unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-2.0)
Page:
Section:
Apropos / Subsearch:
optional field

SMTPD(8)                    System Manager's Manual                   SMTPD(8)



NAME
       smtpd - Postfix SMTP server

SYNOPSIS
       smtpd [generic Postfix daemon options]

DESCRIPTION
       The  SMTP  server accepts network connection requests and performs zero
       or more SMTP transactions per connection.   Each  received  message  is
       piped  through  the  cleanup(8) daemon, and is placed into the incoming
       queue as one single queue file.  For this mode of operation,  the  pro-
       gram expects to be run from the master(8) process manager.

       Alternatively, the SMTP server takes an established connection on stan-
       dard input and deposits messages directly into the maildrop  queue.  In
       this  so-called  stand-alone mode, the SMTP server can accept mail even
       while the mail system is not running.

       The SMTP  server  implements  a  variety  of  policies  for  connection
       requests,  and  for parameters given to HELO, ETRN, MAIL FROM, VRFY and
       RCPT TO commands. They are detailed below and in the main.cf configura-
       tion file.

SECURITY
       The  SMTP  server  is  moderately  security-sensitive. It talks to SMTP
       clients and to DNS servers on the network. The SMTP server can  be  run
       chrooted at fixed low privilege.

STANDARDS
       RFC 821 (SMTP protocol)
       RFC 1123 (Host requirements)
       RFC 1652 (8bit-MIME transport)
       RFC 1869 (SMTP service extensions)
       RFC 1870 (Message Size Declaration)
       RFC 1985 (ETRN command)
       RFC 2554 (AUTH command)
       RFC 2821 (SMTP protocol)
       RFC 2920 (SMTP Pipelining)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

       Depending  on the setting of the notify_classes parameter, the postmas-
       ter is notified of bounces, protocol problems, policy  violations,  and
       of other trouble.

CONFIGURATION PARAMETERS
       The  following  main.cf parameters are especially relevant to this pro-
       gram. See the Postfix main.cf file for syntax details and  for  default
       values. Use the postfix reload command after a configuration change.

Compatibility controls
       strict_rfc821_envelopes
              Disallow non-RFC 821 style addresses in SMTP commands. For exam-
              ple, the RFC822-style address forms with comments that  Sendmail
              allows.

       broken_sasl_auth_clients
              Support Microsoft clients that implement an older version of the
              AUTH  protocol,  and  that  expect  an  EHLO  response  of  "250
              AUTH=list" instead of "250 AUTH list".

       smtpd_noop_commands
              List  of  commands  that are treated as NOOP (no operation) com-
              mands, without any parameter syntax  checking  and  without  any
              state change.  This list overrides built-in command definitions.

Content inspection controls
       content_filter
              The name of a mail delivery transport that filters mail and that
              either bounces mail or re-injects the result back into  Postfix.
              This  parameter uses the same syntax as the right-hand side of a
              Postfix transport table.

Authentication controls
       smtpd_sasl_auth_enable
              Enable per-session authentication as per RFC 2554 (SASL).   This
              functionality is available only when explicitly selected at pro-
              gram build time and explicitly enabled at runtime.

       smtpd_sasl_local_domain
              The name of the local authentication realm.

       smtpd_sasl_security_options
              Zero or more of the following.

              noplaintext
                     Disallow authentication methods that use plaintext  pass-
                     words.

              noactive
                     Disallow  authentication  methods  that are vulnerable to
                     non-dictionary active attacks.

              nodictionary
                     Disallow authentication methods that  are  vulnerable  to
                     passive dictionary attack.

              noanonymous
                     Disallow anonymous logins.

       smtpd_sender_login_maps
              Maps  that  specify  the  SASL  login name that owns a MAIL FROM
              sender address. Used by the reject_sender_login_mismatch  sender
              anti-spoofing restriction.

Miscellaneous
       always_bcc
              Address to send a copy of each message that enters the system.

       authorized_verp_clients
              Hostnames,  domain  names  and/or  addresses of clients that are
              authorized to use the XVERP extension.

       debug_peer_level
              Increment in verbose logging level when a remote host matches  a
              pattern in the debug_peer_list parameter.

       debug_peer_list
              List of domain or network patterns. When a remote host matches a
              pattern, increase the verbose logging level by the amount speci-
              fied in the debug_peer_level parameter.

       default_verp_delimiters
              The  default  VERP  delimiter  characters that are used when the
              XVERP command is specified without explicit delimiters.

       error_notice_recipient
              Recipient of protocol/policy/resource/software error notices.

       hopcount_limit
              Limit the number of Received: message headers.

       notify_classes
              List of error classes. Of special interest are:

              policy When a client violates any policy, mail a  transcript  of
                     the entire SMTP session to the postmaster.

              protocol
                     When  a  client  violates  the SMTP protocol or issues an
                     unimplemented command, mail a transcript  of  the  entire
                     SMTP session to the postmaster.

       smtpd_banner
              Text  that follows the 220 status code in the SMTP greeting ban-
              ner.

       smtpd_expansion_filter
              Controls what characters are allowed in $name expansion  of  rbl
              template responses and other text.

       smtpd_recipient_limit
              Restrict  the  number of recipients that the SMTP server accepts
              per message delivery.

       smtpd_timeout
              Limit the time to send a server response and to receive a client
              request.

       soft_bounce
              Change  hard  (5xx)  reject  responses  into  soft  (4xx) reject
              responses.  This can be useful for testing purposes.

       verp_delimiter_filter
              The characters that Postfix accepts as  VERP  delimiter  charac-
              ters.

