LMTP client looks up a list of mail  exchanger	addresses  for
       the  destination	 host,	sorts  the list	by preference, and connects to
       each listed address until it finds a server that	responds.

       When a server is	not reachable, or when mail delivery fails  due	 to  a
       recoverable  error  condition, the SMTP+LMTP client will	try to deliver
       the mail	to an alternate	host.

       After a successful mail transaction, a connection may be	saved  to  the
       scache(8)  connection  cache  server,  so  that	it  may	be used	by any
       SMTP+LMTP client	for a subsequent transaction.

       By default, connection caching is enabled temporarily for  destinations
       that have a high	volume of mail in the active queue. Connection caching
       can be enabled permanently for specific destinations.

SMTP DESTINATION SYNTAX
       The Postfix SMTP+LMTP client supports multiple  destinations  separated
       by comma	or whitespace (Postfix 3.5 and later).	SMTP destinations have
       the following form:

       domainname

       domainname:port
	      Look up the mail exchangers for the specified domain,  and  con-
	      nect to the specified port (default: smtp).

       [hostname]

       [hostname]:port
	      Look  up	the  address(es) of the	specified host,	and connect to
	      the specified port (default: smtp).

       [address]

       [address]:port
	      Connect to the host at the specified address, and	connect	to the
	      specified	 port (default:	smtp). An IPv6 address must be format-
	      ted as [ipv6:address].

LMTP DESTINATION SYNTAX
       The Postfix SMTP+LMTP client supports multiple  destinations  separated
       by comma	or whitespace (Postfix 3.5 and later).	LMTP destinations have
       the following form:

       unix:pathname
	      Connect to the local UNIX-domain server that  is	bound  to  the
	      specified	 pathname.  If	the process runs chrooted, an absolute
	      pathname is interpreted relative to the Postfix queue directory.

       inet:hostname

       inet:hostname:port

       inet:[address]

       inet:[address]:port
	      Connect to the specified TCP port	on the specified local or  re-
	      mote  host. If no	port is	specified, connect to the port defined
	      as lmtp in services(4).	If  no	such  service  is  found,  the
	      lmtp_tcp_port configuration parameter (default value of 24) will
	      be used.	An IPv6	address	must be	formatted as [ipv6:address].

SINGLE-RECIPIENT DELIVERY
       By default, the Postfix SMTP+LMTP client	delivers mail to multiple  re-
       cipients	 per  delivery	request. This is undesirable when prepending a
       Delivered-to: or	X-Original-To: message header. To prevent Postfix from
       sending multiple	recipients per delivery	request, specify

	   transport_destination_recipient_limit = 1

       in  the	Postfix	main.cf	file, where transport is the name in the first
       column of the Postfix master.cf entry for this mail delivery service.

COMMAND	ATTRIBUTE SYNTAX
       flags=DORX (optional)
	      Optional message processing flags.

	      D	     Prepend a "Delivered-To: recipient" message  header  with
		     the  envelope  recipient address. Note: for this to work,
		     the transport_destination_recipient_limit must be 1  (see
		     SINGLE-RECIPIENT DELIVERY above for details).

		     The D flag	also enforces loop detection: if a message al-
		     ready contains a Delivered-To: header with	the  same  re-
		     cipient address, then the message is returned as undeliv-
		     erable. The address comparison is case insensitive.

		     This feature is available as of Postfix 3.5.

	      O	     Prepend an	"X-Original-To:	recipient" message header with
		     the recipient address as given to Postfix.	Note: for this
		     to	work, the  transport_destination_recipient_limit  must
		     be	1 (see SINGLE-RECIPIENT	DELIVERY above for details).

		     This feature is available as of Postfix 3.5.

	      R	     Prepend a "Return-Path: <sender>" message header with the
		     envelope sender address.

		     This feature is available as of Postfix 3.5.

	      X	     Indicates that the	delivery is final. This	 flag  affects
		     the status	reported in "success" DSN (delivery status no-
		     tification) messages, and changes it from "relayed"  into
		     "delivered".

		     This feature is available as of Postfix 3.5.

SECURITY
       The SMTP+LMTP client is moderately security-sensitive. It
       talks to	SMTP or	LMTP servers and to DNS	servers	on the
       network.	The SMTP+LMTP client can be run	chrooted at fixed
       low privilege.

STANDARDS
       RFC 821 (SMTP protocol)
       RFC 822 (ARPA Internet Text Messages)
       RFC 1651	(SMTP service extensions)
       RFC 1652	(8bit-MIME transport)
       RFC 1870	(Message Size Declaration)
       RFC 2033	(LMTP protocol)
       RFC 2034	(SMTP Enhanced Error Codes)
       RFC 2045	(MIME: Format of Internet Message Bodies)
       RFC 2046	(MIME: Media Types)
       RFC 2554	(AUTH command)
       RFC 2821	(SMTP protocol)
       RFC 2920	(SMTP Pipelining)
       RFC 3207	(STARTTLS command)
       RFC 3461	(SMTP DSN Extension)
       RFC 3463	(Enhanced Status Codes)
       RFC 4954	(AUTH command)
       RFC 5321	(SMTP protocol)
       RFC 6531	(Internationalized SMTP)
       RFC 6533	(Internationalized Delivery Status Notifications)
       RFC 7672	(SMTP security via opportunistic DANE TLS)

DIAGNOSTICS
       Problems	 and  transactions  are	 logged	 to syslogd(8) or postlogd(8).
       Corrupted message files are marked so that the queue manager  can  move
       them to the corrupt queue for further inspection.

       Depending  on the setting of the	notify_classes parameter, the postmas-
       ter is notified of bounces, protocol problems, and of other trouble.

BUGS
       SMTP and	LMTP connection	reuse for TLS (without	closing	 the  SMTP  or
       LMTP connection)	is not supported before	Postfix	3.4.

       SMTP  and LMTP connection reuse assumes that SASL credentials are valid
       for all destinations that map onto the same IP address and TCP port.

CONFIGURATION PARAMETERS
       Before Postfix version 2.3, the LMTP client is a	separate program  that
       implements  only	 a  subset  of	the functionality available with SMTP:
       there is	no support for TLS, and	 connections  are  cached  in-process,
       making it ineffective when the client is	used for multiple domains.

       Most smtp_xxx configuration parameters have an lmtp_xxx "mirror"	param-
       eter for	the equivalent LMTP  feature.  This  document  describes  only
       those LMTP-related parameters that aren't simply	"mirror" parameters.

       Changes	to  main.cf  are picked	up automatically, as smtp(8) processes
       run for only a limited amount of	time. Use the command "postfix reload"
       to speed	up a change.

       The  text  below	provides only a	parameter summary. See postconf(5) for
       more details including examples.

COMPATIBILITY CONTROLS
       ignore_mx_lookup_error (no)
	      Ignore DNS MX lookups that produce no response.

       smtp_always_send_ehlo (yes)
	      Always send EHLO at the start of an SMTP session.

       smtp_never_send_ehlo (no)
	      Never send EHLO at the start of an SMTP session.

       smtp_defer_if_no_mx_address_found (no)
	      Defer mail delivery when no MX record resolves to	an IP address.

       smtp_line_length_limit (998)
	      The maximal length of message header and body lines that Postfix
	      will send	via SMTP.

       smtp_pix_workaround_delay_time (10s)
	      How   long   the	Postfix	 SMTP  client  pauses  before  sending
	      ".<CR><LF>"  in  order  to  work	 around	  the	PIX   firewall
	      "<CR><LF>.<CR><LF>" bug.

       smtp_pix_workaround_threshold_time (500s)
	      How long a message must be queued	before the Postfix SMTP	client
	      turns on the PIX firewall	"<CR><LF>.<CR><LF>" bug	workaround for
	      delivery through firewalls with "smtp fixup" mode	turned on.

       smtp_pix_workarounds (disable_esmtp, delay_dotcrlf)
	      A	 list  that  specifies	zero or	more workarounds for CISCO PIX
	      firewall bugs.

       smtp_pix_workaround_maps	(empty)
	      Lookup tables, indexed by	the remote SMTP	server	address,  with
	      per-destination workarounds for CISCO PIX	firewall bugs.

       smtp_quote_rfc821_envelope (yes)
	      Quote  addresses	in  Postfix  SMTP client MAIL FROM and RCPT TO
	      commands as required by RFC 5321.

       smtp_reply_filter (empty)
	      A	mechanism to transform replies from remote  SMTP  servers  one
	      line at a	time.

       smtp_skip_5xx_greeting (yes)
	      Skip remote SMTP servers that greet with a 5XX status code.

       smtp_skip_quit_response (yes)
	      Do not wait for the response to the SMTP QUIT command.

       Available in Postfix version 2.0	and earlier:

       smtp_skip_4xx_greeting (yes)
	      Skip  SMTP  servers  that	greet with a 4XX status	code (go away,
	      try again	later).

       Available in Postfix version 2.2	and later:

       smtp_discard_ehlo_keyword_address_maps (empty)
	      Lookup tables, indexed by	the remote SMTP	server	address,  with
	      case  insensitive	 lists of EHLO keywords	(pipelining, starttls,
	      auth, etc.) that the Postfix SMTP	client will ignore in the EHLO
	      response from a remote SMTP server.

       smtp_discard_ehlo_keywords (empty)
	      A	 case insensitive list of EHLO keywords	(pipelining, starttls,
	      auth, etc.) that the Postfix SMTP	client will ignore in the EHLO
	      response from a remote SMTP server.

       smtp_generic_maps (empty)
	      Optional	lookup	tables	that  perform address rewriting	in the
	      Postfix SMTP client, typically to	transform a locally valid  ad-
	      dress into a globally valid address when sending mail across the
	      Internet.