Known versus unknown recipients
       show_user_unknown_table_name
              Whether  or  not  to reveal the table name in the "User unknown"
              responses. The extra detail makes trouble  shooting  easier  but
              also reveals information that is nobody elses business.

       unknown_local_recipient_reject_code
              The  response  code  when  a  client specifies a recipient whose
              domain  matches  $mydestination   or   $inet_interfaces,   while
              $local_recipient_maps is non-empty and does not list the recipi-
              ent address or address local-part.

       unknown_relay_recipient_reject_code
              The response code when a  client  specifies  a  recipient  whose
              domain  matches  $relay_domains,  while $relay_recipient_maps is
              non-empty and does not list the recipient address.

       unknown_virtual_alias_reject_code
              The response code when a  client  specifies  a  recipient  whose
              domain  matches  $virtual_alias_domains,  while the recipient is
              not listed in $virtual_alias_maps.

       unknown_virtual_mailbox_reject_code
              The response code when a  client  specifies  a  recipient  whose
              domain  matches $virtual_mailbox_domains, while the recipient is
              not listed in $virtual_mailbox_maps.

Resource controls
       line_length_limit
              Limit the amount of memory in bytes used  for  the  handling  of
              partial input lines.

       message_size_limit
              Limit  the  total  size in bytes of a message, including on-disk
              storage for envelope information.

       queue_minfree
              Minimal amount of free space in bytes in the queue  file  system
              for the SMTP server to accept any mail at all.

       smtpd_history_flush_threshold
              Flush  the  command  history to postmaster after receipt of RSET
              etc.  only if the number of  history  lines  exceeds  the  given
              threshold.

Tarpitting
       smtpd_error_sleep_time
              Time to wait in seconds before sending a 4xx or 5xx server error
              response.

       smtpd_soft_error_limit
              When an SMTP  client  has  made  this  number  of  errors,  wait
              error_count seconds before responding to any client request.

       smtpd_hard_error_limit
              Disconnect after a client has made this number of errors.

       smtpd_junk_command_limit
              Limit the number of times a client can issue a junk command such
              as NOOP, VRFY, ETRN or RSET in one SMTP  session  before  it  is
              penalized with tarpit delays.

UCE control restrictions
       parent_domain_matches_subdomains
              List  of  Postfix features that use domain.tld patterns to match
              sub.domain.tld (as opposed to requiring .domain.tld patterns).

       smtpd_client_restrictions
              Restrict what clients may connect to this mail system.

       smtpd_helo_required
              Require that clients introduce themselves at the beginning of an
              SMTP session.

       smtpd_helo_restrictions
              Restrict what client hostnames are allowed in HELO and EHLO com-
              mands.

       smtpd_sender_restrictions
              Restrict what sender addresses are allowed  in  MAIL  FROM  com-
              mands.

       smtpd_recipient_restrictions
              Restrict  what  recipient  addresses are allowed in RCPT TO com-
              mands.

       smtpd_etrn_restrictions
              Restrict what domain names can be used  in  ETRN  commands,  and
              what clients may issue ETRN commands.

       smtpd_data_restrictions
              Restrictions  on  the DATA command. Currently, the only restric-
              tion that makes sense here is reject_unauth_pipelining.

       allow_untrusted_routing
              Allow untrusted clients to specify addresses with  sender-speci-
              fied  routing.   Enabling  this  opens  up nasty relay loopholes
              involving trusted backup MX hosts.

       smtpd_restriction_classes
              Declares the name of zero or more parameters that contain a list
              of  UCE  restrictions. The names of these parameters can then be
              used instead of the restriction lists that they represent.

       smtpd_null_access_lookup_key
              The lookup key to be used in SMTPD access tables instead of  the
              null sender address. A null sender address cannot be looked up.

       maps_rbl_domains (deprecated)
              List  of  DNS  domains that publish the addresses of blacklisted
              hosts. This is used with the deprecated reject_maps_rbl restric-
              tion.

       permit_mx_backup_networks
              Only  domains  whose  primary MX hosts match the listed networks
              are eligible for the permit_mx_backup feature.

       relay_domains
              Restrict what domains this mail system will relay mail  to.  The
              domains  are  routed  to  the  delivery agent specified with the
              relay_transport setting.

UCE control responses
       access_map_reject_code
              Response code when a client violates an access database restric-
              tion.

       default_rbl_reply
              Default  template reply when a request is RBL blacklisted.  This
              template is used by the reject_rbl_* and reject_rhsbl_* restric-
              tions. See also: rbl_reply_maps and smtpd_expansion_filter.

       defer_code
              Response  code  when  a  client request is rejected by the defer
              restriction.

       invalid_hostname_reject_code
              Response code when a client violates the reject_invalid_hostname
              restriction.

       maps_rbl_reject_code
              Response code when a request is RBL blacklisted.

       rbl_reply_maps
              Table  with  template  responses  for  RBL blacklisted requests,
              indexed by RBL domain name. These  templates  are  used  by  the
              reject_rbl_*   and   reject_rhsbl_*   restrictions.   See  also:
              default_rbl_reply and smtpd_expansion_filter.

       reject_code
              Response code when the client matches a reject restriction.

       relay_domains_reject_code
              Response code when a client attempts to violate the  mail  relay
              policy.

       unknown_address_reject_code
              Response  code when a client violates the reject_unknown_address
              restriction.

       unknown_client_reject_code
              Response code when a client without address to name mapping vio-
              lates the reject_unknown_client restriction.

       unknown_hostname_reject_code
              Response code when a client violates the reject_unknown_hostname
              restriction.

SEE ALSO
       trivial-rewrite(8) address resolver
       cleanup(8) message canonicalization
       master(8) process manager
       syslogd(8) system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA



                                                                      SMTPD(8)