       Available in Postfix version 2.2.9 and later:

       smtp_cname_overrides_servername (version	dependent)
	      When the remote SMTP servername is  a  DNS  CNAME,  replace  the
	      servername  with the result from CNAME expansion for the purpose
	      of logging, SASL password	lookup,	TLS policy decisions,  or  TLS
	      certificate verification.

       Available in Postfix version 2.3	and later:

       lmtp_discard_lhlo_keyword_address_maps (empty)
	      Lookup  tables,  indexed by the remote LMTP server address, with
	      case insensitive lists of	LHLO keywords  (pipelining,  starttls,
	      auth, etc.) that the Postfix LMTP	client will ignore in the LHLO
	      response from a remote LMTP server.

       lmtp_discard_lhlo_keywords (empty)
	      A	case insensitive list of LHLO keywords (pipelining,  starttls,
	      auth, etc.) that the Postfix LMTP	client will ignore in the LHLO
	      response from a remote LMTP server.

       Available in Postfix version 2.4.4 and later:

       send_cyrus_sasl_authzid (no)
	      When authenticating to a remote SMTP or LMTP server with the de-
	      fault  setting  "no",  send  no SASL authoriZation ID (authzid);
	      send only	the SASL authentiCation	ID (authcid)  plus  the	 auth-
	      cid's password.

       Available in Postfix version 2.5	and later:

       smtp_header_checks (empty)
	      Restricted header_checks(5) tables for the Postfix SMTP client.

       smtp_mime_header_checks (empty)
	      Restricted  mime_header_checks(5)	 tables	 for  the Postfix SMTP
	      client.

       smtp_nested_header_checks (empty)
	      Restricted nested_header_checks(5) tables	for the	 Postfix  SMTP
	      client.

       smtp_body_checks	(empty)
	      Restricted body_checks(5)	tables for the Postfix SMTP client.

       Available in Postfix version 2.6	and later:

       tcp_windowsize (0)
	      An  optional  workaround for routers that	break TCP window scal-
	      ing.

       Available in Postfix version 2.8	and later:

       smtp_dns_resolver_options (empty)
	      DNS Resolver options for the Postfix SMTP	client.

       Available in Postfix version 2.9	and later:

       smtp_per_record_deadline	(no)
	      Change the behavior of the smtp_*_timeout	time  limits,  from  a
	      time  limit  per	read  or write system call, to a time limit to
	      send or receive a	complete record	(an SMTP  command  line,  SMTP
	      response	line,  SMTP message content line, or TLS protocol mes-
	      sage).

       smtp_send_dummy_mail_auth (no)
	      Whether or not to	append the "AUTH=<>" option to the  MAIL  FROM
	      command in SASL-authenticated SMTP sessions.

       Available in Postfix version 2.11 and later:

       smtp_dns_support_level (empty)
	      Level of DNS support in the Postfix SMTP client.

       Available in Postfix version 3.0	and later:

       smtp_delivery_status_filter ($default_delivery_status_filter)
	      Optional filter for the smtp(8) delivery agent to	change the de-
	      livery status code or explanatory	text of	successful  or	unsuc-
	      cessful deliveries.

       smtp_dns_reply_filter (empty)
	      Optional filter for Postfix SMTP client DNS lookup results.

       Available in Postfix version 3.3	and later:

       smtp_balance_inet_protocols (yes)
	      When  a remote destination resolves to a combination of IPv4 and
	      IPv6 addresses, ensure that the Postfix SMTP client can try both
	      address types before it runs into	the smtp_mx_address_limit.

       Available in Postfix 3.5	and later:

       info_log_address_format (external)
	      The  email  address  form	that will be used in non-debug logging
	      (info, warning, etc.).

MIME PROCESSING	CONTROLS
       Available in Postfix version 2.0	and later:

       disable_mime_output_conversion (no)
	      Disable the conversion of	8BITMIME format	to 7BIT	format.

       mime_boundary_length_limit (2048)
	      The maximal length of MIME multipart boundary strings.

       mime_nesting_limit (100)
	      The maximal recursion level that the MIME	processor will handle.

EXTERNAL CONTENT INSPECTION CONTROLS
       Available in Postfix version 2.1	and later:

       smtp_send_xforward_command (no)
	      Send the non-standard XFORWARD command  when  the	 Postfix  SMTP
	      server EHLO response announces XFORWARD support.

SASL AUTHENTICATION CONTROLS
       smtp_sasl_auth_enable (no)
	      Enable SASL authentication in the	Postfix	SMTP client.

       smtp_sasl_password_maps (empty)
	      Optional	Postfix	 SMTP  client  lookup  tables  with  one user-
	      name:password entry per sender, remote hostname or next-hop  do-
	      main.

       smtp_sasl_security_options (noplaintext,	noanonymous)
	      Postfix SMTP client SASL security	options; as of Postfix 2.3 the
	      list of available	features depends on the	SASL client  implemen-
	      tation that is selected with smtp_sasl_type.

       Available in Postfix version 2.2	and later:

       smtp_sasl_mechanism_filter (empty)
	      If  non-empty,  a	Postfix	SMTP client filter for the remote SMTP
	      server's list of offered SASL mechanisms.

       Available in Postfix version 2.3	and later:

       smtp_sender_dependent_authentication (no)
	      Enable  sender-dependent	authentication	in  the	 Postfix  SMTP
	      client;  this  is	 available  only with SASL authentication, and
	      disables SMTP connection caching to ensure that mail  from  dif-
	      ferent senders will use the appropriate credentials.

       smtp_sasl_path (empty)
	      Implementation-specific information that the Postfix SMTP	client
	      passes through to	the SASL plug-in implementation	 that  is  se-
	      lected with smtp_sasl_type.

       smtp_sasl_type (cyrus)
	      The  SASL	 plug-in  type that the	Postfix	SMTP client should use
	      for authentication.

       Available in Postfix version 2.5	and later:

       smtp_sasl_auth_cache_name (empty)
	      An optional table	to prevent repeated SASL authentication	 fail-
	      ures  with  the  same  remote SMTP server	hostname, username and
	      password.

       smtp_sasl_auth_cache_time (90d)
	      The maximal age of an smtp_sasl_auth_cache_name entry before  it
	      is removed.

       smtp_sasl_auth_soft_bounce (yes)
	      When  a remote SMTP server rejects a SASL	authentication request
	      with a 535 reply code, defer mail	delivery instead of  returning
	      mail as undeliverable.

       Available in Postfix version 2.9	and later:

       smtp_send_dummy_mail_auth (no)
	      Whether  or  not to append the "AUTH=<>" option to the MAIL FROM
	      command in SASL-authenticated SMTP sessions.

STARTTLS SUPPORT CONTROLS
       Detailed	information about STARTTLS configuration may be	found  in  the
       TLS_README document.

       smtp_tls_security_level (empty)
	      The default SMTP TLS security level for the Postfix SMTP client;
	      when a non-empty value is	specified, this	overrides the obsolete
	      parameters   smtp_use_tls,  smtp_enforce_tls,  and  smtp_tls_en-
	      force_peername.

       smtp_sasl_tls_security_options ($smtp_sasl_security_options)
	      The SASL authentication security options that the	 Postfix  SMTP
	      client uses for TLS encrypted SMTP sessions.

       smtp_starttls_timeout (300s)
	      Time  limit  for	Postfix	 SMTP client write and read operations
	      during TLS startup and shutdown handshake	procedures.

       smtp_tls_CAfile (empty)
	      A	file containing	CA certificates	of root	CAs  trusted  to  sign
	      either  remote  SMTP server certificates or intermediate CA cer-
	      tificates.

       smtp_tls_CApath (empty)
	      Directory	with PEM format	Certification  Authority  certificates
	      that the Postfix SMTP client uses	to verify a remote SMTP	server
	      certificate.

       smtp_tls_cert_file (empty)
	      File with	the Postfix SMTP client	RSA certificate	in PEM format.

       smtp_tls_mandatory_ciphers (medium)
	      The minimum TLS cipher grade that	the Postfix SMTP  client  will
	      use with mandatory TLS encryption.

       smtp_tls_exclude_ciphers	(empty)
	      List of ciphers or cipher	types to exclude from the Postfix SMTP
	      client cipher list at all	TLS security levels.

       smtp_tls_mandatory_exclude_ciphers (empty)
	      Additional list of ciphers or cipher types to exclude  from  the
	      Postfix  SMTP  client cipher list	at mandatory TLS security lev-
	      els.

       smtp_tls_dcert_file (empty)
	      File with	the Postfix SMTP client	DSA certificate	in PEM format.

       smtp_tls_dkey_file ($smtp_tls_dcert_file)
	      File with	the Postfix SMTP client	DSA private key	in PEM format.

       smtp_tls_key_file ($smtp_tls_cert_file)
	      File with	the Postfix SMTP client	RSA private key	in PEM format.

       smtp_tls_loglevel (0)
	      Enable additional	Postfix	SMTP client logging of TLS activity.

       smtp_tls_note_starttls_offer (no)
	      Log the hostname of a remote SMTP	server that  offers  STARTTLS,
	      when TLS is not already enabled for that server.

       smtp_tls_policy_maps (empty)
	      Optional lookup tables with the Postfix SMTP client TLS security
	      policy by	next-hop destination; when a non-empty value is	speci-
	      fied, this overrides the obsolete	smtp_tls_per_site parameter.

       smtp_tls_mandatory_protocols (!SSLv2, !SSLv3)
	      List  of SSL/TLS protocols that the Postfix SMTP client will use
	      with mandatory TLS encryption.

       smtp_tls_scert_verifydepth (9)
	      The verification depth for remote	SMTP server certificates.

       smtp_tls_secure_cert_match (nexthop, dot-nexthop)
	      How the Postfix SMTP  client  verifies  the  server  certificate
	      peername for the "secure"	TLS security level.

       smtp_tls_session_cache_database (empty)
	      Name of the file containing the optional Postfix SMTP client TLS
	      session cache.

       smtp_tls_session_cache_timeout (3600s)
	      The expiration time of Postfix SMTP client TLS session cache in-
	      formation.

       smtp_tls_verify_cert_match (hostname)
	      How  the	Postfix	 SMTP  client  verifies	the server certificate
	      peername for the "verify"	TLS security level.

       tls_daemon_random_bytes (32)
	      The number of pseudo-random bytes	that an	 smtp(8)  or  smtpd(8)
	      process  requests	from the tlsmgr(8) server in order to seed its
	      internal pseudo random number generator (PRNG).

       tls_high_cipherlist (see	'postconf -d' output)
	      The OpenSSL cipherlist for "high"	grade ciphers.

       tls_medium_cipherlist (see 'postconf -d'	output)
	      The OpenSSL cipherlist for "medium" or higher grade ciphers.

       tls_low_cipherlist (see 'postconf -d' output)
	      The OpenSSL cipherlist for "low" or higher grade ciphers.

       tls_export_cipherlist (see 'postconf -d'	output)
	      The OpenSSL cipherlist for "export" or higher grade ciphers.

       tls_null_cipherlist (eNULL:!aNULL)
	      The OpenSSL cipherlist for "NULL"	grade ciphers that provide au-
	      thentication without encryption.

       Available in Postfix version 2.4	and later:

       smtp_sasl_tls_verified_security_options	  ($smtp_sasl_tls_security_op-
       tions)
	      The SASL authentication security options that the	 Postfix  SMTP
	      client  uses  for	 TLS  encrypted	 SMTP sessions with a verified
	      server certificate.

       Available in Postfix version 2.5	and later:

       smtp_tls_fingerprint_cert_match (empty)
	      List of acceptable remote	SMTP server  certificate  fingerprints
	      for   the	  "fingerprint"	 TLS  security	level  (smtp_tls_secu-
	      rity_level = fingerprint).

       smtp_tls_fingerprint_digest (md5)
	      The message digest  algorithm  used  to  construct  remote  SMTP
	      server certificate fingerprints.

       Available in Postfix version 2.6	and later:

       smtp_tls_protocols (!SSLv2, !SSLv3)
	      List  of TLS protocols that the Postfix SMTP client will exclude
	      or include with opportunistic TLS	encryption.

       smtp_tls_ciphers	(medium)
	      The minimum TLS cipher grade that	the Postfix SMTP  client  will
	      use with opportunistic TLS encryption.

       smtp_tls_eccert_file (empty)
	      File  with the Postfix SMTP client ECDSA certificate in PEM for-
	      mat.

       smtp_tls_eckey_file ($smtp_tls_eccert_file)
	      File with	the Postfix SMTP client	ECDSA private key in PEM  for-
	      mat.

       Available in Postfix version 2.7	and later:

       smtp_tls_block_early_mail_reply (no)
	      Try  to  detect  a mail hijacking	attack based on	a TLS protocol
	      vulnerability (CVE-2009-3555), where an attacker prepends	 mali-
	      cious  HELO,  MAIL, RCPT,	DATA commands to a Postfix SMTP	client
	      TLS session.

       Available in Postfix version 2.8	and later:

       tls_disable_workarounds (see 'postconf -d' output)
	      List or bit-mask of OpenSSL bug work-arounds to disable.

       Available in Postfix version 2.11-3.1:

       tls_dane_digest_agility (on)
	      Configure	RFC7671	DANE TLSA digest algorithm agility.

       tls_dane_trust_anchor_digest_enable (yes)
	      Enable support for RFC 6698 (DANE	TLSA) DNS records that contain
	      digests of trust-anchors with certificate	usage "2".

       Available in Postfix version 2.11 and later:

       smtp_tls_trust_anchor_file (empty)
	      Zero  or	more  PEM-format  files	with trust-anchor certificates
	      and/or public keys.

       smtp_tls_force_insecure_host_tlsa_lookup	(no)
	      Lookup the associated DANE TLSA RRset even when  a  hostname  is
	      not an alias and its address records lie in an unsigned zone.

       tlsmgr_service_name (tlsmgr)
	      The name of the tlsmgr(8)	service	entry in master.cf.

       Available in Postfix version 3.0	and later:

       smtp_tls_wrappermode (no)
	      Request  that  the Postfix SMTP client connects using the	legacy
	      SMTPS protocol instead of	using the STARTTLS command.

       Available in Postfix version 3.1	and later:

       smtp_tls_dane_insecure_mx_policy	(dane)
	      The TLS policy for MX hosts with "secure"	TLSA records when  the
	      nexthop  destination  security  level is dane, but the MX	record
	      was found	via an "insecure" MX lookup.

       Available in Postfix version 3.4	and later:

       smtp_tls_connection_reuse (no)
	      Try to make multiple deliveries per TLS-encrypted	connection.

       smtp_tls_chain_files (empty)
	      List of one or more PEM files, each holding one or more  private
	      keys directly followed by	a corresponding	certificate chain.

       smtp_tls_servername (empty)
	      Optional	name  to  send	to  the	 remote	SMTP server in the TLS
	      Server Name Indication (SNI) extension.

       Available in Postfix 3.5, 3.4.6,	3.3.5, 3.2.10, 3.1.13 and later:

       tls_fast_shutdown_enable	(yes)
	      A	workaround for implementations that hang Postfix  while	 shut-
	      ting down	a TLS session, until Postfix times out.

OBSOLETE STARTTLS CONTROLS
       The  following  configuration  parameters  exist	for compatibility with
       Postfix versions	before 2.3. Support for	these will be removed in a fu-
       ture release.

       smtp_use_tls (no)
	      Opportunistic  mode: use TLS when	a remote SMTP server announces
	      STARTTLS support,	otherwise send the mail	in the clear.

       smtp_enforce_tls	(no)
	      Enforcement mode:	require	that remote SMTP servers use  TLS  en-
	      cryption,	and never send mail in the clear.

       smtp_tls_enforce_peername (yes)
	      With  mandatory  TLS  encryption,	 require  that the remote SMTP
	      server hostname matches  the  information	 in  the  remote  SMTP
	      server certificate.

       smtp_tls_per_site (empty)
	      Optional	lookup	tables	with the Postfix SMTP client TLS usage
	      policy by	next-hop destination and by remote SMTP	 server	 host-
	      name.

       smtp_tls_cipherlist (empty)
	      Obsolete	Postfix	 < 2.3 control for the Postfix SMTP client TLS
	      cipher list.

RESOURCE AND RATE CONTROLS
       smtp_connect_timeout (30s)
	      The Postfix SMTP client time limit for completing	a TCP  connec-
	      tion, or zero (use the operating system built-in time limit).

       smtp_helo_timeout (300s)
	      The  Postfix SMTP	client time limit for sending the HELO or EHLO
	      command, and for receiving the initial remote  SMTP  server  re-
	      sponse.

       lmtp_lhlo_timeout (300s)
	      The Postfix LMTP client time limit for sending the LHLO command,
	      and for receiving	the initial remote LMTP	server response.

       smtp_xforward_timeout (300s)
	      The Postfix SMTP client time limit for sending the XFORWARD com-
	      mand, and	for receiving the remote SMTP server response.

       smtp_mail_timeout (300s)
	      The  Postfix  SMTP  client  time limit for sending the MAIL FROM
	      command, and for receiving the remote SMTP server	response.

       smtp_rcpt_timeout (300s)
	      The Postfix SMTP client time limit for sending the SMTP RCPT  TO
	      command, and for receiving the remote SMTP server	response.

       smtp_data_init_timeout (120s)
	      The  Postfix  SMTP  client  time limit for sending the SMTP DATA
	      command, and for receiving the remote SMTP server	response.

       smtp_data_xfer_timeout (180s)
	      The Postfix SMTP client time limit for sending the SMTP  message
	      content.

       smtp_data_done_timeout (600s)
	      The Postfix SMTP client time limit for sending the SMTP ".", and
	      for receiving the	remote SMTP server response.

       smtp_quit_timeout (300s)
	      The Postfix SMTP client time limit for sending the QUIT command,
	      and for receiving	the remote SMTP	server response.

       Available in Postfix version 2.1	and later:

       smtp_mx_address_limit (5)
	      The  maximal number of MX	(mail exchanger) IP addresses that can
	      result from Postfix SMTP client mail exchanger lookups, or  zero
	      (no limit).

       smtp_mx_session_limit (2)
	      The  maximal number of SMTP sessions per delivery	request	before
	      the Postfix SMTP client gives up or delivers to a	fall-back  re-
	      lay host,	or zero	(no limit).

       smtp_rset_timeout (20s)
	      The Postfix SMTP client time limit for sending the RSET command,
	      and for receiving	the remote SMTP	server response.

       Available in Postfix version 2.2	and earlier:

       lmtp_cache_connection (yes)
	      Keep Postfix LMTP	client connections open	for  up	 to  $max_idle
	      seconds.

       Available in Postfix version 2.2	and later:

       smtp_connection_cache_destinations (empty)
	      Permanently  enable  SMTP	 connection  caching for the specified
	      destinations.

       smtp_connection_cache_on_demand (yes)
	      Temporarily enable SMTP connection caching while	a  destination
	      has a high volume	of mail	in the active queue.

       smtp_connection_reuse_time_limit	(300s)
	      The amount of time during	which Postfix will use an SMTP connec-
	      tion repeatedly.

       smtp_connection_cache_time_limit	(2s)
	      When SMTP	connection caching is enabled, the amount of time that
	      an unused	SMTP client socket is kept open	before it is closed.

       Available in Postfix version 2.3	and later:

       connection_cache_protocol_timeout (5s)
	      Time  limit for connection cache connect,	send or	receive	opera-
	      tions.

       Available in Postfix version 2.9	and later:

       smtp_per_record_deadline	(no)
	      Change the behavior of the smtp_*_timeout	time  limits,  from  a
	      time  limit  per	read  or write system call, to a time limit to
	      send or receive a	complete record	(an SMTP  command  line,  SMTP
	      response	line,  SMTP message content line, or TLS protocol mes-
	      sage).

       Available in Postfix version 2.11 and later:

       smtp_connection_reuse_count_limit (0)
	      When SMTP	connection caching is enabled,	the  number  of	 times
	      that  an SMTP session may	be reused before it is closed, or zero
	      (no limit).

       Available in Postfix version 3.4	and later:

       smtp_tls_connection_reuse (no)
	      Try to make multiple deliveries per TLS-encrypted	connection.

       Implemented in the qmgr(8) daemon:

       transport_destination_concurrency_limit	 ($default_destination_concur-
       rency_limit)
	      A	 transport-specific  override for the default_destination_con-
	      currency_limit parameter value, where transport is the master.cf
	      name of the message delivery transport.

       transport_destination_recipient_limit	 ($default_destination_recipi-
       ent_limit)
	      A	transport-specific override for	the default_destination_recip-
	      ient_limit  parameter  value,  where  transport is the master.cf
	      name of the message delivery transport.

SMTPUTF8 CONTROLS
       Preliminary SMTPUTF8 support is introduced with Postfix 3.0.

       smtputf8_enable (yes)
	      Enable preliminary SMTPUTF8 support for the protocols  described
	      in RFC 6531..6533.

       smtputf8_autodetect_classes (sendmail, verify)
	      Detect  that  a message requires SMTPUTF8	support	for the	speci-
	      fied mail	origin classes.

       Available in Postfix version 3.2	and later:

       enable_idna2003_compatibility (no)
	      Enable  'transitional'  compatibility   between	IDNA2003   and
	      IDNA2008,	 when  converting UTF-8	domain names to/from the ASCII
	      form that	is used	for DNS	lookups.

TROUBLE	SHOOTING CONTROLS
       debug_peer_level	(2)
	      The increment in verbose logging level when a remote  client  or
	      server matches a pattern in the debug_peer_list parameter.

       debug_peer_list (empty)
	      Optional list of remote client or	server hostname	or network ad-
	      dress patterns that cause	the verbose logging level to  increase
	      by the amount specified in $debug_peer_level.

       error_notice_recipient (postmaster)
	      The  recipient  of  postmaster notifications about mail delivery
	      problems that are	caused by policy, resource, software or	proto-
	      col errors.

       internal_mail_filter_classes (empty)
	      What  categories	of  Postfix-generated  mail are	subject	to be-
	      fore-queue    content    inspection    by	    non_smtpd_milters,
	      header_checks and	body_checks.

       notify_classes (resource, software)
	      The list of error	classes	that are reported to the postmaster.

MISCELLANEOUS CONTROLS
       best_mx_transport (empty)
	      Where  the  Postfix  SMTP	client should deliver mail when	it de-
	      tects a "mail loops back to myself" error	condition.

       config_directory	(see 'postconf -d' output)
	      The default location of the Postfix main.cf and  master.cf  con-
	      figuration files.

       daemon_timeout (18000s)
	      How  much	time a Postfix daemon process may take to handle a re-
	      quest before it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
	      The maximal number of digits after the decimal point  when  log-
	      ging sub-second delay values.

       disable_dns_lookups (no)
	      Disable DNS lookups in the Postfix SMTP and LMTP clients.

       inet_interfaces (all)
	      The  network  interface addresses	that this mail system receives
	      mail on.

       inet_protocols (all)
	      The Internet protocols Postfix will attempt to use  when	making
	      or accepting connections.

       ipc_timeout (3600s)
	      The  time	limit for sending or receiving information over	an in-
	      ternal communication channel.

       lmtp_assume_final (no)
	      When a remote LMTP server	announces no DSN support, assume  that
	      the  server performs final delivery, and send "delivered"	deliv-
	      ery status notifications instead of "relayed".

       lmtp_tcp_port (24)
	      The default TCP port that	the Postfix LMTP client	connects to.

       max_idle	(100s)
	      The maximum amount of time that an idle Postfix  daemon  process
	      waits for	an incoming connection before terminating voluntarily.

       max_use (100)
	      The maximal number of incoming connections that a	Postfix	daemon
	      process will service before terminating voluntarily.

       process_id (read-only)
	      The process ID of	a Postfix command or daemon process.

       process_name (read-only)
	      The process name of a Postfix command or daemon process.

       proxy_interfaces	(empty)
	      The network interface addresses that this	mail  system  receives
	      mail on by way of	a proxy	or network address translation unit.

       smtp_address_preference (any)
	      The address type ("ipv6",	"ipv4" or "any") that the Postfix SMTP
	      client will try first, when a destination	has IPv6 and IPv4  ad-
	      dresses with equal MX preference.

       smtp_bind_address (empty)
	      An  optional  numerical  network	address	 that the Postfix SMTP
	      client should bind to when making	an IPv4	connection.

       smtp_bind_address6 (empty)
	      An optional numerical network  address  that  the	 Postfix  SMTP
	      client should bind to when making	an IPv6	connection.

       smtp_helo_name ($myhostname)
	      The hostname to send in the SMTP HELO or EHLO command.

       lmtp_lhlo_name ($myhostname)
	      The hostname to send in the LMTP LHLO command.

       smtp_host_lookup	(dns)
	      What mechanisms the Postfix SMTP client uses to look up a	host's
	      IP address.

       smtp_randomize_addresses	(yes)
	      Randomize	the order of equal-preference MX host addresses.

       syslog_facility (mail)
	      The syslog facility of Postfix logging.

       syslog_name (see	'postconf -d' output)
	      A	prefix that  is	 prepended  to	the  process  name  in	syslog
	      records, so that,	for example, "smtpd" becomes "prefix/smtpd".

       Available with Postfix 2.2 and earlier:

       fallback_relay (empty)
	      Optional list of relay hosts for SMTP destinations that can't be
	      found or that are	unreachable.

       Available with Postfix 2.3 and later:

       smtp_fallback_relay ($fallback_relay)
	      Optional list of relay hosts for SMTP destinations that can't be
	      found or that are	unreachable.

       Available with Postfix 3.0 and later:

       smtp_address_verify_target (rcpt)
	      In  the context of email address verification, the SMTP protocol
	      stage that determines whether an email address is	deliverable.

       Available with Postfix 3.1 and later:

       lmtp_fallback_relay (empty)
	      Optional list of relay hosts for LMTP destinations that can't be
	      found or that are	unreachable.

       Available with Postfix 3.2 and later:

       smtp_tcp_port (smtp)
	      The default TCP port that	the Postfix SMTP client	connects to.

       Available in Postfix 3.3	and later:

       service_name (read-only)
	      The master.cf service name of a Postfix daemon process.

SEE ALSO
       generic(5), output address rewriting
       header_checks(5), message header	content	inspection
       body_checks(5), body parts content inspection
       qmgr(8),	queue manager
       bounce(8), delivery status reports
       scache(8), connection cache server
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       tlsmgr(8), TLS session and PRNG management
       postlogd(8), Postfix logging
       syslogd(8), system logging

README FILES
       Use  "postconf readme_directory"	or "postconf html_directory" to	locate
       this information.
       SASL_README, Postfix SASL howto
       TLS_README, Postfix STARTTLS howto

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J.	Watson Research
       P.O. Box	704
       Yorktown	Heights, NY 10598, USA

       Wietse Venema
       Google, Inc.
       111 8th Avenue
       New York, NY 10011, USA

       Command pipelining in cooperation with:
       Jon Ribbens
       Oaktree Internet	Solutions Ltd.,
       Internet	House,
       Canal Basin,
       Coventry,
       CV1 4LY,	United Kingdom.

       SASL support originally by:
       Till Franke
       SuSE Rhein/Main AG
       65760 Eschborn, Germany

       TLS support originally by:
       Lutz Jaenicke
       BTU Cottbus
       Allgemeine Elektrotechnik
       Universitaetsplatz 3-4
       D-03044 Cottbus,	Germany

       Revised TLS and SMTP connection cache support by:
       Victor Duchovni
       Morgan Stanley

								       SMTP(8)

NAME | SYNOPSIS | DESCRIPTION | SMTP DESTINATION SYNTAX | LMTP DESTINATION SYNTAX | SINGLE-RECIPIENT DELIVERY | COMMAND ATTRIBUTE SYNTAX | SECURITY | STANDARDS | DIAGNOSTICS | BUGS | CONFIGURATION PARAMETERS | COMPATIBILITY CONTROLS | MIME PROCESSING CONTROLS | EXTERNAL CONTENT INSPECTION CONTROLS | SASL AUTHENTICATION CONTROLS | STARTTLS SUPPORT CONTROLS | OBSOLETE STARTTLS CONTROLS | RESOURCE AND RATE CONTROLS | SMTPUTF8 CONTROLS | TROUBLE SHOOTING CONTROLS | MISCELLANEOUS CONTROLS | SEE ALSO | README FILES | LICENSE | AUTHOR(S)

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=smtp&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help